Privacy Policy
This Privacy Policy describes how ARCHIMED S.R.L.S. (operating the brand Ortopedia 3D) collects and processes personal data through this website, in compliance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.
1 · Data Controller
ARCHIMED S.R.L.S. — Via Bonaventura Veracroce 18, 70021 Acquaviva delle Fonti (BA), Italy.
VAT / Codice Fiscale: 08587410724 · SDI: KRRH6B9
PEC: archimed3d@pec.it · Email: info@archimed3d.it
For inquiries about the Ortopedia 3D brand and services you can also write to info@ortopedia3d.net.
2 · What data we collect
We collect personal data only when you actively provide it through the contact form on this website. Specifically:
- Identification data — first and last name, company or workshop name.
- Contact data — email address.
- Content of your message — any information you voluntarily include in the message field, plus the intent (in-house workflow vs. outsourced production).
- Technical metadata — IP address, browser user-agent and timestamp, retained for security and anti-abuse purposes only.
- Marketing consent flag — a boolean value recording whether you opted in to receive commercial communications.
If you enable the Analytics category in the cookie banner, Google Analytics 4 also collects aggregated, pseudonymized usage data — see our Cookie Policy for the full disclosure.
3 · Purposes & legal bases
| Purpose | Legal basis (Art. 6 GDPR) | Retention |
|---|---|---|
| Respond to your contact request | Performance of pre-contractual measures at your request — Art. 6(1)(b) | Up to 24 months from last contact |
| Security, anti-abuse, fraud prevention (logs, rate limit) | Legitimate interest — Art. 6(1)(f) | Up to 12 months |
| Commercial communications (if you opted in) | Consent — Art. 6(1)(a) | Until you withdraw consent |
| Aggregated traffic analytics | Consent via cookie banner — Art. 6(1)(a) | Up to 14 months (GA4 default) |
| Compliance with legal obligations | Legal obligation — Art. 6(1)(c) | As required by applicable law |
4 · How we collect data
Data is collected directly from you through the contact form on ortopedia3d.net. The form sends a JSON payload to our server (/api/contact.php), which validates it, applies a per-IP rate limit (max 3 submissions per minute), and forwards the message via standard SMTP to info@ortopedia3d.net. The contents of the form are not persisted in a database on our website; they live only in the resulting email message.
5 · Recipients & processors
Your personal data is processed by ARCHIMED S.R.L.S. and may be shared with the following categories of recipients, acting either as data processors or as autonomous controllers when they provide the underlying technical service:
- Hosting provider — apserver.it (Italy) hosts the website and the contact endpoint.
- Email delivery — standard SMTP server provided by the hosting provider routes the message to our inbox.
- Analytics — Google Ireland Ltd. (Dublin, IE) and, where data is transferred, Google LLC (United States) — only if you accept the Analytics category in the cookie banner.
- Tax, legal and accounting consultants — only where strictly necessary to fulfil legal or contractual obligations.
We do not sell or rent your personal data. We do not transfer it to third parties for their own marketing purposes.
6 · Transfers outside the EU/EEA
Personal data is stored and processed primarily within the European Union. If you enable Analytics, data may be transferred to Google LLC servers in the United States. Such transfer is governed by the EU–US Data Privacy Framework and, where applicable, by Standard Contractual Clauses adopted by the European Commission under Art. 46 GDPR.
7 · Your rights
Under Articles 15 to 22 GDPR you have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate or incomplete data;
- request erasure (“right to be forgotten”);
- restrict processing in specific circumstances;
- receive your data in a portable, machine-readable format;
- object to processing based on legitimate interest;
- withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal;
- not be subject to fully automated decisions producing legal effects.
To exercise any of these rights, contact ARCHIMED S.R.L.S. at info@archimed3d.it or by certified email at archimed3d@pec.it. We will respond within 30 days.
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) if you believe your rights have been infringed.
8 · Children
This website addresses healthcare professionals and B2B audiences. We do not knowingly collect personal data from individuals under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it.
9 · Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or disclosure: HTTPS with HSTS across the whole site, IP-based rate limiting on the contact endpoint, server-side validation, restricted access to the mailbox, and secure storage of access credentials.
10 · Changes to this policy
We may update this Privacy Policy from time to time. The current version is always available at this URL; the date at the top of the page indicates the latest revision. For substantive changes affecting you, we will provide additional notice where required by law.