Privacy Policy

Pursuant to and for the purposes of the combined provisions of Legislative Decree 196/2003 (Privacy Code) and European Regulation 2016/679 (General Data Protection Regulation or GDPR), the company ARENA LUCI DESIGN Srl with headquarters in Via Svizzera, 12/14 – Castel Goffredo (MN), as Data Controller (hereinafter Holder), informs you of the following.

This privacy statement is made available and valid for the website

Art. 1. Data controller (the person or company that decides how and why to process the data).
ARENA LUCI DESIGN Srl |Via Svizzera, 12/14 – Castel Goffredo (MN) | Partita IVA: 02560440204| email:

‍Art. 2. Purpose (the purpose for which we collect the data) and legal basis (whether or not a data is mandatory to execute the contract, or if the data requires your specific consent to be used).

This website does not track and does not collect data from connected users. There is a contact form that allows interested parties to communicate directly with the data controller. The data transmitted through the contact form are not automatically archived in databases and no cookie data present on users' computers is detected.
The optional, explicit and voluntary sending by completing the contact form involves the subsequent acquisition of the sender's email address necessary to respond to requests, as well as any other personal data optionally entered by the interested party. The mandatory and necessary fields to be able to respond to requests from interested parties are: Name, Email address and message.
An explicit consent to the processing of data is not required as there is a legitimate interest of the Data Controller to use the information voluntarily provided by the interested party in order to achieve the following purposes:
– respond to requests sent;
– issue estimates, formulate contract proposals;
– fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
– exercise the rights of the Owner, for example the possible right of defense in court.

‍Art. 3. Duration of treatment (how long we keep the data).
Without prejudice to the conservation term established by specific regulations (e.g. tax, anti-money laundering, etc.), for the entire duration of the contract and for the entire duration of any dispute, the data controller keeps the data collected for a period maximum of 3 (three) years from the end of the relationship with the interested parties, in order to be able to respond to any requests from the same.

Art. 4. Processing methods (how we use the data).
The processing is carried out within the limits strictly necessary to achieve the aforementioned purposes (see Art. 2), in compliance with the principle of proportionality in the choice of recovery and relocation methods and with the adoption of all suitable measures to guarantee security and the confidentiality of the personal data of the interested parties.

Art. 5. Where is the collected data located?
The data is processed and stored at the owner's headquarters and on the company tools used (e.g. computers). All data (paper and digital) are protected by adequate security systems in order to guarantee their confidentiality and safeguarding. All data is physically stored in Italy. Some digital files can be stored in cloud systems. The suppliers have been selected in order to guarantee the protection and confidentiality of the data. These devices are physically located within the European Union.

‍Art. 6. To whom are the data communicated?
The data are not subject to communication and dissemination to third parties, except for the obligations deriving from the law. In fulfillment of these obligations, customer data may be transmitted to third parties who carry out the processing on behalf of the Data Controller in their capacity as external managers appointed pursuant to art. 28 GDPR (by way of example, the accountant for billing data), to credit institutions, to employees and/or collaborators of the Data Controller in the performance of their normal work and/or collaboration activity, as persons authorized to process, the updated list of which is in any case available at the offices of the same.

Art. 7. Rights of data subjects (Articles 15 and following of the GDPR).
Art. 15: Right of access, including the right to obtain an indication of the envisaged retention period of personal data, or, if this is not possible, the criteria used to determine this period. Right to obtain information on the origin of the data collected, as well as the purposes and methods of treatment. Right to lodge a complaint with the Supervisory Authority at any time: Privacy Guarantor: Piazza di Monte Citorio n. 121, 00186 ROME Tel. +39 06 696771 – PEC:

Art. 16: Right of the interested party to obtain the updating, rectification or integration of personal data.
Art. 17: Right to cancellation and right to be forgotten.
Art. 18: Right to limitation of treatment, when foreseen.
Art. 19: Obligation of the holder to notify the rectification, cancellation and/or limitation
Art. 20: Right to data portability, if the existing technology permits it.

‍Art. 8. Instances of the interested parties.
The requests referred to in Article 7 above may be presented by the Data Subjects to the Data Controller by registered letter or PEC (Certified Electronic Mail) to the addresses indicated in Article 1 above. In all cases, the interested parties must attach their own document to the request valid ID.