Privacy Policy

Introduction

Your privacy is important to ARCHA S.r.l.. We have therefore adopted this Privacy Policy to explain
how we collect, use, transfer and store your data. Please read this document to understand our approach to privacy.
If you have any questions, you can contact us using the details provided below.

This document is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and
explains the processing of personal data connected to the use of the website
www.archa.it (the “Site”).

2.1 Data Collected During Use of the Site

Personal data may be used to identify or contact the user and to improve services for all users.

Automatically Collected Data

The Site’s systems and software procedures acquire, during normal operation, certain personal data whose transmission
is implicit in the use of Internet communication protocols. This information is not collected to be associated with
identified individuals, but could, through processing and association with data held by third parties, allow users to
be identified.

This category includes: IP address or domain name of the device used, operating system, device model and brand,
telephone operator, requested resource URIs, request time, request method, size of the file obtained in response,
numerical status code of the server response (success, error, etc.), and other parameters related to the operating
system and the user’s IT environment.

These data are used to generate anonymous statistics on Site usage and to verify the correct functioning of the Site.

Data Provided Voluntarily by the User

If you choose to interact with forms on the Site or contact us via email, you may be asked to provide personal
information necessary to identify you and/or respond to your requests. Examples may include: name and surname, email
address, and type of request.

The user is responsible for the accuracy of the personal information provided to ARCHA S.r.l..

2.2 Disclosure of Data

Except for browsing data, users are free to provide personal data. Failure to provide them may result in the inability
to obtain the requested services or responses.

3.1 Your Data Will Be Processed:

1. to allow you to use the functions made available on the Site;
2. for the technical management of the Site’s services;
3. to exercise the Controller’s rights.

Additional purposes may be indicated in notices connected with specific services.

3.2 Legal Bases for Processing

For purposes 3.1(1) and 3.1(2), the legal basis is the performance of a contract to which the data subject is party
and/or the performance of pre-contractual measures taken at the request of the data subject.

For purpose 3.1(3), the legal basis is the legitimate interest of the Controller in the proper administration of
systems and in exercising and defending its rights.

Your data will be processed for the time necessary to respond to your requests and, where required, for the period
prescribed by law.

After the retention periods indicated above, your personal data will be destroyed, deleted or anonymised, as compatible
with technical deletion and backup procedures.

Data will be processed with the necessary security and confidentiality, collected and recorded for specific, explicit,
and legitimate purposes.

Processing is based on principles of fairness, lawfulness and transparency and may be carried out manually or through
automated means, using appropriate technical and organisational measures to prevent loss, destruction, unauthorised
access or disclosure, or other unlawful use, and to enable timely deletion or correction of inaccurate data.

Personal data will be processed by authorised personnel, properly instructed and operating under the authority and
responsibility of the Data Controller.

Data may also be processed by third parties providing instrumental services, including communication services, email,
hosting, website maintenance, and other providers relevant to the purposes described above. Only the data strictly
necessary for the performance of these functions will be shared.

An updated list of recipients is available at the Controller’s registered office and will be provided upon request by
writing to the contact details below.

You may exercise at any time the rights provided under Chapter III of the GDPR, including: access, rectification,
erasure, completion of incomplete data, restriction of processing, data portability, withdrawal of consent (where
applicable), objection (in whole or in part), and other rights recognised by applicable law.

You may exercise your rights by writing to the contact details below. Pursuant to Article 77 of the GDPR, you also have
the right to lodge a complaint with the competent Supervisory Authority if you believe the processing violates the GDPR.

In the following section you will find information about cookies installed through this Site and instructions on how to
manage your preferences.

ARCHA S.r.l., as Data Controller, reserves the right to make changes to this Privacy Policy at any time by
publishing them on this page. Please consult this page regularly, referring to the “Last updated” date at the bottom.

Data Controller: ARCHA S.r.l.
Via di Tegulaia 10/A, 56121 Pisa (PI), Ospedaletto, Italy
VAT No.: IT01115340505
Email: archa@pec.archa.it

Last updated: January 2026

Cookie Policy

This section describes how cookies are managed on our website www.archa.it. This notice applies only to
the Site of ARCHA S.r.l. and not to other websites that may be consulted via links. This Cookie Policy
supplements the Privacy Policy above.

Who Is the Controller?

Data Controller: ARCHA S.r.l.
Via di Tegulaia 10/A, 56121 Pisa (PI), Ospedaletto, Italy
VAT No.: IT01115340505
Email: archa@pec.archa.it

What Are Cookies?

Definitions

Cookies are text strings created by a web application and stored on the user’s device (PC, smartphone, tablet, etc.)
and then transmitted on subsequent visits. Cookies collect information about browsing behaviour, for example to remember
language preferences.

Cookies may be stored permanently with varying duration (“persistent cookies”) or be deleted when the browser is closed
(“session cookies”). Cookies may be set by the visited site (“first-party”) or by other organisations (“third-party”).

