Data Protection Notice - website www.archivagroup.com
Version 12.05.2025
Introduction
Archiva Group, a brand owned by Archiva S.r.l. a socio unico, encompassing Mitric S.r.l. ad DDM Technology S.r.l., hereby informs you about the processing of your personal data carried out through the website www.archivagroup.com (hereinafter, the “Site” or “Website”). Archiva S.r.l. a socio unico, Mitric S.r.l. and DDM Technology S.r.l. may be referred to individually as “Archiva”, “Mitric” and “DDM Technology”, or jointly as “Archiva Group”.
This site may include social network plugins or buttons. When interacting with these elements, certain data may be shared with the relevant social media provider, even if you are not registered or logged in. We recommend consulting their respective privacy policies.
Data Controller
With reference to personal data processed through this website, Archiva, Mitric and DDM Technology act independently, each within their respective areas of responsibility, as Data Controllers, in accordance with Article 4(7) of Regulation (EU) 2016/679 (GDPR).
However, in specific operational scenarios, Archiva may process personal data on behalf of Mitric or DDM Technology, or vice versa, thereby acting as a Data Processor pursuant to Article 28 GDPR. Such cases include, for example, the provision of digital infrastructure services, technical management of the website, or hosting of online forms and platforms. These roles are formalised through joint controllership or data processing agreements signed by the parties, which transparently define their respective responsibilities. The updated list of processing activities where a Data Processor role applies may be requested from the Controller using the contact details provided in this notice.
Joint Controllership
Certain personal data processing activities carried out through this website are jointly performed by Archiva, Mitric and DDM Technology, as Joint Controllers, pursuant to Article 26 GDPR. The joint controllership is formalised through internal agreements that transparently define the respective responsibilities of the parties regarding GDPR compliance, with particular reference to the exercise of data subject rights and data processing methods.
Examples of joint processing activities include:
- The organisation and joint management of events, webinars and promotional initiatives published on the website;
- The analysis of aggregated statistical data from shared digital platforms;
- The management of contact requests submitted through the site, when addressed to both companies.
Data subjects may exercise their rights under Articles 15–22 GDPR with respect to either Joint Controller using the contact details provided in this notice. To obtain essential information on the content of the joint controllership agreement, data subjects may submit a request to the contacts listed below.
Purposes of processing and legal basis
According to the needs expressed from time to time by the user, who accesses the different sections of this Website (and without prejudice to specific rules and information for individual operations which involve the provision of specific personal data, published from time to time on it), Below, the purposes of the processing of personal data provided by filling in the information request forms and/or those acquired automatically through navigation are indicated:
- for purposes of providing the services accessible through the Site (e.g. responding to requests received,request to participate in events or similar...) as:
Prospect, i.e. the person who could potentially enter into a contractual relationship in the future because he or she is interested in the Controller's product or service proposals;
Legal basis: execution of pre-contractual measures (ART. 6.1.B GDPR).
Customer (whether natural or legal person), i.e. the person who uses a product or service of the Controller by virtue of an ongoing contractual relationship;
Legal basis: execution of contractual measures (ART. 6.1.B GDPR); - to enable users, subject to their consent and until that consent is revoked, to learn about and explore activities, events and other commercial initiatives organised or carried out by the Controller.
Legal basis: consent (ART. 6.1.A GDPR); - within the limits and for the sole purpose of recruiting, managing and contacting the application for the position chosen job in the appropriate field;
Legal basis: execution of pre-contractual measures (ART. 6.1.B of the GDPR); - to be retained and to be contacted by HR for future and possible job positions, offers by the owner (spontaneous application).
Legal basis: execution of pre-contractual measures (ART.6.1.B GDPR); - to monitor open and closed positions in the corporate environment with details of the setting of interviews, their outcomes and recognition of candidates already examined;
Legal basis of the processing: pursuit of the legitimate interest of the Controller (ART. 6.1.F GDPR).
Nature and methods of processing
Archiva Group states that access to the Website, subscription to its various sections, requests for information or services, and interest in updates regarding events and services offered, may require the provision of personal data. Such data will be processed in full compliance with the GDPR and applicable national legislation.
With specific reference to job applications submitted via authorised recruitment agencies on behalf of Archiva Group, this privacy notice is also provided in accordance with Article 14 of Regulation (EU) 2016/679 for the processing of personal data attributable to such activities.
All data processing activities shall be carried out in accordance with the principles of fairness, lawfulness and transparency, ensuring the protection of your privacy, rights and freedoms.
Providing personal data is optional; however, failure to do so may prevent Archiva or the relevant group company from fulfilling the request addressed to them as Data Controllers. Personal data may be provided by completing the appropriate forms on the Website or, if preferred, by sending an email request.
In addition to the personal data provided directly by users (such as identification and contact details), Archiva Group may process data automatically collected during browsing, including through cookies and similar tracking technologies. These are used to ensure proper website functionality, enhance user experience and—subject to explicit user consent—enable statistical and/or marketing analysis features.
Cookies used are categorised as follows:
- Technical (essential) cookies: required for navigation and access to site content. These do not require user consent.
- Functionality and personalisation cookies: allow preferences to be saved and site experience improved. These require user consent.
