Privacy Policy

Last Updated: March 12, 2026

1 — Introduction & Controller Identity

This Privacy Policy explains how ARKIGEST SRL (“we”, “our”, “us”) collects, uses, and protects personal data when you visit this website and when you interact with our project management and organizational education services. We operate from Italy and make our educational programs available to participants across Canada through online and blended formats. We are committed to lawful, fair, and transparent processing in line with the EU General Data Protection Regulation (GDPR) and applicable Canadian privacy principles.

Data Controller: ARKIGEST SRL, Via Arrigo Boito, 8, Brera, 20121 Milano MI, Italy. Contact: [email protected]. Phone: +39 02 8295 6740. If we appoint a Data Protection Officer (DPO) in the future, we will update this Policy with the DPO’s contact details.

Our services and content are designed for educational and professional development purposes. This Policy forms part of our website terms and should be read together with our Cookies Policy and Terms of Use available via the footer links on this site.

2 — Personal Data We Collect

We collect only the information needed to provide and improve our educational services and to respond to your requests:

• Identity and contact data: name, email address, phone number, organization (if provided), city/region.
• Inquiry and enrollment data: program selection, learning objectives, scheduling preferences, and the free‑text details you choose to include in messages or forms.
• Technical data: IP address, device and browser type, operating system, language, approximate location inferred from IP, and security event logs used to protect this site.
• Usage data: pages viewed, time on page, clicks, scroll depth, referring URL, and similar interaction signals when analytics cookies are enabled by your consent.
• Cookies and identifiers: essential cookies for site operation, plus analytics and marketing identifiers if you accept non‑essential cookies (see Section 4 and our Cookies Policy).
• Conversion data: non‑sensitive events that indicate interest (e.g., form submitted) used to measure content effectiveness when consented tracking is active.

We do not intentionally collect special‑category data (e.g., health, religion, political opinions), financial account details, or government‑issued identifiers through this website. Please avoid including sensitive information in free‑text fields.

3 — Why We Process & Legal Basis

• Responding to inquiries and pre‑contract steps (GDPR Art. 6(1)(b)): to assess program fit, provide schedules, and answer questions you send via the form or email.
• Performance of a contract (GDPR Art. 6(1)(b)): to enroll you, share materials, and deliver the educational services you request.
• Consent‑based analytics and marketing (GDPR Art. 6(1)(a)): to understand site usage and run remarketing only after you accept non‑essential cookies.
• Legitimate interests (GDPR Art. 6(1)(f)): security, fraud prevention, site maintenance, and quality assurance, balanced against your rights and expectations.
• Legal obligations (GDPR Art. 6(1)(c)): record‑keeping, tax, or compliance duties under applicable laws.

Automated decision‑making: We do not conduct automated decision‑making or profiling that produces legal or similarly significant effects within the meaning of GDPR Article 22.

4 — Cookies & Tracking Technologies

We use cookies and similar technologies to operate this site and, subject to your choices, to understand engagement and measure advertising effectiveness. You can manage your preferences at any time via “Manage cookie preferences” in the footer or the cookie banner.

• Essential: required for site operation and security (e.g., session continuity, consent storage). Active by default.
• Analytics (consent): Google Analytics 4 (IP anonymized). Example cookies: _ga (2 years), _ga_XXXXXXXXXX (2 years). Data retention in GA4 is typically 14 months.
• Marketing (consent): Google Ads and Meta Pixel identifiers used for remarketing and conversion measurement. Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when click ID present).

Beyond cookies, pixels or server‑side event forwarding may be used by our partners when enabled by your consent. Details of each cookie name, purpose, and lifetime are described in our Cookies Policy available in the site footer. You may withdraw consent at any time; withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

5 — Consent in the EEA/UK

Visitors in the EEA and the UK receive a clear consent prompt. Analytics and marketing cookies will only activate after explicit, informed, and freely given consent. Your selection is recorded in the cookie_consent cookie (12 months). You can revisit your choices from the footer link and can also clear your browser cookies to reset preferences.

6 — Sharing With Service and Advertising Partners

We share limited personal data with trusted service providers strictly for our purposes:

• Google (Analytics, Ads, Tag Management): cookie identifiers, usage signals, and conversion events when consented.
• Meta Platforms (Pixel / Conversion API): page views, conversion events, and hashed identifiers used for audience measurement when consented.
• Hosting, CDN, and security providers: IP addresses, logs, and operational telemetry needed to maintain availability and protect the site.

We do not sell personal data. Our providers act as processors or service providers and are contractually restricted from using data for their own independent purposes beyond delivering the contracted services to us.

