Privacy Policy

This policy describes, pursuant to and for the purposes of Article 13 of EU Regulation 679/2016 (General Data Protection Regulation, hereinafter "GDPR"), the ways in which the Data Controller processes personal data collected or provided by the Data Subject both while surfing this Website, and in execution of current business relationships (for example, pre-contractual or contractual measures). This document supplements any information on the processing of personal data provided to our Customers in the various occasions of interaction.

Data Controller

The Data Controller is ARMAL S.p.A. Unipersonale, legally established in Via Fiorentina 109, 50052 Certaldo (FI) - Italy, telephone number: +390571665305, e-mail: [email protected]

Data Protection Officer (DPO)

The Data Protection Officer can be contacted at the e-mail address [email protected]

Origin and type of data collected

  • navigation data: the computer systems and software procedures used to operate the Website may acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This category of data could include IP addresses or domain names of the devices used, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc..) and other parameters regarding the operating system and computer environment of the User. (Please refer to the Cookie Policy for information on how cookies are processed).
  • personal data collected in connection with the establishment of pre-contractual and contractual relations: for example, identification and contact data (name, surname, e-mail, telephone, address, vat/c.f.), purchase data, payment data (bank data relating to transfers and other methods of payment), billing data.
  • personal data transmitted to the e-mail addresses indicated on the Website: the e-mail address, as well as all other personal data included in the message.
  • identification and contact data, as well as all other personal data included in the message, collected in the “Contact Armal” section of the Website.
  • personal data transmitted in curricula that may be received at the e-mail addresses indicated on the Website. The data may be of a common and special nature. The Data Controller - in compliance with the provisions and guidelines of the Supervisory Authority - will provide information on the processing of data contained in CVs at the time of the first useful contact with the candidate.

Purposes of processing and legal bases

Data is processed for the following purposes:

  • to enable the correct navigation of the Website, using appropriate measures to ensure the security of the information systems and the protection of the data from events that may compromise its availability, integrity and confidentiality. The legal basis is legitimate interest (Art. 6(f) GDPR).
  • to process and handle the User's requests and to answer questions submitted via the forms or e-mail addresses on the Website. The legal basis is the execution of pre-contractual and contractual measures (Art. 6(b) GDPR).
  • to execute pre-contractual and contractual relationships: issue of quotes and orders, conclusion of contracts and commercial agreements, management of support and maintenance services, management of financial and administrative practices. The legal basis is the execution of contractual and pre-contractual measures taken at the request of the Customer (Article 6, letter b), GDPR) and the fulfilment of legal obligations (Article 6, letter c), GDPR). 
  • for marketing and commercial promotion purposes, in order to send, via e-mail, sms, telephone, or other digital communication tools, news about products, services, events and promotions. The legal basis is the express consent given by the User (Article 6, letter a), GDPR).
  • to send commercial communications by e-mail concerning the same or similar products as those already purchased by the customer (so-called soft spam). The legal basis is Art. 130, paragraph 4, Legislative Decree 196/2003 The customer may object to the processing at any time.
  • to comply with legal obligations to which the Data Controller is subject. The legal basis is the fulfilment of legal obligations (Article 6(c) GDPR).  
  • to follow up personnel selection procedures for job applications. The legal basis is the execution of pre-contractual measures (Art. 6(b) GDPR) taken at the request of the data subject. The processing of "special" data is lawful on the basis of the Supervisory Authority's Order of 5 June 2019 supplementing and amending General Authorisation No. 1/2016.

Provision of personal data

The mandatory or optional nature of the provision of data is specified from time to time - regarding the individual information requested - also by affixing a special symbol (*) to the mandatory information. Any refusal to communicate the data marked as mandatory makes it impossible for the Controller to perform the contract or provide the services available. The provision of further data is, instead, optional.

Modality and place of processing

The processing of personal data is carried out by the Controller mainly with electronic and telematic methods, supported by specifically authorized internal staff. Adequate security measures are taken in order to minimize the risk of destruction or loss - even accidental - of data, unauthorized access or processing not allowed or not in accordance with the purposes of collection. Data are processed at the Data Controller's offices and in any other place where the parties involved in the processing are located, as well as at the hosting servers. For further information, please contact the Data Controller.

Data retention period

The data are processed for the time necessary to perform the service requested by the User or in general until the purposes for which they were collected. Some data will be kept for longer periods due to fiscal-administrative-accounting obligations (e.g. 10 years ex art. 2220 c.c.). With regard to marketing purposes, purchase data will be stored for a maximum period of 6 years. Personal data contained in the CVs received will be retained for a maximum period of 12 months.

Disclosure of personal data

The User's personal data will not be disseminated to unspecified subjects. However, they may be disclosed to:

  • professionals, collaborators, natural and legal persons who perform services in outsourcing on behalf of the Controller (e.g. suppliers of IT network and services, software and management products, debt collection companies, consulting companies, suppliers of e-mail marketing services, communication agencies, insurance agencies, financial companies, credit institutions, etc.). 

These subjects will be able to process the data as data controllers or data processors duly appointed pursuant to art. 28 GDPR, in full compliance with the above-mentioned regulations in force; they will only be provided with the information necessary to carry out their relative functions. The complete and updated list of data processors is available upon request. 

  • bodies or authorities by virtue of a legal provision;
  • as a company subject to the management and coordination of TTD Holding IV GmbH, certain data may be disclosed to this third party for management and control purposes, as well as to TTD Italy Holding S.r.l. as controlling company.

Personal data transfer

Any transfer of personal data to countries outside the EU that may be necessary to implement the contract in place with the User or to ensure the services offered (for example, for suppliers based in third countries) is performed in accordance with Articles. 44 et seq. of the GDPR, providing appropriate tools that ensure adequate guarantees of data protection.

Links to other sites, platforms, and social networks

This notice is provided only for and not for other websites and social platforms that can be reached by the User via links. For further information on the data processing carried out by these third parties, please refer to their respective privacy policies. Please note that on the basis of retargeting mechanisms, the User who, while browsing the Website, has accepted the relevant tracking cookies through the appropriate banner, may be reached by advertising our products on the social networks to which he/she is registered. For further information, please refer to the Cookie Policy.

Rights of the data subject

At any time, pursuant to Articles 15 et seq. of the GDPR, the User may exercise the following rights:

  • to access to personal data.
  • to obtain the rectification or cancellation of the data or the limitation of the processing.
  • to obtain information about the origin of personal data, the purposes and methods of processing, the categories of data, the recipients, or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period, as well as information about the identity of the controller, processor, any appointed representatives, or parties to which data may be communicated.
  • to object - for legitimate reasons - the processing of all or part of the personal data.
  • portability of data, where applicable and technically possible.
  • to withdraw consent, at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation.

The exercise of rights may be made by sending a request to the following e-mail address [email protected]

In case of suspected violation of the legislation on the protection of personal data, you can contact the Data Protection Officer (DPO) by sending an e-mail to [email protected]

Please note that the data subject also has the right to lodge a complaint with the Supervisory Authority for the Protection of Personal Data.

Changes and updates

The Data Controller may make changes or additions to this policy also as a consequence of any subsequent changes or additions to the law. Changes and updates to the Privacy Policy will be applicable as soon as they are published on the Website. We therefore invite the User to regularly access this section to check the publication of the most recent and updated Privacy Policy.


Please consult our Cookie Policy to know how cookies are used.

Last Update 12.12.2023