- Analytical cookies (first- or third-party): collect aggregate data for statistical purposes. These are considered equivalent to technical cookies only if anonymised in accordance with the Italian Data Protection Authority’s guidelines; otherwise, user consent is required.
- Profiling cookies (third-party): create user profiles and deliver advertising aligned with browsing preferences. These may only be used with freely given, specific, informed and documented consent.
Users can manage their preferences via the consent banner displayed upon first access to the site, or at any time via the cookie management panel accessible from the site’s footer.
For further details on the cookies used, their functionalities, duration, and how to change or withdraw consent, please refer to the [dedicated Cookie Policy], available at the following link: https://www.archivagroup.com/it/cookie-policy.
Personal data will primarily be processed in electronic form, using databases and electronic platforms managed by Archiva S.r.l., including in its capacity as Data Processor on behalf of the other group companies designated herein as Controllers.
Processing is carried out using appropriate technical and organisational measures, in line with the principles of data protection by design and by default. Archiva applies regular security controls and has obtained several third-party certifications, available at: https://www.archivagroup.com/it/archiva/sicurezza-e-privacy.
Personal data is mainly processed at the Controller’s registered office and will not be transferred to non-EU countries.
Categories of Recipients of Personal Data
Personal data provided may be accessed by employees or interns of the Controllers, within the limits of their respective responsibilities, acting under the direct authority of the Controllers and in compliance with specific security and confidentiality measures. They shall process personal data in accordance with applicable European and national data protection laws.
Personal data may also be shared with external Data Processors appointed pursuant to Article 28 of the GDPR. These Processors, acting under the direct authority of the Controller, shall receive appropriate instructions. Likewise, such Processors shall ensure that their own employees or collaborators process data in accordance with the same principles.
Personal data may be disclosed to the following categories of recipients. A complete list can be obtained by contacting the Controller at the following certified email address, also reachable from a regular email account:
Companies owned or controlled within the Archiva Group: for the organisation and delivery of webinars or in-person events, and for communications and informative, educational or commercial activities based on specific joint controllership agreements entered into with these companies;
- Companies or other entities providing outsourced services on behalf of Archiva S.r.l.: for website development or management, technical support, communications, event organisation, video conferencing solutions, and management of platforms for marketing campaigns and newsletters;
- Recruitment agencies: for activities within the scope of their mandate;
- Certification and accreditation bodies: for audit and verification activities aimed at obtaining or maintaining certifications acquired by Archiva S.r.l.
Data retention period
The data communicated will be retained for a period of time not exceeding that necessary to achieve the purposes specified in this notice, following the details below, or for a longer period for purposes permitted by law, and, in any case, upon exhaustion of the aforementioned purposes they will be deleted without undue delay:
- 1.for a maximum of 12 months from receipt of the Prospect's request;
2. for the entire duration of the existing contractual relationship between the Data Controller and the Client, i.e. the legal entity that signed the contract with the said Data Controller; or in the event of the exercise of rights on the part of the person concerned and in any case until the Controller receives direct communication from the Client (legal person). - for a maximum of 24 months after formalisation of consent or the last documented interaction (Garante Provvedimento per il trattamento dei dati Personali 24 February 2005);
- for a maximum of 12 months from the date of the first interview with the data controller;
- for a maximum of 12 months after sending the spontaneous application.
- for a maximum of 36 months from the date of the first interview with the data controller.
Data Protection Officer (DPO)
Archiva S.r.l. a socio unico, on a voluntary basis, has appointed a Data Protection Officer who can be contacted by e-mail
Below, by way of non-exhaustive example, are cases in which the DPO may be contacted and/or should be contacted:
- in the event that you want to exercise a right recognized by the European Regulation;
- in the event that you wish to contest the rejection of a request to exercise a right or you believe that the response was not satisfactory or did not arrive within the indicated timeframe;
- in the event that you believe you have suffered a violation of your personal data during the processing carried out by the Data Controller or Data Processor;
- in the event that it is believed that the information submitted to the interested party is not sufficiently clear and transparent;
- in the event that it is deemed necessary to receive clarifications or further information regarding the processing carried out on your personal data (purpose, legal basis of reference, storage times, methods of carrying out the processing, etc.);
- in the event that it is necessary to receive information in order to submit a complaint to the Supervisory Authority.
Data Subject Rights
At any time, the data subject may exercise their rights with respect to the Controller, as outlined in Articles 15 to 21 of the GDPR, which are hereby fully referenced.
These include the right to request access to personal data, rectification or erasure of such data, or to object to their processing. The data subject also has the right to request restriction of processing or to receive their data in a structured, commonly used, and machine-readable format.
Where processing is based on consent, the data subject may withdraw their consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Lastly, the data subject has the right to lodge a complaint with the competent Supervisory Authority if they believe their rights have been violated in breach of the GDPR. Guidance is available on the Italian Data Protection Authority’s website: https://www.garanteprivacy.it
Rights may be exercised by completing the dedicated form available on the website www.archivagroup.com or by sending a message to the certified email address
Changes to the Privacy Notice
This privacy notice may be updated in accordance with changes in national or European legislation, or based on decisions made by the Data Controller. Unless otherwise specified, it shall continue to apply to personal data already collected up until that point.
In the event of significant changes to this privacy notice, users will be notified via a banner on the website or, where applicable, by direct email communication.