Privacy Policy
Information on the processing of personal data pursuant to Regulation (EU) 2016/679 (GDPR)
Data Controller
Introduction
okDesk is the mobile and desktop companion application for the okTicket ticketing service. It is used exclusively by cashiers and box office staff at museums, theatres, parks, and cultural venues. It is not intended for the general public.
This policy describes what data the app collects, how it is processed, and what rights you have under the GDPR.
Data Collected & Purposes
Authentication Data
User Identity Data
Device Data
Point-of-Sale Transaction Data
Customer Data
OptionalBooking Data
Statistical Data
Where Data is Transmitted
www.okticket.it via encrypted HTTPS connections
Data Stored on Device
The app stores the following data locally to enable offline functionality. All data is deleted on logout.
| Data | Encrypted | Deleted on logout |
|---|---|---|
| Access token | Yes (AES-256) | Yes |
| User permissions | No | Yes |
| User settings | No | Yes |
| Transactions | No | Yes |
| Bookings | No | Yes |
| Product catalog | No | Yes |
| Printer configuration | No | Yes |
| UI preferences (theme, layout) | No | Yes |
| Application logs | No | Yes |
The encryption key is stored in the operating system's secure keystore (Keychain on iOS/macOS, KeyStore on Android, Credential Manager on Windows).
Each user's data is isolated in separate folders: a user cannot access another user's data on the same device.
App Permissions
Android
| Permission | Reason |
|---|---|
| Internet | Communication with the okTicket server |
| Network state | Detecting connection availability for offline mode |
| Precise location | Required by third-party libraries for printer discovery. The app does not collect location data. |
iOS
| Permission | Reason |
|---|---|
| Local network | Discovery of thermal printers on the local network |
| Camera | QR code scanning for ticket validation |
| Location | Required by third-party libraries. The app does not collect location data. |
| Bluetooth | Required by third-party libraries. The app does not use Bluetooth. |
| Photo library | Required by third-party libraries. The app does not access photos. |
Data Security
We adopt the following technical measures to protect your data:
All communications occur exclusively via HTTPS
Session token encrypted with AES-256-CBC with random IV per token
Encryption key stored in the operating system's secure keystore
User data isolated on shared devices
Automatic lock after inactivity with PIN protection
Fingerprint and Face ID support
Data Deletion
All user data is deleted from the device: token, permissions, transactions, bookings, statistics, preferences, and cache.
All app data is removed from the device by the operating system.
To request server-side data deletion and exercise the right to be forgotten (GDPR Art. 17), contact privacy@overallmedia.it.
Minors
okDesk is a professional application intended exclusively for cashiers and box office staff. It is not directed at individuals under 18 years of age and does not knowingly collect data from minors.
Your Rights
Under Regulation (EU) 2016/679 (GDPR), you have the right to:
Obtain confirmation of processing and access your personal data
Obtain correction of inaccurate personal data
Obtain deletion of your personal data
Obtain restriction of data processing
Receive your data in a structured, machine-readable format
Object to the processing of your personal data
To exercise your rights, you may contact the Data Controller at privacy@overallmedia.it.
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) (www.garanteprivacy.it).
Changes to this Policy
This policy may be updated to reflect changes in data processing practices or regulatory requirements. Any changes will be published on this page with the corresponding update date.
We encourage you to periodically review this page to stay informed about how we protect your data.