INFORMATION FOR THE PROCESSING OF PERSONAL DATA
PURSUANT TO THE EUROPEAN REGULATION 2016/679
Pursuant to Article 13 of the EU Regulation 2016/679 (GDPR) concerning the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data, this information notice is provided by AAREA SRL (hereinafter "AAREA" or "Company") with registered office in Brescia, 25124 Via Creta 78, Tax Code and VAT number 04482350982, to inform users about the processing of personal data collected through interaction with the website the-aarea.com ("Site") and the social media pages used by AAREA (hereinafter "Social Pages").
1. Data Controller
The Data Controller of the collected data is AAREA SRL (hereinafter "AAREA") located in Brescia, 25124 Via Creta 78, Tax Code and VAT number 04482350982 (hereinafter the "Company").
The Data Controller can be reached at the following PEC address aareasrl@pec.it or at the phone number 030 225492
2. Purpose of data processing
User navigation data will be used to ensure the proper functioning of the systems, so as to guarantee the visitor's enjoyment of the site.
Any other data provided by the user will be processed exclusively to ensure the correct and complete execution of the requests made by them.
Where specific consent is given, the data provided may be used for marketing activities and newsletters.
The data may be used by the judicial authority, the police forces, and/or entities to which the law grants such power and to which they must be communicated upon their request, for the performance of their institutional duties.
3. Legal basis for processing.
Personal data is collected and processed electronically, including with the help of electronic and informational means, according to the principles of necessity, lawfulness, correctness, proportionality, and transparency for the purposes and according to the conditions of lawfulness (so-called legal bases) provided by the GDPR as indicated below:
- Browsing the site and using the services offered.
- To provide you with the requested services (for example, management of registration and access processes to the Site, account management, user support, handling of any complaints, management of the wishlist, consultation of your order history, management of shipping and billing addresses, verification of the status of your orders, data processing for the provision of individual services requested by you, such as purchase and in-store pickup).
-
- For the management of online orders (for example, performing the necessary online operations for order management; verifying that the information provided for the transaction is complete, valid, correct, and not fraudulent; processing the order and delivering the products; providing pre- and post-sale assistance services, including returns or handling legal warranties; contacting you, also via email, for any issues related to order management or subsequent requests related to it. It should be noted that AAREA requests information related to payment methods and the payment card exclusively during the purchase process. This data will be securely sent to certified payment service providers for transaction authorization. AAREA cannot view or access the complete payment card data under any circumstances.
-
- To provide you with assistance where requested through our Customer Service and to respond to your request via email or phone;
-
- For the purposes of research and personnel selection, should you submit your CV, either upon request or spontaneously. For more information on the use of your personal data for this purpose, please read our Candidate Information Notice available in the Careers section;
-
- To contribute to the content of the Archives site by providing historical material on AAREA. For more information on the use of your personal data for this purpose, please read our Privacy Policy available in the Archives section of the site;
In all the cases mentioned above, the legal basis for processing is the performance of a contract and the execution of pre-contractual measures pursuant to Art. 6 para. 1 letter b) of Regulation (EU) 2016/679 ("[...] the processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same").
- Profiling
The personal data, data relating to the composition of the family unit, contact data, purchase data, browsing data, and User behavior on the Site, related to the spending volume, are processed in order to analyze your consumption habits and conduct market analysis and research to improve AAREA's commercial offer. Such data will be processed only with the explicit consent of the data subject.
If the user has given consent to the use of cookies for profiling on the Site, AAREA may also process the user's contact data (in particular the email address) and the data communicated by the user during interaction with Social Pages – such as the information provided by the user to the social media based on the privacy settings selected on that social media – to show the user marketing ads and content consistent with their interests, based on preferences and consumption habits identified through cookies and/or other tracking systems of social media operators, including Meta Platforms Ireland Ltd. (“Meta”) and/or following the analysis that the social media themselves perform on their users.
