loading
 

PRIVACY POLICY

Mod. ICONT – 09/2023

Information on the processing of personal data
Pursuant to Art. n. 13 of EUROPEAN REGULATION No. 679/2016

Dear Interested Party,

KIOENE S.p.A. a Socio Unico as Data Controller pursuant to art. n. 13 of the European Regulation n. 679/2016 “General Data Protection Regulation (GDPR)” (hereinafter EU Regulation), containing provisions on the processing of personal data, intends to inform you about the processing of your personal data.

The law provides that anyone who processes personal data is required to inform the interested party in relation to the data processed and the elements qualifying the processing, which must in any case take place in a lawful, correct and transparent manner, as well as protect confidentiality and guarantee the rights of the interested party.

It is specified that data processing means any operation or set of operations concerning the collection, recording, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, diffusion, destruction of data themselves.

1. Data controller

The Data Controller is KIOENE S.p.A. a Socio Unico, with headquarters in Via Caltana, 55 – 35010 Villanova di Camposampiero (PD), C.F. and P.I.V.A. 01359600283, contactable at the following numbers: telephone +39 049 922 2311, e-mail: info@kioene.com; PEC: kioenespa@pec.it

It should be noted that this Site is the property of GRUPPO TONAZZO SRL but in fact represents a WEB showcase for two other businesses: KIOENE SPA a Socio Unico and COM.PA SRL which will follow up on any requests you may have. These activities are based in the same area as the undersigned.

2. Nature of the data processed, purpose and legal basis of the processing

Nature of the data processed. In relation to the purposes of the processing indicated below, we inform you that only "common personal data" will be processed, such as, for example

  • common identifying data (e.g. name, surname, e-mail, telephone number, etc.).
  • further common data which may also be requested subsequently for the delivery of the sampling (where necessary).

Purpose of the processing. Your personal data will be processed for the following purposes:

A. respond to your requests: by voluntarily completing the appropriate form found in this area;
B. fulfill legal obligations;
C. marketing: to send you advertising material, direct sales, carrying out market research and commercial and promotional communications;
D. profiling: to analyze your preferences and receive personalized information and/or commercial communications.

Legal basis of the processing. Personal data, for the purposes referred to in points 2A and 2B, will be processed lawfully to fulfill pre-contractual and contractual obligations between us and the user (art.6, par.1 letter b), to fulfill our legal obligations (art.6 par.1 letter c).

Your personal data, for the purposes referred to in points 2C-2D of this information, may be lawfully processed exclusively with your consent (art. 6. parag.1 letter an EU Regulation), specific, separate, express, documented, preventive and completely optional.

The consent given by you may be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation (art.7 paragraph 3 of the EU Regulation).

Furthermore, the interested party is informed that pursuant to art. 21 of the EU Regulation, the interested party has the right to object at any time to the processing of personal data concerning him/her carried out for direct marketing purposes (including profiling) and that, if the interested party objects to the processing, the data personal data can no longer be processed for these purposes.

Clarification: following the principle of maximum transparency towards the distinctive interested party of our Company, we wish to inform you that if you decide to give consent to point 2C (marketing), you must be informed in advance and aware that the purposes of the processing pursued are specific commercial, advertising, promotional and marketing nature in a broad sense, such as:

  1. send advertising and information material (e.g. Newsletter), of a promotional nature;
  2. send commercial information using paper, automated or electronic methods and, in particular, by ordinary mail or e-mail, telephone (e.g. calls, WhatsApp messages, SMS, MMS), fax and any other IT channel (e.g. websites web, mobile app);
  3. forward invitations to events, demonstrations and meetings of an informative and promotional nature;
  4. send update communications on promotional initiatives or technical innovations, for services, training or assistance and/or measurement of the level of satisfaction with quality.

3. Recipients of the data and methods of processing Existence of an automated decision-making process, including profiling

The processing of your personal data will be based on the principles of correctness, lawfulness and transparency and may be carried out using paper and electronic tools both by the staff of the undersigned Company, authorized/in charge of the processing of personal data, and by external parties called upon to carry out specific tasks. assignments, on behalf of the Data Controller, as Data Controllers, pursuant to art. 28 EU Regulation, subject to our letter of appointment which imposes on them the duty of confidentiality and security of the processing of personal data, and the adoption of suitable security measures to prevent data loss, illicit and incorrect use, and unauthorized access, in compliance with current provisions on the protection of personal data.

For brevity, the detailed list of these figures is available at the headquarters of the Data Controller and is at your disposal.

Your personal data will not be disclosed and will not be transferred to third countries or international organizations, they will not be communicated to third parties except for legal or contractual obligations. It is specified that the communication of data to other partner companies and/or directly connected to the undersigned company also falls within the contractual obligations, as their activities are essential to the completion/execution of what you have requested.

In reference to the provisions of the Art. 13 of the EU Regulation in par. 2 lett. f) and Art. 14 of the EU Regulation in par. 2 lett. g) it is noted that the Data Controller currently does not have any automated decision-making system or process in use.

4.Data retention times

Your personal data will be kept for a period of time not exceeding the achievement of the purposes for which they are processed, in compliance with the principle of limitation of conservation provided for by the EU Regulation and/or for the time necessary for legal and contractual obligations or until the revocation of specific consent by the interested party and, therefore

  • with reference to the purposes indicated in points 2A-2B, the data will be retained for a period not exceeding the achievement of the purposes for which they are processed and/or for the time strictly necessary for the fulfillment of legal and contractual obligations;
  • with reference to the purposes indicated in point 2C, the data processed for Marketing purposes will be kept for no longer than 24 months from collection.
  • with reference to the purposes indicated in point 2D, the data processed for profiling purposes will be kept for no longer than 12 months from collection.

