INFORMATION ON DATA PROCESSING PURSUANT TO ART. 13 EU REGULATION 2016/679
Dear User (“Interested” of the treatment), this information is provided pursuant to art. 13 of EU Regulation 2016/679 (hereinafter, the “Regulation“) when requesting services from our company.
Art. 1 – Data Controller
Pursuant to the Regulations, your personal data will be processed by ARYEL S.R.L., based in Via Arcivescovo Calabiana, 6 – 20100, Milan, (hereinafter the “Data Controller“), reachable at the e-mail address: firstname.lastname@example.org
Art. 2 – Types of data subject to processing
The personal data being processed belong to the following categories:
- common and contact data provided by the interested party, identifiable by way of example in the following data: name and surname, e-mail, telephone number, place and date of birth, residence;
- navigation data: this category of data includes the IP addresses or domain names of the computers used by those who connect to the site, the addresses of the resources requested in Uri (Uniform resource identifier) notation, the time of the request, the method used in submitting the request to the server computer, the size of the file obtained in response, the numerical code indicating the status of the response obtained (error, successful, etc.) and other parameters relating to the operating system and the IT environment of the user;
- data extracted from profiling cookies: behavior and preferences expressed by the user during navigation aimed at creating specific profiles in which the aforementioned information is stored.
List of cookies and related data used:
Interaction with the User
- Widget Tawk.to (tawk.to ltd.)
The Tawk.to widget is a service for interacting with the Tawk.to live chat platform provided by tawk.to ltd.
Personal Data processed: cookies, data communicated while using the service and usage data.
- Hotjar Poll & Survey Widget (Hotjar Ltd.)
Hotjar Poll & Survey widgets are services that allow interaction with the Hotjar platform provided by Hotjar Ltd.
Hotjar respects generic “Do Not Track” headers. This means that the browser may indicate that it does not collect any user data. This is a setting available in all major browsers. You can find information on deactivating Hotjar here.
Personal data processed: cookies, usage data and various types of data.
- Google Analytics (Google Ireland Limited)
Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services.
Google may use the data collected to contextualize and personalize the ads of its own advertising network.
Personal data processed: cookies and usage data.
LinkedIn conversion tracking (LinkedIn Insight Tag) (LinkedIn Corporation)
The LinkedIn conversion tracking cookie (LinkedIn Insight Tag) is a behavioral analysis and targeting service provided by LinkedIn Corporation that links data from the LinkedIn ad network with actions performed on this Website. The LinkedIn Insight Tag tracks conversions that can be attributed to LinkedIn ads and allows you to target user groups based on their past use of this website. Users can disable behavioral targeting features via device settings, their account settings LinkedIn or by visiting the deactivation page.
Personal data processed: cookies, device information and usage data.
- Facebook Ads conversion tracking (Facebook pixel) (Facebook Ireland Ltd)
The Facebook Ads conversion tracking service (Facebook pixel) provided by Facebook Ireland Ltd connects data from the Facebook ad network with actions performed on this website. The Facebook pixel tracks the conversions generated by the ads on Facebook, Instagram and Audience Network.
Personal data processed: cookies and usage data.
- Mailchimp (The Rocket Science Group LLC)
Mailchimp is an address management and e-mail message sending service provided by The Rocket Science Group LLC.
Personal Data processed: address, company name, cookie, country, e-mail address, name, surname, telephone number, usage data, username and various types of data.
- Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.
Hotjar respects generic “Do Not Track” headers. This means that the browser can tell its script not to collect any user data. This is a setting available in all major browsers. You can find information on deactivating Hotjar here.
- Facebook Remarketing
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. or by Facebook Ireland Ltd, depending on the location this Website is accessed from, that connects the activity of this Website with the Facebook advertising network.
Personal Data processed: Cookies; Usage Data
- Facebook Custom Audience (Facebook Ireland Ltd)
Personal Data processed: Cookies; email address.
- Remarketing with Google Analytics (Google Ireland Limited)
Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the tracking activity performed by Google Analytics and its Cookies with the Google Ads advertising network and the Doubleclick Cookie.
Personal Data processed: Cookies; Usage Data.
- LinkedIn Website Retargeting (LinkedIn Corporation)
LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of this Website with the LinkedIn advertising network.
Personal Data processed: Cookies; Usage Data.
- Twitter Remarketing (Twitter, Inc.)