In particular, we can display relevant marketing content and interest-based advertising through digital platforms, where information about user preferences and interests, consumption habits, spending margins, etc. has been acquired: (i) following profiling activities carried out on the Site and/or through AAREA's CRM and shared (including via API) with digital platforms, including Meta (e.g., "Custom Audience CRM" campaigns); or (ii) based on the match between preferences and interests expressed by the user who visited the Site and accepted profiling cookies and the user cluster identified by the digital platform (e.g., retargeting); (iii) using targeting tools provided by digital platforms, including Meta, defining the target of users potentially interested in AAREA products and approaching digital platforms to disseminate advertising messages in a targeted manner to their users who match the defined target. If the platform user interacts with that ad, such interaction may be evaluated for the effectiveness of the campaign itself, where the user has accepted the use of tracking tools, such as Meta Pixel, installed on the Site, through cookie management tools (e.g., prospecting).
The legal basis for the processing is therefore consent (Art. 6, para. 1, letter a) of Regulation (EU) 2016/679
- Marketing
The personal data, contact details, and information regarding the composition of the family unit are used by AAREA to send you marketing communications through the channels you have authorized – such as, for example, phone, mail, or electronic communications, email, SMS, digital platforms. Marketing activities may also be carried out by sharing your personal data with digital platforms (including those managed by Meta), as part of campaigns such as "Custom Audience CRM". In this way, AAREA advertisements can be directed to you in the spaces available on the pages of digital platforms. The legal basis for processing is the consent given by the user. This consent can always be revoked through the User's personal page, via the settings related to cookies or by contacting AAREA's customer service.
In the event that you have given consent for both profiling and marketing purposes mentioned above, AAREA will be able to send you targeted offers, such as promotions and invitations suitable for you and your preferences, based on profiling activity and analysis of your data.
The legal basis for the processing is therefore consent (Art. 6, para. 1, letter a) of Regulation (EU) 2016/679
- Exercise of the right of defense
Personal data is also processed to allow AAREA to defend itself in court should disputes arise between it and the user. The legal basis for this processing is AAREA's legitimate interest. This legitimate interest does not prejudice the rights and freedoms of users as the processing is necessary for the exercise of the constitutionally guaranteed right of defense.
- Use and control of the Site's operation and Compliance with legal obligations
Personal data is ultimately processed to allow AAREA to fulfill the obligations imposed on it by laws, regulations, or orders from competent authorities. The legal basis for the processing is the fulfillment of a legal obligation.
- Improvement of Services
Furthermore, at the same time as the purchase communication is concluded, AAREA may ask you to express your opinion on the service received. If you decide to provide your opinion on the service rendered, the responses you provide will be processed in aggregate form and based on AAREA's legitimate interest in improving its services. Completing the questionnaire is entirely optional, therefore the failure to provide data does not entail any consequences for the user.
Finally, it is specified that the navigation data is subsequently used to obtain anonymous statistical information on the use of the Site and to check its correct functioning. For more information, you can consult our Cookie Policy.
4. Anonymous browsing data.
The computer system and the software used for managing this site acquire, during the normal browsing activity of users, some personal data whose transmission is necessary and implicit in the use of internet communication protocols.
Such information is not associated with identified subjects but, due to their structural nature, could allow tracing back to the user's identity through specific processing and/or association procedures. This is the case, for example, with IP addresses or domain names of the PC used by the user. Similarly, it could be traced back to the time of a request made on the site, the method of such request, the numerical code indicating the status of the response provided by the server, as well as other parameters related to the user's work environment and the software used.
Such data may be used by the Owner anonymously, solely to obtain statistical information on the use of the site and to test its proper functioning. Such data is periodically deleted.
The data could be used to ascertain liability in the event of hypothetical computer crimes.
In case of browsing within this website, the provision of the aforementioned data is mandatory for the use of the service itself.
