Privacy Policy

Pursuant to article 13 of the (EU) Regulation n. 679/2016 of the European Parliament and of the Council – General Data Protection Regulation (GDPR) 

K di Kuore protects your personal data and commits to guarantee the security and confidentiality.

The current document contains the information related to the processing of the personal data and the exercise of the related rights by the users of the site K di Kuore, which is accessible by telematic means at the following addresses: www.kdikuore.com

The above-mentioned information does not regard other websites, pages or on-line services which are reachable through hypertext links eventually published, but referable to external resources from the controller’s domain.

This website and the services eventually offered through the website are reserved to persons that have turned eighteen years old.

Therefore, the controller does not gather personal data related to underage persons.

Upon request of the user, the controller will opportunely delete all the personal data involuntarily gathered and related to underage persons.

DATA CONTROLLER

K di Kuore S.r.l., Viale Donato Giannotti, 24 (50126 FLORENCE)

Contacts: telephone: +39 055 6800377, e-mail: privacy@kdikuore.com

PERSONS AUTHORIZED TO THE DATA PROCESSING

The processing of personal data may be carried out by the persons authorized by the controller, under the instructions that were provided to them and under the measures of protection of the implemented personal data, for which they have received an adequate training.

Informativa ai sensi dell’art. 13 del Regolamento (UE) del Parlamento Europeo e del Consiglio n. 679/2016 – Regolamento Generale sulla Protezione dei Dati (RGPD) o General Data Protection Regulation (GDPR)

PURPOSE OF THE DATA PROCESSING CATEGORIES OF PROCESSED DATA LAWFUL BASIS FOR THE DATA PROCESSING ENVISAGED TIME LIMITS FOR DELETION
Specify for each data processing which is the legitimate interest pursued by the data controller or by the third parties Indicate the time limits for erasure or, if it’s not possible to determinate it beforehand, indicate the used criteria and the time period of the data preservation
Management and facilitation of the website. Servicing of the related services. Navigation data (*) Implementation of contractual relationship requested by the user. Not preserved. Deleted at the end of the session.
Cookies management. Consult the Cookie policy
“Contacts” page. To answer the messages sent by the user. The data will not be used for actions of Direct Mail, nor it will be communicated or supplied to third parties. Name, surname, e-mail Implementation of contractual relationship requested by the user. Equivalent to the purposes.

Afterwards, the data will be kept for as long as the law requires.

In the event of any dispute, until its settlement and at the end of the related executive actions and, anyhow, for as long as the law requires its preservation.

Page “Where to find us”. To inform the user of the local reseller of the products K di Kuore. The data will not be used for actions of Direct Mail, nor it will be communicated or supplied to third parties. Name, surname, e-mail Implementation of contractual relationship requested by the user. Equivalent to the purposes.

Afterwards, the data will be kept for as long as the law requires.

In the event of any dispute, until its settlement and at the end of the related executive actions and, anyhow, for as long as the law requires its preservation.

Company Newsletter. To send non-commercial communications to the users. Name, surname, e-mail Implementation of contractual relationship requested by the user. The processing will be carried out until the erasure from the mailing-list.

Afterwards, the data will be kept for as long as the law requires.

In the event of any dispute, until its settlement and at the end of the related executive actions and, anyhow, for as long as the law requires its preservation.

Company Newsletter. To send commercial communications to the users. Actions of Direct Mail, related to services, supplies and products or for the signalling of company events, as well as the realization of market research and statistical analysis. Name, surname, e-mail Consent of the interested party. The processing will be carried out until the revocation of the consent.

Afterwards, the data will be kept for as long as the law requires.

In the event of any dispute, until its settlement and at the end of the related executive actions and, anyhow, for as long as the law requires its preservation.

Once the periods of preservation have expired, the personal data will be removed, deleted or rendered anonymous, in accordance with the technical procedures of deletion and back-up.

