This page describes how Arca24.com SA treats the personal information of its website’s visitors as well as of those who interact with the web services that can be accessed by visiting the websites owned by the company, in accordance with the Federal Act on Data Protection (FADP) and the article 13 of the Regulation (EU) 2016/679 – GDPR.
This information refers to all the websites owned by Arca24.com but not to other websites linked to those.
1. Owner of data treatment
Arca24.com SA – Via Roncaglia n.5, CH-6883 Novazzano, email address firstname.lastname@example.org, hereinafter referred to as “Arca24” or “Owner”, is the owner of the treatment of your personal information.
2. Treated data type
2.1 Navigation data
The information systems and software procedures used to operate this website acquire personal data as part of their standard functioning. The transmission of such data is an inherent feature of the internet communication protocols.
Such information is not collected in order to be related to identified individuals, however that might enable the identification of those users.
This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, the returned file size, a numerical code relating to the server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.
These data are only used to extract anonymous statistical information on the website use as well as to check its functioning. They are erased immediately after being processed.
2.3 Data provided voluntarily by users
The owner handles non-sensitive, personal and identification data (including, but not limited to, name, address, telephone, email address, etc. – hereinafter referred as to “personal data” or “data”) provided by you upon registration with the website, when ordering and/or purchasing products online through the website, when filling out a contact form to the owner or submitting any other request.
3. Purposes of data processing
The above mentioned user’s data are processed by the owner in order to :
a) pursue, in accordance with article 6(1) let. f) of GDPR, an its own legitimate interests consisting in ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems;
b) allow the user to ask for information and submit it and the owner to provide the user with the related feedback;
c) send marketing communications, informative newsletters and marketing material to the user via e-mail as well as via telesales cold-calling, in accordance with article 7 of GDPR.
d) allow the user to apply for job positions and the owner to process the user’s application;
e) exercise the owner’s rights, such as the right to legal defense;
f) fulfil the obligations foreseen by law, regulation, community standards or by order of the Authority.
4. Consequences of any refusal to respond
5. Manner of data processing
The personal data is processed through computerized, automated manual systems for the period of time that is necessary to achieve the purposes for which the data is collected.
The personal data, moreover, is only processed by those individuals appointed to carry out such fulfilments, who are currently identified and duly educated on the constraints provided by the applicable law, as well as by adopting specific security measures aimed to ensure the protection of your confidentiality and to avoid the loss of data, any unauthorized accesses to the data and any data processing which may be qualified as unlawful or not compliant with the abovementioned purposes.
6. Communication of personal data
The personal data collected by the owner through the website will not be neither distributed nor transferred to third parties, save for those eventualities contemplated by law.
In any case, the owner retains the right to communicate the users’ personal data to the companies in charge for carrying out specific services within its activity and/or that operate as independent data controllers or processors, as well as the right to communicate and/or to distribute the user’s personal data that, in compliance with the applicable law, the police, the judicial authority, the information and security agencies or other public subjects might ask for purposes related to defense or State security or to preventing, detecting or suppressing crimes.
The up-to-date list of data supervisors and processors is kept at the headquarters of the processing owner.
7. Data transfer
Personal data will be stored and managed on servers located in Switzerland. The owner shall, wherever necessary, retain the right to locate the servers in the European Union and/or non-EU countries. In that case the owner guarantees as of now that the transfer of the data outside the European Union shall be undertaken in accordance with applicable law, drawing up agreements, where required, to ensure an adequate level of protection and/or adopting the standard contractual clauses foreseen by the European Commission.
8. Rights of the interested party
In your capacity as an interested party, you enjoy your rights under art. 15 of GDPR; specifically:
1. confirmation of whether or not there is personal data concerning your person, even if such data has not been registered yet, and notice of such data in a form that is legible;
2. a copy of your personal data;
3. rectification of your personal data, if they are incorrect;
4. erasure of your personal data;
5. restriction of your personal data processing;
6. have the personal data provided in a structured, commonly used and machine-readable format;
7. indication of:
a) the source of the personal data;
b) the categories of the personal data processed;
c) the purposes and manner of the processing of those data;
d) the reasoning applied in the event of processing undertaken with the aid of electronic systems;
e) details allowing the identification of the owner and other data processors;
f) the period of time for which the personal data will be stored, or, if that is not possible, the criteria used to determine that time;
g) individuals, entities or categories of individuals to whom the personal data may be communicated or who may get to know them in their capacity as designated representatives within the country;
h) the updating, rectification, and, when requested, integration of the data;
i) the anonymization or blocking of the data processed unlawfully, including those that it is not necessary to preserve in respect of the purposes for which the data is collected or subsequently processed;
j) the certification stating that the operations as per letter a) and b) have been brought to the attention, also with regard to their contents, of those to whom the data has been communicated or disseminated, with the exception of those cases in which such a legal obligation proves to be impossible or entails use of means which are patently disproportionate compared to the entitlement being safeguarded.
9. The user shall have the right to object wholly or partially:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication survey.
In order to exercise the aforementioned rights, the users have to submit a request to the owner’s e-mail address, as it is indicated at the art. 1, specifying “Privacy – exercise of the rights” as subject.
In case you believe that your rights have been infringed by the owner and/or by a third party, you have the right of lodging a complaint with the data protection guarantor and/or with a competent authority provided by GDPR.
10. Data processing and retention period
The processing of your data will only last for such period of time that is necessary for achieving the purposes mentioned at the previous art. 3. The owner will then store the data only in compliance with the legal obligations provided by the applicable laws, for administrative purposes and/or to claim or to defend an own right in the case in which a litigation or a pre-litigation procedure arise.
In case the owner wants to treat and process the users’ data for any purpose that is different from those mentioned at the previous art. 3, a notification has to be submitted to the users before that change comes into force.
Whenever you believe your rights have been violated by the owner and/or by a third party, you have the right to lodge a complaint with the data protection guarantor and/or with a competent authority provided by GDPR.