Information regarding the processing of personal data

Pursuant to art. 13 and 14 of the EU regulation 2016/679 on the protection of natural persons with regard to personal data processing.

****

Artes Group International Srl, VAT identification number IT- 06986270962 (henceforth called data controller) with headquarters in Via Enrico Fermi nr. 38 Settimo Milanese, cap 20019, , communicates, in their quality of owner of the policy, pursuant to art. 13 and 14 of the GDPR (EU) 679/2016 regarding personal data.

 

1. TYPES OF DATA TREATED

Artes Group International is the data controller of the personal data communicated upon signing the contract and subsequently supplied upon performance of the contract. The personal data that the data controller collects in managing the contractual relationship and in the course of any precontractual phases can either be directly supplied by the data subject (henceforth called thus) or by the client, whenever the information is provided by a contact person for the client in charge of contract management. The personal data managed by the data controller can include, but is not limited to, names, job titles, telephone numbers, fiscal numbers, payment and bank details, companies’ names, email addresses of natural persons or of the legal representatives of different companies in their capacity as parties to the contract, as well as contact persons for managing the contract (henceforth referred to as ‘data subjects’ and ‘data’.) Some of the information and/or data may be acquired through public registers and/or sources.

 

2. PURPOSES OF THE PROCESSING OPERATIONS

Data processing is managed by the data controller in the course of economic and commercial activities for purposes connected to creating, managing and completing commercial relationships, including managing the precontractual relationship. In particular, the data supplied by the data subjects will be subject to treatment, mainly using digital instruments, for the following purposes: a) executing obligations strictly related to contract management, among which administrative and account management of the contracts, payment and invoice management, providing services and managing customer support services. The provision of such data for the abovementioned activities is essential for the correct management of the contract and does not require the data subject’s consent (art 6(1)(b) GDPR). b) developing activities central to managing the contract, among which planning activities, handling possible litigation or legal disputes, credit recovery for which the provision of data, when necessary, is optional and whose handling is based on the data controller’s legitimate interests. c) fulfilling of legal obligations arising out of the community regulations and legislations (i.e. fiscal or account obligations) for which the provision of data is compulsory and the treatment of data does not require the data subject’s permission. (art 6(1)(c)GDPR)

 

3. MODALITY OF TREATMENT

Data will be treated by the data controller using digital and analogue systems following the fairness, loyalty and transparency principles set out in the applicable regulation on safeguarding personal data and data subject’s confidentiality through technical and organisational measures so as to guarantee an adequate security level.

 

4. DATA STORAGE

The data necessary for managing the contract and fulfilling the obligations abovementioned in point 2 letter (a) and (b) will be stored by the data controller in their own archives for 10 years following the record of the transactions in compliance with the fiscal and civil obligations imposed by the existing legal framework. At the same time, the data mentioned in point 2 letter (c) necessary as a legal safeguard in case of future litigation or legal dispute will be stored for 10 years counting from the termination of the contract.

 

5. DATA COMMUNICATION – DIFFUSION AND TRANSFER

Data will be treated, insofar as it is necessary, by authorised and adequately informed and trained personnel, by the data controller, as well as by third parties’ personnel that provide services to the data controller and deal with data on their behalf and under their mandate.

This may refer to IT service providers (i.e. hosting providers), call centre services, credit recovery activities, customer support services, marketing support activities, or any other complementary activities.

The complete and updated list of all those entrusted with data treatment is available upon request to the Data Protection Officer.

In those cases where the contractual relationship calls upon the intervention of our commercial partners, the data controller may share some of the data with the distributors, resellers and partners who are part of the product and service distribution network for Artes Group International Srl. In the course of carrying out our day-to-day business activities, data may be communicated to people in charge of controlling, revising or certifying activities commissioned by the data controller; these may include consultants and freelancers in the context of tax or legal assistance services, and in the case of business operations for which an asset assessment is deemed necessary, data may be also communicated to other Artes Group International Srl companies when required for the groups’ coordination and management, public administration and institutions, for purposes connected to legal obligations, including tax authorities when necessary, as well as people with the legal authorisation to read and receive this kind of information, Italian or foreign judicial or public authorities, for purposes connected to fulfilling certain legal obligations or other obligations acquired by contractual relationship, including for legal defence needs. The contact details might be communicated for altogether occasional requirements to the data controller’s clients and/or suppliers, for example when the need arises for collaborating with these players in order to deliver a service.

Data will not under any circumstances be communicated nor generally transferred outside of the European Union. However, for specific needs related to the location of the headquarters of possible third parties with whom data may be shared, according to the aforementioned criteria, some of the data can be transferred outside of the European Economic Area (EEA) to countries that provide adequate data protection. In those cases when the third party country does not provide adequate protection, the data controller undertakes the responsibility of ensuring an adequate level of privacy and confidentiality, also from a contractual perspective, including by stipulating specific contractual clauses.