 

METHOD OF DATA PROCESSING

The processing of personal data is carried out through digital tools (informatics, telematics, etc.) and analogical ones, with organizational and operative methods which are functional to the enforcement of the indicated purposes, by respecting the security measures which are suitable to prevent the access, the dissemination, the modification or their unauthorized destruction, so that an adequate level of protection is guaranteed.

AUTOMATED DECISION-MAKING AND PROFILING

We do not assume any decision solely based on the automated processing, including the profiling, that would produce legal effects that concern the interested party or affect significantly, in a similar way, his/her person.

OBLIGATION TO SUPPLY DATA

The conferment of the personal data marked by an asterisk (*) is a legal or contractual obligation, or a necessary requirement for the conclusion of the contract.

The failure to notify this data does not allow to provide the services or to carry out the activities for which they were requested.

UNSUBSCRIBING FROM THE NEWSLETTER AND REVOCATION OF THE CONSENT

The user will be able to unsubscribe from the mailing-list of the Newsletter freely and on any given moment, and he/she will be able to revoke the consent to the sending of communications with commercial purpose, by sending an e-mail to the address privacy@kdikuore.com

Such faculties will be able to be enforced also by selecting the buttons, which are present in every Newsletter, Unsubscribe and Update Profile, revoking the consent to Direct Mail – commercial communications.

The controller informs that, following the usage of the right to object the sending of further communications, it will be possible that, for technical and operative reasons, the user will continue, nonetheless, to receive messages, for some time.

Should this occur, we kindly ask you to report the problem, by sending an e-mail to the address privacy@kdikuore.com

CATEGORIES OF DATA RECIPIENTS AND MOTIVE

The personal data processing may be carried out by external persons, acting as independent data controllers, such as for example, public administrations, judicial authorities, surveillance and control authorities, legitimated to obtain the data processing according to the current legislation, or, natural or legal persons, that carry out activities of consultancy, assistance or advocacy on behalf of the controller, as provided by a contract.

 The processing of personal data may also be carried out, on behalf of the controller, by external persons that are designated processors by the controller, in compliance with the instructions provided to them and with the measures of protection of the implemented personal data, for which they have received an adequate training.

The user can request the indication of the list of the persons responsible for the processing data appointed by the controller, by sending an e-mail to the address privacy@kdikuore.com

In order to send the communications, K di Kuore uses the MailChimp marketing automation platform, managed by The Rocket Science Group LLC, that was designated as the data processor by signing a specific assignment contract (“MailChimp Data Processing Addendum”).

Data processor: The Rocket Science Group LLC, 675 Ponce De Leon Ave Ne, Suite 5000, Atlanta, Georgia (USA -30308).

Contact information: telephone +404 806 5843, e-mail: legal@mailchimp.com

In any case, the personal data will be communicated when requested by the law, or if it is requested by the police, judiciary authority, information and security institutions or by other public bodies, for the defence and security of the State, or for reasons of prevention, investigations or prosecution of offences.

The collected personal data will not be subject to dissemination.

DATA PROCESSING SITE

Personal Data is processed in the data controller’s headquarters and in any other place where the interested parties are based.

The management and the preservation of the personal data takes place on servers located in the European Union.

TRANSFERRING OF DATA TO THIRD COUNTRIES OR TO AN INTERNATIONAL ORGANIZATION

Using the marketing platform MailChimp, your personal data is transferred to third countries (outside the EU).

The Rocket Science Group LLC (Mail Chimp) is an EU-U.S. Privacy Shield Framework certified company.

 The participation to the Privacy Shield allows to guarantee the lawfulness of the transfer of the personal data in the United States and that their processing will be carried out in a legal framework compatible with the EU General Data Protection Regulation.

The Rocket Science Group LLC exclusively carries out the processing of the personal data for which it was appointed, in compliance with the instructions provided by the data controller and its Privacy Policy.

Visit the Privacy Policy of the MailChimp service in this link: https://mailchimp.com/legal/privacy/

In any case, MailChimp will not cede or communicate to third parties your personal data, nor will diffuse them in any other way and will not use them to contact you directly or through others.

