-
About us
-
Our production
-
Private Label
-
We Care
-
Our Values
-
Career
-
Contact
- Choose language Italiano English
Privacy Policy
PRIVACY POLICY - WEBSITE Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)
WHY THIS INFORMATION?
In accordance with Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes the methods of processing personal data. This is an informative document provided in accordance with Art. 13 GDPR. This information is not valid for other third-party websites that may be consulted through links on this website, for which no responsibility is assumed.
Personal data that can be processed
- Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Articles 26, 27, and 30 GDPR).
- Contractor/user data.
- Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.
- Voluntarily provided data: the optional, explicit, and voluntary sending of messages to the contact addresses indicated on this website and/or the completion of data collection forms involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.
Specific information
Specific information may be provided on the pages of the Site relating to particular services or data processing.
COOKIES AND OTHER TRACKING SYSTEMS. WHAT ARE THEY? WHAT ARE THEY USED FOR?
For Cookies and other tracking systems, please see the cookies policy in the website footer and at the following link.
1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT THEM?
The Data Controller is First One Srl, with registered office at Via Camperio, 9 – 20123 Milano (MI), represented by the person with the necessary powers, who can be contacted for any information via email: privacy_firstone@arcaplanet.net.
HAS A DATA PROTECTION OFFICER BEEN APPOINTED? WHAT ARE HIS CONTACT DETAILS?
First One Srl has appointed its Data Protection Officer (DPO) in accordance with Articles 37, 38, and 39 of the GDPR. The DPO can be reached at the registered office of the Controller indicated above and via email by writing to: privacy_firstone@arcaplanet.net.
| PROCESSING PURPOSE | LEGAL BASIS | DATA RETENTION PERIOD | NATURE OF PROVIDING |
| Browsing on this website.
The data necessary for the use of the obtaining statistical information checking the proper functioning The data will be used for |
Legitimate interest: Processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject do not override such legitimate interest, taking into account the reasonable expectations of the data subject and the activities strictly necessary for the operation of the website and navigation itself. (Art. 6, para. 1 lett. f and C47 of the GDPR) Data subjects are guaranteed the possibility of obtaining, upon request, information on the balance test carried out. |
The navigation data will be stored for the duration of the browsing session. In any case, they do not persist for more than seven days (unless there are any needs for investigating crimes by the judicial authorities). |
The provision of data is necessary for browsing the website. |
| Use of cookies and similar technologies. See the cookies policy in the website footer. | For non-technical necessary cookies and similar technologies, processing is based on consent to the processing of personal data (Art. 6 para. 1 lett. a and C42, C43 of the GDPR). Consent is given through the website’s banner and cookie policy. | See the cookies policy in the website footer. | See the cookies policy in the website footer. |
| A) CONTACTS: management of contact requests and information received through the appropriate contact form. |
Contract/pre-contractual measures: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (C44). Art. 6 para. 1 lett. b) of the GDPR. | Maximum 12 months. | Providing data is necessary. Failure to provide the necessary data will result in the impossibility of being contacted and receiving information. |
| B) HANDLING YOUR REQUESTS and requests from other data subjects, pursuant to Articles 15 et seq. of the GDPR (data subject rights). |
Legal obligation: Processing is necessary to comply with a legal obligation to which the data controller is subject (C45). Art. 6 para. 1 lett. c) of the GDPR. | 5 years from the closure of the request, unless there are disputes. | Providing personal data is mandatory, as it is necessary to fulfill legal obligations. |
3. TO WHOM WILL PERSONAL DATA BE COMMUNICATED? DATA RECIPIENTS
Personal data will be disclosed to entities acting as independent data controllers or data processors (Art. 28 GDPR) and processed by natural persons (Art. 29 GDPR) acting under the authority of the Controller and Processors based on specific instructions provided regarding the purposes and methods of processing. Data will be disclosed to recipients belonging to the following categories:
Entities providing processing services or performing activities instrumental to the services offered through the website;
Entities managing/supporting/assisting, even occasionally, the controller in the administration and management of the information system and telecommunications networks (including website maintenance and/or updating and anything instrumental to it);
Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
4. WILL DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Data management and storage are in Europe. It is specified that in the event of transfer of personal data to countries located outside the European Economic Area, it will be carried out in accordance with the measures established by the applicable legislation ensuring an adequate level of protection to data subjects. For information regarding guarantees concerning data transfer outside the EEA, write to privacy_firstone@arcaplanet.net.
5. IS THERE AN AUTOMATED PROCESS?
Personal data will be subject to traditional, electronic, and automated manual processing. It is specified that no fully automated decision-making processes are carried out.
6. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
Data subjects may exercise their rights as expressed in Articles 15 and following of the GDPR by contacting the DPO/RPD at the email address: privacy_firstone@arcaplanet.net or by contacting the Data Controller at the contacts indicated above.
The controller guarantees data subjects the possibility to request, at any time, access to their personal data (Art.15), rectification (Art.16), erasure (Art.17), or restriction of processing (Art.18). The controller communicates (Art. 19) to each of the recipients to whom the personal data have been transmitted, any rectifications or erasures or restrictions on processing carried out. The controller communicates to data subjects who request it such recipients.
If data subjects believe that the processing of personal data carried out by the Controller violates the provisions of Regulation (EU) 2016/679, they are free to lodge a complaint with the national supervisory authority, in particular in the Member State where they habitually reside or work, or where the alleged violation of the Regulation occurred (Data Protection Authority https://www.garanteprivacy.it/), or to resort to the appropriate judicial authorities.
If there is marketing activity, data subject rights would need to be implemented.
7. CHANGES TO THE PRIVACY POLICY
The controller may change, modify, add, or remove any part of this Privacy Policy. To facilitate verification of any changes, the policy will indicate the date of update.
Last Updated: APRIL 24, 2024
