Privacy Policy

1. Categories of Personal Data Processed

   The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

   • Contact data: name, surname, address, email, telephone, images, authentication credentials, any additional information submitted by the Data Subject, etc.

   The Controller processes the following types of Personal Data collected automatically:

   • Technical data: Personal Data generated by devices, applications, tools and protocols used, such as, for example, information about the device used, IP addresses, browser type, type of Internet provider (ISP). Such Personal Data may leave traces that, particularly if combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons.
   • Browsing and usage data of the Application: such as, for example, pages visited, number of clicks, actions performed, session duration, etc.

   Failure to provide Personal Data for which there is a legal, contractual, or necessary requirement for the conclusion of a contract with the Controller will make it impossible for the Controller to establish or continue the relationship with the Data Subject.

   The Data Subject who communicates Personal Data of third parties to the Controller is directly and solely responsible for their origin, collection, processing, communication or dissemination.

2. Cookies and Similar Technologies

   The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect Personal Data from the Data Subject on the pages, links visited, and other actions taken while using the Application. They are stored to be retransmitted during the Data Subject’s subsequent visits. The complete Cookie Policy is available at the following address: https://aryagroupspa.com/cookie-policy/

3. Legal Basis and Purpose of Processing

   The processing of Personal Data is necessary:

   1. For the performance of the contract with the Data Subject, specifically:
      1. Fulfilment of all obligations arising from the pre-contractual or contractual relationship with the Data Subject
      2. Support and contact with the Data Subject: to respond to the Data Subject’s requests
   2. For compliance with legal obligations, specifically:
      1. Compliance with any obligation provided by current laws, regulations, and standards, in particular in tax and fiscal matters
   3. On the basis of the legitimate interest of the Controller, for:
      1. Email marketing of the Controller’s products and/or services: to directly sell the Controller’s products or services using the email provided by the Data Subject in the context of the sale of a product or service similar to the one previously purchased
      2. Management, optimisation, and monitoring of the technical infrastructure: to identify and resolve technical problems, improve Application performance, manage and organise information in an IT system (e.g., servers, databases, etc.)
      3. Anonymous data statistics: to perform statistical analyses on aggregated and anonymous data to analyse the behaviour of the Data Subject and improve the products and/or services offered by the Controller and better meet the expectations of the Data Subject
   4. On the basis of the consent of the Data Subject, for:
      1. Profiling for marketing purposes: to provide the Data Subject with information about the Controller’s products and/or services through automated processing aimed at collecting personal information to predict or assess their preferences or behaviour
      2. Retargeting and remarketing: to reach the Data Subject with personalised advertising who has already visited or shown interest in the products and/or services offered by the Application by using their Personal Data. The Data Subject may opt-out by visiting the Network Advertising Initiative page
      3. Marketing purposes for the Controller’s products and/or services: to send information or promotional materials, conduct direct sales activities of the Controller’s products and/or services or conduct market research using automated and traditional means

   Based on the Controller’s legitimate interest, the Application allows interaction with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies, which the user is invited to refer to. Interactions and information acquired by this Application are in any case subject to the privacy settings selected by the Data Subject on those platforms or social networks. This information – in the absence of specific consent for further purposes – is used solely to allow use of the Application and provide the requested information and services.

   The Data Subject’s Personal Data may also be used by the Controller for legal defence before competent judicial authorities.

4. Methods of Processing and Recipients of Personal Data

   The processing of Personal Data is carried out using paper and IT tools with organisational methods and logic strictly related to the stated purposes and through the adoption of appropriate security measures.

   Personal Data is processed exclusively by:

   • persons authorised by the Controller who are committed to confidentiality or have an adequate legal obligation of confidentiality;
   • entities operating as autonomous controllers or designated as data processors by the Controller to carry out all necessary processing activities for the purposes described in this policy (e.g., business partners, consultants, IT companies, service providers, hosting providers);
   • parties or entities to whom the Personal Data must be communicated by law or by order of the authorities.

   The above entities are required to use appropriate safeguards to protect Personal Data and may only access it to the extent necessary to perform their assigned tasks.

   Personal Data will not be disseminated indiscriminately in any way.

5. Location

   Personal Data will not be transferred outside the territory of the European Economic Area (EEA).

6. Retention Period of Personal Data

   Personal Data will be retained for the time necessary to fulfil the purposes for which it was collected, specifically:

   • For purposes related to the execution of the contract between the Controller and the Data Subject, it will be retained for the entire duration of the contractual relationship and, after its termination, for the ordinary limitation period of 10 years. In case of legal dispute, for the entire duration thereof, until the expiry of the deadlines for lodging appeals
   • For purposes related to the legitimate interest of the Controller, until such interest has been fulfilled
   • For compliance with legal obligations or orders of authorities, and for legal defence, for the duration prescribed by such obligations, laws, and in any case until the limitation period provided by applicable legislation
   • For purposes based on the consent of the Data Subject, until the consent is withdrawn

   At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.

7. Rights of the Data Subject

   The Data Subject may exercise certain rights regarding the Personal Data processed by the Controller. In particular, the Data Subject has the right to:

   • be informed about the processing of their Personal Data
   • withdraw consent at any time
   • restrict the processing of their Personal Data
   • object to the processing of their Personal Data
   • access their Personal Data
   • verify and request the rectification of their Personal Data
   • obtain the restriction of the processing of their Personal Data
   • obtain the deletion of their Personal Data
   • transfer their Personal Data to another controller
   • lodge a complaint with the data protection authority and/or take legal action

   To exercise their rights, the Data Subject may send a request to the following email address: arya@aryagroupspa.com. Requests will be handled by the Controller as soon as possible and in any case within 30 days.

Last update: 14/10/2024