Pursuant to Art. 13 EU Regulation 2016/679 (hereinafter “GDPR”), we inform you that the processing of the data you provide will be carried out using methods and procedures aimed at ensuring that the processing of personal data is carried out with respect for the fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality and security, personal identity and the right to protection of personal data.
Recall that processing means any operation or set of operations, whether or not by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction (Art. 4 GDPR).
1. Subject of processing
The data processed by Arthemia S.r.l. relate to:
- Automatically collected data. The computer systems and applications dedicated to the operation of this website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system, browser and computer environment used by the user. This data is processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation. The provision of such data is mandatory as it is directly related to the web browsing experience.
- Data voluntarily provided by the user. The processing of data provided by you through the compilation of collection forms is subject to your express and unequivocal consent, which you can give in the face of the specific information for the relevant form.
Your voluntary sending of e-mails to our e-mail addresses does not require additional disclosures or requests for consent.
- Data voluntarily provided by the user in order to create restricted area
- Data voluntarily provided by the user in order to purchase products through e-commerce
- Data voluntarily provided by the user in order to submit their CV in the section Jobs with us
2. Legal basis for processing
The legal basis for such processing is seen:
- in your express and unequivocal consent (ex Art. 6.1(a) of the GDPR);
- In the legitimate interest of the Data Controller (ex Art. 6.1(f) of the GDPR).
- in the performance of obligations arising from a supply contract (pursuant to Article 6.1(b) of the GDPR);
3. Purpose of processing.
Personal data and any changes that you communicate to the Data Controller in the future are collected and processed as a result of contractual obligations arising from the contract for the provision of products or services exclusively for the following purposes.
3.1 |responding to inquiries;
- creation of restricted area;
- selling products through e-commerce;
- Receive CVs via Jobs section;
- Improving the browsing experience;
- Fulfillment of legal accounting, administrative and tax obligations.
4. Method of processing
The personal data you provide, will form the subject of processing operations in compliance with the aforementioned legislation and the obligations of confidentiality that inspire the activity of the Owner. The data will be processed both by computer and on paper media as well as on any other suitable media, in compliance with the appropriate security measures pursuant to Art 5 par. 1 letter f) of the GDPR.
Processing is limited to the following operations and in the following manner:
- Data collection from the data subject;
- Computer-based recording and processing;
- Organization of archives in mainly automated form.
The data in question will not be disseminated, while they will or may be communicated to entities, public or private, operating within the scope of the purposes described above.
5. Data retention
Data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage,” Art. 5 GDPR).
responding to inquiries: 2 years
- creation of restricted area: until profile deletion
- Product sales through e-commerce: 10 years
- receive CVs via Jobs section: 1 year
- Fulfilment of legal accounting, administrative and tax obligations: 10 years
6. Access to treatment
The data will be made accessible, for the purposes mentioned in point no. 3:
- to employees/collaborators in their capacity as authorized processors, subject to appropriate appointment;
- To third parties, partners of the Data Controller.
7. Disclosure of data
Data will not be disclosed to unauthorized third parties or disseminated in any way. To this end, processing is conducted with the use of appropriate security measures to prevent unauthorized access to the data by third parties and to ensure their confidentiality.
Without the need for express consent, the Data Controller may disclose your data for the purposes set forth in Section 3 to the following entities:
- External collaborators and managers of the company assigned to perform processing operations.
8. Transfer of data
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third party companies contracted and duly appointed as Data Processors.
Data will not be transferred outside the European Union.
9. Nature of data provision and consequences of refusal to respond
The provision of data for the purposes mentioned in Section 3 is mandatory. In their absence, it will not be possible to proceed with the navigation of this site.
10. Rights of the data subject
According to the provisions of the GDPR, the data subject has the following rights vis-à-vis the Data Controller:
- To obtain confirmation as to whether or not personal data concerning him or her are being processed, and if so, to obtain access to the personal data (Right of Access Art. 15);
- Obtain rectification of inaccurate personal data concerning him/her without undue delay (Right to Rectification Art. 16);
- obtain the erasure of personal data concerning him or her without undue delay, and the data controller has an obligation to erase personal data without undue delay if certain conditions are met (Right to be forgotten Art. 17);
- Obtain limitation of processing in certain cases (Right to limitation of processing Art. 18);
- receive in a structured, commonly used and machine-readable format the personal data concerning him or her that he or she has provided and has the right to transmit such data to another Data Controller, without hindrance from the Data Controller to whom he or she has provided it, in certain cases (Right to Data Portability Art. 20);
- object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her (Right to object art. 21);
- Receive without undue delay notice of the personal data breach suffered by the Data Controller (Art. 34);
- Revoke express consent at any time (Conditions for Consent Art. 7).
Where applicable, in addition to the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), the data subject has the right to complain to the Data Protection Authority.
11. Ways of exercising the right
Data subjects who wish to exercise their rights may contact the Data Controller at the email address: firstname.lastname@example.org
12. Data controller
The Data Controller is Arthemia S.r.l. – Via G. Galilei, 14 – 20054 Segrate (MI) – Tel. 022132572 – email: email@example.com
The list of data controllers and data processors can be consulted at the Owner’s office mentioned above.