PRIVACY POLICY

 

PURSUANT TO REGULATION (EU) 2016/679 ('GDPR') ARTICLES 13 AND 14

AND SUBSEQUENT NATIONAL ADAPTATION STANDARDS

 

This document ("Information Notice") is intended to provide you with guidance regarding the processing of information, as specified below, that will be provided by you or otherwise available at our facility and that will be processed by it and/or other identified parties for the purposes set forth below. The Disclosure, in particular, is made pursuant to EU Regulation No. 679/2016 ("GDPR") and subsequent national adaptation regulations (jointly with the GDPR hereinafter "Applicable Legislation").

 

  1. Identity and contact details of the data controller

The data controller, in accordance with Articles 4 and 24 of EU Reg. 2016/679, is KIKO SRL, with registered office in Via Manfredi snc - S.S. 16 km.423, 64025 PINETO (TE), VAT No. 01672560677, Tel. +39 (085) 9463052, email: info@kiko.it, in the person of the pro-tempore legal representative (hereinafter "Data Controller").

 

  1. Contact details of the Data Protection Officer (DPO)

The Data Controller does not carry out activities requiring the appointment of a Data Protection Officer.

 

  1. Purpose and legal basis of processing

The Personal Data collected will be processed for the purposes and under the legal bases set out below:

Purpose Legal basis
point 3, lett. a): for the management of your contractual relationship or to execute pre-contractual measures (such as, for example, the request for information or the request for quotation). In this case, you are free to provide your Personal Data, however, failure to do so will not allow you to establish the aforementioned relationship and fulfill your request. processing is necessary in connection with the performance of a contract to which you are party
point 3(b): subject to your specific consent, to send you promotional communications related to the Controller and communications relating to events organized by the Controller (hereinafter "marketing purposes") your consent

  1. Categories of personal data processed

Within the limits of the purposes and methods described in this Notice, information that can be considered as "Personal Data" may be processed, which includes your personal details, contact information (such as, for example, cell phone number, e-mail address, etc.).

 

  1. Recipients and categories of recipients

Personal data will not be disseminated, i.e. they will not be disclosed to unspecified persons. On the other hand, it may be communicated to well-defined subjects, in full compliance with legal requirements, for purposes strictly related to those indicated above. Any access to your personal data is limited to subjects authorised by the Data Controller. Communication to the identified recipients, only if involved and functional, is linked to the achievement of the purposes referred to in paragraph 3 above, so the personal data collected and processed may be:

 

  1. used anonymously for statistical purposes;
  2. made available to the Controller's employees, in their capacity as Data Processors or persons authorised to process personal data;
  3. communicated to third parties, whether natural or legal, public administrations, professionals, law enforcement agencies, regulatory bodies, courts or other public authorities authorised by law;
  4. if necessary, transferred to another Data Controller in accordance with the GDPR, including with regard to the right to data portability.

 

The information may also be communicated whenever such communication may be necessary in order to comply with requests from Judicial Authorities or Public Security. The data collected will not be disseminated under any circumstances.

 

The list of persons responsible for processing personal data is available at the Data Controller's head office.

 

  1. Data transfer abroad

Data will not be transferred outside the European Union.

 

  1. Period of data retention (criteria for determination)

Below is a table containing indications of the retention periods (i.e. the criteria for determining) of Personal Data:

 

Purpose Storage times
Item 3(a): contract management For the duration of the relationship and thereafter for 10 years (ordinary limitation period).
Point 3(b): marketing purposes 2 years from the date of collection, without prejudice to the possibility for the person concerned to change and/or revoke their wishes at any time

  1. Methods of data processing

The processing of Personal Data will be carried out by manual, computerized or telematic means, suitable to guarantee its security and confidentiality and will be performed by personnel duly trained in compliance with the Applicable Regulations. There is no automated decision-making process.
In addition to the cases in which it is necessary to contact you for needs related to the management of your position, where you consent to the processing of your data for the purposes referred to in Section 3(b), you may be contacted by e-mail, newsletter, text message, or through any equivalent electronic means or by paper mail or operator call to any of the contact details provided. If you prefer to be contacted only at one or some of these addresses, you may make an express written request addressed without formality to the Data Controller.

 

  1. Rights to which you are entitled

We inform you that you may exercise the rights recognised by the Applicable Legislation including, without limitation, the right to:

  1. to access their Personal Data and to know their origin, the purposes and aims of the processing, the data of the persons to whom they are communicated, the period of storage of the data or the criteria for determining it (Art. 15);
  2. to request its rectification (Article 16);
  3. deletion ("oblivion"), if no longer necessary, incomplete, incorrect or collected in breach of the law (Art. 17);
  4. to request that the processing be restricted to part of the information relating to you (Article 18);
  5. to the extent that it is technically possible, to receive in a structured format or to transmit to you or to third parties indicated by you the information concerning you (so-called "portability") or information that you have voluntarily provided (Art. 20);
  6. to object to their processing based on legitimate interest (Article 21);
  7. as well as to revoke his consent at any time, if this constitutes the basis for the processing (revocation of consent, however, shall not affect the lawfulness of the processing based on consent given before revocation).

 

The aforementioned rights may be exercised by means of a written request addressed without formality to the Data Controller at the contacts indicated in point 1.

 

The Controller shall do so without delay and, in any event, no later than one month after receipt of the request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller shall inform and inform you of the reasons for the extension within one month of receipt of your request.

 

We would like to remind you that where the response to your requests has not been satisfactory in your opinion, you may address and file a complaint with the Data Protection Authority(http://www.garanteprivacy.it/) in the manner provided for in the Applicable Regulations.

 

Update 22 May 2018