7 — International Transfers

When data is transferred outside the EEA/UK (for example, to the United States for Google or Meta), we rely on appropriate safeguards such as the EU‑US Data Privacy Framework and its UK Extension where applicable, and, if required, Standard Contractual Clauses (EU 2021/914) or the UK International Data Transfer Agreement. These measures aim to ensure an essentially equivalent level of protection for your personal data.

8 — Retention

• Inquiry and contact records: typically retained for up to 2 years from the last interaction to support follow‑up and internal quality review.
• Enrollment and program administration: retained for the duration of participation and as required by legal and tax obligations.
• Analytics data: retained per the analytics platform setting (often 14 months) when consented.
• Marketing identifiers: retained in line with cookie lifetimes and applicable platform rules when consented.
• Server logs: typically retained for up to 90 days for security and troubleshooting.
• Cookie consent record: retained for up to 3 years for audit purposes.

9 — Your Rights

Under the GDPR you may have the following rights, subject to conditions and exemptions: access; rectification; erasure; restriction of processing; portability; objection; and the right to withdraw consent at any time. To exercise a right, email [email protected]. We will respond within 30 days, extendable by 60 days for complex requests, and we may request reasonable proof of identity.

Lead supervisory authority (Italy): Garante per la protezione dei dati personali. You also have the right to lodge a complaint with your local supervisory authority if you believe your rights have been infringed.

Canadian privacy considerations: For participants in Canada, our handling of personal information aligns with principles comparable to the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial frameworks. You may request access to, or correction of, your personal information we hold, and you may contact us to ask about our practices, safeguards, and our use of service providers outside Canada. We will make reasonable efforts to accommodate such requests, subject to legal restrictions and confidentiality obligations.

10 — Children

This website and our educational programs are not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data, please contact us and we will delete the information promptly unless we have a lawful reason to retain it.

11 — Do Not Track

Some browsers offer a Do Not Track (DNT) signal. We do not currently respond to DNT signals. Cookie preferences set on this site control the activation of analytics and marketing technologies.

12 — Account & Data Deletion Requests

We do not operate user accounts on this website. To request deletion of information we hold about you (for example, inquiry records), email [email protected] with the subject “Data Deletion Request.” We will verify identity and complete the process within 30 days unless an extension is required due to complexity or legal obligations. We may retain limited data where retention is mandated by law or necessary for the establishment, exercise, or defense of legal claims.

13 — Business Transfers

If ARKIGEST SRL undergoes a corporate transaction such as a merger, acquisition, restructuring, or asset sale, personal data may be transferred as part of that transaction subject to confidentiality safeguards. If a transfer leads to a material change in how your data is used, we will provide a clear notice on this website and, where legally required, seek your consent.

14 — California (CCPA / CPRA)

While we are established in Italy and focus our services on participants across Canada, some U.S. visitors may access our site. Under the California Consumer Privacy Act as amended by the CPRA, California residents may have rights to know, delete, correct, and opt out of the sale or sharing of personal information, and the right to non‑discrimination. We do not sell personal information as defined by the CCPA/CPRA. We may share personal information for cross‑context behavioral advertising when marketing cookies are enabled by your consent. To exercise rights, email us with the subject “California Privacy Request.” We will verify identity and respond as required by law.

Categories disclosed in the last 12 months (as defined by CCPA/CPRA): identifiers (e.g., IP, cookie IDs, name, email) to service providers and ad partners; internet or network activity to analytics and advertising partners; inferences (interests or preferences) derived from consented analytics or advertising interactions.

15 — Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data. To submit a request, email us with the subject “Virginia Privacy Request.” If we refuse a request, you may appeal by emailing us with the subject “Appeal of Refusal — Privacy Request.” We will respond within 60 days, and you may contact the Virginia Attorney General if you remain unsatisfied.

16 — Nevada

Nevada residents may submit a verified request asking a business not to sell personal information. We do not currently sell personal information as defined under Nevada law. You may email us with the subject “Nevada Do Not Sell Request” if you have questions.

17 — Changes to This Policy

We may revise this Privacy Policy from time to time. Material changes will be announced via a notice on our homepage at least 14 days before they take effect. The “Last Updated” date will be refreshed with every revision. Continued use of the site after the effective date constitutes acceptance of the updated Policy.

18 — Contact

For questions, requests, or complaints regarding this Privacy Policy or our handling of personal data, please contact:

ARKIGEST SRL
Via Arrigo Boito, 8, Brera, 20121 Milano MI, Italy

Email: [email protected] — please include “Privacy Request” in the subject line where appropriate.

We will make every reasonable effort to respond promptly and to resolve your inquiry in line with applicable laws in Italy, the European Union, and, where relevant, Canadian privacy frameworks.