Partnership with Cornerstone

Go to Top

Corporate management system policy

At Arxis, we believe in expertise, personal and corporate credibility, quality, teamwork and enthusiasm for our work. The ultimate goal is greater customer satisfaction.
The quality management system (qms), introduced in 2005 in accordance with UNI EN ISO 9001:2000, subsequently amended to UNI EN ISO 9001:2008 and 2015 version re-certification in July 2017.
The ICT service management system, i.e. the service management system (SMS) based on the ISO/IEC 20000-1 standard, with certification obtained in 2014 and re-certification in July 2017.
The information security management system (isms) based on the ISO/IEC 27001 standard, with certification obtained on 3 December 2015.
In particular, the ISO/IEC 27001:2013 Standard states that data security is based on three aspects:
CONFIDENTIALITY
This expresses the guarantee that any given piece of information is only accessible to the processes that have to process it and the user who objectively needs it and is therefore authorized to use it.
INTEGRITY
This expresses the guarantee that any information is the one originally entered into the information system or legally modified.
AVAILABILITY
This expresses the guarantee of the availability of information based on the need for business process continuity and for the purpose of complying with regulations (both legal and non-statutory) that require the data to be retained.
The security of data and information is based on the observance of organizational, procedural and technical measures that guarantee advance protection from unauthorized access, destruction, loss, alteration or disclosure of data, unauthorized or non-compliant processing.
An effective SGSI must:
Safeguard the interests of Solve.It and its customers
Guarantee the integrity and confidentiality of corporate information, as well as the continuity (availability) of business activities, ensuring that the expected level of protection is implemented according to the importance of the information requiring protection
Guarantee a virtuous and uniform behavioral model
Ensure tracking of the authorization processes and the activities carried out for legal, fiscal and operational purposes

Law 231 (Legislative Decree 231/2001)

Corporate Responsibility, Code of Ethics and Responsibility of Legal Persons pursuant to Italian Legislative Decree 231/01. – Corporate responsibility of companies and organizational, management and control models.
The activity of most companies and, consequently, their organization must take into account legislation and, in particular, the regulations provided for by the law in question. Legislative Decree 231/2001 extends the responsibility for offences committed in Italy and abroad by natural persons working for the company to legal persons.
In addition to the responsibility of the natural person who performs an unlawful deed, the law has introduced the penal liability of companies for certain offences committed in their interest or to their benefit by persons acting as representatives or working in the administration or management of the company or one of its organizations with financial or functional autonomy or by persons managed or supervised by one of the above mentioned subjects.

ADDENDUM TO THE POLICY ON PERSONAL DATA PROCESSING
REGARDING GREEN PASS CHECKS

Arxis Srl, St.  Torri Bianche n.9 20871 Vimercate (MB), in its capacity as Data Controller, hereby informs you that your personal data, acquired to allow compliance with the anti-contagion measures relating to SARS Covid-2 will be managed using electronic and hardcopy means.

All Data Subjects who access Arxis’s headquarters (workers, maintenance technicians, visitors, etc.) will be subject to the checks.

The check is restricted to verifying the authenticity, validity and integrity of the certification and does not involve the collection of data in accordance with the provisions of Prime Ministerial Decree dated June 17, 2021, Legislative Decree 127 dated September 21, 2021 or the provisions of the Personal Data Protection Authority. Since collection does not take place, data retention is not necessary.

The check is necessary in order to access Arxis’s offices in full compliance with current legislation. This check does not give rise to any automated decision, nor to profiling.

Arxis will ensure that this processing is carried out in full compliance with the aforementioned regulations and confidentiality obligations, providing precise instructions regarding any persons in charge of the checks.

In case of need, a Data Subject party may exercise the rights provided for in Articles 15-22 of GDPR 679/2016, which are detailed in the information available on the website www.Arxis and displayed at the reception desk at the entrance to the offices.

