Arcari Arredamenti S.r.l. operates in accordance with the EU General Data Protection Regulation 2016/679. We understand that privacy is an important aspect for users and visitors to the Arcari Arredamenti website www.arcariarredamenti.it.
Pursuant to the provisions of EU Regulation 2016/679 (hereinafter the "GDPR"), Arcari Arredamenti S.r.l. ("Company" or "Data Controller") hereby provides the general guidelines concerning the processing of your personal data when you access the website www.arcariarredamenti.it (“Website”) or use its services.
1. Identity and contact details of the Data Controller
The Data Controller is Arcari Arredamenti S.r.l. with registered office in Isola Dovarese (CR), via Giuseppe Garibaldi 55, postcode 26031, Italy, who can be contacted at the following e-mail address: firstname.lastname@example.org.
2. Contact details for the Data Protection Officer (DPO)
The Company has appointed a Data Protection Officer, who can be contacted at the following e-mail address: email@example.com.
3. Type of data processed
Pursuant to the provisions of the Privacy Regulation, the Data Controller will process the following personal data you disclose (your “Personal Data”) during Website navigation:
a) common identification data (including, for instance but in no way limited to: name, surname, e-mail address, etc.);
b) navigation data including the Internet Protocol (IP) address, your access credentials, the browser type and version, the time zone setting and position, the types and versions of browser plug-ins, the operating system and the platform and other technologies on the devices you use to access our website. These navigation data are necessary to utilise the web services, and are also processed in order to:
- obtain anonymous statistical information about the use of services (most visited pages, number of visitors per time bracket or day, geographical point of origin, etc.);
- check the services offered are working properly.
4. Legal Basis and Purposes of personal data processing
The Data Controller processes your Personal Data for specific purposes and solely in the presence of a specific legal basis envisaged by the applicable law in force on the subject of privacy and personal data protection.
The following list concerns all the processing performed by the Company to allow it to utilise digital channels and to allow the Data Controller to guarantee they are working properly and conformity of processing.
The Data Controller processes your Personal Data for the following purposes and legal basis:
a) operation of digital channels, provision of the related services and to check the same are working properly; legal basis: performance of a contract to which you are party (Art.6, paragraph 1, letter b GDPR);
b) direct marketing – sending promotional information in the form of newsletters; legal basis: your optional, free consent which is revocable at any time (Art.6, paragraph 1, letter a GDPR);
c) prevention and repression of fraud/misuse/fraudulent activities accomplished via the website; legal basis: legitimate interest of the Data Controller (Art.6, paragraph 1, letter f GDPR);
d) ascertainment, exercise or defence of a right of the Data Controller in court; legal basis: legitimate interest of the Data Controller (Art.6, paragraph 1, letter f GDPR)
5. Nature of personal data provision
The provision of your personal data is compulsory for the service purposes specified in points a), c) and d) of paragraph 4 herein above. Any refusal to provide these data could make it impossible to utilise the services offered by the Company on the Website.
The provision of your personal data is instead optional for the commercial purposes specified in point b) of paragraph 4 herein above. Any refusal to provide these data will make it impossible for you to receive any commercial information about products, initiatives and/or services offered by the Data Controller.
You can unsubscribe from any service you have subscribed to at any time, by sending your request to the e-mail address: firstname.lastname@example.org.
The withdrawal of consent does not affect the lawfulness of the processing based on consent given before withdrawal.
6. Recipients of personal data
In order to fulfil the purposes set out in paragraph 4, the Data Controller may disclose your personal data to third-party subjects, such as, for example, those belonging to the following subjects and categories of subjects:
- police corps, armed forces and other public administrations, to fulfil the obligations envisaged by law, by regulations and by European regulations. In these cases, depending on the applicable regulations on data protection in force, the obligation to acquire prior consent from the data subject for such information disclosure does not apply;
- companies, bodies or association, or holding companies, subsidiaries and/or affiliated companies pursuant to the provisions of article 2359 of the Italian civil code, or between these and companies subject to control, as well as among consortia, networks of companies and groups and temporary associations of companies and with their member data subjects, limited to communications made for administrative and/or accounting purposes;
- companies specialising in advertising;
- other companies bound by contract to the Data Controller who perform, for instance, consulting activities, support for the provision of services, etc. which are formally appointed as Data Coordinators pursuant to the provisions of art.28 of the GDPR;
- sales force of the data controller.