 

SURVEYS AND STATISTICAL ANALYSIS

The emails that we will send you may have web beacons, some files that allow MailChimp to register some technical information (for example, the Internet browser or the operating system that you use, the IP address and the viewing time of the message) that allow us to know if the emails were opened, when and which links were consulted.

This information is anonymous and enables K di Kuore to improve the contents and to send you emails with more and more interesting contents which can be attributed to a specific recipient only in case of technical necessities.

MAILCHIMP.COM WEBSITE

Consulting the emails that we will send you, you may be redirected to the Internet site mailchimp.com, for example when you modify your registration data or you consult the Privacy Policy of the MailChimp service.

 The mailchimp.com website uses navigation cookies.

For more information consult the Cookie Settings section of mailchimp.com website

 

RIGHTS OF THE INTERESTED PARTY AND PROTECTIONS

The interested parties have the right to request to the data controller the right of access (art. 15 of the regulation), the right of rectification (art. 16), the right to cancellation (art. 17) of the personal data, as well as the right to restriction (art. 18) or the right to object to their processing (art. 21).

 If the data processing is based on the consent or on a contract and the data processing is carried out with automated means, the interested parties have the right to data portability (art. 20) of their personal data and, for that purpose, to receive from the data controller that data in a format that makes their transfer and subsequent processing suitable for another data controller.

 

If the processing of personal data is based on the consent, the interested parties have the right to revoke the consent in any moment, without undermining the lawfulness of the control based on the consent provided before the revocation.

Having revoked the consent, the joint data controllers will abstain from the control of such personal data, except for legitimate reasons that prevail on interests, rights and freedom of the interested parties, or for investigation, exercise or defence of a right in a Court of law.

The above-mentioned rights may be exercised via e-mail to privacy@kdikuore.com

In the event that the interested parties deem that the processing of the personal data that concerns them is in breach of the regulation, they have the right to lodge a complaint with the control authority in the State of the European Union where they usually live, work or in the place where the supposed breach took place (art. 77), or to take the matter to the competent Courts (art. 79).

In the event that the interested parties deem that the processing of personal data that concerns them does not comply with the current provisions, or if the answer to a motion in which it was exercised  one or more of the rights established by articles 15-22 of the regulation did not arrive within the timeframe set forth or it is not satisfactory, they can take the matter to the judiciary authority (art. 79) or lodge a complaint to the Personal Data Protection Supervisor (art. 77), using the form in the website (https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=8g4flgcaf42l) following the instructions set out therein.

 

 DEFINITIONS

“personal data”: any information that regards an identified or identifiable natural person (“interested party”).

“user”: the natural person that uses a website or an application, that, unless otherwise specified, coincides with the interested party.

“data controller”: the natural or legal person, public authority, agency or another body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

“representative of the European Union”: the natural or legal person established in the Union that, appointed by the data controller or by the processing data processor in writing, pursuant article 27, represents the controller or processor with regard to their respective obligations under the Regulation.

“responsible of the data protection” (RPD) – “Data Protection Officer” (DPO):  the person that assists the data controller in the application of the privacy provision and monitors its compliance.

“navigation data”: the information gathered through a website or an application (also from applications of integrated third parties), among which: the IP addresses or the domain names of the computers and the terminals used by the users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation, of the requested resources, the time of the request, the method used to put the request to the server, the size of the file obtained in response, the numeric code that indicates the state of the response given by the server (successful, error, etc.) and other parameters related to the operative system and the computing environment of the user.

“processing”: any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s professional performance, the economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“consent of the interested party”: any freely given, specific, informed and unambiguous indication of the data person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“recipient of the data communication”: a natural or legal person, the public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

MODIFICATIONS AND UPDATE

The data controller reserves the right to make modifications to the current informative report in any moment providing notice to the users on the website www.kdikuore.com

Please visit the document periodically, taking as a reference the date of the last update.

In the event of disagreement with respect to the modifications made to the Privacy Policy, the user can request to the data controller to delete his/her personal data.

Unless otherwise stated, the preceding Privacy Policy will continue to apply to the personal data gathered up to that date.

 

Last update: 4 February 2019