Information to Data Subjects – Privacy Policy of the Website

Art. 13 and seq. General Data Protection Regulation no. 2016/679 (“GDPR”)


scope of this privacy & cookie policy

Dear User,

when you access and navigate on this website (hereinafter ‘Website’) some of your personal data is acquired, stored and managed (in technical terms ‘processed’), through the device you are using, also through the analysis and saving of your IP address, browsing data, ‘cookies’ and other online identifiers such as ‘pixels’. The site allows you to further access information, products and services of Aritmetika Ltd. by filling in contact forms and other or with access to a private user account.

In light of these processing activities, in compliance with the applicable legislation that requires the protection, confidentiality and security obligations on your data, Aritmetika Ltd. clarifies below the purposes and means defined in its capacity as Data Controller.

Data controller

Data processing operations will be performed as Data Controller by Aritmetika Ltd., with legal seat in Highlands House Basin​gstoke Road Spencers Wood, Reading (Berkshire) RG7 1NT – England (UK), that can be contacted at the following addresses:

– by writing an e-mail to;

– by post, at the address of the legal seat as provided.

Categories of data processed

The categories of data processed through the Website are:

– informations related to the User’s browsing activities, including the so-called online identifiers and data related to the device in use;

– personal identification data and contact data such as name, surname, e-mail address and telephone number in case of use of the contact form of the Website, or by sending communications to the Data Controller to the address mentioned above;

Purposes, legal basis and data retention periods

Purposes Legal basis Data retention period
User access to the pages of the Website and its functionalities Exercise of legitimate interest for the evaluation of the functionality of the Website and its performance For the duration the user remains on the Website, and in any case until the expiration of the longer stored online ID.
User interactions with tools implemented by the Data Controller, such as the “Schedule a Meeting” tool Performance of pre-contractual and contractual activities 12 months after the positive conclusion of the interaction with the user.
Feedback to contact requests or requests for information sent by the user Performance of pre-contractual and contractual activities For a maximum of 10 years from the last interaction between the user and the Data Controller
Analysis and improvement of the functionality of the Site and the presentation of products and services to the user Until the expiry of the online ID stored longer, save for requests of cancellation or anonymization activities, in any case for no longer than 2 years.

Other information on how we process your data

The processing of personal data is based on principles of correctness, lawfulness and transparency, for maximum protection of confidentiality and user rights, and takes place through technological tools suitable for guaranteeing protection and security of information until their cancellation or anonymization.

If the user wishes more information about the balance between the legitimate interests pursued by Aritmetika and his fundamental rights and freedoms, he can ask for clarifications at the addresses indicated, and in particular at the e-mail address, having the right to receive adequate feedback as soon as possible and in any case within the time required by law.

In the event of litigation with the user or with third parties, or control of the competent Authorities, the conservation may be extended until the expiry of the last applicable prescription period.

The user’s personal data will not be disseminated in any way, except for the acquisition of express and prior consent or within the limits of what is provided for or imposed by law.

Consequences of failure to provide data

The provision of personal data from time to time indicated as mandatory is necessary to pursue the related purposes: not providing such data makes it impossible to proceed with the related processing.

The provision of other personal data is optional: failure to provide such additional data may make it impossible to access all or part of the Website’s functions or characteristics in whole or in part.

Automated decision-making processes

With the expression “automated decision-making processes” the legislation indicates (art. 22 GDPR) “any form of automated processing of personal data” that it uses to evaluate certain aspects of the person, and in particular “to analyze or predict (… ) the professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements “of the user in his capacity as” Data Subject”.

The Website does not process any personal data through automated decision-making processes.

Categories of subjects that process data on behalf of the Data Controller

Within the limits of the obligations, tasks or purposes indicated above, personal data may be made available and / or communicated to:

• employees and / or collaborators of the Data Controller;

• Judicial, administrative and / or public security authorities, in compliance with regulatory provisions;

• other third parties who provide management, maintenance or intervention services on the Site and / or on other tools used by the Data Controller.

The complete list of Data Processors, Sub-processors and independent Data Controllers to whom the data are made available and / or communicated can be requested from the Data Controller at any time, at the indicated references.

Transfer of data outside the European Economic Area
Personal data may be transferred to countries outside the European Economic Area exclusively for technical needs, in any case to subjects based in countries recognized as “adequate” by the European Commission, or with the stipulation of specific Standard Contractual Conditions in the text approved by the European Commission.

Rights regarding the processing of personal data

The user, as a “Data Subject” according to the GDPR, can at any time exercise the rights attributed to him by the Regulation.

In particular, the user has the right to:

• access his/her personal data;

• obtain the correction or cancellation of the same or the limitation of the processing that concerns him/her;

• oppose the processing;

• obtain his/her data portability, where provided by the law;

• withdraw consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the revocation;

• lodge a complaint with the supervisory authority.

For the United Kingdom (UK) – as the Data Controller’s home state – the supervisory authority is the “Information Commissioner’s Office” or “ICO”, based in London (England).

The exercise of the aforementioned rights can take place by sending a request to the Data Controller’s references, as indicated above, and in particular to the e-mail address