Privacy Policy

With regard to Regulation EU 2016/679 – General Data Protection Regulation (GDPR)

Introduction

Dear user of the arrex.it website, the purpose of this document is to help you understand what data we collect for our business, how we use them, how they are updated, what your rights are as a web client and the tools at your disposal to always have control over your data.

Arrex-1 S.p.a. is aware of the importance of protecting the confidentiality of personal data, and – considering that the Internet can be a great tool for the exchange and circulation of information – it commits fully to respecting rules of conduct that are in line with Regulation EU 2016/679 (GDPR) as done previously in relation to Italian Legislative Decree no. 196 of 30 June 2003, (Code regarding the protection of personal data) and that ensure a safe, controlled and confidential browsing experience.
In light of the foregoing, we urge and advise users of the www.arrex.it website to carefully read this document that in general sets out the guidelines that Arrex-1 Spa follows in collecting and processing personal data, to always provide a satisfactory service to its customers and users and, in particular, the methods and purposes of the processing of personal data that are provided by the user through browsing our website.

This Privacy Policy applies only to the online activities of this website and is valid for visitors/users of the website. It does not apply to information collected through channels other than this website (for example through external websites that may be consulted by the user through links on this website). The purpose of the Privacy Policy is to provide maximum transparency regarding the information that the website collects and how it is used.

What kind of processing do we do with your data?

Arrex-1 Spa collects some personal data (like name, surname, email address, telephone number, etc.) from users that are voluntarily provided by them during the registration phase, when requesting information via email or by subscribing to the newsletter. These data are used to respond to user requests or to perform the services requested by them.

Once registered, the email address of the users who sign up for the newsletter service is subsequently managed through the MailChimp newsletter distribution system.

Why do we process your data?

The personal data provided by users are used only to perform the requested service.

Other technical data (and not personal data) are collected for security and statistical purposes, processed in an automated form and collected in an exclusively aggregated form in order to verify the proper operation of the website, to improve the relevance of the results provided and obtain anonymous statistics on the use of the website. These data will not be disclosed to third parties for any reason, nor will they be disseminated.

For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include data like IP address, which could be used in accordance with applicable laws to block attempts to damage the website itself or to cause damage to other users or in any case activities that are harmful or that constitute a crime. Such data are never used for the identification or profiling of the user, but only for the protection of the website and its users.

What kind of information do we collect?

Personal Data

The personal data collected may include: name and surname, residential address, email address, telephone number.

Other data collected may refer to your home environment (photographs of the kitchen, surface of the kitchen, name of the kitchen model) or third parties related to your kitchen (name of the retailer) but not directly to your person.

The processing involves only common data. The inclusion of any data that can be qualified as “sensitive” (pursuant to article 4 of the Code) or “particular” (pursuant to art. 9 of the GDPR) like, for example, data relating to religion, state of health, ethnicity or sexual orientation, will result in the immediate destruction of the message, announcement or communication submitted by the visitor.

Technical browsing data

The technical data collected could include the following:

– Internet protocol (IP) address

– Type of browser and the parameters of the device used to connect to the website

– Name of the Internet service provider (ISP)

– Date and time of the visit

– Visitor’s web page of origin (referral) and exit

– Number of clicks

– Any information regarding documentation downloaded from the website

How long do we keep your data?

With regard to the personal data that you voluntarily submit, the data controller will store them for the time necessary to verify and assess the information provided for the purpose of exchanging information, contacts or the services requested. Once the purpose is completed, the data will be deleted within 2 years from the end of the service.

The technical data used for security purposes are kept for 30 days while the technical data used for statistical purposes are kept for an unlimited period of time.

Where do we process your data?

The data collected by the website are processed at the headquarters of Arrex-1 S.p.a. and at the web hosting data centre where the website is hosted, and are only handled by technical personnel authorised to process them or by persons authorised to perform occasional maintenance operations (website developers).

No data deriving from the web service is disclosed except in cases expressly provided for by law or, in the case of participation in “Vote the kitchen”, your name and surname with your consent.

Who processes your data?

In addition to the controller, in some cases other categories of authorised parties may have access to the data including those involved in the provision of the service requested (administrative, sales, marketing, legal personnel, system administrators) or external parties, also duly authorised by the data controller (like agents, dealers, suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies).

Are you required to provide your data?

No. The website is accessible to users without the need to provide their personal data.
However, some parts of the website are accessible only by registered users.

If you do not provide these data we cannot fulfil your requests for information. In some cases we ask for your explicit consent to the processing of your data (e.g. to subscribe to the newsletter or to participate in the “Vote the kitchen” section): this consent can be provided online by ticking a box.

In any case, the provision of data and your consent takes place on an optional, explicit and voluntary basis.

The user can deny consent and at any time can withdraw a consent that has already been given using the following methods:

  • For data collected through electronic correspondence generated by a contact form it will be necessary to send an email clearly requesting the erasure of your data.
  • It is not possible to request the erasure of technical navigation data collected anonymously as they are not traceable to the user they are associated with (by definition they are not considered “personal data”).

Denying consent may make it impossible to provide certain services, and the browsing experience on the website may be compromised.

How are your data processed?

Personal data are processed using automated tools.

Specific security measures are implemented to prevent data loss, illicit or improper use and unauthorised access. However, there is always a minimal risk that an unauthorised third party can intercept Internet transmissions. We therefore urge you to use caution when transmitting personal data via the Internet, weighing the advantages and risks.

Can your data be transferred outside the European Community?

This website may share some of the data collected with services located outside the European Union. In particular with Google, Facebook, Twitter, Pinterest and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorised on the basis of specific decisions of the European Union and the Italian Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield), therefore no further consent is required. The companies mentioned above guarantee their compliance with the Privacy Shield.

What rights do you have to protect your data?

Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the User can, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:

– Request confirmation of the existence of personal data concerning him/her (right of access).

– Know their origin.

– Receive them in an intelligible form.

– Receive information about the logic, methods and purposes of their processing.

– Request their updating, rectification, completion, erasure, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;

– In cases of consent-based processing, receive a copy of the data provided to the data controller in a structured form that can be read by a computer and in a format commonly used by electronic devices.

– The right to lodge a complaint with a supervisory authority (http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524).

– As well as, more generally, exercising all the rights that are recognised by the current provisions of the law.

Who is the data controller?

The Data Controller is Arrex-1 S.p.a. with registered office in Via Portobuffolè 32 – 31040 Mansuè (TV).

Privacy questions

If you have any questions or concerns regarding the Arrex-1 S.p.a. Privacy Policy or the processing of your data, or if you intend to exercise your rights, please contact us at info.arrex@arrex.it or info.arrex@legalmail.it

Request for consent for some services

I consent to the processing of my personal data for the purposes and in the manner described in the privacy policy.