Privacy Policy
Last updated: July 6, 2026
This privacy notice describes how personal data of users browsing the Arca S.r.l. website is processed, in accordance with Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.
1. Data Controller
The Data Controller is Arca S.r.l., registered office at Via Giovanni Giolitti, 20, Zona Industriale, 73043 Copertino (LE), Italy, VAT number 04318180751. For any request regarding the processing of personal data, you can contact the Data Controller at info@arcasolution.com or via certified email (PEC) at arcasrl01@legalmail.it.
2. Categories of data collected
In the course of normal use of the site, the following categories of data are processed: browsing data automatically collected by IT systems (IP address, browser type, pages visited); data voluntarily provided through the contact form (name, email, phone number, message); data related to accounts and project documents processed through the Client Portal (email, encrypted password, uploaded and downloaded documents); technical data collected by the Cloudflare Turnstile anti-spam system to verify that contact form submissions are made by a human.
3. Purposes and legal basis of processing
Data collected through the contact form is processed to respond to information or quote requests, based on Art. 6(1)(b) GDPR (pre-contractual measures requested by the data subject). Data processed through the Client Portal is used to perform the contractual relationship between Arca S.r.l. and the client (Art. 6(1)(b) GDPR). Data collected through Google Analytics 4 is processed, in aggregated and anonymized form, for statistical purposes related to site usage, based on user consent (Art. 6(1)(a) GDPR), which can be freely withdrawn at any time through the "Manage cookie preferences" panel. Technical data collected by Cloudflare Turnstile is processed on the basis of the Data Controller's legitimate interest in preventing abuse and automated requests (Art. 6(1)(f) GDPR).
4. Processing methods and data retention
Processing is carried out using IT and telematic tools, with logic strictly related to the purposes indicated, ensuring the security and confidentiality of the data. The site is hosted on Vercel Inc. infrastructure; the client and project database is managed via Neon Inc. (PostgreSQL); project documents are stored on Cloudflare R2; transactional emails are sent via Resend Inc.; company blog content is managed via Sanity.io, without processing any personal data of site users. Contact data collected through the email form is not stored in any database and is transmitted solely through the email delivery service. Client Portal data is retained for the duration of the contractual relationship and for the subsequent periods required by law.
5. Recipients and external data processors
For the purposes described above, personal data may be shared with the following parties, appointed as data processors under Art. 28 GDPR where applicable: Google LLC (Google Analytics 4, Google Maps), Resend Inc. (transactional email delivery), Cloudflare Inc. (anti-spam protection and document storage), Neon Inc. and Vercel Inc. (hosting and service delivery). These parties process data exclusively on behalf of the Data Controller and according to its instructions.
6. Transfer of data outside the EU
Some of the providers listed above (Google LLC, Resend Inc., Cloudflare Inc., Neon Inc./Vercel Inc.) are based in the United States. Data transfers to these parties are carried out in compliance with GDPR safeguards, in particular through adherence to the EU-US Data Privacy Framework and/or the adoption of Standard Contractual Clauses approved by the European Commission.
7. Data subject rights
As a data subject, you have the right to obtain at any time, pursuant to Articles 15-22 GDPR: confirmation of the existence of processing and access to your personal data; rectification of inaccurate data or completion of incomplete data; erasure of data, where legally permitted; restriction of processing; data portability in a structured, machine-readable format; objection to processing on legitimate grounds. To exercise these rights, please write to info@arcasolution.com or to the certified email (PEC) arcasrl01@legalmail.it. You also retain the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali, www.garanteprivacy.it) if you believe the processing violates applicable law.
8. Minors, data security and updates to this notice
The site is not directed at children under 16 years of age, and the Data Controller does not knowingly collect data relating to minors. The Data Controller adopts technical and organizational measures adequate to ensure a level of security appropriate to the risk. This notice may be updated over time due to regulatory or organizational changes; the last update date is indicated at the top of this document. We recommend checking this page periodically.
Let's Work Together
Have a project in mind? Contact us for a free consultation. We're ready to turn your vision into reality.