In fulfilment of the obligations set forth by the current privacy regulation, (General Data Protection Regulation No. 679/2016, GDPR art. 13), this website respects and protects visitor and user confidentiality, implementing every possible and proportionate effort to avoid violating user rights.
Legal basis of data processing
This website processes data based on consent. Providing data and therefore providing Consent for collecting and processing data is optional, the User can deny consent, and can withdraw previously granted consent at any time. However, denying consent may make it impossible to provide some services and may compromise navigation on the website. As of May 25 2018 (the data of entry into force of the GDPR), this website also processes data based on the legitimate interests of the data controller. The consent can be required also to send promotional material (which is collected on the site, but then handled externally).
Collected data and purposes
Like all websites, this one uses log files that store information collected automatically during user visits. The collected information may be:
- Internet protocol (IP) address;
- Type of browser and parameters of the device used to connect to the website;
- Name of the internet service provider (ISP);
- Date and time of the visit;
- Visitor entry (referral) and exit web page;
- Number of clicks, if any;
- Name, surname, mobile number, email;
- Company name
- Industrial data for the test
The above information is processed automatically and collected exclusively in aggregate form in order to monitor correct website operation, and for safety reasons (as of May 25 2018 this information may also be processed based on the legitimate interests of the data controller).
For safety purposes (anti spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as IP address, which could be used, in compliance with the relative laws in force, to block attempts to damage the website or harm other users, or in any case block harmful activities that represent crimes. This data is never used for user identification or profiling, but only for the purpose of protecting the website and its users (as of May 25 2018 this information is also processed based on the legitimate interests of the data controller).
Received data is used exclusively to provide the following services delivered by the ASR Srl website:
- Responses to requests for information-contacts
- Responses to requests for information-free test
The data collected from the website during its operation is used exclusively for the stated purposes and stored for the amount of time necessary to perform the specified activities or, if the case, until there is a request for deletion.
Pursuant to the laws in force, the data controller is ARS Srl con socio unico, Via Piero Gobetti, 19, 52100 Arezzo (AR), in the person of the pro tempore legal representative.
Communicating data to other subjects
The data picked up by the website will never be given to third parties outside of ARS, for no reason whatsoever, unless there is a legitimate request from the legal authorities or state agencies as required by law only. ARS employees and/or collaborators appointed to perform for ARS the activities required to fulfil the processing purposes may have access to the personal data being processed. These include the Web Hosting website manager, appointed by the ARS Data Supervisor, and therefore subject to the same obligations as the Controller. The Data controller is required, on request, to provide the data subjects with the list of the aforementioned subjects.
Place of processing
The data collected by the website is processed at the web Hosting datacenter. The web hosting is in charge of data processing, processing the data on the behalf of the controller and is located in the European Economic Area and operates in compliance with European standards.
- This is the cookie that distinguishes the Visitor. It lasts for 2 years and, among other things, it has a unique code that is able to distinguish the Visitor. To measure the number of people (Unique Visitors) that visit a website, Google Analytics counts the number of utma.
- _utmb and _utmc. These are two cookies that identify the session (Visit). Google Analytics uses them to calculate the metrics based on time, duration of the Visit or time on the Page. They expire when the browser is closed or by exiting the website.
- This is the cookie that identifies the Traffic Source. It collects information on the origin of the Visit (organic search, link in another website, online campaign, etc..). It lasts 6 months.
- This cookie is used to track custom vars. The duration varies based on the setting level of the customised variable (Page, Session, Visitor).
By using the site the visitor expressly agrees to the use of the cookies.
Social Network Plugins
This website also incorporates some plugins and/or buttons for social networks, for conveniently sharing content on your preferred social networks. These plugins are programmed in a way that no cookies are set when accessing the page, to protect user privacy. Any cookies are set, if required by the social network, only when the user effectively and voluntarily uses the plugin. Bear in mind that if the user navigates as logged into the social network, then he/she has already agreed to the use of the cookies sent through this website when he/she registered with the social network.
The collection and use of the information obtained through the plugin are regulated by the respective privacy information notes of the social networks, that you are asked to refer to.
This website processes user data in a legitimate and correct manner, implementing due safety measures aimed at preventing unauthorised access, disclosure, modification or unauthorised destruction of the data. Processing is carried out with electronic and/or telematic tools, with organisational and logic methods strictly connected to the stated purposes. In addition to the controller, in some cases, categories of staff involved in the organisation of the website (administrative, sales, marketing, legal, system administrator staff) may have access to the data, i.e. external subjects (such as the providers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies).
Pursuant to European Regulation 679/2016 (GDPR) and the national standard, the User may, according to the methods and limits set forth in the standard in force, exercise the following rights:
- request confirmation of the existence of personal data concerning him/her (right to access);
- know the origin;
- receive intelligible notification;
- have information on the logic, the methods and the purposes of processing;
- ask for the update, rectification, integration, erasure, anonymisation, blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected;
- in cases of consent-based processing, to receive at the sole cost of the media, one’s data given to the controller, in a structured form that is intelligible by a data processor and in a format that is commonly used by electronic devices;
- the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern the data subject or that significantly affects the data subject in the same way
- the right to file a complaint with the Italian Data Protection Authority;
- as well as, more generally, to exercise all of the rights that apply based on current provisions of the law (GDPR art 15 to 22),
Requests are addressed to the Data Controller.
If the data has been processed based on the legitimate interests of the data controller, the rights of the data subjects are nevertheless upheld (with the exception of the right of transfer, which is not established by law), particularly the right to oppose processing, which can be exercised by sending a request to the data controller.
Rev. 00- This policy was updated in September 2018 following Lgs. D. 101/18 implementing the GDPR.
Rev.01 - This policy was updated in July 2020 following the addition of newsletter.