Privacy e Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA MADE PURSUANT TO THE EUROPEAN REGULATION (EU) 2016/679 AND AS NOVATED BY D. LGS. 101/2018

 As required by the European Union Regulation 679/2016 (hereinafter “GDPR”) and in particular Article 13, below we provide the information required by law regarding the processing of personal data.

We do not intentionally use personal data of children under the age of 16. Should we find the existence of data belonging to children under the age of 16, we will immediately delete them without any prior communication.

The website www.darsrl.it (hereinafter “Site“) is owned by D.A.R. S.R.L., with registered office in Via On. Francesco Napolitano, 185 – 80035 Nola (NA), Italy, P.IVA 03637081211, email: privacy@cofrus.com.

This information is provided to users who interact with the web services of the Site (hereinafter “Interested Parties”) not only to comply with legal obligations, but also because transparency and fairness to the interested parties is a fundamental component of our activity.

1. Treatment controller

The treatment controller in accordance with art. 4, subparagraph 7 of the GDPR is D.A.R. S.R.L. in the person of its sole pro-tempore Administrator, with registered office in Via On. Francesco Napolitano, 185 – 80035 Nola (NA), Italy, P.IVA 03637081211, email: privacy@cofrus.com (hereinafter “Owner“).

The treatment controller employs data processors for the achievement of the specified purposes to supervise the protection related to personal data, who have been appropriately designated as Personal Data Processors in accordance with Article 28 of the GDPR.

Please note that you can at any time contact the company and send any questions or requests regarding your personal data and respect for your privacy by writing to privacy@cofrus.com.

2. What are personal data?

According to Art.4 of the GDPR, personal data is defined as any information relating to an identified or identifiable natural person (data subject) directly or indirectly, by particular reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.

3. Provision of data

Personal data will be acquired directly from the data subject by:

3.1 Direct assignment of the same

3.2 Automatic acquisition
(Sections 4.1 “Browsing Data” and 4.2 “Cookies” or similar technologies).

4. Types of data

The following categories of data (collectively, the “Data“) may be processed:

4.1 Navigation data
The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, some personal data (such as the IP addresses or domain names of the computers used by users, the pages visited and the date/time of the visit), the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects but which by its very nature could, by processing and association with data held by third parties, allow users to be identified.

These data, recorded in anonymous form, are used for the sole purpose of obtaining statistical information on the use of the Site and to check its correct functioning.

The data could be used to ascertain liability in case of hypothetical computer crimes to the Site’s detriment.

4.2 Cookies

To make navigation on this Site more efficient and immediate, while users are accessing this Web Site, cookies are used: small text strings that allow them to maintain a Connection to the Site.

It should be premised that the Data Controller, in accordance with the “Personal Data Protection Authority Order No. 231 of June 10, 2021 “Guidelines cookies and other tracking tools,” has conformed the website in compliance with the applied rules to read and write operations within a user’s terminal, with reference to the use of cookies and other tracking tools. The Owner has adopted correct ways of acquiring the on-line consent of data subjects, where necessary, in light of the full application of the Personal Data Protection Regulation (GDPR).

In particular, in line with the principle of privacy by design, the acquisition of consent should ensure that no cookies other than technical cookies (e.g., third-party) or other means of tracking (see fingerprinting) are installed on your device.

The primary objective of the new cookie guidelines is thus to strengthen users’ decision-making power regarding the use of their personal data when browsing online.

This section explains the characteristics and the purpose of the cookies we use, as well as instructions for how to deny consent to their use. What are cookies: Cookies are small alphanumeric strings that are sent by the websites that you visit and stored on the physical drive of your terminal and then transmitted back to the same sites on your next visit.

The types of cookies we use

We use cookies of various types in order to optimize the enjoyment of our site:

Technical cookies: These are cookies used for the exclusive purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service.” These include navigation, analytical and functionality cookies. Please note: disabling these cookies may affect the full functionality of the site, limiting its interactivity.

Technical navigation cookies: These are intended to ensure normal navigation and enjoyment of the website. The use of this type of cookie is not subject to the user’s consent.