5. Data collected through cookies or other tracking tools
A "cookie" is a small text file created by some websites on the user's computer when they access a particular site, with the purpose of storing and transporting information. Cookies are sent by a web server (which is the computer on which the visited website is running) to the user's browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the latter's computer; they are then sent back to the website during subsequent visits.
Some operations could not be performed without the use of cookies, which, in some cases, are therefore technically necessary. In other cases, the site uses cookies to facilitate and ease navigation for the user or to allow them to use specifically requested services.
For more information, please read the document titled "Cookie policy".
6. Personal data collected through the social media pages used by AAREA
AAREA may also collect some of your personal data when interacting with the social media pages used by AAREA (hereinafter "Social Pages"). Some information is communicated to AAREA directly by you, when you decide to share - through your profile - images published on our Social Pages, comment on our posts and/or express your appreciation for one of our products, initiatives, or events by selecting the appropriate buttons, as well as when you decide to write us a message using private chat or other channels made available on various social media.
AAREA may also become aware of some information indirectly collected as a result of your interaction with our Social Pages; for example, we may know the time and day when you like one of our posts or send a request through a message.
The knowledge of much of Your personal information may depend on the settings of the social media You have chosen and the content You choose to make public. This information may include Your first name, last name, some contact details, and the image associated with Your social profile. Therefore, we remind You that some of Your information is visible to AAREA once You decide to follow our Social Pages. For this reason, we invite You to review the privacy policy of the different social media and to check the privacy settings.
7. Data related to minors
The services on this Site are intended for individuals aged 18 or older. AAREA does not request, collect, use, or freely disclose personal data provided by individuals under the age of 18. If AAREA becomes aware that it has collected data from a minor, it will delete it. If you do not meet the age requirement, please do not register or proceed with purchasing a product online and ask an adult (your parents or guardian) to carry out the necessary procedures.
8. Data retention. Other types of data
The personal data of users will be stored for the time strictly necessary to achieve the intended purpose, in accordance with the provisions of the relevant legislation.
With the exception of the data necessary for navigation, the provision of additional data provided by the user is optional.
AAREA retains users' Personal Data for the time strictly necessary to achieve the purposes referred to in Paragraph 2, in compliance with civil and fiscal retention obligations and the limits set by the GDPR and the law in general.
To this end, AAREA specifies that the retention period for Personal Data for the aforementioned purposes is as follows:
- Browsing the site and using the services offered there (e.g. registration on the Site, purchasing products as a guest and sending service communications): the personal data processed for this purpose will be stored for a period of 10 years from the termination of the contract under which the aforementioned processing is carried out, in accordance with the provisions of the statute of limitations.
- Interaction with Social Pages: the Personal Data processed for this purpose will be processed for a period of time equivalent to that determined by each social page with reference to the retention of posts and comments and, in general, User interactions on it.
- Profiling: the Personal Data processed for these activities will be retained for a period of 7 years from the date of consent acquisition. The User can in any case withdraw their consent as specified in paragraph 2 in the section dedicated to the respective purposes.
- Marketing: the Personal Data processed for these activities will be retained for a period of 7 years from the date of consent acquisition. The User can, in any case, withdraw their consent as specified in paragraph 2 in the section dedicated to the respective purposes.
- Exercise of the right of defense Personal data will be stored in accordance with the provisions of the statute of limitations regarding contractual/extracontractual offenses.
- Use and control of the Site's operation and Compliance with legal obligations: the Personal Data processed for these purposes will be processed until they are necessary to resolve any bugs and malfunctions of the Site, as well as for the entire period required by the legal regulations that AAREA must comply with.
9. Processing methods
Users' personal data may be processed both through computer archives and, in certain circumstances, on paper. The data will be processed exclusively for the purposes indicated above.
The Data Controller has implemented specific security measures to prevent data loss, related unlawful or incorrect uses, as well as to prevent access to the same by unauthorized third parties.