To guarantee the declared retention times, a periodic check is carried out on an annual basis on the data processed and on the possibility of deleting them if they are no longer necessary for the intended purposes.

5.Access to data (categories of recipients to whom the data can be communicated)

We also inform you that the data collected will never be disclosed and will not be communicated without your explicit consent, except for necessary communications which may involve the transfer of data to public bodies, consultants or other subjects for the fulfillment of tax obligations and by law or for the fulfillment of the purposes (where authorized), subject to our letter of appointment which imposes on them the duty of confidentiality and security of the processing of personal data.

With reference to the art. 13, par. 1, letter. e) of the EU Regulation, we proceed to indicate the subjects or categories of subjects (duly identified and trained) who may become aware of the user's personal data as managers or agents and a specific list by category is provided below:

  • Members, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as persons in charge/authorized and/or responsible for processing (e.g. offices: commercial, technical, administrative, legal, press; system administrators, external professionals, suppliers of various services, etc.)
  • Partner companies and/or directly connected to the undersigned, as their activities are essential to the completion/execution of what you requested.

Your personal data may also be communicated to external subjects who are recipients of the practices that concern you, in carrying out activities and to external subjects who interact with the undersigned, always and exclusively for activities functional to the purposes described above, external subjects called to carry out specific tasks , on behalf of the Data Controller, as Data Processors, pursuant to art. 28 of the EU Regulation.

For brevity, the detailed list of these figures is available at our office and is at your disposal.

6. and 7. Communication and data transfer

Without the need for express consent (art. 6 par. 1, letter b), c) and f) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in points 2A to 2F to supervisory bodies, judicial authorities, as well as to those subjects to whom communication is mandatory by law for the fulfillment of the purposes indicated above.

These subjects will process the data in their capacity as independent data controllers. Personal data is stored on devices located at the headquarters of the Data Controller or at providers within the European Union. Your information will not be disseminated. To guarantee the security of these transfers, we only use entities that offer the necessary guarantees to implement adequate technical and organizational measures so that the processing carried out complies with the provisions of EU Regulation 679/2016.

Both with regard to the data present on their devices and for any data present at providers, the Data Controller has implemented adequate technical and organizational measures to guarantee an adequate level of security, in full compliance with what is indicated in the EU Regulation.

8. Consequences of failure to communicate data

The personal data referred to in points 2A-2B of this information are necessary, without such data it would be impossible for us to proceed with registration (creation of your personal account), fulfill contractual and legal obligations.

The personal data, however, referred to in points 2C-2D are optional. The refusal to provide them will not entail any consequences and will not prejudice your request to proceed with registration and to fulfill contractual and legal obligations. You can therefore decide not to provide any data or to subsequently deny at any time the possibility of processing data already provided.

9. Rights of the interested party

In your capacity as an interested party, you have the rights referred to in articles no. 15 to n. 22 of the EU Regulation reported below and precisely has the right to:

  • obtain confirmation of the existence and processing of personal data concerning him and in this case, obtain access to his data (so-called right of access);
  • obtain information regarding the purposes of the processing, the categories of data in question, the recipients or categories of recipients to whom the data have been or will be communicated, in particular if recipients are from third countries or international organizations, the data retention period expected or the criteria used to determine that period; and if the data are not collected from the interested party, obtain all available information on their origin;
  • obtain rectification of data concerning him (so-called right of rectification)
  • obtain the deletion of data concerning him (so-called right to be forgotten);
  • obtain processing limitations (so-called right to limitation of processing);
  • obtain data portability, i.e. receive them from a data controller in a structured format, commonly used and readable by an automatic device and transmit them to another data controller without impediments (so-called right to data portability);
  • object to the processing at any time (so-called right of opposition). We inform you specifically, as required by art. 21 of the EU Regulation, that if personal data are processed for direct marketing purposes (including profiling), the interested party has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes and that if the the interested party objects to the processing for direct marketing purposes, the personal data can no longer be processed for these purposes;
  • be made aware (with the possibility of objecting) of the existence of an automated decision-making process relating to natural persons, including profiling;
  • revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
  • lodge a complaint with a supervisory authority (Guarantor for the Protection of Personal Data).

Please note that there may be conditions or limitations on the rights of the interested party. It is therefore not certain that, for example, you have the right to data portability in all cases, this depends on the specific circumstances of the processing activity.

Another example: if you decide to object to the processing of data, the Data Controller has the right to evaluate your request, which may not be accepted in the event of the existence of compelling legitimate reasons to proceed with the processing which prevail over your interests, rights and freedom.

10. Method of exercising rights

Without any formalities you can at any time exercise your rights clearly and explicitly by sending:

  • a registered letter with return receipt. to the writer
  • an e-mail to info@kioene.com

Or by contacting the Data Controller directly on the number: +39 049 9222311.

11. Minors

What is offered by the Data Controller and the object of the existing relationship with you does not provide for the intentional acquisition of personal information relating to minors. In the event that information on minors is involuntarily recorded, the Data Controller will delete it promptly, upon request or notification from the interested party.

12. D.P.O. (R.P.D.) – Appointed/Authorised – Data Controllers

Below we provide you with some information that you need to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards interested parties is a fundamental part of our activity.

D.P.O. (Data Protection Officer) – R.P.D. (Data Protection Officer). You can also contact the Data Protection Officer for information and to make requests regarding your data or to report disruptions or any problems encountered. The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Officer who can be contacted at the following numbers: telephone +39 348 3165267, e-mail: privacy@kioene.it

Appointed/Authorised. The updated list of persons in charge/Authorised for processing is kept at the headquarters of the Data Controller.

Data controllers. For brevity, the detailed list of these figures is available at our office.