Similar technologies (e.g., web beacons, transparent GIFs, and HTML5 local storage) may also be used to collect
information about user behaviour and service usage.

Types of Cookies

• Strictly necessary cookies: essential for the Site to function properly (session, login, access to reserved areas). These are limited to the session and are deleted when the browser is closed.
• Analytics/performance cookies: used to collect and analyse traffic and usage to improve performance and usability. Disabling these cookies may not affect functionality.
• Profiling cookies: used to create a user profile in order to send advertising messages consistent with preferences expressed during browsing.

Third-Party Cookies

By visiting a website, users may receive cookies from the visited site as well as from third-party organisations
(e.g., social plugins, embedded maps). The management of information collected by third parties is governed by their
respective policies.

For more information about cookies you may consult:
allaboutcookies.org,
youronlinechoices.com,
cookiepedia.co.uk,
and the Italian Data Protection Authority guidelines of 10 June 2021.

Which Cookies Are Present on Our Site?

On our site there are only necessary technical or session cookies.

Cookies Used on This Site

Third-party technical cookies for the correct operation of technical services.

These cookies are used to monitor Site performance.

Google Maps

Privacy Policy:
google.com/intl/it/policies

Google Analytics

Privacy Policy:
google.com/intl/it/policies
Opt-out:
tools.google.com/dlpage/gaoptout

Google Ads Conversions / DoubleClick

Privacy Policy:
google.com/intl/it/policies

Google Ads Remarketing

Privacy Policy:
google.com/intl/it/policies
Opt-out:
tools.google.com/dlpage/gaoptout

Facebook Remarketing / Social Plugins

Privacy Policy:
facebook.com/about/privacy

Other Social Media

• Google+ Privacy Policy:
  google.com/intl/it/policies
• Twitter Privacy Policy:
  twitter.com/privacy
• LinkedIn Privacy Policy:
  linkedin.com/legal/privacy-policy
• Pinterest Privacy Policy:
  about.pinterest.com/it/privacy-policy
• Instagram Privacy Policy:
  instagram.com/about/legal/privacy

How to Manage Cookies

Users can block or delete cookies through browser settings. Browsers may also allow blocking third-party cookies
specifically. Procedures vary by browser; instructions can be found at:

• Microsoft Edge
• Google Chrome
• Apple Safari
• Mozilla Firefox

Please note that disabling cookies entirely may prevent users from using all interactive features of the Site.

Recipients of Data

Processing related to the web services of this Site takes place at the Controller’s premises and is handled only by
specifically authorised staff. Where necessary, data may be processed by personnel of the company responsible for
maintaining the Site’s technological components.

Data Subject Rights

Data subjects may exercise at any time the rights provided under Chapter III of Regulation (EU) 2016/679 by writing to
the contact details above. They may also lodge a complaint with the competent Supervisory Authority pursuant to
Article 77 GDPR.

Last updated: January 2026

Supplier Information Notice

Dear Supplier,

ARCHA S.r.l., as Data Controller, hereby informs you that pursuant to Article 13 of Regulation (EU) 2016/679
(“Regulation”), for the establishment and execution of ongoing contractual relationships, it holds or may later become
aware of information relating to you.

1. Categories of Personal Data Processed

The following data may be processed: personal identification data, tax data, contact details, bank coordinates, and
other administrative or commercial information necessary for the purposes indicated below.

2. Purposes and Legal Basis of Processing

Data will be processed for: compliance with legal obligations and performance of the contract, fulfilment of obligations
towards tax authorities, accounting and administrative management, management of commercial relationships, and dispute
management.

The legal basis is the performance of the contract and the need to comply with applicable legal obligations.

3. Disclosure

Providing the requested information is mandatory to comply with legal and contractual obligations. Any refusal may
make it impossible for ARCHA S.r.l. to execute the contract or properly fulfil related obligations.

4. Retention Period

Data will be retained for the time necessary to pursue the purposes above and in any case no longer than the periods
required by law.

5. Recipients of Personal Data

Data will be processed by authorised personnel. Some information may be disclosed to public bodies (tax offices and
other authorities), law firms or consultants engaged by the Controller, IT maintenance providers, archiving system
providers, and other entities performing activities instrumental to the purposes above.

Data may be communicated within group companies, based on the group’s legitimate interest in sharing data and
information, and unifying tools and procedures.

A detailed list of recipients is available at the Controller’s premises and can be provided upon request via the
contact details below.

6. Rights of the Data Subject

You may exercise at any time the rights provided under Chapter III of the Regulation, including access, rectification,
erasure, completion of incomplete data, restriction, portability, objection (in whole or in part), and other rights.
Requests can be sent to the contact details below. You also have the right to lodge a complaint with the competent
Supervisory Authority.

7. Controller Contact Details

Data Controller: ARCHA S.r.l.
Via di Tegulaia 10/A, 56121 Pisa (PI), Ospedaletto, Italy
VAT No.: IT01115340505
Email: archa@pec.archa.it