In compliance with the obligations deriving from the European General Data Protection Regulation n. 2016/679 (GDPR), in particular articles 13 and 14, and the national legislation, we respect and protect the data of Data Subjects (visitors and users), making every possible and proportionate effort not to infringe their rights. In specific cases, more detailed information is provided, when necessary.
The Data Controller, pursuant to art. 4, par. 7, of the GDPR, is Alfonso Artiaco S.r.l. (VAT and Tax Code 07828230636) with registered office in Corso Nicola Terracciano 56 (80078) Pozzuoli (NA) mail firstname.lastname@example.org, in the person of the legal representative Alfonso ARTIACO.
The company collects data in the following ways.
Data collected automatically by this site
While the Users are browsing, the following information can be collected and stored in the server log files (hosting), in some cases also in the site database:
- Internet Protocol (IP) address;
- type of browser;
- parameters of the device used to connect to the site;
- name of the Internet Service Provider (ISP);
- date and time of visit;
- web page of origin of the visitor (referral) and exit;
- possibly the number of clicks.
These data are used for statistical and analytical purposes, in an exclusively aggregated form. None of this information is related to the natural person-user of the site, and does not allow identification in any way. The IP address could possibly be used exclusively for security purposes without crossing it with any other data.
Data provided voluntarily
This site may collect other data in case of voluntary use of services by Users, such as communication services (contact forms, newsletter registration). Further data may be collected on the occasion of purchases, organized events, anyway contacts for information, in person by telephone or by mail. These data are used for the provision of the requested service and for the purposes established by legal regulations. They can be:
- personal and contact data;
- bank and fiscal data.
The processing of personal data is carried out using IT and paper tools, in compliance with the regulations in force and in particular with the principles of correctness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organizational and processing logics strictly related to the purposes. pursued and in any case to guarantee a high level of safety. Access to data is allowed only to specifically authorized and trained individuals.
The data are used for the purposes for which they were collected, unless it is reasonably possible to use them for compatible purposes pursuant to the laws in force.
Provision of the requested service
The data is used mainly for the execution of business relationships and the provision and organizational management of the services requested by customers and users, as well as for the fulfillment of related legal obligations and for the protection of contractual rights.
Some data collected by the site are used in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site. None of this information is related to the natural person concerned (User or site visitor), and does not allow his identification in any way.
Some data are processed in order to protect the security of the site (spam filters, firewalls, virus detection), and of users and their information, and to prevent or unmask fraud or abuse (eg SPAM) to the detriment of the website. These data are never used for the identification or profiling of the User. Further data are processed to protect the safety of the company assets and of the third-party exhibitors, as well as of the people present in the company premises (video recordings), data are not used for the identification of people unless they are useful for the purpose of suppressing crimes and are deleted periodically.
The data are used, with prior consent, to keep Users informed about the activities and events offered by the Data Controller, through automated methods (newsletters). The newsletter is provided by the Data Controller through the MailChimp platform (see par.8.1) which processes data on behalf of the Data Controller.
The data may be disclosed to third parties who perform functions necessary or instrumental to the operation of the Data Controller (e.g. companies for the maintenance of the IT system), and to allow third parties to carry out technical, logistical and other activities on our behalf. (e.g. fulfill orders, send mail, analyze data, provide marketing assistance, make payments with credit cards). Suppliers have access only to personal data that are necessary to carry out their duties, undertake not to use the data for other purposes, and are required to process personal data in accordance with current regulations.
The data relating to the performance of economic activities and those functional or instrumental to the performance of economic activities (provision of services and shopping) are processed on the basis of the fulfillment of contractual and pre-contractual obligations. Refusal to provide such data precludes the execution of the contract.
The data for tax compliance and the keeping of accounting records, necessary in order to use the services provided for a fee, and for billing purposes, are processed on the basis of legal obligations. The refusal to provide such data prevents the fulfillment of the obligation and possibly also exposes the interested party to penalties provided for by the legal system.
Marketing data is processed on the basis of user consent, through the forms prepared (eg newsletter). The provision of data and therefore consent to the collection and processing of data is optional, the User can deny consent, and can revoke a consent already provided at any time. However, denying consent may make it impossible to provide some services and the browsing experience on the site would be compromised.