The Data Controller guarantees the utmost care to ensure the disclosure of your personal data to the above-mentioned recipients concerns only the data necessary to fulfil the specific purposes for which they are intended.
Your personal data are kept in the Data Controller’s databases and will be processed solely by authorised personnel. The latter will be provided with specific instructions as to the methods and purposes of processing. Moreover, these data will not be disclosed to third parties, except in those cases envisaged herein above and, in any case, within the limits set out herein. Lastly, please remember that your personal data will not be disseminated.
7. Personal data processing methods
The processing of your personal data, pursuant to the provisions of art.4 GDPR, may consist in the following activities (“Processing”): collecting, recording, organising, structuring, storing, adapting or amending, extracting, consulting, using, disclosing by transmission, or otherwise making available, comparing or interconnecting, limiting, erasing or destroying the data.
Moreover, your personal data:
- will be processed in compliance with the principles of lawfulness, correctness and transparency;
- will be collected for legitimate purposes;
- will be adequate, pertinent and limited to what is necessary for the purposes for which they are processed;
- will be retained in a format which permits your identification for a period of time which is no greater than for the completion of the purposes for which they are processed;
- will be processed in a manner which guarantees sufficient security from the risk of destruction, loss, amendment, disclosure or unauthorised access by means of appropriate technical and organisational safety measures.
The Processing of your Personal Data will be carried out with the aid of hard-copy instruments, automated, computerised or digital tools, with organisational methods and logics strictly related to the indicated purposes.
The Data Controller uses the most suitable technological and security measures (electronic, computerised, physical, organisational and procedural) to guarantee the security and privacy of the data processed. These measures include keeping a secure system for the storage and use of data based on encryption, hacking detection and prevention and protection software.
You need to know and acknowledge that the same communication of personal data on websites involves risks linked to the disclosure of the said data and that no system is totally secure or tamper- and/or hacker-proof against third parties.
8. Transfer of personal data outside the EU
Every time your personal data is transferred internationally outside EU territory, the Data Controller will take all the appropriate contractual measures necessary to ensure a suitable level of protection for your personal data in accordance with the provisions of the policy herein, including - among others - the Standard Contractual Clauses approved by the European Commission.
9. Data storage period
The data will be stored for a period of no more than that necessary for the purposes for which they were collected or subsequently processed in accordance with the provisions of all legal obligations.
10. External links
Other companies or websites that link to this site or websites to which this site links may have their own privacy policies. We therefore invite you to read the privacy information on each of the websites visited or reviewed.
The IT systems and software procedures that enable operation of this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of the Internet communication protocols. This information is not collected for association with identified data subjects, but may by its nature, through processing and association with data held by third parties, permit the identification of users. This category of data includes IP addresses or the domain names of the computers of the users connecting to the site, the URI (Uniform Resource Identifier) addresses of the required resources, the time of the request, the method used to submit the request to the server, the size of the file obtained as a reply, the numeric code of the status of the reply sent by the server (ok, error, etc.) and other parameters linked with the user’s OS and computer processing environment.
The optional, explicit and voluntary submission of e-mails to the addresses indicated on this site and/or completion of data collection forms results in the subsequent acquisition of the sender’s address, required to respond to requests, as well as any other personal data contained. For more information, please see the cookies policy using the following link: https://www.arcariarredamenti.it/en/cookie-policy.
12. Rights of data subjects
Data subjects have the right to ask the Data Controller - where envisaged - for access to their personal data and rectification or deletion of the same or for limitation of the processing that concerns them or object to the processing thereof. Such requests can be submitted to the Data Controller at the following e-mail address: email@example.com.
The Data Controller may make changes to this policy from time to time. Users of this site are urged to visit this privacy document again in future to find out about new privacy practices or changes to the Data Controller’s policy.