Privacy Policy

Via dell’Industria, 41/45 - 24126 Bergamo - Italy
+39.035.322829 - Fax +39.035.314435


Following the consultation of this website, data related to identified or identifiable people may be processed.

This document describes the management methods of the website in reference to personal data processing.

This information is provided in accordance with art. 13 of EU Regulation 2016/679 (later, “GDPR”) to those who interact with the services available through this website.

This report is provided solely for this website and not for other websites that may be consulted through links by the user.

Pursuant to current legislation on the protection of personal data (EU Regulation 2016/679), we wish to inform you that your data will be processed properly and transparently, for lawful purposes and protecting your confidentiality and your rights.


The data controller is ARCO COSMETICI S.R.L. based in Via dell’Industria, 41/45 24126 Bergamo.


This Privacy Policy and our Cookie Policy refer to all users who use the Website and the Services connected to it.


The personal data provided are solely processed for purposes strictly connected and necessary for the use of the Website and the Services requested.Your personal data are being processed:

A)   Without Your expressed consent (art. 6.1 letter b), c) GDPR), for the following Service Purposes:

-       fulfill pre-contractual, contractual and tax obligations resulting from existing relationships with You;

-       fulfill the obligations established by law, by a regulation, by community legislation or by an order Authority’s directive (such as anti-money laundering).


Your data may be made accessible for the purposes listed in points 3.A):

-       to employees, cooperators, internal data processors (if appointed) of the Data Controller;

-       to professional studios, consultants, providers of installing services, IT and telecommunication systems assistance and maintenance, system administrators that carry out outsourcing activities on behalf of the Data Controller as external process managers;

-       to public authorities and administrations;

-       credit and financial institutions, insurance companies.


Some of the subjects listed above are designated as Data Controllers; the full list of designations is available at the Data Controller's offices.


With no need of a stated consent (art. 6.1 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes listed in point 3.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those entity to whom communication is mandatory by law. These subjects will process the data in their capacity as independent data controllers.

Your data will not be spread.


Your data may be disclosed, in compliance with the current legislation, to external companies appointed by the Data Controller to perform various services, as for instance the assistance and maintenance of the Website and related Services.

In general, Your personal data will not be transferred or stored in a destination outside the European Economic Area.

If necessary for the management of the contractual relationship, some data might be transferred outside the European Economic Area. In this case, the recipients of Your data will be subject to obligations of protection and security equivalent to those guaranteed by the Data Controller.

In any case, only the data necessary for the pursuit of the aforementioned purposes will be communicated and the adequate guarantees applicable to transfers of data to third parties will be respected. (e.g.: Standard data protection clauses adopted by the European Commission).

Personal data are not subject to disclosure.


The treatment of Your personal data is carried out by means of the operations indicated in art. 4 n.2) GDPR and specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and/or automated processing. Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed in order to prevent the loss of data, illicit or incorrect use and unauthorized access. Appropriate measures are also adopted concerning the processing of personal data deriving from the activities of communication or disclosure of personal data on the institutional website, in implementation of the current regulatory provisions on transparency, advertising of the administrative action, as well as consultation of documents on the initiative of the individual subjects. For this purpose, any document containing personal data is available on the website only through the internal search engine and only for a period sufficient to the achievement of the purposes for which the documents have been made public. The accessibility of documents containing personal data exclusively by those entitled is guaranteed by their availability in areas with limited access.

The Data Controller will process Your personal data for the time necessary to fulfill the aforementioned purposes and, in any case, for no more than 10 years after the end of the Service Finality relationship.


The bestowal of data for the purposes set out in point 3.A) is mandatory. In their absence, we will not be able to guarantee the Services listed in point 3.A)


a) Personal data

Collected through the information request form on the site (e.g. name, surname, telephone number, e-mail address, etc.). Failure to bestowal may cause the impossibility to receive what has been requested.

b) Surfing data

During their ordinary operations, IT systems and software procedures used to operate this website acquire some personal data which transmission is implicit in the use of internet communication protocols.

The transmission of this navigation data, which is not directly supplied by you, is connected with the use of Internet communication protocols (e.g. page access, time of request, session ID numbers, IP addresses, URL addresses, time of request, etc.). This data makes it possible to trace the path of your visits on the website.

This information is not collected to be associated with identified interested parties, but given its nature, it could allow users to be identified through processing and association with data held by third parties.

This data could only be used by the authorities to ascertain responsibility in the event of hypothetical computer crimes against the site.

c) Cookies

No user’s personal data is acquired on purpose by the website.

Cookies are not used to transmit personal information nor will c.d. persistent cookies of any kind, namely systems for users tracking.

The use of c.d. session cookies (which are not persistently memorized on the user’s computer and vanish when the browser is closed) is strictly limited to the transmission of session identifiers necessary to allow the safe and efficient surfing of the website.

C.d. cookies session used in this website avoid the turning to other IT techniques potentially injurious to user’s surfing confidentiality and do not allow the acquiring of the user identifying personal data.

Please consult the Cookie Policy to find out how you can manage your cookie settings and to obtain detailed information on the cookies that are used and the reasons why they are used.

d) Optional data bestowal

The optional, explicit and voluntary transmission of e-mails to the addresses indicated on this site implies the acquisition of the sender's address, which is necessary to reply to the requests, as well as any other personal data included in the message.


We will store your data for the period of time indicated below:

- Browsing dat: 7 years

- Cookies session: disappear when you close your browser

- Personal data provided through contact forms: 10 years

Your data will be stored for the duration of the relationship and for a further 10 years after its conclusion.


The Data Controller is ARCO COSMETICI S.R.L. based in Via dell’Industria 41/45 - 24126 Bergamo - Italy.

The updated list of Data Processor processing is kept at the legal residence of the Data Controller and can be viewed on Your request.


The subjects to whom the personal data refer have, at any time, the right to obtain confirmation of the existence of the same data, to verify the accuracy, or to request its integration or updating, or cancellation (art. 15-19 UE REGULATION 2016/679).

The requests must be sent to or via PEC

Interested parties who believe that the processing of personal data reported to them through this website is in violation of the provisions of the Regulation have the right to submit a complaint with the Guarantor (


The Data Controller periodically checks the privacy and security policy and, if necessary, revises it in relation to regulatory, organizational or technological changes. In case of policy changes, the new version will be published on this page of the website.

Version updated to 16/12/2020