This page describes the Policy implemented by ART. SERF SPA on personal data processing with reference to personal data acquired from website users.
corresponding to the home page of the official website of ART. SERF SPA.
The Data Controller is ART. SERF SPA, with headquarters in Via Cal Longa, 15/B - 31038 Vazzola (TV) Italy.
Type of data processed and purpose of processing
The computer systems and software procedures used to operate this website acquire, during normal course of their operations, some personal data that are then transmitted implicitly in the use of Internet communication protocols.
This information is not collected to be associated with identified users, but by its very nature could allow users to be identified, through processing and association with data held by third parties.
This category of data includes IP addresses or domain names used by users connecting to the website, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the dimensions of the file obtained in response, the numerical code indicating the status of the data response from the server (successful, error, etc.) and other parameters relating to the operational system and the IT environment of the user.
These data are used for the sole purpose of obtaining anonymous statistical information about the use of the website and to ensure proper functioning and are deleted after processing. The data could be used to ascertain liabilities in the event of potential IT crimes against the website.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of emails to the addresses indicated on this website, also by filling in specific forms, involves the subsequent acquisition of the sender’s address, which is needed in order to respond to requests, and any other personal data included in the message.
The personal data you freely provided may be processed for the following purposes:
upon specific request of the Data Subject, responding to requests for information on the services provided and products/solutions marketed directly by ART. SERF SPA, and the processing of reports of any kind, also submitted via contact form (art. 6 paragraph 1 letter b) GDPR 2016/679).
upon specific request of the Data Subject, the management of E-recruitment applications and/or other forms of professional collaboration (art. 6 paragraph 1 letter b) GDPR 2016/679.
subject to explicit consent of the Data Subject, the sending of information, commercial and/or promotional communications, in full compliance with the GDPR 2016/679 and the national legislation in force (art. 130 Legislative Decree 196/2003 and subsequent amendments and integrations), and the General Provision of the Data Protection Authority “Guidelines on promotional activities and spamming” of 4 July 2013 (Art. 6 paragraph 1 letter a) GDPR 2016/679.
Any specific information will be progressively provided or displayed in the website’s pages prepared for particular services, which may be requested.
The collection and recording of data will take place for specific, explicit and legitimate purposes and in a manner compatible with such purposes, as part of the processing that is required for conducting business activities. Such data will be processed in accordance with the principle of accuracy and, where necessary, updated, so that they are always adequate, relevant and limited to what is necessary and kept for no longer than their intended use in relation to the purposes for which they are collected and subsequently processed in accordance with the GDPR 2016/679 and the national legislation in force.
Personal data may be processed with the aid of both paper and electronic means, and in any case in such a way as to guarantee their safety and the utmost confidentiality of the Data Subject. Specific security measures will be observed to prevent data loss, unlawful or incorrect uses and unauthorised access in full compliance with Art. 32 of the GDPR 2016/679 and the national legislation in force.
Cookies, plugins and services for interaction with external platforms
Mandatory or optional nature of providing data and consequence of any refusal
Apart from what is specified for surfing data, the user’s consent is to be considered optional. However, failure to provide consent may make it impossible for ART. SERF SPA to provide the services requested. If consent is given, it may be revoked at any time by sending a request to the following address: firstname.lastname@example.org.
Without prejudice to communications and disclosures made in compliance with legal obligations, all collected and processed data may be disclosed to:
Subjects to whom it is necessary to communicate the data for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract, in general, to pursuit the purposes indicated in this policy;
Subjects who process data on behalf of the Data Controller as Data Processors pursuant to Article 28 of the GDPR 2016/679, such as, including but not limited to: subjects who provide services for the management of the information system and telecommunication networks, including emails. The complete and updated list of Data Processors is available, to those entitled to it, by simple request to the Data Controller’s headquarters;
Subjects authorized to access data by current legislation and/or to whom data must be communicated in compliance with legal obligations.
Personal data may be processed by employees and collaborators assigned to the competent offices of the Undersigned Company, explicitly authorized for processing on the basis of art. 29 of the GDPR 2016/679 and the national legislation in force.
Transfer of data abroad
Personal data may be communicated and/or transmitted abroad only for the pursuit of the purposes referred to in this information, or for exclusively technical reasons related to the structure of the Business Information System and/or the implementation of technical and organizational security measures deemed suitable by the Data Controller (Article 32 GDPR 2016/679), and exclusively in compliance with articles 44 et seq. of the GDPR 2016/679.
Data retention period:
The data will be stored in our archives according to the following parameters:
Data provided voluntarily by the user: until the date of termination of the service (‘storage limitation principle’, Article 5 of the GDPR 2016/679) or according to the deadlines set by the Law.
Data processed for information, promotional and commercial purposes: 24 months.
In relation to the specific limitation periods provided for by the law, the data necessary for the assessment, exercise or defence of a right in court may be subject to longer retention times.
The verification on the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
Data Subject's rights
The Data Subject may exercise the rights provided within the limits and under the conditions set out in Articles from 15 to 22 of the GDPR 2016/679 and by the national legislation in force. In particular, the GDPR provides the following rights for the Data Subject:
Right of access (Article 15 of the GDPR 2016/679);
Right to rectify inaccurate personal data and right to integrate incomplete personal data (Article 16 of the GDPR 2016/679);
Right to erasure (Article 17 of the GDPR 2016/679);
Right to restriction of processing (Article 18 of the GDPR 2016/679);
Right to be informed about the recipients to whom any rectification or erasure of personal data or restriction of processing has been communicated (Article 19 of the GDPR 2016/679);
Right to data portability (Article 20 of the GDPR 2016/679);
Right to object (Article 21 of the GDPR 2016/679);
Right not to be subject to a decision based solely on automated processing (Article 22 of the GDPR 2016/679).
In the event of signing any form of consent to the processing, it should be noted that the Data Subject can revoke it at any time, without prejudice to the mandatory obligations provided for by the legislation in force at the time of the revocation request, by contacting the Data Controller at the following e-mail address: email@example.com.
Right to lodge a Complaint
The Data Subject who believes that the processing of her/his personal data carried out through this website is in violation of the provisions of the GDPR 2016/679 has also the right to lodge a complaint with the supervisory authority for the protection of personal data, as provided for in Article 77 of the GDPR 2016/679, or to apply to the competent judicial authorities (Article 79 of the GDPR 2016/679).
For further information, you may contact the Data Controller: