INFORMATION ON THE PROCESSING OF PERSONAL DATA
DATA CONTROLLER ARTEA.COM
ARTEA.COM SRL, with registered office in Milan in Via Matteo Bandello 5 – postcode 20123, telephone number 02 500 30 912, email address info@artea.com (hereinafter: “ARTEA” or also “Data Controller”).
SCOPE OF THE INFORMATION and SOURCES OF DATA COLLECTION
Artea.com is an Italian company that operates in the development of innovative technologies and applications aimed at the world of organisations, public and private. The personal data that ARTEA collects and the related processing it intends to carry out are strictly for the purpose of promoting these activities to certain categories of professionals who, due to the role they play within their organisation, may be interested in learning about and evaluating ARTEA’s solutions, in a strictly business-to-business context.
The information contained in the document refers to the processing of personal data by ARTEA that originates from different sources of collection of the same.
The information is provided for the data collected through:
- Navigation, interaction and registration on the Controller’s websites (“Sites”):
https://www.artea.com
https://hca.artea.com
and other sites identifiable with address xxxxx.artea.com, created by the Data Controller to support specific initiatives - Data originating from individual contacts with ARTEA staff through direct relationships (e.g. business cards), direct contact via social media (Linkedin, Twitter, Facebook), direct contact following proactive actions by the data subject with the ARTEA company pages on social media platforms
- Data obtained from third parties, authorised by the interested parties to communicate their data to ARTEA (e.g. list of participants in events organised by third parties and co-sponsored by ARTEA)
1 PURPOSE OF THE PROCESSING
1.1 Contractual purposes:
viewing web pages and using the services offered within the sites. In particular, the data will be processed to respond directly to the user’s requests (contact requests, presentation of services, organization of demos), to send the requested materials (e.g. white papers, brochures) and to send newsletters, if requested by the user.
1.2 Lead generation and company CRM feed:
These are direct contact actions using traditional non-automated methods (sending personal emails, telephone calls made by artea.com staff) or through methods made available by internal messaging on social platforms. These activities are carried out with regard to persons who have already expressed interest in ARTEA or who may potentially be interested in the company role held. The contact activities are carried out with the aim of verifying the actual interest of the interlocutor in ARTEA solutions, the appreciation of the materials downloaded from the site, the promotion of business and commercial activities, the reporting of business events, the proposal of market studies, white papers, statistical analysis deriving from activities carried out by ARTEA.
The individual contact data collected for this purpose, including any positive activities of the user on social networks (comments, sharing of posts, likes to content produced by ARTEA) are transferred to the company CRM system, to feed the CRM (Customer Relationship Management) data with a view to “lead generation” (marketing action that allows to generate a list of possible customers interested in the products or services offered by a company).
1.3 Direct marketing purposes:
in case of consent, sending – with automated contact methods (email, sms, mms) – information on ARTEA services, promotional and commercial communications relating to new services/products, reporting of company events, invitations to webinars.
1.4 Legal obligations:
complying with obligations under applicable regulations and national and supranational legislation.
1.5 Operation of the Sites:
the computer systems and software procedures used to operate the sites acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which, by its very nature, could, through further processing and associations, allow users of the sites to be identified.
2 LEGAL BASES FOR PROCESSING
2.1 Contractual purpose: execution of pre-contractual measures or of a contract to which you are a party.
2.2 Lead generation purposes: legitimate interest of the data controller
2.3 Direct marketing purposes: consent (optional and revocable at any time).
2.4 Legal obligations: need to fullfil legal obligations.
3 RETENTION PERIOD OF PERSONAL DATA
3.1 Contractual purpose: the data are processed in order to provide the requested service. Therefore, they will be retained until the achievement of the purpose, unless regulations or other regulations to which the data controller may be subject impose a retention for longer periods (Legal obligations).
3.2 Lead generation purposes: until the exercise of the right of opposition by the interested party, exercisable directly towards the data controller on the occasion of direct contacts (or even through a specific link made available in communications by email) and in any case not exceeding 3 months from the last interaction.
3.3 Direct marketing purposes: until the withdrawal of consent, the right can be exercised by contacting the data controller directly, or by means of a specific link made available in all communications by email, and in any case not exceeding 24 months from the last interaction.
3.4 Operation of the sites: for the duration of the browsing session on the sites.
After the retention periods indicated above, personal data will be deleted or made anonymous in accordance with the cancellation and backup procedures, except for the protection needs of the data controller in the event of possible disputes (the retention period will be extended with reference to the limitation periods of the corresponding legal action).
4 TYPE OF DATA COLLECTED
Data provided by the user
4.1 PERSONAL DATA PROCESSED FOR CONTRACTUAL PURPOSES – LEGAL OBLIGATIONS – RIGHTS OF THE DATA CONTROLLER:
Personal data (name, surname) and professional data (company, company role), contact details (email, telephone number where issued). Recording of any consents given. Data that can be associated with the visitor of internet services (for example, IP address or other network identifiers, Mac address, browser and operating system used).
4.2 PERSONAL DATA PROCESSED FOR LEAD GENERATION PURPOSES:
Personal data (name, surname) and professional data (company, company role), contact details (email, telephone number where issued).
4.3 PERSONAL DATA PROCESSED FOR DIRECT MARKETING PURPOSES:
Personal data (name, surname) and professional data (company, company role), contact details (email, telephone number where issued).
Navigation data
4.4 PERSONAL DATA PROCESSED FOR the OPERATION OF THE SITES and DURING NAVIGATION:
The IP addresses or domain names of the computers of the users who connect to the sites, the addresses in uri (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good end, error, etc.), other parameters related to the operating system and the user’s computer environment. Other information relating to the user’s browsing behaviour on the Sites, on the pages visited or searched for, and to the routes made within the sites may, subject to specific consent from the user, be processed by first and third party cookies and trackers. In the first case, this information can be used, anonymously, to know which domains the traffic on the Sites comes from and identify the organisations interested in the contents of the same. In the case of third-party cookies, this information will be used by third parties in order to select and make specific ads to the user of the sites on their platforms (e.g. Linkedin, Twitter, Facebook). For more information, please refer to the cookie policy of the sites and the contractual conditions of the platforms mentioned above.
5 OBLIGATION TO PROVIDE DATA and RIGHT TO OBJECT
The provision of personal data referred to in points 4.1 for the purpose referred to in point 1.1 is mandatory. The refusal to provide the aforementioned personal data does not, therefore, allow the possibility of using the services offered by the sites.
The provision of personal data referred to in point 4.3 for the purposes referred to in point 1.3 is optional and subject to your consent.
The personal data referred to in point 4.2 for the purpose referred to in point 1.2 is used for the exercise of a legitimate interest of the data controller pursuant to art. 6, par. 1 letter f) of the GDPR). You can, at any time, decide not to receive communications relating to the personal contact activities of lead generation by communicating it directly to the data controller, or by reporting it by clicking on the unsubscribe button at the bottom of the email received, writing at any time to the Data Controller by writing to the address info@artea.com.
Some personal data referred to in point 4.5 are strictly necessary for the operation of the Sites; other computer data associated with the visitor of the site (such as IP address, Mac address, browser used, version of the operating system, date and time of access to the site), may be stored and used for security investigations consistent with the times prescribed by law; still others are used for the sole purpose of obtaining anonymous statistical information on the use of the sites and to check their correct operation, and are deleted immediately afterwards.
6 RECIPIENTS OF THE DATA
The data may also be processed, on behalf of the data controller, by external parties designated as data processors pursuant to art. 28 of the GDPR, to whom appropriate operating instructions are given. These subjects are involved for technical or professional activities carried out on behalf of the owner and are included in the following categories:
a. companies that offer maintenance and management services for websites and information systems;
b. companies that offer services for the management of the data controller’s database (CRM);
c. companies that offer support in the implementation of marketing activities;
d. companies that provide organisational and event support services
Your personal data will not be disclosed to third parties, nor will it be disseminated.
7 SUBJECTS AUTHORISED TO PROCESS
Your data may be processed by employees and collaborators of the data controller, limited to the company functions involved in the pursuit of the purposes indicated above, expressly authorised for processing and after receiving adequate operating instructions.
8 YOUR RIGHTS AS A DATA SUBJECT – COMPLAINT TO THE SUPERVISORY AUTHORITY
By contacting the data controller via e-mail at info@artea.com, you can request access to the data concerning you, their cancellation, the correction of inaccurate data, the integration of incomplete data, the limitation of processing in the cases provided for by art. 18 GDPR.
Furthermore, in the event that the processing is based on consent or on the contract and is carried out with automated tools, you may request the portability of your data and receive it in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit it to another data controller without hindrance.
You have the right to revoke the consent given at any time for direct marketing purposes, also without prejudice to the possibility of being contacted, for the aforementioned purpose, exclusively through traditional methods, thus opposing only the receipt of communications through automated methods. You have the right to object to the processing, for reasons related to your particular situation, of the data in cases of legitimate interest of the data controller.
Finally, you have the right to lodge a complaint with the competent supervisory authority in the Member State where you normally reside or work or in the State where the alleged infringement took place.
9 TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
The data may be transferred abroad to non-European countries only after verification of the standard contractual clauses adopted/approved by the European Commission pursuant to art. 46, par. 2, lit. c) and d) of the GDPR or, in the absence, by virtue of one of the derogations referred to in art. 49 of the GDPR.