The data for the safety of the site and company assets as well as the exhibitors of the art gallery (video footage) and for the prevention of abuse and SPAM, as well as the data for the analysis of site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Data Controller in the security of the site and users, as well as company and third party assets. The processing of data for commercial communications relating to artwork and / or services similar to those already purchased and / or signed by the user is based on a legitimate interest of the Data Controller.
The data collected by the site are processed at the headquarters of the Data Controller, and at the web Hosting datacenter. The web hosting Aruba S.p.a., which is the Data Processor by processing the data on behalf of the Data Controller, is located in the European Economic Area and acts in compliance with European laws.
The data are processed for the time necessary in relation to the purposes for which they were collected, and in any case no later than the time prescribed by law. In the absence of rules or practices that provide for different retention times, the data will be used, balancing the interests of the Data Controller and the rights of the Data Subjects, for a reasonable time with respect to the interest expressed by the Data Subjects and processed for the minimum period necessary in compliance with the indications contained in the sector regulations. The data may be processed for further periods in the event that the processing is necessary to defend or assert a right or by order of the authorities.
The collected data are processed for the following periods:
- purpose of supplying services: the data are kept until the expiry of the contract plus a further 10 years;
- purposes of judicial protection, up to the end of the useful period for judicial protection;
- purposes of protecting the corporate assets and third-party exhibitors: 72 hours;
- sending newsletters and related purposes: until the user unsubscribes, through the link in each email;
- data necessary for fiscal, accounting, tax and anti-money laundering purposes: they are kept until the assessments relating to the corresponding tax period are defined, therefore for at least 10 years (Article 2220 of the Civil Code) and more if the related annuity is not yet prescribed for tax purposes.
The collected data are not disclosed, but may be disclosed to third parties who provide services or otherwise process data on behalf of the Data Controller, such as: IT and functional service providers of the site; outsourcing or cloud computing service providers; payment or credit service providers; professionals or consultants. For the list of third parties, see par. 8. Third parties process the User's data exclusively for the purposes indicated in this statement and in compliance with the provisions of the applicable legislation.
Other third parties acting as independent data controllers may become aware of the Users' data, also processing the data for purposes other than those of this site. For example:
- Google with reference to advertising services;
- Facebook, Twitter and social networks in general that use the data conveyed through social plugins also for advertising and marketing purposes;
- Wolters Kluwer with for the billing service;
- other third party service providers who operate as independent data controller.
The indipendent data controllers are bound by European and national regulations on the protection of personal data, and are personally responsible for them in full autonomy.
The data could be provided to the judicial and administrative authorities in the event of a legitimate request or to public bodies or agencies in the cases provided for by law (eg tax data).
Users at any time have the right to obtain information on third parties to whom the data may be transferred, by making an express request to the Data Controller (see par. 1) in the manner indicated in par. 10.
Transfers outside the EU / EEA
Some of the data processed may be shared with services located outside the European Union and the EEA (European Economic Area). In particular:
- Google (Analytics);
- MailChimp (newsletter).
The transfer is authorized on the basis of specific standard contractual clauses with the foreign company receiving the data. These clauses guarantee a level of data protection corresponding to that established by European legislation.
This site uses the following categories of cookies:
- technical cookies, used for the sole purpose of transmitting an electronic communication, to ensure the correct display of the site and navigation within it. In addition, they allow you to distinguish between the various connected users in order to provide a requested service to the appropriate user and for site security reasons;
- analysis cookies, used to collect information in aggregate form, on the number of users and how they visit the site;
- marketing cookies, used exclusively by third parties other than the Data Controller to collect information on user behavior while browsing, and on interests and behavioral habits, possibly in order to provide personalized advertising.
Refusal or withdrawal of consent to cookies
The User can refuse or revoke a consent already provided at any time, even by disabling cookies directly from the browser. Disabling cookies may prevent the correct use of some functions of the site itself, in particular the services provided by third parties may not be accessible, and therefore may not be viewable:
- YouTube video;
- Google maps.
The instructions for disabling cookies, and for the eventual elimination of cookies already present on the User's device, can be found on the following web pages:
Google Chrome https://support.google.com/chrome/answer/95647?hl=it
Microsoft Internet Explorer https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge https://support.microsoft.com/it-it/help/4027947/windows-delete-cookies
Apple Safari https://support.apple.com/it-it/HT201265
This site also acts as an intermediary for third-party cookies used to provide additional functionality to visitors or to verify the functioning of the site itself. This site has no control over their cookies entirely managed by third parties and has access to the information collected through these cookies only in aggregate form. Information on the use of these cookies and their purposes, as well as on how to disable them, are provided directly by third parties on the pages indicated below. These cookies could be used by third parties to provide personalized advertising on third party sites.
