Privacy Policy
When you visit our website, we process personal data (any information relating to an identified or identifiable natural person), provided that we are permitted to do so by law or we have your consent to do so. This Privacy Notice outlines how we process your personal data (also referred to as “data processing” below) and explains your rights as a data subject.
This information regulates the processing of personal data using the website, in compliance with Regulation (EU) 2016/679 (hereinafter, “GDPR”).
1. Identity and contacts of the Data Controller
Joint Data Controller, within the meaning of Article 26 of the GDPR, as they have jointly determined the purposes and means of the processing, are:
- Arcturus srl, with headquarters in Via Filippo Baldinucci, 60 – 20158 Milano (MI), administrative headquarters in Via Giovanni Coppo 1/C – 28060 Orfengo (No), telephone 02/39310402, pec arcturus@pec.sambonet.it, email address amministrazione@arcturusgroup.it (“Arcturus” or “Joint Data Controller”)
- Sambonet Paderno Industrie S.p.A., with headquarters in Via Giovanni Coppo, 1C – 28060 Orfengo (No), telephone 0321/1916711, pec sambonet@pec.sambonet.it, email address amministrazione@sambonet.it (“Sambonet” or “Joint Data Controller”)
Joint Data Controller are situated in Italy and United States, so it is not necessary the appointment of a representative.
The request to exercise the rights outlined in this information to data subject must be addressed directly to the Data Controller at the email, pec or, alternatively, by sending a letter by registered post with acknowledgement of receipt to the address in Via Giovanni Coppo, 1C – 28060 Orfengo (No).
2. Operation and hosting of our website
Our website is operated in our name and on our behalf (Article 28 of the General Data Protection Regulation – GDPR) by a full-service e-commerce provider that we have commissioned to conduct all of the data processing activities relating to the use of our website. This data processing takes place on the servers of a hosting provider that connects the website to the internet on our behalf. Both service providers are based in Italy.
3. Data processing activities
We process data as follows:
- When you shop with us, we process data from you that we need to enter into and execute a purchase agreement with you.
- When you visit and surf our website (“use of our website”), we process data from and on your end device, some of which could be used to identify you as an individual.
- Finally, we process your data when you get in contact with us (“communication”), for example by subscribing to our newsletter, reviewing a product, or sending us a message using the means of communication made available to you by us.
4. Contract: online purchase
Information about data processing
When you make a purchase on our online shop, we will ask you to provide us with the following personal information:
- First name;
- Surname;
- Billing/delivery address;
- Email address;
- Bank details and/or credit card details.
Scope and purposes of the data processing
To email you your confirmation of receipt and, if applicable, order confirmation containing the information required by law and to email you status updates on the delivery of the goods you have ordered;
- To process your payment;
- To send you your order invoice;
- To deliver the goods you have ordered;
- To assign any order cancellations, complaints and other enquiries made after the order has been placed to you and to your order and to handle your requests and enquiries.
Duration of storage
If you choose not to open a customer account, your data will be blocked once the purchase agreement has been fulfilled. This means it will only be processed by us to a limited extent. We will, on the one hand, be required to process it if you exercise claims against us within the statutory periods of limitation (usually three years) and we need to link these claims to you as an individual and the respective business transaction. On the other hand, we are required by commercial and tax law to keep business records for a maximum of ten years. These records may contain your data. We will delete your data as soon as these purposes have been met and these periods of time have expired.
If you have chosen to open a customer account, we will store your data in this account until you ask us to delete your customer account.
Legal bases for processing
The data is processed because doing so is necessary for the performance of a contract (Article 6 GDPR).
In some cases (sending confirmations of receipt and providing the information required under distance selling regulations), we also need to process the data in order to meet a legal obligation to which we are subject.
If you have opened a customer account, we also process your data on the basis of the consent you gave us when you opened your account (Article 6 GDPR).
5. Use of our website
Information about data processing
The following log data is processed by us automatically each time you visit our website and each time you download a file from one of our webpages:
- The hostname of your computer/end device (IP address);
- The date and time of access/download;
- The page accessed;
- The name of the file downloaded (if applicable);
- The type of browser you are using;
- The operating system on your end device;
The website you were visiting before you accessed our site.
Scope and purposes of the data processing
We process the data for the following purposes:
To identify and protect against attacks on our website;
- To ascertain whether your internet browser supports cookies;
- To prevent pop-ups being shown to you more than once;
- To display our website in the language you have chosen;
- To display our website in the correct version for the shipping country you have selected.
Duration of storage
The data is stored for the following periods of time:
- Log data: until the purpose has been fulfilled, a maximum of three months;
- Session cookies: until you leave our website;
- Persistent cookies: one year.