AAREA recognizes the importance of protecting the personal data (e.g., identification data and transaction data) of the Site users. For this reason, AAREA adopts technical and organizational security policies and measures to protect, in compliance with current regulations, the personal data of users and the computer systems used for managing the Site. In particular, AAREA has implemented technical, legal, and organizational measures to protect personal data against accidental or intentional tampering, loss, destruction, disclosure, or unauthorized access to data collected online.
However, although AAREA continues to implement and improve security measures in line with the development of technology and industry standards, due to the very nature of the Internet, these measures cannot completely limit or exclude the risk of unauthorized access or data dissemination. It is therefore recommended to periodically update software for protecting network data transmission (e.g., antivirus) and to verify that your electronic communication service provider has adopted appropriate measures for the security of network data transmission (e.g., firewall and anti-spam filters). We also remind you that access to the personal account containing your personal data is only possible through a username and password: to help us better protect this data, it is therefore recommended not to communicate or make this information available to third parties.
With regard to payments made for online purchases, the Site uses systems aimed at ensuring maximum security through the use of the most advanced technological and encryption systems (SSL).
10. Recipients of personal data and transfer to third countries.
For the purpose of pursuing the aforementioned objectives, your personal data will be processed by authorized personnel of AAREA (including the Store Manager where they were collected, sales staff, authorized personnel of the Marketing Department, Human Resources Department, and Information Systems Department, Customer Service, Omnichannel Division, and Logistics Division), as well as by authorized personnel of third parties acting as data processors (IT service providers and customer support, virtual infrastructures, CRM solution providers, companies offering data entry and postal services, brands, and in case of participation in prize contests or events, companies that organize and manage contests and events on behalf of AAREA). Furthermore, the data may be communicated to the following categories of recipients, who always act as data processors: companies within the AAREA group for the performance of IT and logistical support, administration, and accounting activities; companies appointed by AAREA for sending promotional communications; digital platforms that, within the scope of marketing campaigns, limit themselves to processing data on our behalf (e.g., Meta within the scope of "Custom Audience CRM" campaigns); to the payment service provider to enable payment for purchases made on the Site, or their refund if applicable.
With reference to the payments made for purchases on the Site, the data relating to economic transactions are processed exclusively by the provider of online payments as independent controllers.
Where strictly necessary for the pursuit of the purposes indicated above, your personal data may also be communicated to third parties who are independent data controllers, such as the competent authorities (for example, in case of reporting a card theft or handling disputes), notary and chamber of commerce (in case of participation in prize competitions) or PR companies (for participation in events), legal, tax or administrative consulting firms (if the communication is necessary or functional for the correct fulfillment of contractual obligations related to the services offered by the Site, including the purchase contract, as well as obligations deriving from law or in the case of establishment, exercise or defense of a right), to the acquirer (in order to enable payment for purchases), to the fraud prevention service provider (in order to conduct an order analysis to identify any fraudulent transactions), to shippers and companies that handle logistical support and manage the pickup points for products purchased on the Site (Access Point).
When the user purchases a product on the Site, AAREA may communicate transaction-related data to Coöperatieve Vereniging Smart2Pay Global Services U.A., based in the Netherlands, which will carry out fraud and security checks on transactions made on the Site. This company processes your transaction-related data as an independent data controller for the purpose of: i) examining the purchase to ascertain any fraudulent activity, ii) storing transaction-related data in its own databases, iii) anti-money laundering purposes in accordance with its own policy available at the following link: https://smart2pay.com/en/Privacy.
Furthermore, always for the purpose of verifying that the payment transaction is not fraudulent, AAREA may communicate, also through its acquirer, your transaction and browsing data to Riskified Ltd., based in Israel, which will proceed to analyze the browsing and payment transaction data for anti-fraud checks. This company processes your data as an independent data controller in accordance with its own privacy policy available at the following link: https://www.riskified.com/terms/?term=privacy
11. Rights of the data subject
The user may contact the Data Controller at any time to assert their rights as provided by Articles 15 and following of the GDPR.
