Pursuant to article 13 of the Regulation (EU) n. 679/2016 of the European Parliament and of the Council – General Data Protection Regulation (GDPR)
K di Kuore protects your personal data and commits to guarantee the security and confidentiality.
With this note (“privacy policy”) if you want to receive our communications, we would like to explain why we need you to give us some information, how we are going to use it and which are your rights.
We would like to be able to inform you about our projects, about the new collections, the organization and the participation of K di Kuore in the sectoral trade fairs and events.
In order to do it, we need your consent.
We keep track of the registration information to the Newsletter (time and IP address) and each modification of the personal information provided to us.
The data is kept in the server of the company, in Florence (Italy).
Please read carefully this policy.
For any further clarification or any question, please contact us at privacy@kdikuore.com
DATA CONTROLLER
K di Kuore S.r.l., Viale Donato Giannotti, 24 (50126 FLORENCE)
Contacts: telephone: +39 055 6800377, e-mail: privacy@kdikuore.com
PERSONS AUTHORIZED TO THE DATA PROCESSING
The processing of personal data may be carried out by the persons authorized by the controller, under the instructions that were provided to them and under the measures of protection of the implemented personal data, for which they have received an adequate training.
PURPOSE OF THE DATA PROCESSING
The purpose of the personal data processing is to carry out direct Marketing activities from the data controller, by sending direct commercial or promotional communications, with automated contact ways (email), regarding projects, new collections, the organization or participation to events or sectoral trade fairs.
LAWFUL BASIS FOR DATA PROCESSING
The consent of the interested party.
METHOD OF DATA PROCESSING
The processing of personal data is carried out through digital tools (informatics, telematics, etc.) and analogical ones, with organizational and operative methods which are functional to the enforcement of the indicated purposes, by respecting the security measures which are suitable to prevent the access, the diffusion, the modification or their unauthorized destruction, so that an adequate level of protection is guaranteed.
AUTOMATED DECISION-MAKING AND PROFILING
We do not assume any decision solely based on the automated processing, including the profiling, that would produce legal effects that concern the interested party or affect significantly, in a similar way, his/her person.
OBLIGATION TO SUPPLY DATA
To supply the indicated personal data is optional.
The failure to notify this data does not allow to provide the services or to carry out the activities for which they were requested.
DURATION OF THE DATA PROCESSING AND PERIOD OF DATA RETENTION
The data processing will be carried out until the revocation of consent.
Afterwards, the data will be kept for as long as the law requires.
In the event of any dispute, until its settlement and at the end of the related executive actions and, anyhow, for as long as the law requires its preservation.
Once the periods of preservation have expired, the personal data will be removed, deleted or rendered anonymous, in accordance with the technical procedures of deletion and back-up.
UNSUBSCRIBING FROM THE NEWSLETTER AND REVOCATION OF THE CONSENT
The user will be able to unsubscribe from the mailing-list of the Newsletter freely and on any given moment, and he/she will be able to revoke the consent to the sending of communications with commercial purpose, by sending an e-mail to the address privacy@kdikuore.com
These rights can also be exercised by selecting the buttons, which are present in every Newsletter, Unsubscribe and Update Profile, revoking the consent to Direct Mail – commercial communications.
The controller informs that, following the usage of the right to object the sending of further communications, it will be possible that, for technical and operative reasons, the user will continue, nonetheless, to receive messages, for some time.
Should this occur, we kindly ask you to report the problem, by sending an e-mail to the address privacy@kdikuore.com
CATEGORIES OF DATA RECIPIENTS AND MOTIVE
The personal data processing may be carried out by external persons, acting as independent data controllers, such as for example, public administrations, judicial authorities, surveillance and control authorities, legitimated to obtain the data processing according to the current legislation, or, natural or legal persons, that carry out activities of consultancy, assistance or advocacy on behalf of the controller, as provided by a contract.
The processing of personal data may also be carried out, on behalf of the controller, by external persons that are designated processors by the controller, in compliance with the instructions provided to them and with the measures of protection of the implemented personal data, for which they have received an adequate training.
The user can request the indication of the list of the persons responsible for the data processing appointed by the controller, by sending an e-mail to the address privacy@kdikuore.com
In order to send the communications, K di Kuore uses the MailChimp marketing automation platform, managed by The Rocket Science Group LLC, that was designated as the data processor by signing a specific assignment contract (“MailChimp Data Processing Addendum”).
Data processor: The Rocket Science Group LLC, 675 Ponce De Leon Ave Ne, Suite 5000, Atlanta, Georgia (USA -30308).
Contact information: telephone +404 806 5843, e-mail: legal@mailchimp.com
In any case, the personal data will be communicated when requested by the law, or if it is requested by the police, judiciary authority, information and security organisations or by other public bodies, for the defence and security of the State, or for reasons of prevention, investigation or prosecution of offences.
The collected personal data will not be subject to diffusion.
DATA PROCESSING SITE
Personal Data is processed in the data controller’s headquarters and in any other place where the interested parties are based.
