Privacy policy

Privacy Policy – information on the Processing of personal data (ex. Art. 13 EU Regulation 679/2016, GDPR) for the site arovescio.com owned by I RIGHI SRL

I RIGHI SRL with registered office in Via dei Maniscalchi 28, 41012 Carpi (MO), VAT no. 03801590369 (hereinafter, also “Owner”), owner of the website https://arovescio.com (hereinafter, the “site”), as Data Controller of the personal data of the users of the site (hereinafter, the “Users”) provides below the privacy information pursuant to art. 13 of Legislative Decree 196/2003 (hereinafter, the “Privacy Code”) and pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation”, the Regulation and the Privacy Code are together defined as “Applicable Legislation”).

This site and any services offered through the site are reserved for subjects who have reached the age of eighteen. The Owner therefore does not collect personal data relating to subjects under the age of 18. Upon request of the Users, the Owner will promptly delete all personal data inadvertently collected and relating to subjects under the age of 18.

The Owner takes the utmost account of the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users may contact the Owner at any time, using the following methods:

> By sending a registered letter with return receipt to the registered office of the Owner Via dei Maniscalchi 28, 41012 Carpi (MO);
> By sending an email to arovescio@arovescio.com
> By sending a fax to +39 059.8635311

1. Legal basis of the Processing

The collection of web users’ data, in compliance with the principle of lawfulness of the Processing, is justified by the legitimate interest of the Owner in improving the website to improve the User’s experience and in analyzing and verifying the number of visitors to the site.

2. Categories of personal data subject to the Processing

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s IT environment.

Such data, necessary for the use of web services, are also processed for the purpose of:

Obtaining statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
Checking the correct functioning of the services offered.

3. Purpose of Data Processing

The personal data of Users will be lawfully processed by the Owner pursuant to art. 6 of the Regulation for the following Processing purposes:

Registration on the website: personal data are collected and processed by the Owner to process the request for registration on the site, which is necessary for viewing the Collections. Therefore, upon consent and in the event of completing the registration form, the User will receive the access credentials at his/her email address. The User data collected by the Owner for this purpose include the email address, name and surname. No other Processing will be carried out by the Owner in relation to the personal data of the Users. Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Owner make the personal data of the Users accessible to other Users and/or third parties.

Please note that failure to consent to the Processing of data in the registration form will affect navigation on the site as it will not be possible to view the Collections.

To unsubscribe from the website, you can make a request by email to arovescio@arovescio.com, taking care to include the wording “Unsubscribe from the arovescio.com website” in the subject line;

Marketing purposes: personal data are collected and processed by the Owner, subject to the User’s consent, to process the request relating to the sending of the newsletter. Therefore, the User will receive a periodic newsletter from the Owner containing information, updates and news in relation to the activities of the arovescio.com website. The data collected for this purpose includes the User’s email address, name and surname. No other Processing will be carried out by the Owner in relation to the Users’ data. Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Owner make the Users’ personal data accessible to other Users and/or third parties.

Failure to consent to the Processing of data for this purpose does not affect navigation on the website.

The User may also easily object to further newsletters by clicking on the appropriate link to revoke consent, which is present in each email containing the newsletter. Once consent has been revoked, the Owner will send the User an email to confirm that consent has been revoked;

Administrative-accounting purposes, or to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the possible fulfillment of contractual and pre-contractual obligations;
Legal obligations, or to fulfill obligations established by law, by an authority, by a regulation or by European legislation.

The provision of personal data for the purposes of Processing indicated above is optional but necessary, since failure to provide them will make it impossible for the User to receive the newsletter from the Owner or to register on the site and, consequently, to view the collections. In case of consent, the User may revoke it at any time, by making a request to the Owner using the methods indicated in the following paragraph 4.

4. Place of Processing

The data collected by the site are processed at the headquarters of the Owner and at the web hosting datacenter (CarpiNet S.A.S. di D’Addese Sandro e c., via Nuova Ponente, 13 – 41012, Carpi (MO), Italy). The web hosting is responsible for the Processing, processing the data on behalf of the Owner. CarpiNet S.A.S. is located in the European Economic Area and acts in compliance with European standards (CarpiNet privacy policy available at https://www.carpinet.it/informativa-privacy/).

5. Type of data processed navigation

The data collected by the site during its operation are data collected in an automated manner (IP address, type of browser, name of the ISP, date and time of visit, web page of origin of the visitor and exit).

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.

The data in question could be used to ascertain responsibility in the event of any computer crimes against our site.

6. Processing methods and data retention times

The Owner will process the personal data of Users using manual and computerized tools, with logic strictly related to the purposes themselves and, in any case, in a way that guarantees the security and confidentiality of the data. The personal data of the Users of the site will be stored for the time strictly necessary to carry out the primary purposes illustrated in the previous paragraph 1, or in any case as necessary for the protection in civil law of the interests of both the Users and the Owner.