To exercise their rights, the data subject may submit a specific request to the Data Controller at the following addresses:
via email to the address info@AAREAsrl.it or by sending a registered letter with return receipt to the following address, via Creta 78, 25124 Brescia.
The European Regulation, in fact, grants the data subject a series of rights that must be summarized in their main content within the information notice. Below, these rights are summarized and outlined:
- Right of access (to one's own personal data only): the right to obtain from the data controller confirmation as to whether or not personal data concerning the data subject is being processed, and if so, to obtain access to the personal data and to be informed about the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular if recipients are in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; where the data has not been collected from the data subject, the right to receive all available information about their source; the right to receive information about the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Right to rectification and completion: The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement. The data controller shall communicate any rectifications to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients if the data subject requests it.
- Right to erasure: the data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay (and where the specific reasons of Article 17 paragraph 3 of the Regulation do not exist, which otherwise relieve the controller from the obligation of erasure) if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or if the data subject withdraws consent and there is no other legal basis for the processing; or if the data subject objects to processing for marketing or profiling purposes, even withdrawing consent; if the personal data have been unlawfully processed or concern information collected from minors, in violation of Article 8 of the Regulation. The data controller communicates to each of the recipients to whom the personal data have been transmitted any erasures unless this proves impossible or involves a disproportionate effort. The data controller communicates to the data subject such recipients if the data subject requests it.
- Right to restriction of processing: the data subject has the right to obtain from the data controller the restriction of processing (i.e., according to the definition of "restriction of processing" provided by Article 4 of the Regulation: "the marking of stored personal data with the aim of limiting their processing in the future") when one of the following conditions applies: the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that their use be restricted; although the data controller no longer needs them for processing purposes, the personal data are necessary for the data subject to establish, exercise, or defend a legal claim; the data subject has objected to processing for marketing purposes, pending verification of whether the legitimate grounds of the data controller override those of the data subject. If processing is restricted, such personal data are processed, except for storage, only with the consent of the data subject or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. The data subject who has obtained restriction of processing is informed by the data controller before the restriction is lifted. The data controller communicates any restrictions to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller informs the data subject of such recipients if the data subject requests it.
- Right to object: the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out by the controller or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the pursuit of the legitimate interests of the controller or third parties (including profiling). Furthermore, the data subject, where personal data are processed for direct marketing purposes or commercial profiling, has the right to object at any time to the processing of personal data concerning him or her for such purposes.
- Right not to be subject to automated decisions, including profiling: the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects their person, except in cases where the automated decision is necessary for the conclusion or execution of a contract between the data subject and a data controller; is provided for by law, with respect to measures and safeguards; is based on the explicit consent of the data subject.
The right to file a complaint with the Italian Authority, the Privacy Guarantor, remains in place if deemed necessary for the protection of personal data and rights in the matter. For further information, as well as for updated contact details, please visit the website www.garanteprivacy.it.
12. Contact details of the Data Controller and the Data Protection Officer
The Data Controller is: AAREA Engineering Srl., located in Brescia, Via Creta 78, Tax Code and VAT No. 04482350982, Phone No. 02/46771.
The Data Protection Officer or DPO is available at the following email address: info@AAREAsrl.it or by sending a registered letter with return receipt to the following address, via Creta 78, 25124 Brescia.
13. Updates
This notice may be updated over time, also considering changes in laws or regulations regarding personal data protection, and in such cases, we will inform you. The changes and updates will apply from the moment they are published on the Site (in cases where applicable law requires consent collection, you will be allowed to freely express your choice). Therefore, we invite the user to periodically check this page to verify the most updated version of the Site's notice.
Copyright © 2024 - AAREA SRL - Sede Legale: Via Creta 78 - Brescia - Italia
C.F.: 04482350982 - P. IVA: 04482350982 - aareasrl@pec.it