The management and the preservation of the personal data takes place on servers located in the European Union.
TRANSFERRING DATA TO THIRD COUNTRIES OR TO AN INTERNATIONAL ORGANIZATION
Using the marketing platform MailChimp, your personal data is transferred to third countries (outside the EU).
The Rocket Science Group LLC (Mail Chimp) is an EU-U.S. Privacy Shield Framework certified company.
The participation to the Privacy Shield allows to guarantee the lawfulness of the transfer of the personal data in the United States and that their processing will be carried out in a legal framework compatible with the EU General Data Protection Regulation.
The Rocket Science Group LLC exclusively carries out the processing of the personal data for which it was appointed, in compliance with the instructions provided by the data controller and its Privacy Policy.
Visit the Privacy Policy of the MailChimp service in this link: https://mailchimp.com/legal/privacy/
In any case, MailChimp will not cede or communicate to third parties your personal data, nor will diffuse them in any other way and will not use them to contact you directly or through others.
SURVEYS AND STATISTICAL ANALYSIS
The emails that we will send you may have web beacons, some files that allow MailChimp to register some technical information (for example, the Internet browser or the operating system that you use, the IP address and the viewing time of the message) that allow us to know if the emails were opened, when and which links were consulted.
This information is anonymous and enables K di Kuore to improve the contents and to send you emails with more and more interesting contents which can be attributed to a specific recipient only in case of technical necessities.
MAILCHIMP.COM WEBSITE
Consulting the emails that we will send you, you may be redirected to the Internet site mailchimp.com, for example when you modify your registration data or you consult the Privacy Policy of the MailChimp service.
The mailchimp.com website uses navigation cookies.
For more information consult the Cookie Settings section of mailchimp.com website
RIGHTS OF THE INTERESTED PARTY AND PROTECTIONS
The interested parties have the right to request to the data controller the right of access (art. 15 of the regulation), the right of rectification (art. 16), the right to cancellation (art. 17) of the personal data, as well as the right to restriction (art. 18) or the right to object to their processing (art. 21).
If the data processing is based on the consent or on a contract and the data processing is carried out with automated means, the interested parties have the right to data portability (art. 20) of their personal data and, for that purpose, to receive from the data controller that data in a format that makes their transfer and subsequent processing suitable for another data controller.
If the processing of personal data is based on the consent, the interested parties have the right to revoke the consent in any moment, without undermining the lawfulness of the control based on the consent provided before the revocation.
Having revoked the consent, the joint data controllers will abstain from the control of such personal data, except for legitimate reasons that prevail on interests, rights and freedom of the interested parties, or for investigation, exercise or defence of a right in a Court of law.
The above-mentioned rights may be exercised via e-mail to privacy@kdikuore.com
In the event that the interested parties deem that the processing of the personal data that concerns them is in breach of the regulation, they have the right to lodge a complaint with the control authority in the State of the European Union where they usually live, work or in the place where the supposed breach took place (art. 77), or to take the matter to the competent Courts (art. 79).
In the event that the interested parties deem that the processing of personal data that concerns them does not comply with the current provisions, or if the answer to a motion in which it was exercised one or more of the rights established by articles 15-22 of the regulation did not arrive within the timeframe set forth or it is not satisfactory, they can take the matter to the judiciary authority (art. 79) or lodge a complaint to the Personal Data Protection Supervisor (art. 77), using the form in the website (https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=8g4flgcaf42l) following the instructions set out therein.
DEFINITIONS
“personal data”: any information that regards an identified or identifiable natural person (“interested party”).
“user”: the natural person that uses a website or an application, that, unless otherwise specified, coincides with the interested party.
“data controller”: the natural or legal person, public authority, agency or another body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
“representative of the European Union”: the natural or legal person established in the Union that, appointed by the data controller or by the processing data processor in writing, pursuant article 27, represents the controller or processor with regard to their respective obligations under the Regulation.
“responsible of the data protection” (RPD) – “Data Protection Officer” (DPO): the person that assists the data controller in the application of the privacy provision and monitors its compliance.
“navigation data”: the information gathered through a website or an application (also from applications of integrated third parties), among which: the IP addresses or the domain names of the computers and the terminals used by the users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation, of the requested resources, the time of the request, the method used to put the request to the server, the size of the file obtained in response, the numeric code that indicates the state of the response given by the server (successful, error, etc.) and other parameters related to the operative system and the computing environment of the user.
“processing”: any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s professional performance, the economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“consent of the interested party”: any freely given, specific, informed and unambiguous indication of the data person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“recipient of the data communication”: a natural or legal person, the public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
MODIFICATIONS AND UPDATE
The data controller reserves the right to make modifications to the current informative report in any moment providing notice to the users on the website www.kdikuore.com
Please visit the document periodically, taking as a reference the date of the last update.
In the event of disagreement with respect to the modifications made to the Privacy Policy, the user can request to the data controller to delete his/her personal data.
Unless otherwise stated, the preceding Privacy Policy will continue to apply to the personal data gathered up to that date.
Last update: 4 February 2019