- Google Analytics: used to analyze the use of the site by users, compile reports on site activity and user behavior, check how often users visit the site, how the site is tracked and which pages are visited most frequently. SCCs: https://privacy.google.com/businesses/processorterms/
The data collected do not allow the personal identification of users, and are not crossed with other information relating to the same person. They are processed in aggregate form and anonymized (truncated to the last octet). On the basis of a specific agreement, Google Inc. is prohibited from crossing such data with those obtained from other services.
Further information on Google Analytics cookies can be found on the Google Analytics Cookie Usage on Websites page: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
It is possible to selectively disable the action of Google Analytics by installing on your browser the appropriate component provided by Google (opt out): https://tools.google.com/dlpage/gaoptout
- Google Maps: service that offers street maps and location for urban businesses. Set cookies on map pages. Collected data: number and behavior of map users, information relating to the page viewed, display preferences (zoom level, etc.).
- Youtube: platform, owned by Google, for sharing videos. Cookies are set when accessing the page containing the embed, and when the video is started, and do not allow the identification of the User unless he is already logged into the Google profile. Collected data: number and behavior of service users, IP address, information linking visits to the site to the Google account for users already logged in, preferences on viewing videos.
Newsletter service, collects personal data that could also be used to send personalized advertisements through MailChimp's partners. Collected data: email, device information and methods of interaction with the email. Place of data processing: USA.
MailChimp inserts an identifier (pixel gif) in emails in order to verify the use of newsletters, and to create reports on newsletter campaigns. These identifiers collect data such as the email, the IP address, the date and time associated with the opening of the email and clicking on the links in the email.
Informativa privacy: https://mailchimp.com/legal/privacy/
Data Processing Addendum: https://mailchimp.com/legal/data-processing-addendum/
Clausole Contrattuali Standard (for the transfer of data to the USA): https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses
It is always possible to withdraw consent to send the newsletter via the link included in the email. It is possible to disable MailChimp cookies through the browser settings. You can disable personalized advertising on the following page: https://preferences-mgr.truste.com/.
We process visitor and user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data. We are committed to protecting the security of your personal data when it is sent, for example by using Secure Sockets Layer (SSL) software, which encrypts information in transit.
You can exercise the following rights at any time:
- right to access your data and know its origin, purposes and retention period, the details of the Data Controllers and of the subjects to whom the data have been communicated, if the data are transferred to a third country and information on the guarantees for the transfer;
- right to obtain a copy of the data provided within the limits of reasonableness;
- revoke the consent given at any time without the need to give reasons, but without prejudice to the processing carried out up to that moment;
- right to update or correct your data;
- the right to object in whole or in part to the processing carried out on the basis of the legitimate interests of the owner, unless there is a legitimate reason to continue the processing, such as the exercise of rights in court;
- right to object to the processing of personal data for marketing or commercial communication purposes;
- right to request the cancellation of your data (even after the withdrawal of consent), if no longer necessary for the purposes of the owner, in the event of withdrawal of consent, opposition to processing, processing in violation of the law, or if there is a legal obligation cancellation;
- right of limitation, that is to obtain the block of the processing in case of violation of the conditions of lawfulness, but also if the Data Subject requests the rectification of the data (pending rectification) or opposes their processing (pending the decision of the Data Controller), in which case the data will not be processed except for the conservation of the same;
- right to data portability, only in cases of processing based on consent or contractual necessity, the right to receive or transmit to another indicated Data Controller, at the cost of any support, your data provided to the Data Controller, in a structured and readable by a data processor and in a format commonly used by an electronic device;
- right to lodge a complaint with the Supervisory Authority (link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524).
To exercise your rights it may be necessary to provide documentation to identify you (copy of an identity document), to certify the legitimacy of the request and prevent the data from ending up in the wrong hands. The deadlines for responding to requests are 30 days, which can be extended for another 30 days in special cases.
In some cases the aforementioned rights may not be concretely exercisable, such as in the case in which the communication of data would also expose data of other people, or in the case of video recordings for which it is not materially possible to exercise the right to update or data correction.
Requests should be sent to the Data Controller by e-mail email@example.com.
This privacy disclaimer is updated as of April 17, 2021.