 

6. MARKETING AND PROFILING

Upon the data subject’s consent, data may be treated by the data controller for the following purposes:

a) sending, either by email or through automatic messages or telephonically, commercial offers and initiatives related to products or services the data controller offers, as well as conducting market research or other customer satisfaction initiatives promoted by the data controller. Whenever providing private data should be deemed necessary for any such purposes, their provision is absolutely optional. It is implicit that the data processing to this end will be possible only with the data subject’s consent (art. 6 (1)(a) GDPR). The consent can be freely withdrawn at any time, in the way indicated at the following point 7 or through the unsubscribe link available in every electronic communication. Either denying consent in the first place or withdrawing it at a later date will not in any way impact the performance of the contract.

b) analysing the data subject’s consumption habits of products and services provided by Artes International Group Srl depending on what might be retained in their interest either in order to improve the Artes products and services with features that could increase customer interest or to present the data subject with offers that better address their needs. Whenever providing private data should be deemed necessary for any such purposes, their provision is absolutely optional. It is implicit that the data processing to this end will be possible only with the data subject’s consent (art. 6 (1)(a) GDPR). Possible use of data pertaining to the client as a legal person and their use of products or services might be performed by the data controller in the absence of specific consent, unless there is a regulatory provision stating otherwise. Consent can be withdrawn at any point in time, in the ways set out above in point 7; either denying consent in the first place or withdrawing at a later date will not in any way impact the performance of the contract. Upon the data subject’s consent to receive promotions and different commercial initiatives, the data controller can also communicate the data to Artes Group International Srl partners and suppliers so that they might use it for sending promotions and commercial initiatives.Apart from instances where the data subjects exercise the rights of cancellation and opposition to or limitation of the use of data mentioned in point 7 of this document, the data treated in the ways mentioned in this paragraph will be retained and treated in compliance with the existing regulation applicable to personal data for as long as necessary in order to fulfil the aforementioned purposes. This may extend to a maximum of 24 months or the maximum allowed for by the law on profiling described in letter a) of the present point; otherwise, for the purposes mentioned at letter b) of the present point, data treatment will continue until withdrawal of consent on the part of the data subject.

 

7. DATA SUBJECT’S RIGHTS

Data subjects may exercise, with regards to the data treatment herein described, the rights set out in the GDPR (art 15-21), including:

• Receiving confirmation of the existence of the data and accessing their content (right of access)
• Modifying and/or rectifying data (right of rectification)
• Asking for their erasure or limited treatment for non-compliance with the law, including those where no storage is necessary for purposes in line with the initial data collection or treatment (right to be forgotten or right of limitation)
• Opposing data treatment (right of opposition)
• Withdrawing consent, even if previously conceded, without endangering the lawfulness of the contract based on the consent given prior to the withdrawal
• Lodging a complaint with the control authority (Data Protection Authority www.garanteprivacy.it) in case of violation of the data protection rules.
• Receiving electronic copy of the data regarding the data subject, when such data had been conceded for contract management purposes and asking that the data be transmitted to another person entitled to treat data (data portability right)
• To exercise these rights, the data subject can contact the Data Protection Officer by sending a request to artesgi@pec.it or by posting the communication to: Artes Group International Srl, 20019 Settimo Milanese (MI), Via Enrico Fermi 38

 

 

Cookie Policy

1. What are cookies?

Cookies are small text strings sent from a website to the user’s terminal, where they are stored before being resent to the same website upon a user’s next visit. No user’s personal data is purposefully acquired by the website. We do not use cookies to transmit information of a personal nature, nor are persistent cookies of any kind used, or systems for tracking users. This website only uses technical cookies.

 

2. TECHNICAL COOKIES

Technical cookies are used for the sole purpose ‘of carrying out the transmission of certain information on an electronic communications network, or as strictly necessary for the service provider of an information service to provide services requested explicitly by the subscriber or user’ (according to the art 122 comma 1 Privacy Policy). Technical cookies are different from browsing or session cookies (that guarantee normal browsing and use of a website), Analytics cookies (assimilated to technical cookies when directly used by the site operator to collect information, in an aggregate form, on the number of users and how they visit the website), and functionality cookies (that allow users to browse following a series of selected criteria, for example language preference, so as to improve service). This type of cookies does not require prior consent o the data subject’s part.

 

3. THIRD PARTY COOKIES

First party cookies are placed on a user’s terminal by the website visited, whereas third party cookies are placed on a user’s terminal by a website other than the one the user is currently visiting. This site uses third party cookies, and more specifically Analytics Cookies. Google Analytics is an analysis tool from Google that helps website owners understand how visitors interact with contents they own. A set of cookies can collect information and generate statistics that a website can use without Google personally identifying single visitors. So as to avoid the abovementioned cookie storage, the user can use the specific tab for cookies management that appears on a first visit to a website. Installing and using technical cookies does not require prior consent from data subjects. At any given moment, users can choose to disactivate or directly erase cookies from their browser. In order to do so, they only need to consult the information in the browser guide or to click on the following links:

• Google Chrome
• Internet Explorer
• Mozilla Firefox
• Opera
• Safari