Analytical technical cookies: They allow us to collect information, in aggregate form, on how often and how you visit our site. The use of this type of cookies is not conditional on the permission of the user.

NAME	DESCRIPTION	PROVENANCE	CONSENT
__ga	Analytics cookies	Google	/
_ga_FGW2PRCLGQ	Analytics cookies	Google	/
_gat_gtag_UA_159916232_1	Analytics cookies	Google	/
_gid	Analytics cookies	Google	/
__utma	Analytics cookies	Google	/
tk_xxx (and derivatives)	Analytics cookies	JetPack	/

 Technical functionality cookies: They allow navigation of the site based on certain preferences set by the user, for example, the choice of language. The use of this type of cookies is not subject to the user’s consent.

NAME	DESCRIPTION	PROVENANCE	CONSENT
Pll_language	Technical cookies	Polylang	/
cookie_notice_accepted	Technical cookies	Cookie Notice for GDPR	/

The user/visitor can object to such processing by clicking on the buttons in the banner or by cookie delete on their browser/terminal, as detailed below:

If you use Chrome

• On your computer, open Chrome
• Click on the menu on the browser toolbar next to the url entry window for browsing
• Select Settings
• Click Show Advanced Settings
• In the Privacy section, click “Site Settings” button.
• In the “Cookies” section you can change the following settings related to cookies:
• Allow local data to be saved
• Change local data only until the browser is closed
• Prevent sites from setting cookies
• Block third-party cookies and data from sites
• Manage exceptions for some websites
• Deleting any or all cookies

For more information visit the dedicated page.
(https://support.google.com/accounts/answer/61416?hl=en).

If you use Mozilla Firefox

• Running Mozilla Firefox
• Click the menu button and select Settings
• Select the Privacy & Security panel
• Cookie settings are under Enhanced Tracking Protection and Cookies and Site Data
• You can change the following cookie settings:
• Require sites not to do any tracking
• Notify sites of your willingness to be tracked
• Do not communicate any preferences regarding tracking of personal data
• From the “History” section, it is possible:
• Select to accept third-party cookies (always, from the most visited sites, or never) and store them for a specified period (until they expire, Firefox closes, or you ask each time
• Remove individual stored cookiesFor more information visit the dedicated page.

(https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer)

If you use Internet Explorer

• Run the Internet Explorer Browser
• Select the Tool button and then select Internet options
• elect the Privacy tab, and under Settings, select Advanced Change the slider to the desired cookie action:
• Block all cookies
• Allow all cookies
• Selection of sites to get cookies from: move the slider to an intermediate position so as not to block or allow all cookies, then press on Sites, in the Website Address box enter a Website and then press on

For more information visit the dedicated page.
(https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d)

If you use Safari

• Run the Browser Safari
• Click Safari, Select Preferences and Click Privacy in the top panel
• Under ‘Block cookies’ specify how Safari should accept cookies from websites.
• To view which sites have stored cookies click on Details Block or Allow For more information visit the dedicated page.

For more information visit the dedicated page
(https://www.apple.com/legal/privacy/en-ww/cookies/)

If you use Safari iOS (mobile devices)

• Running the Safari iOS Browser
• Tap on Settings and then Safari
• Tap on Block Cookies
• To clear your cookies and keep your history, go to Settings, Safari, Advanced ,Website Data, then tap Remove All Website Data.

For more information visit the dedicated page.
(https://support.apple.com/en-us/HT201265)

If you use Opera

• Running the Opera Browser
• Go to Settings, Click Advanced in the left sidebar, and click Privacy & security.
• Under Privacy and security, click Site settings.
• Click Cookies and site data
• Select one of the following options
• Turn on or off Allow sites to save and read cookie data
• Allow sites
• Accept cookies only from the Site you are visiting: third-party cookies and that are sent from a domain other than the one you are visiting will be rejected
• Disable cookies: all cookies will never be saved

For more information visit the dedicated page.

