Privacy & Compliance

Arca24 is aware of the importance that GDPR has taken on in the world of software houses and how much its business is inevitably interconnected with all the legislation relating to the privacy protection. GDPR has completely revolutionized the approach to privacy, affecting all types of companies, in particular the software houses.

Privacy Policy

This page describes how SA treats the personal information of its website’s visitors as well as of those who interact with the web services that can be accessed by visiting the websites owned by the company, in accordance with the Federal Act on Data Protection (FADP) and the article 13 of the Regulation (EU) 2016/679 – GDPR.

Data treatment (art. 13, 1° comma lett. a, art. 15, lett. b, GDPR) SA – Via Roncaglia n.5, CH-6883 Novazzano, email address, hereinafter referred to as “Arca24” or “Owner”, is the Owner of the treatment of your personal information concerning:

  1. Data provided by you when filling out a contact form to the Owner or submitting any other request;
  2. Data on our website, which include traffic data, localization, visit on the website, IP address, operating system used, browser used, cookie;
  3. Data provided by you when answering through emails, surveys or any other contact form.

Purposes of data processing (art. 13, 1° comma, lett. c, d, e, f, GDPR)

The above mentioned user’s data are processed by the Owner in relation to:

  1. Intermediation activities between job supply and demand as well as research, selection and training activities. The legal basis for those activities is the compliance with pre-contractual and contractual measures, with related rights and duties of the users.
  2. Activities related to the improvement of the services provided both online and offline from the Owner. The legal basis for those activities is the compliance with pre-contractual and contractual measures, with related rights and duties of the users as well as of the Owner.

Consequences of any refusal to respond (art. 13, 2° comma, lett. e, GDPR)

With the exception of the browsing data, which are necessary to allow the correct operation of the website, and the cookies (see Cookie policy), the users are free to provide their personal data, in order to submit requests for information. The refusal to allow their data to be processed makes it impossible for them to obtain the feedback on those requests.

Data processing and retention period (art. 13, 2° comma, lett. a, GDPR)

The processing of your data will only last for such period of time that is necessary for achieving those activities related to the contract management as well as the consequent obligations, including legal ones.  The Owner will then store the data only in compliance with the legal obligations provided by the applicable laws, for administrative purposes and/or to claim or to defend an own right in the case in which a litigation or a pre-litigation procedure arise. Your personal data will be deleted after a 36-months inactivity timeframe. 6 months before the expiry date you will receive an information email about that circumstance.

Manner of data processing (art. 13, 2° comma, lett. f, GDPR)

The personal data is processed through computerized, automated manual systems for the period of time that is necessary to achieve the purposes for which the data is collected.

Data treatment does not include automated decision-making processes, but it might include profiling for those activities related to the web surfing through technical tools such as cookies.

Rights of the interested party (art. 13, 1° comma, lett. b, e 2° comma lett. b, GDPR)

You can request the Owner to update and/or delete your data at any time and free of charge.

For the specific list of external Data Processors as well as for any further information and request, please contact the Owner at

GDPR Compliance

This page describes the compliance of all Arca24 web services with the relevant policies and regulations currently in force within the organizations.

In particular, the company informs the clients that all products are 100% intellectual property of Arca24 and homemade.

All products are installed on Arca24 virtual servers, meaning that the code and its intellectual property are strictly safeguarded. Arca24 virtual servers are hosted in the data centers of DigitalOcean in Frankfurt with replication in Amsterdam.

Documents uploaded by candidates are stored on an encrypted Amazon AWS S3 bucket with multiregional redundancy.

In each supply contract, it is clearly stated that the intellectual property is and remains of Arca24. Both the duplication and the view of the code are strictly forbidden. Just the use of it is allowed in accordance with Arca24 regulations defined in its commercial relations.

Data awareness

Thanks to data encryption, Arca24 guarantees the highest state of personal data awareness for all the software users.

Indeed, such encryption minimizes all the risks related to the processing of personal data, as it protects the information from the risk of possible undesirable accesses, unauthorized or illegal processing of the personal data.

That way Arca24 guarantees data confidentiality and protects the information by making it unintelligible towards cybercriminals.

GDPR and Data Protection Officer

Arca24 has already made all effort within its power to guarantee the protection of the candidates’ personal data processed. Since May 28th, all Arca24 software have been 100% compliant to the GDPR, namely the EU General Data Protection Regulation. In particular:

  • All the servers are safely hosted in DigitalOcean in Frankfurt. DigitalOcean has several ISO certifications;
  • A disaster recovery plan and a continuous backup have been designed;
  • The software has been developed according to privacy by design and privacy by default principles;
  • All database data and the code have been anonymized and encrypted;
  • The team Arca24 are aware of the current regulations and continuous training sessions on that topic have been scheduled;
  • Arca24 appointed a data protection officer (DPO), i.e. an experienced Italian lawyer, to ensure effective data protection.

Server architecture

Arca24 uses a distributed data management model, which better meets the requirements of decentralization and cooperation among modern organizations.

As compared to a centralized system, a distributed one allows data replication on a higher number of clusters and it guarantees enhanced functionalities in terms of:

  • Minimization of data loss risk
  • Data reliability
  • Data scalability

Data Center infrastructure and certifications

The infrastructure has the following characteristics:

  • Tier IV Dual Datacenter Architecture
  • State of the art and «Banking Proof» infrastructure: high security standards, bank certified
  • 100% Green Computing: powered entirely by renewable energy sources
  • All components of the structure are fully redundant (power, UPS, cooling, fire protection, access lines, network)
  • All servers use SSD Technology
  • The servers can benefit from 40 GbE connections for a fast data transfer
  • Thanks to the geographic position of the data center, the connections within Central and Southern Europe are high-performance.

Shown below are the ISO certifications of the data center:

  • ISO/IEC 27001:2013

The management system of DigitalOcean was audited and certified as compliant with the standards.

Cookie Policy