Twitter Remarketing is a remarketing and behavioral targeting service provided by Twitter, Inc. that connects the activity of this Website with the Twitter advertising network.
Art. 3 – Purpose, legal basis and optional nature of the processing
The aforementioned personal data will be processed by the Data Controller for the following purposes:
a. fulfill the technical requirements necessary for the provision of the requested services;
b. perform administrative and accounting / tax requirements necessary for the provision of services;
c. fulfill any legal obligations;
d. ascertain, exercise or possibly defend a right in court;
e. carry out direct marketing activities by sending commercial communications (promotions, newsletters, sms) electronically;
f. carry out statistical analysis and profiling of your habits in order to propose personalized commercial offers.
The legal basis of the processing for the purposes under a) and b) is art. 6.1. lett. a) and b) of the Regulations.
The legal basis of the processing for the purpose under c) is art. 6.1. lett. c) of the Regulations.
The legal basis of the processing for the purposes under d) is art. 6.1. lett. f) of the Regulations.
The legal basis of the processing for the purpose under e) is art. 6.1. lett. a) and f) of the Regulations.
The legal basis of the processing for the purpose under f) is art. 6.1. lett. a) of the Regulations.
The provision of your personal data is mandatory for the purposes referred to in points a), b), c) and d) failure to provide it will make it impossible to provide the services indicated above.
In some jurisdictions outside the European Union, the Data Controller may be authorized to process personal data without the need for the consent of the interested party or even in the absence of one of the legal bases specified above, as long as the User does not object (” opt-out “) to such processing.
Art. 4 – Methods of data processing
The navigation data are functional to the use of the web platform and their transmission is implicit in the use of Internet communication protocols. The data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
The common data will instead be used for customer identification, as well as for sending communications relating to the specifically requested service.
The contact details may also be used – with prior consent – for sending newsletters, other corporate communications or promotions related to the services offered.
The data obtained from the profiling cookies are used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net.
The processing may take place using manual, IT and telematic tools with logic strictly related to the purposes themselves and, in any case, in ways that guarantee the security and confidentiality of the data, in addition to compliance with the specific obligations established by law.
Art. 5 – Recipients and transfer of personal data
As part of the processing listed above, your personal data may be communicated in paper and / or electronic format to the following categories of recipients:
- External service providers (purpose a-b).
- Administrations and public bodies (purpose b-c).
- Consulting companies that operate for the company in various sectors (purpose b-c-d-e).
- Insurance company, credit recovery company (purpose b-c-d).
- Freelancers in the legal and commercial field (b-c-d purposes).
- Entities managing the IT system (purposes a – b-c-d-e-f).
Art. 6 – Transfer of data outside the EU
As regards to the possible transfer of data to third countries, the Data Controller announces that the processing will take place according to one of the methods permitted by current law, such as the consent of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. It is possible to have more information, upon request, from the Data Controller at the contacts indicated above.
Art. 7 – Retention of personal data
The aforementioned personal data will be stored only for the time necessary for the purposes for which they are collected, respecting the principle of minimization referred to in Article 5.1. c) of the Regulations. For minors, consent must be renewed personally upon reaching the age of majority.
With regard to communications for commercial purposes, registration and related processing are considered valid until terminated by the user, via a link in each e-mail or from the user’s control panel. If the sending frequency is lower, at least every thirty-six months a verification communication will be sent to all users, containing the cancellation link.
More information is available from the Data Controller, reachable at the address indicated above.
Art. 8 – Your privacy rights
As an interested party, you have the right to ask the Data Controller, at any time, to access the aforementioned personal data, correct or delete them or to oppose their treatment; to request the limitation of processing in the cases provided for by art. 18 of the Regulation, to revoke the consent given pursuant to art. 7 of the Regulations at any time; to obtain the data concerning you in a structured format, commonly used and readable by an automatic device, in the cases provided for by art. 20 of the Regulation; to lodge a complaint with the competent Supervisory Authority (Guarantor for the Protection of Personal Data) pursuant to art. 77 of the Regulation, if it considers that the processing of data is contrary to the legislation in force.
You can make a request for opposition to the processing of your data pursuant to article 21 of the Regulation in which to highlight the reasons justifying the opposition: the Data Controller reserves the right to evaluate your request, which would not be accepted in the event of the existence of compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms.
Requests must be sent in writing to the Data Controller at the addresses indicated above.