(https://help.opera.com/en/latest/web-preferences/#cookies)

4.3 Data provided by users voluntarily
This is personal data freely released by the user to access certain services freely chosen by the user. Failure to provide them may result in the impossibility of obtaining the requested service. Appropriate information and requests for consent can be found on the pages of the Site dedicated to on-demand services.

5. Purpose of the treatment and legal basis

5.1 Finality:

Data are processed for the following purposes:

• To manage a contact request from you via the special “Contact Form” denominated “ Contact a sales person” (name, email, company name, VAT number, role held in the company). The only consequence of not providing optional will be the inability to provide or perform the requested services;
• Manage a catalog request from you via the appropriate “Contact Form” denominated “ Request catalog D.A.R. S.R.L.” (name, email, phone number, company name, VAT number, role held in the company). The only consequence of failure to provide optional will be the inability to provide or perform the requested services;
• Manage a request for your application through the special “Contact Form” called “Work with us” (name, email, phone number, educational qualification, curriculum vitae – upload). The only consequence of failure to provide optional information will be the inability to provide or perform the requested services;
• Managing access to your account by registering through the special “Form” denominato “My Account” (name, email, address, shipping address, payment method, bank details), the data will be saved and used to support your experience on this website, to manage access to your account and facilitate your purchases. The only consequence of not providing optional data will be the inability to provide or perform the requested services;
• E-commerce management through the “Shop online” interface (name, address, delivery address, email, phone number, payment method, bank details). The only consequence of failure to provide optional will be the inability to provide or perform the requested services;
• E-commerce Assistance Service Management via the special “Module” named ” E-commerce Assistance” (phone number). By choosing this type of assistance service, the User will be led to use the Whatsapp Web/Desktop messaging service.The only consequence of failure to provide optional will be the inability to provide or perform the requested services;

5.2 Legal Basis

– activities related to contact management (examples of activities are: filling out the contact form on the site or more generally sending an e-mail that involve the processing of personal data such as, for example, first name, last name, subject; the legal basis of the aforementioned purpose is identified in the contract and pre-contractual measures (art. 6.1, lett. b – GDPR);

– activities related to contact management (examples of activities are: Promotional activities, the Data Subject has consented to the processing of personal data for one or more specific purposes, art.6. 1, lett. a – GDPR);

– Activities related to contact management (examples of activities are: Promotional activities, the Data Subject acknowledges the right to withdraw any consent at any time (art.7 – GDPR);

– Activities related to the execution of the contract to which you are a party, including the pre-contractual phase (examples of activities are: the provision of a service, the response to a request, the request for contact via the form “contacts” (etc.); the legal basis of the aforementioned purpose is identified in the contract and pre-contractual measures (art. 6.1(b) GDPR), but also (as the case may be) in the legitimate interest (Art. 6.1(f) GDPR) insofar as it relates to the need to defend a right and as well as in the fulfillment of an obligation under applicable laws or regulations or to fulfill an obligation imposed by the Authorities (Art. 6.1(c) GDPR);

– maintenance of computer systems and devices (individuals assigned to perform maintenance and repairs on the Site may accidentally gain access to Your personal data. These are entirely occasional and unforeseeable events and in any case devoid of identification purposes and limited in duration to the execution of the maintenance/repair work); the legal basis of the aforementioned purpose is identified in the legitimate interest (art. 6.1, letter f, GDPR).

6. Communication and Diffusion of Data

The Data collected as part of the provision of the service may be communicated to:

Companies that perform functions closely related and instrumental to the operation – also technical of the services of the DATA CONTROLLER, such as suppliers that provide services aimed at the review and verification of the ads, customer care, companies that provide technical components for the provision of certain features of the service that have been appropriately appointed as Data Processors (art.28 – GDPR), after verification of the compliance of the activity of the same with the provisions on data protection. In this regard, the Owner has entrusted the management of these services to companies that guarantee adequate technical and organizational measures (art.32 – GDPR).

The Data Controller will only use data processors that present sufficient guarantees to put in place adequate technical and organizational measures so that the processing meets the requirements of the GDPR and ensures the protection of the data subject’s rights.