7. Scope of communication and dissemination of data

The employees and/or collaborators of the Owner in charge of managing the site and the requests of the Users may become aware of the personal data of the Users. These subjects, who have been instructed to do so by the Owner pursuant to art. 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Regulations.

Third parties who may process personal data on behalf of the Owner as “External Data Processors”, such as, for example, suppliers of IT and logistics services functional to the operation of the site, suppliers of outsourcing or cloud computing services, professionals and consultants, may also become aware of the Users’ personal data.

Users have the right to obtain a list of any Data Processors appointed by the Owner by making a request to the Owner using the methods indicated in the following paragraph 4.

Furthermore, this site may share some of the data collected with services located outside the European Union area. In particular with Google through the Google Analytics service. The transfer is authorized based on specific decisions of the European Union and the Guarantor for the protection of personal data, in particular decision 1250/2016 (Privacy Shield – here is the information page of the Italian Guarantor), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.

8. Security measures

The Owner processes the data of visitors and users in a lawful and correct manner, adopting the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or unauthorized destruction of the data. Furthermore, the Owner undertakes to protect the security of personal data during their transmission, by locating the web hosting infrastructure in European territory, with VDC managed directly between Milan (in the Caldera district), Frankfurt and Amsterdam. Monitoring and regular access to services are guaranteed 24/7, except for extraordinary maintenance promptly communicated. Furthermore, daily backups are performed on all data in snapshot mode and daily backup of files.

Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Owner, in some cases, categories of persons involved in the organization of the site or external parties (such as third-party technical service providers, hosting providers) may have access to the data.

9. Cookies

Cookies are text files that are stored on the computers of web users to allow safe and efficient exploration of the site and monitor its use. The I RIGHI SRL site uses a type of technical cookie: session cookies for authentication (online services).

This site arovescio.com uses technical analysis cookies, in particular Google Analytics and third-party profiling cookies through the connection to the company’s social pages, such as Facebook and Instagram.

Technical session cookies (essential for the use of online services)

The site arovescio.com uses http session cookies to manage authentication to online services. The use of session cookies (which are not stored persistently on the User’s computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. Disabling these cookies does not allow the use of online services.

How to disable cookies (opt-out)

You can deny consent to the use of cookies by selecting the appropriate setting on your browser: unauthenticated navigation on the I RIGHI SRL portal will still be available in all its features.

Below we provide links that explain how to disable cookies for the most popular browsers (for other browsers that may be used, we suggest looking for this option in the software help, normally available through the F1 key):

Internet Explorer: http://windows.microsoft.com/it-IT/windows7/Block-enable-or-allow-cookies
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=itIT&answer=95647&p=cpn_cookies
Mozilla Firefox: http://support.mozilla.org/it/kb/Bloccare%20i%20cookie?redirectlocale=en-US&redirectslug=Blocking+cookies
Apple Safari: http://www.apple.com/it/privacy/use-of-cookies\

10. Rights of the Interested Parties

Users may exercise the rights guaranteed to them by the Applicable Regulations by contacting the Owner with the following methods:

> By sending a registered letter with return receipt to the registered office of the Owner Strada degli Schiocchi, 12 – 41124 MODENA;

> By sending an email to arovescio@arovescio.com

> By sending a fax to +39 059.8635311

Pursuant to the Applicable Regulations, the Owner informs that Users have the right to obtain the indication (i) of the origin of the personal data; (ii) of the purposes and methods of the Processing; (iii) of the logic applied in the case of Processing carried out with the aid of electronic instruments; (iv) of the identification details of the Owner and the managers; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as managers or agents.

Furthermore, Users have the right to obtain:

Access, updating, rectification, or, when interested, integration of data;
The cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
Certification that the operations referred to in the first two points have been brought to the attention, also with regard to their content, of those to whom the data were communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected.

Furthermore, Users have:

The right to withdraw consent at any time, if the Processing is based on their consent (also through the simplified methods referred to in paragraph 1);
The right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to limit the Processing of personal data and the right to erasure (“right to be forgotten”);
The right to object, in whole or in part, on legitimate grounds, to the Processing of personal data concerning them, even if pertinent to the purpose of the collection;
If they believe that the Processing concerning them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they habitually reside, in the one in which they work or in the one in which the alleged violation occurred). The Italian Supervisory Authority is the Guarantor for the protection of personal data, with headquarters in Piazza di Monte Citorio n. 121, 00186 – Rome (http://www.garanteprivacy.it/).

The Owner is not responsible for updating all the links that can be viewed in this Policy, therefore whenever a link is not functioning and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by that link.