PRIVACY POLICY
(Articles 13 and 14 of EU Regulation 2016/679 and Legislative Decree 196/2003, as amended)
Dear User,
Below we provide you with certain information that must be brought to your attention, not only in order to comply with legal obligations, but also because transparency and fairness towards data subjects are fundamental elements of our business activity.
This notice describes the methods used to process the personal data of users who consult this website, accessible electronically at the following address: www.arper.com.
This information does not concern other websites, pages, or online services that may be reached through hyperlinks published on this website but referring to resources external to this domain.
Data Controller
The Data Controller (the entity that determines the purposes and methods of processing your personal data) is Arper S.p.A.
VAT No.: 03658750264
Registered office: Via Lombardia, 16 – 31050 Monastier di Treviso (TV), Italy
Telephone: +39 0422 7918
E-mail: privacy@arper.com
For processing activities that include the publication of content on social networks, the Controller has entered into standard joint controllership agreements with the owners of the social media platforms.
Categories of Data
- Data relating to the provision of electronic communication services: traffic data, Internet browsing data, IP addresses or domain names of the computers used by users connecting to the website; request time; method used in submitting the request to the server; numerical code indicating the status of the server response (successful, error, etc.); other parameters relating to the user’s operating system and browser;
- Personal identification and contact data;
- Data relating to employment or professional activity;
- Access and authentication data;
- Any other data voluntarily provided by the user to the Controller.
Source of Data
Personal data are collected from the data subject during browsing (see also the cookie table), through communications sent by the data subject, and/or from publicly accessible sources, e.g. social networks.
Provision of Data
Where indicated, the provision of your data is necessary in order to pursue the purposes set out below. Therefore, failure to provide such data will make it impossible for us to carry out the related processing.
Processing Activities
Your personal data are collected and processed through automated, semi-automated, and non-automated means, as specified below:
Purpose |
Legal Basis |
Retention Period* |
|
To allow full use of the website’s functionalities. |
Pre-contractual or contractual measures (performance of the requested service). |
The duration depends on the individual cookie and can be consulted in the relevant notice. |
|
To enable analysis of the website and related traffic, as well as optimization aimed at ensuring usability. |
Consent** provided through the cookie banner. |
The duration depends on the individual cookie and can be consulted in the relevant notice. |
|
To display third-party content related to social media (e.g. YouTube and Facebook). |
Consent** provided through the cookie banner. |
The duration depends on the individual cookie and can be consulted in the relevant notice. |
|
To display third-party advertising based on the user’s interests. |
Consent** provided through the cookie banner. |
The duration depends on the individual cookie and can be consulted in the relevant notice. |
|
To respond to requests from the data subject and manage pre-contractual or contractual obligations. |
Pre-contractual or contractual measures (performance of the requested service). |
10 years from the year of the request. |
|
Marketing (analysis and market research); sending informational and/or advertising material (e.g. newsletters); sending informational and/or advertising material based on the user’s specific interests. |
Consent** of the data subject. |
Until consent is withdrawn. Thereafter, processing will be limited to mere storage for 10 years from the year in which consent was withdrawn. |
|
To allow user registration and subsequent authentication in order to access the restricted area of the website. |
Pre-contractual or contractual measures. |
Until a request for account deletion is made. |
|
To manage compliance with personal data protection obligations. |
Compliance with a legal obligation. |
For the time strictly necessary to achieve the purpose. |
|
To prevent and/or detect abuse and protect the Controller’s rights and interests. |
Legitimate interest in protecting its rights and interests in court or in the preparatory stages of potential legal proceedings. |
Data will be retained for as long as the Controller has an interest in exercising a right or protecting an interest. |
|
Management and maintenance of networks and IT systems. |
Pursuit of the Controller’s legitimate interest. |
2 years from the termination of the relationship; 18 months with regard to obligations concerning system administrators. |
* In addition to the time necessary for limitation periods relating to reciprocal rights to expire and the backup retention period.
** If you do not provide consent, personal data will not be processed for the specific purposes. Consent may be withdrawn at any time by contacting the Controller using the contact details indicated above or through the cookie banner.
Automated Processes and Profiling
Please note that, in order to pursue some of the above-mentioned purposes, we make use of automated processes (decision-making processes carried out through technological tools without human intervention), including profiling, i.e. the collection of information about you in order to analyze your characteristics and place you into categories or groups or make assessments, such as sending personalized advertising material based on your previous consumer choices or forecasts.
Disclosure of Data
Personal data will not be will not be disclosed to the public and, for the declared purposes, will be communicated exclusively to parties carrying out activities on behalf of the Controller, duly appointed as data processors. Upon explicit request, personal data may be communicated to public authorities. Your data may be communicated exclusively for technical and operational requirements strictly connected to the above-mentioned purposes, to persons processing data under the authority of the Controller, appointed as persons authorized to process data pursuant to Article 29 of EU Regulation 2016/679, to parties processing data on behalf of the Controller, appointed as data processors pursuant to Article 28 of EU Regulation 2016/679, as well as to public bodies where disclosure is required by law.
Transfer of Data outside the EU
Although the Controller undertakes to choose services that minimize the processing of users’ personal data, the processing of personal data for the purposes described above involving the use of cookies and other tracking tools may entail the transfer of certain data, identifiable only indirectly, to countries outside the territory of the European Union or the European Economic Area (EEA), particularly to the United States. For the other purposes described above, as well as the other purposes mentioned herein, personal data may be transferred only where one of the conditions set out in Articles 44 et seq. of EU Regulation 2016/679 applies.
Rights of the Data Subject
Pursuant to Articles 15 et seq. of EU Regulation 2016/679, the data subject has the right to request from the Controller access to their personal data, as well as rectification and erasure thereof (“right to be forgotten”). The data subject also has the right to request data portability, restriction of processing, or to object to processing. Furthermore, the data subject has the right to review the essential contents of any joint controllership agreements. For processing based on consent, the data subject has the right at any time to withdraw consent, without affecting the lawfulness of processing based on consent before its withdrawal. To exercise their rights or request additional information, the data subject may contact the Controller using the contact details provided above.
Complaint to the Supervisory Authority
The data subject may also lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), with registered office at Piazza Venezia 11, 00187 Rome – protocollo@pec.gdpd.it.
Use of the Website by Minors
The website and related services are not directed at minors; therefore, no personal information will be knowingly collected from them. Should the Controller become aware of the inadvertent collection of information from or about minors, reasonable measures will be taken to delete such information as soon as possible, unless there is a legal obligation to retain it. The Website will examine every report concerning the inadvertent collection of information from or about a minor; users undertake not to enter data relating to minors and to report any accidental collection arising from the use of our services.
Updates to this Privacy Policy
The Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page. Visitors are therefore invited to consult this page frequently, referring to the date of the latest modification indicated at the bottom.