Skip to main content

Your privacy and security are important to us and we are complying with the GDPR.
As of 25 May 2018, the General Data Protection Regulation (GDPR) throughout the European Union.
For our part, we are pleased to announce that we have made the necessary preparations to be able to meets the GDPR standards.
If you need any information or clarification please do not hesitate to contact us.
Below is the updated The One Atelier information on commercial communication.

Your Data will be processed according to the mode and for the following purposes: 

Who is the Data Owner who processes your data?

The data Owner is The One Atelier, based in 2 Babmaes street, London.

What information do we collect?

The Owner shall process personal, identification and non-sensitive data  (in particular, name, surname, company title, address, email, and so on – later referred to as “Personal Data” or also “Data”) you have communicated to us when signing the contract with the Owner and/or requesting services and products to the Owner.

How the information you provide will be used?

Your Personal Data may be processed, only previous notice, for the following Marketing Purposes:

  • informing by sending commercial communications by ordinary letter, email, notifications and newsletters related to the initiatives and commercial offers of the Owner.
How will personal data be processed?

The processing of your Personal Data is carried out, in electronic and paper form, through the operations of collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data also using CRM, mailing list and chatbot systems.

How long do we hold your data?

The Owner will process the Personal Data for the time necessary to fulfil the above purposes and in any case for no longer than the time necessary from the deletion to request opposition to the receipt of further commercial communications.

Who will have access to your Data?

Your Data may be made accessible for the above purposes to employees and/or collaborators of the Owner, as in charge and/or internal data processors and/or system Owner; third party companies involved in outsourcing activities on behalf of the Owner, as external data processors (for example, companies, also management companies, for marketing activities, credit institutions, professional firms, and so on).

Are the data disseminated abroad?

Data will not be disseminated or transferred to non-EU countries.

What are your rights?

As a data subject, you have the right to

  • obtain the confirmation of the existence or not of Your personal data, even if not yet recorded, and of their availability to you in a comprehensible form;
  • obtain an indication and, where appropriate, a copy of it: a) of the origin and category of the personal data; b) of the logics applied in case of processing carried out with the help of electronic tools; c) of the mode and purposes of data processing; d) of the identification data of the Owner and of the person in charge; e) of the subjects and groups of subjects to whom personal data may be communicated or may become aware of them, in particular if they are receivers of third countries or international organizations; e) where possible, of the period of retention of data or the criteria used to determine that period; f) of the existence of an automated decision making process, including profiling, and in such case of the logics used, the importance and expected consequences for the person concerned; g) of the existence of adequate guarantees in case of transfer of data to a non-EU country or to an international organisation;
  • obtain, without undue delay, the update and rectification of wrong data or, where relevant, the integration of incomplete data;
  • exercise the right to revoke consent at any time, easily, without obstacles, using, where possible, the same channels used to provide consent;
  • obtain the deletion, transformation of the data into anonymous form or blocking of data: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in the event of revocation of the consent on which the processing is based and if there is no other legal basis, d) in case of opposition to processing and there is no overriding legitimate reason to continue the processing; e) in case of fulfilment of a legal obligation; f) in the case of data relating to minors. The Owner may refuse the deletion only in cases of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, execution of a task carried out in the public interest or in the exercise of official authority; c) reasons of public health interest; d) storage in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in court;
  • obtain the limitation of treatment in the case of: a) objection of the accuracy of personal data; b) unlawful processing of the Owner to prevent their deletion; c) exercise of Your right in court; d) verification of the possible prevalence of the legitimate reasons of the Owner over those of the interested party;
  • receive, if the processing is carried out by automatic means, without hindrance and in a structured format, commonly used and legible personal data concerning you to transmit them to another owner or – if technically practicable – to obtain the direct transmission from the owner to another owner;
  • object, in whole or in part: a) for legitimate reasons relating to Your particular situation, to the processing of personal data concerning You; b) to the processing of personal data concerning You for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via email and/or through traditional marketing methods by telephone and/or paper mail;
  • make a complaint to The Italian Data Protection Authority.
How can you exercise your rights

You may exercise these rights at any time:

  • by sending registered letter with return receipt to the address of the Owner: 2 Babmaes street, London.
  • by sending an email to:



With the present note we inform you that the EU Regulation No 679/2016 provides the protection of persons and other subjects with regard to the processing of personal data. According to the above-mentioned law, the processing of your personal data will be based on principles of correctness, lawfulness and transparency and of protection of Your Privacy and Your rights.

