Privacy Policy
This page describes how Arca24.com SA treats the personal information of its website’s visitors as well as of those who interact with the web services that can be accessed by visiting the websites owned by the company, in accordance with the Federal Act on Data Protection (FADP) and the article 13 of the Regulation (EU) 2016/679 – GDPR.
1. Which kind of data we process (Article 13, paragraph 1, letter a, Article 15, letter b, GDPR)
Arca24.com SA – Via Roncaglia n.5, CH-6883 Novazzano, email address privacy@arca24.com, hereinafter referred to as “Arca24” or “Data Controller”, is the Data Controller of your personal data which may concern:
- Data provided by the user when filling in the contact form with the Data Controller or sending any other request;
- Data on our website, which include traffic data, location, profiling, site visit, IP address, operating system used, browser used, cookies;
- Data provided by the user through the “free demo” section.
2. The purposes of the data processing (Article 13, paragraph 1, letter c, d, e, f GDPR)
The above personal data are processed by the Data Controller in relation to:
- Purposes related to the management of requests from filling in contact forms, forms, demos, etc. The legal basis for this treatment is pre-contractual.
3. Refusal to provide the personal data (Article 13, paragraph 2, letter and GDPR)
Apart from that specified for navigation data, necessary for the correct functioning of the site, and for cookies (have a look at the cookies policy), the user is free to provide his personal data while requesting the sending of informative material. The refusal to process the personal data makes it impossible to obtain a response to such requests.
4. Personal data retention (Article 13, paragraph 2, letter a GDPR)
The processing of your personal data will last only for the period of time necessary to carry out the activities related to the management of the request and the consequent obligations, including legal requirements, and in any case for a period not exceeding 12 months from the contact. Personal data relating to profiling will be kept for a maximum of 12 months.
5. How Personal Data are processed (art. 13, 2° comma, lett. f, GDPR)
Personal Data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Data processing does not include automated decision-making, but it may include profiling for those activities.
Your data can be accessed by suppliers who provide services to Arca24.
Arca24 has appointed each supplier that processes your data as external data processor, with the aim of ensuring adequate protection of personal data.
In particular, your personal data will be stored at Digital Ocean whose servers are located in Frankfurt.
6. Rights of the interested party (Article 13, paragraph 1, letter b, and paragraph 2, letter b, GDPR) and DPO
At any time and free of charge, the interested party may request the Data Controller to update and / or delete his data. These are specifically the rights referred to in the GDPR Articles: Art. 15 “Right of access”, Art. 16 “Right of rectification”, Art. 17 “Right to cancellation”, Art. 18 “Right to limitation of treatment”, Art. 20 “Right to data portability”.
The person in charge of the protection of personal data (Data Protection Officer) pursuant to art. 37 of the GDPR is Avv. Massimiliano Nicotra. It is possible to contact the DPO at any time for questions / requests / reports at privacy@arca24.com
The interested party can also contact and lodge a complaint with the competent authority.
GDPR compliance
This page describes the compliance of all Arca24 web services with the relevant policies and regulations currently in force within the organizations.
In particular, the company informs the clients that all products are 100% intellectual property of Arca24 and homemade.
All products are installed on Arca24 virtual servers, meaning that the code and its intellectual property are strictly safeguarded. Arca24 virtual servers are hosted in the data centers of DigitalOcean in Frankfurt with replication in Amsterdam.
Documents uploaded by candidates are stored on an encrypted Amazon AWS S3 bucket with multiregional redundancy.
In each supply contract, it is clearly stated that the intellectual property is and remains of Arca24. Both the duplication and the view of the code are strictly forbidden. Just the use of it is allowed in accordance with Arca24 regulations defined in its commercial relations.
Data awareness
Thanks to data encryption, Arca24 guarantees the highest state of personal data awareness for all the software users.
Indeed, such encryption minimizes all the risks related to the processing of personal data, as it protects the information from the risk of possible undesirable accesses, unauthorized or illegal processing of the personal data.
That way Arca24 guarantees data confidentiality and protects the information by making it unintelligible towards cybercriminals.
GDPR and Data Protection Officer
Arca24 has already made all effort within its power to guarantee the protection of the candidates’ personal data processed. Since May 28th, all Arca24 software have been 100% compliant to the GDPR, namely the EU General Data Protection Regulation. In particular:
- All the servers are safely hosted in DigitalOcean in Frankfurt. DigitalOcean has several ISO certifications;
- A disaster recovery plan and a continuous backup have been designed;
- The software has been developed according to privacy by design and privacy by default principles;
- All database data and the code have been anonymized and encrypted;
- The team Arca24 are aware of the current regulations and continuous training sessions on that topic have been scheduled;
- Arca24 appointed a data protection officer (DPO), i.e. an experienced Italian lawyer, to ensure effective data protection.
Server architecture
Arca24 uses a distributed data management model, which better meets the requirements of decentralization and cooperation among modern organizations.
As compared to a centralized system, a distributed one allows data replication on a higher number of clusters and it guarantees enhanced functionalities in terms of:
- Minimization of data loss risk
- Data reliability
- Data scalability
Data Center infrastructure and certifications
The infrastructure has the following characteristics:
- Tier IV Dual Datacenter Architecture
- State of the art and «Banking Proof» infrastructure: high security standards, bank certified
- 100% Green Computing: powered entirely by renewable energy sources
- All components of the structure are fully redundant (power, UPS, cooling, fire protection, access lines, network)
- All servers use SSD Technology
- The servers can benefit from 40 GbE connections for a fast data transfer
- Thanks to the geographic position of the data center, the connections within Central and Southern Europe are high-performance.
Shown below are the ISO certifications of the data center:
- ISO/IEC 27001:2013
- PCI-DSS
The management system of DigitalOcean was audited and certified as compliant with the standards.
Cookie Policy
Sub data processors
For server suppliers:
DIGITAL OCEAN LLC – Data center: Frankfurt and Amsterdam
AWS Amazon- Data center: Paris
For on-demand functions:
For video chat: Whereby AS Gate 1 107; MÅLØY; 6700; Norge
For multi mailing and all the mail sent through the Arca24 software (without customer’s smtp): Splio sas 27 Blvd Des Italiens, Paris, Ile-de-France, 75002, France
For all Calendar Synchronization: Cronofy Limited 9a Beck Street, Nottingham, NG1 1EQ
For various services (conversion from document to tabular fields or automatic text creation): Open AI
For the meeting booking form: Calendly LLC
For innovation projects:
Idiap Research Institute
Rue Marconi 19
1920 Martigny
Switzerland
EHL Campus Lausanne
Route de Berne 301
1000 Lausanne 25
Switzerland