Under no circumstance do we give away personal data to third parties for any reason (including sale).

7. Obligatory or optional nature of the provision of Data

The supply of Personal Data is obligatory only for the processing necessary for the provision of services offered by the Data Controller (refusal for purposes of service provision makes it impossible to use the service itself).

8. Method and duration of Treatment

Personal data will be processed by authorized persons acting under the authority of the Data Controller, appropriately instructed by the Data Controller, in compliance with the provisions of Article 29 of the GDPR by means of automated tools for the time that is strictly necessary to achieve the purposes for which they were collected, as well as for the additional period that may be necessary to fulfill specific legal obligations.

Except in case of liability ascertainment in case of hypothetical computer crimes to the detriment of the Site, the data related to navigation on the Site will not be kept for more than 30 (thirty) days.

The Data may be processed both on electronic and on paper. Data related to telematic traffic, excluding in any case the contents of communications, will be kept for a period not exceeding 6 years from the date of communication, pursuant to Article 24 of Law No. 167/2017, which transposed EU Directive 2017/541 on anti-terrorism.

The Data Controller guarantees the lawful and fair processing of the Personal Data provided through the Site, in full compliance with current legislation, as well as the utmost confidentiality of the data provided during registration.

All Data are acquired in accordance with the indications of the reference legislation, with particular attention to the security measures provided for in Article 32 of the GDPR for their processing by means of computer, manual and automated tools and with a logic strictly related to the purposes indicated in Article 4 and in any case in such a way as to ensure the security and confidentiality of the Data itself.

I Your personal data will be kept for the time strictly necessary to carry out the purpose outlined above and to comply with legal obligations.

In detail, for activities related to the management of the contact Your personal data are deleted at the time when the purpose of contact, response or correspondence is finally exhausted, for activities related to the execution of the contract to which You are a party (including the pre-contractual phaseYour personal data are retained for the duration of the contractual relationship and, once the relationship has ended, will be retained for any needs to ascertain/exercise/defend a right or to comply with a legal obligation or regulations in force or to fulfill an obligation imposed by the Authorities (art. 6.1, letter c, GDPR), for computer systems and devices maintenance activities, referring to personal data that we have for the other purposes indicated in this Policy, the retention times coincide with those identified from time to time for the said purposes.

For activities related to contact management, purposes of sending “Promotional Activities”, the data will be processed until consent is withdrawn by the Data Subject (art.7 – GDPR).

Retention period for the respective purposes (5.1 Purpose of processing)

Purpose	Data lifecycle	Process applied at the end of treatment
a)	Processing of your contact request	Delete
b)	Processing of your contact request	Delete
c)	Processing of your contact request. Resumes received will be retained and processed for a period not to exceed one year after their submission	Delete
d)	Until consent is revoked by sending an email to the following email address. privacy@cofrus.com	Delete
e)	10 years from the date of termination of the contract with the customer (Art.2220 Civil Code, which provides for the storage of accounting records for 10 years; Art.22 of Presidential Decree No. 600 of September 29, 1973). Once this retention period has expired, the data will be either destroyed or anonymized and will be unusable for the purposes relatively for which the retention periods have expired.	Delete, Anonymizing
f)	Processing of your request for assistance.	Delete

      9.Recipient categories

In Addition, your Personal Data may be disclosed to third parties, for technical and operational needs strictly related to the purposes set forth above and in particular to the following categories of parties:

1. subjects necessary for the provision of the services offered by the Site including without limitation the sending of email and the analysis of the operation of the Site who typically are acting as data processors of our reality, appropriately appointed as Data Processors of personal data in accordance with art.28 GDPR;
2. persons authorised by our reality to process Personal Data who have committed to confidentiality or have an appropriate legal obligation of confidentiality;
3. legal authorities in the exercise of their functions when required by applicable law in force.

 

      10. Data Transfer Abroad

The Regulation includes specific regulations for transfers of personal data outside the EEA (European Economic Area, i.e., the European Union plus Norway, Liechtenstein and Iceland) space.

