DATA PROCESSING INFORMATION NOTICE

(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016)

The Data Controller is Arteide, represented by its legal representative, with registered and operational headquarters in Baiano at Via Malta, 54, email:arteide.adv@gmail.com.

1. Identity of the Data Processing

The collection and processing of data are carried out by Arteide for services related to the website's web services. Processing takes place at the company's registered office and is managed solely by the technical personnel responsible for data processing.

If necessary, data related to the newsletter service may be processed by personnel from the Association responsible for maintaining the website’s technological infrastructure (Data Processor under Article 28 of Regulation (EU) 2016/679), at the Association’s registered office.

Browsing Data

The IT systems and software procedures used to operate this website collect certain personal data as part of their normal operation, the transmission of which is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified users but, by its very nature, could allow user identification through processing and association with data held by third parties.

This category of data includes IP addresses or domain names of computers used by users connecting to the website, where required.

Data Provided Voluntarily by the User

The voluntary, explicit, and optional sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the email.

Cookies

Like all websites, this website also uses cookies, small text files that allow storing visitor preferences, improving the website’s functionality, simplifying navigation by automating procedures (e.g., login, language preferences), and analyzing website usage.

Session cookies are essential for distinguishing between connected users and ensuring requested functionalities are provided to the correct user while also serving security purposes to prevent cyber-attacks.

Session cookies do not contain personal data and last only for the active session, meaning until the browser is closed.

Further details are available in the Privacy Policy / Cookie Policy on the website:www.arteide.org.

2. Data Processing Methods

Data will be processed—by authorized personnel—using manual, IT, and electronic tools, strictly for the purposes outlined above, ensuring data security and confidentiality in compliance with legal requirements and the provisions of the Data Protection Authority.

In particular, Arteide guarantees the safeguarding and control of personal data during processing, taking into account technological advancements, the nature of the data, and specific processing characteristics. Appropriate security measures will be adopted to minimize risks such as destruction, loss, unauthorized access, or processing that is not in line with the purposes of data collection.

3. Data Processing Managers

The Data Processing Manager is Mr. Giovanni Foglia. He serves as the contact point for individuals seeking information about their data processing or for the Supervisory Authority. He can be reached via email atarteide.adv@gmail.com.

4. Data Processing Officers

The data processing officers are individuals who, under the direct authority of the Data Controller or their designated representatives, perform personal data processing operations.

Arteide guarantees that it will appoint officers in writing and will provide them with detailed written instructions on processing procedures, in compliance with the law.

Any changes regarding the assignment of responsibilities to individual officers will be communicated in writing.

5. Monitoring and Control Obligations

Arteide ensures that its personnel involved in data processing receive training based on their respective tasks, with different levels of depth and operational instructions depending on the type of data they handle.

Therefore, under this provision, Arteide guarantees that it will oversee the actions of its data processing officers.

6. Purpose and Legal Basis for Data Processing

The collected and processed data will be used exclusively for commercial purposes.

The processing of personal data—including sensitive data ("special categories of data") and data related to criminal convictions or offenses ("judicial data")—requires the explicit consent of the individual, as indicated at the end of this notice.

All collected data is processed solely for the fulfillment of the Data Controller's activities, with legal grounds found in the execution of a contract with Arteide.

In the absence of a written contract, data processing will be carried out based on the explicit consent of the individual, as a condition of lawfulness under Article 6 of Regulation (EU).

7. Nature of Data Provision

Providing personal data and its subsequent processing by the Data Controller, for the purposes mentioned above, are necessary for the establishment, continuation, and proper management of the relationship between the Data Controller and the individual, or are required by law, regulations, or EU legislation.Refusing to provide personal data may result in the impossibility of establishing or managing the relationship, in whole or in part.

Providing personal data and its processing for the purposes outlined in Section 6 is optional. Failure to provide such data will not have any consequences.

8. Right of Access and Data Portability

The right to access data concerns information provided by the individual and extends to personal data generated from their activities (e.g., location data, browsing history).

The individual has the right to obtain confirmation of the existence of personal data concerning them, even if not yet registered, and to receive this data in an intelligible format.

However, this right does not apply to data inferred by the Data Controller based on analysis or to data obtained from third parties.

Data portability will be guaranteed only if data processing is based on consent or contractual necessity and is carried out electronically.

9. Categories of Recipients of Personal Data

Data processing will be carried out by designated officers who have received specific instructions and will process data according to their assigned operational profiles.

Data may also be processed by third parties (outsourcers), engaged in services connected to the purposes pursued by Arteide. These third parties will process data in accordance with the Data Controller’s instructions, strictly within their assigned functions, and exclusively for the purposes outlined in this notice.

Personal data will not be disclosed to the public.

10. Data Retention Period

Collected data will be retained only for the period necessary to fulfill the purposes for which they were collected and to comply with contractual or legal obligations.

Specific retention criteria are determined by applicable legal provisions and specific regulations issued by the Data Protection Authority.

11. Modification and Withdrawal of Consent

The individual has the right to:

  • Request the deletion, anonymization, or blocking of unlawfully processed data.
  • Obtain the update, correction, or integration of data.
  • Receive confirmation that such operations have been communicated to relevant recipients.;
  • Object to data processing or any automated decision-making processes (including profiling).
  • Request processing restrictions or data portability to another controller.

To exercise these rights, individuals must send a request via email to arteide.adv@gmail.com (subject: “Privacy”) or via registered mail to Arteide, Via Malta, 54 – Baiano (AV).

12. Complaints to Authorities

If an individual believes their data is being unlawfully processed, they have the right to file a complaint with the relevant data protection authorities.

13. Minors

Individuals providing personal data must be at least 16 years old, in compliance with Article 8 of the GDPR.

This regulation applies only to online services that require direct user consent.



Consent

Having read this notice, I consent to the processing of my personal data for the stated purposes.