To exercise their rights, or any need, a Data Subject may contact the Data Controller directly at the operational headquarters or by using a dedicated e-mail address: privacy@arxis.

Should the Data Subject not be satisfied with the behavior of Arxis s.r.l., they may contact the Supervisory Authority in accordance with the instructions listed on the page https://www.garanteprivacy.it/home/footer/contatti.

October 14, 2021

PERSONAL DATA PROCESSING POLICY

Arxis Srl, St. Torri Bianche n.9 20871 Vimercate (MB), in its capacity as Data Controller, hereby informs you that your personal data shall be processed both manually and with the aid of electronic tools, according to the regulations in force regarding the protection of personal data.
PURPOSES OF DATA PROCESSING
Arxis s.r.l. collects and processes the personal data of the Data Subjects for: the performance of obligations arising out of contractual relationships, the performance of pre-contractual activities or by virtue of laws/regulations with which it must comply and/or decides to adhere to, more specifically:
  • information on their products and services;
  • relationship management with existing and potential customers;
  • contractual obligations;
  • fulfilment of accounting, tax and legal obligations;
  • after-sales management.
The provision of personal data for said purposes is strictly necessary and refusal to provide it means that Arxis shall be unable to establish relations and/or perform said activities. Arxis s.r.l. shall provide detailed information, if necessary. Processing is related to obligations of a contractual nature or to specific requests by the Data Subject, therefore consent is not required.
SENSITIVE DATA
Arxis does not collect sensitive data for its business purposes. Should an unforeseeable event result in Arxis acquiring said data without consent, the Data Subject shall be contacted urgently in order to resolve the issue immediately.
PROCESSING PROCEDURE
Processing is performed using manual, computer and electronic instruments, with logic strictly related to the purposes stated. Arxis possesses ISO 27001 standard certification and has established technological, organizational and procedural support to ensure that data is processed legally and securely. Personal data is stored for the period strictly necessary to carry out the contractual activity, unless the data is required for business needs (e.g.: data sheets) or legal requirements.
THIRD-PARTY COMMUNICATION
The pursuit of the aforementioned purposes may lead to the transmission and communication of data to third parties that have been appointed to carry or provide specific services strictly functional to the execution of obligations, such as:
  • banks and credit institutions;
  • consultants, professionals, external suppliers of business services;
  • suppliers of technological services;
  • carriers.
Data may be transferred to recipients headquartered in a third country or to international organizations with offices abroad. Arxis will carry out said transfers after verifying compliance with the articles of the domestic and European legislation in force.
DATA CONTROLLER
The Data Controller is Arxis S.r.l., whose operational headquarters at  St. Torri Bianche n.9 20871 Vimercate (MB), in the person of its legal representatives.
RIGHTS OF THE DATA SUBJECT
The Data Subject may exercise the rights provided for, more specifically:
  1. obtain access to their personal data;
  2. obtain:
    1. updating, rectification or addition of further data;
    2. deletion or limitation of processing;
  3. oppose for legitimate reasons:
    1. processing of personal data that concerns them;
    2. processing of personal data for the purpose of sending advertising or direct sales material or for conducting market research or commercial communications.
  4. Request that their data be transferred to another Data Controller, providing the necessary information and reasons.
If the actions resulting from the exercise of the rights referred to in points 2.b. and 3. are incompatible with the management of the business, Arxis will highlight the fact in order to reach an agreement on the matter. If the exercise of the rights referred to in points 2.b and 4 proves impossible or too burdensome, Arxis shall inform you without undue delay in order to agree upon a solution. Your right to submit a complaint to the Supervisory Authority remains unaffected if you are not satisfied with the behavior of Arxis s.r.l. in your regard. Arxis does not carry out automated decision-making processes and shall not disclose your personal data. To exercise your rights, or for any need you may have, please contact the Data Controller directly (info@arxis.it), or through the dedicated e-mail address: privacy@arxis.it