The entire Chapter V (Transfers of personal data to third countries or international organizations) of the regulation deals, in fact, with the regulation of the cross-border flows of personal data, and consequently also with the use of cloud services.

This regulation is the tool by which the European Unions’ data protection laws interact with the rest of the world. In this sense, on the functioning of this mechanism much of the success of the GDPR will depend.

In this respect, the Data Controller informs the Data Subject that it relies on service providers outside the EEA Area that guarantee a level of data protection adequate to the European one, on standard clauses defined by the European Commission or on Binding Corporate Rules. The requirement of the adequacy requirement, rather than the equivalence one, allows different ways to ensure data protection.

The European Court of Justice made it clear that the transfer of personal data to third countries must also comply with the principle of the risk-based approach, which permeates the entire GDPR.

With reference to the U.S., in its October 6, 2015 ruling, the European Court of Justice invalidated the adequacy decision on the transfer of data (so-called Safe Harbour), which was then replaced from August 2016 by the Privacy Shield, adopted by the European Commission and implemented in Italy by order of the Data Protection Authority. But the Privacy Shield was also declared invalid by the European Court of Justice on July 16, 2020. As a result, data transfer with the U.S. can no longer be based on the Privacy Shield but will have to be based on different instruments.

Article 46 of the GDPR provides an additional possibility of transferring personal data to countries that do not provide an adequate level of protection. The Data Controller may enter into a service contract with an entity located in a third country, the clauses of which are such as to provide an appropriate level of protection for data processing. In specific, a satisfactory level of security and protection of the rights of data subjects is required, with effective appeal mechanisms. The Controller shall rely on entities located in a third country that demonstrates an approved certification mechanism (Art. 46(2)(f) together with a binding and enforceable commitment by the controller or processor in the third country to apply appropriate safeguards, including with regard to the rights of data subjects.

We do not, under any circumstances, give or sell personal data to third parties.

      11. Rights of the Interested Parties

At any time you may exercise, by written request sent to email privacy@cofrus.com, in accordance with Articles 7,15-22 of the GDPR, the right to:

• Right to obtain information on what data is processed by the Data Controller (Art.12-13-14);
• Right to request and obtain in intelligible form the data held by the Controller (Right of access – Art.15);
• Right to withdraw consent at any time (Conditions for consent – Art.7);
• Exercise opposition to processing in whole or in part (Right to object – Art. 21);
• Right to object to automated processing (Art.22);
• Right to obtain erasure of data held by the Data Controller (Right to erasure “right to be forgotten” – Art.17);
• Right to obtain updating or rectification of the data provided (Right to rectification – Art.16);
• Right to request and obtain transformation of data into anonymous form;
• Right to request and obtain the blocking or restriction of data processed in violation of the law and those whose storage is no longer necessary in relation to the purposes of processing (Right to restriction of processing – Art.18);
• Right to data portability (Right to data portability – Art. 20).

Any requests will be processed no later than one month after receipt, subject to the possibility of extending this period for an additional two months if necessary, taking into account the complexity and number of requests received by the Controller.

In Addition, you may bring an appeal before the judicial authority (in accordance with the provisions of Article 80 of the GDPR and Article 13 of Legislative Decree 101/2018) or a complaint to the Data Protection Authority, by:

• Registered mail with return receipt addressed to the Garante per la protezione dei dati personali, Piazza Venezia, 11, 00187 Roma
• E-mail at: protocollo@gpdp.it or protocollo@pec.gpdp.it
• Fax to the number: 06696773785

It should be noted that the complaint to the Garante cannot be filed if, for the same subject and between the same parties, an appeal has been filed before the Judicial Authority.

If you have any questions or comments regarding this Privacy Policy, how we process your Personal Data, or how you may wish to exercise any of your aforementioned rights, please contact the Data Controller at privacy@cofrus.com.

      12. Review clause

This Policy may be subject to change. If any material changes are made to the Owner’s use of User Data, the Owner will notify you by prominently posting such changes on its pages or through alternative or similar methods.

Rev. 0.2

Nola (NA), 26/07/2022