The personal data processed and retained for a correct fruition of the web site are processed and retained for a period not exceeding 12 months from the single collection.
Legal bases for processing
We process the data on the basis of our interest in ensuring that our website is fully functional and secure. In our assessment, this legitimate interest is not overridden by the interests or fundamental rights and freedoms of the data subjects (Article 6 GDPR). On request, we would be happy to provide you with more information about how we have weighed up these interests.
6. Communication: newsletter
Information about data processing
On our website, you can choose to subscribe to our email newsletter service by entering your email address into the text box and clicking on the “Subscribe” button. If you give the consent to receive commercial communication, the processing of his data could be made to send communications, as direct marketing, activities of sending advertising material, to carry out market research, by traditional systems of communication and authomated information systems, or by email or by SMS.
For many newsletters we also use a double opt-in procedure. This means that your subscription to the newsletter and your required consent only become valid once you have confirmed them by clicking on the link that we have sent to the email address provided.
We record your consent in a log file. This involves the following information being processed:
- The email address you have provided;
- The consent text;
- The fact that you have clicked on the “Subscribe” button;
- The date and time at which you gave your consent (timestamp).
Scope and purposes of the data processing
We process the email address confirmed by you so that we can send you information in the form of our email newsletter at irregular intervals in line with your consent.
We record your consent so that we can demonstrate that it has been received.
Duration of storage
We store your email address and the log data recording your consent until you unsubscribe from our newsletter. Once you have withdrawn your consent, we store the log data for the duration of the period of limitation for your claims (three years) plus a safety margin of one month to allow for the delivery of any court documents, i.e. for a total of 37 months.
Legal bases for processing
The data is processed on the basis of your consent (Article 6 GDPR)
7. Data Transfer and Recipients of personal data
The recipients of your data are our website’s technical operator and hosting provider. If necessary, in order to perform the contract, your data will also be passed to the companies commissioned by us to accept and process your order. These companies are as follows:
- The delivery company commissioned to dispatch, deliver or pick up the goods;
- The bank/building society responsible for processing the payment.
The transfer of personal data to the aforementioned subjects, if based in a third country or international organization, is carried out according to a decision of suitability of the European Commission, which evaluates how the third country, the territory or one or more specific sectors in the third country or the international organization ensure an adequate level of protection of the data subject’s rights. In the absence of such decision, the Data Controller – if deemed in any case appropriate – reserves himself the right to conclude specific separate agreements that oblige such subjects to adopt adequate security and also organizational measures, in order to offer appropriate guarantees related to the data subject’s rights.
8. Rights of the data subject
8.1 Right to object
The data subject has the right to object as set out herein below:
- Your consent to receive the newsletter remains in force until you withdraw it. You can do this at any time with effect for the future by contacting us using the details provided section 1 above or by clicking on the unsubscribe link found at the end of each newsletter. Alternatively, you can enter your email address into the newsletter text box on our website and click on the “Unsubscribe” button.
- You may withdraw your consent at any time with effect for the future for your data to be processed for the purpose of managing your customer account by contacting us using one of the methods of contact found in section 1 above. We will then delete your customer account.
The right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, according to point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
8.2 Other rights
The Data Controller shall also inform the data subject about the existence of his or her following rights:
- Right to access: You can request access to the personal data concerning you that we process. Information on the extent of your right to access can be found in Article 15 GDPR and Section 34 of the German Federal Data Protection Act (BDSG – 2018)
- Right to rectification: You can request that we rectify inaccurate and complete incomplete personal data. Information on the extent of your right to rectification can be found in Article 16 GDP
- Right to erasure: Provided that certain conditions are met, you have the right to request that we erase your personal data. Information on the extent of your right to erasure can be found in Article 17 GDPR
- Right to the restriction of processing: Provided that certain conditions are met, you have the right to request that we restrict the processing of your personal data. Information on the extent of your right to the restriction of processing can be found in Article 18 GDPR
- Right to data portability: Provided that certain conditions are met, you have the right to request that we transmit the personal data that you have provided to us to you or to another controller in a commonly used and machine-readable format. Information on the extent of your right to data portability can be found in Article 20 GDPR
- Right to lodge a complaint with a supervisory authority: If you have a complaint, you also have the right to lodge it with a supervisory authority. Information on your right to lodge a complaint with a supervisory authority can be found in Article 77 GDPR.
9. Accessibility to information to data subject
The information to data subject is accessible at the web site as well as at the Data Controller. If expressly requested by the data subject, the information may also be orally provided, provided that identity of the data subject is proven, by means of a telephone call.
Last Edited on January 23th 2023