In accordance with current legislation, we provide You with the following information:

  1. Purposes and methods of data processing

Your personal data were provided to us and will be processed exclusively for purposes strictly functional to the fulfilment of the obligations inherent in the relationship with the undersigned Owner, in particular:

    • for the insertion of personal data in the company’s computer databases;
    • for keeping the accounts;
    • for the management of receipts and payments;
    • for fulfilling the obligations provided by the civil, fiscal and tax laws, by the regulations, by the European Community legislation;
    • for sending advertising material or direct sales material or for carrying out market or researches or commercial communication activities (via fax, phone, email, text messages and whatsapp messages). These are targeted marketing activities, carried out through the analysis (without using automated decision-making processes) of processed data.

The processing of personal data will be made through paper and electronic tools by the Owner, by the person(s) responsible and by the authorised person(s)/third party(ies), with the observance of all precautionary measures, ensuring their security and confidentiality and in compliance with technical and organizational measures to guarantee a level of security appropriate to the risk of processing.

  1. Nature of personal data collection and consequences of a possible missed conferment

The provision of Your personal data, exception made for the purposes of art. 1.5, is mandatory in order to fulfil the obligations deriving from the contract and, more in general, to legal obligations.

Failure in providing them could make it impossible for us to fulfil our contractual obligations.

  1. Communication and data diffusion

Your personal data, for the purposes of the execution of the contract and for the purposes indicated above, can be communicated:

    • to any natural or legal person (legal, administrative and tax consultancy firms, auditing firms, couriers and shipping agents, data processing centres, marketing and web marketing companies), in cases where the communication is necessary for the purposes described above;
    • to banks for the management of receipts and payments;
    • to factoring or credit recovery companies;
    • to our internal and external collaborators and employees specifically appointed and, within the scope of their duties, specifically charged with or responsible for data processing.
  1. Rights of the person concerned

At any time, you may exercise your rights against the owner of data processing pursuant to art. 15 of EU Regulation No 679/2016, which we briefly sum up below:

  1. The person concerned has the right to obtain confirmation of the existence or not of personal data concerning him or her, even if not yet recorded, and their communication in a comprehensible form.
  2. The person concerned has the right to obtain the indication:
    • of the origin of personal data;
    • of the purposes and forms of processing;
    • of the logics applied in case of processing carried out by means of electronic tools;
    • of the identification details of the owner and any persons responsible;
    • the subjects or categories of subjects to whom the personal data may be communicated or who may learn about them as designated representative in the territory of the State or outside the territory of the State, of people in charge or officers.
  1. The person concerned has the right to obtain:
    • the update, the rectification or, where interested therein, integration of the data;
    • the deletion, the transformation in anonymous form or the blocking of data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which they were collected or subsequently processed;
    • the declaration that the operation as per point 3) have been brought to the attention, as also related to their content, to the subjects to whom data were communicated or disseminated,  with the exception of  the case in which such fulfilment proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
  1. The person concerned has the right to object, in the whole or in part:
    • for legitimate reasons for the processing of personal data concerning him/her, even if pertinent to the purpose of the collection, without prejudice to the possible consequences to paragraph 2 of the article 2;
    • to the processing of personal data concerning him/her for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communication (see reference 1.5).

The above rights shall be exercised by means of a request addressed without formalities to the Owner, also through a person in charge of the processing, to whom suitable replies shall be provided without delay.

The request addressed to the Owner may also be sent by registered letter, fax or e-mail.

The person concerned has the right to make a complaint to the Control Authority (Privacy Guarantor for Italy).

    1. Termination of office
      In case of termination of processing for any cause, pursuant to Article 17 of EU Regulation No 679/20016, Your data will be:

      1. destroyed, after the expiry of the storage obligations imposed by article 2220 of the Italian Civil Code, by articles 19 and 22 of Presidential Decree no. 600/1973 or by other specific legislation;
      2. transferred to another owner, provided that they are intended to be processed in compatible terms with the purposes for which they were collected;
      3. stored for personal purposes only and not intended for systematic communication or dissemination;
      4. stored or transferred to another owner, for historical and statistical purposes, in conformity with the law, regulations, Community legislation and codes of ethics and good conduct signed pursuant to Article 40 of EU Regulation No. 679/2016.
  1. Owner of processing and contact of the DPO
    • The DPO of the data processing is: The One Atelier 2 Babmaes street, London.

In requesting the explicit expression of your consent to the processing, we take this opportunity to extend our best wishes.