K-Digitale S.r.l. protects the confidentiality of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation.
As required by the European Union Regulation no. 679/2016 ("GDPR"), and in particular to art. 13, the user ("Interested") is provided with the information required by law relating to the processing of their personal data.
K-Digitale srl, in the person of its legal representative p.t., having its legal office in Via Pontani, 33 06100 Perugia, acts as Data Controller and can be contacted by e-mail at firstname.lastname@example.org. The Data Controller has identified a Privacy Focal Point, that is a nominated person who collaborates with the Data Controller in the application of the protection measures identified and who can be contacted for any information and request at the e-mail address: email@example.com
TYPES OF DATA PROCESSED
Most of the information we collect comes from direct interactions we have with data subjects.
Occasionally, where permitted, K-Digitale may collect information through other sources, such as its suppliers/vendors, its agents, its customers. In this case, K-Digitale S.r.l. asks them to confirm that the information has been acquired in such a way that it can be lawfully used for any processing also by K-Digitale.
K-Digitale processes the following types of data:
The computer systems, used to operate this site, acquire, during execution, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information are not collected to be associated with identified interested parties, but which by their very nature could, through processing and correlation with data held by third parties, allow users to be identified.
K-Digitale, except for its employees, for the purposes related to the management of the employment relationship, does not require the interested party to provide "particular" data in accordance with the provisions of the GDPR (Article 9), the so-called "sensitive" data.
In the event that the service requested from K-Digitale s.r.l requires the processing of such data, the interested party will receive specific information in advance and will be required to give explicit consent.
PURPOSE OF PROCESSING
Personal data are used by the Data Controller to respond to a request for information or a request to purchase a product / service, provide assistance, fulfill the legal obligations to which the Data Controller is subject according to the activity exercised.
In no case does K-Digitale resell the personal data of the interested parties to third parties or use them for undeclared purposes.
In particular, the data of the interested parties are processed for:
a) fulfilling requests for contact and / or information material. The processing of the personal data of the interested party takes place to carry out preliminary activities and consequent requests for information regarding products and / or services, to manage requests for information and to send information material, as well as for the fulfillment of any other obligation arising.
The legal basis of these treatments is the fulfillment of the services related to the fulfillment of the request and compliance with legal obligations;
b) managing the contractual relationship. The processing of the personal data of the interested party takes place to carry out the preliminary activities and / or consequent to the purchase of a Service and / or a Product, the management of the order, the provision of the Service and / or the production and / or the shipment of the purchased material, the relative invoicing, the management of payments, the management of any complaints, and assistance regarding the use of the products and services rendered, as well as the fulfillment of any other obligation deriving from the contract.
The legal basis of these treatments is the fulfillment of the services inherent to the contractual relationship and compliance with legal obligations.
c) promoting services and products similar to those purchased by the interested party or for which the interested party has expressed an interest (Recital 47 GDPR).
The data controller, even without your explicit consent, may use the contact data communicated by the interested party, for the purpose of direct sales of their Services / Products, limited to the case in which they are Services / Products similar to those subject sale, unless the interested party explicitly objects.
The legal basis of these treatments is the legitimate interest of the owner.
d) promoting services and products other than those purchased by the interested party. The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to the Services / Products that the Data Controller offers only if the interested party has authorized the processing and does not object to this.
This treatment can be done through e-mail, sms; telephone contact and can be done:
1. if the interested party has not revoked his consent for the use of the data;
2. if, in the event that the processing is carried out through contact with a telephone operator, the interested party is not registered in the register of oppositions referred to in the Presidential Decree n. 178/2010.
The legal basis of these treatments is the prior consent given by the interested party to the treatment itself, which can be revoked by the interested party freely and at any time
e) managing IT security.
The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its IT service providers, the personal data of the interested party relating to traffic to an extent strictly necessary and proportionate to guarantee the security of networks and information, in order to improve the ability of a network or a computer system to resist unforeseen events or illegal or malicious acts that compromise the availability, integrity and confidentiality of personal data stored or transmitted. The Data Controller will promptly inform the Data Subjects, if there is a particular risk of violation of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to notifications of personal data breaches.
The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out treatments related to the protection of the corporate information assets.
The Owner DOES NOT carry out profiling treatments as intended by art. 4 of the GDPR "automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences , the interests, reliability, behavior, location or travel of said natural person ".
The Services / Products offered by the Owner are not intended for minors. The Data Controller implements preventive measures to protect his legitimate interest, such as checking the tax code, in order not to finalize contracts with minors.
DATA RETENTION PERIOD
The personal data of the interested parties are kept for the time necessary to carry out the existing relationships between the parties and in any case no longer than 10 years from the termination of the existing relationship. In the case of legal dispute, for its entire duration, until the end of the terms of enforceability of the appeals.
With reference to the processing for the purpose of sending newsletters, commercial and promotional communications, the data will be kept until the consent is revoked and, in any case, no longer than 10 years from the last interaction.
Once the storage terms indicated above have elapsed, the Data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures.
PROVISION OF DATA
The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested products. If the interested party does not provide the personal data expressly provided as necessary at the time of the request (order form, or registration form), the Data Controller will not be able to carry out the processing necessary for the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.
In the event that the interested party does not give his consent to the processing of personal data for commercial promotion purposes on Services / Products other than those purchased or for which he has shown interest, this treatment will not take place for the same purposes, without this has effects on the provision of other requested services.
ACCESS TO PERSONAL DATA
The data may be processed by external parties operating as owners such as, by way of example, banking institutions, supervisory and control authorities and bodies and in general public or private subjects entitled to request the data.
The data may also be processed, on behalf of the Company, by external parties designated as Data Processors, who are given adequate instructions. These subjects are essentially attributable to:
The data may be processed by the employees of the company appointed to pursue the aforementioned purposes, who have been expressly authorized for processing and who have received adequate operating instructions.
PLACE OF PROCESSING AND TRANSFER OF DATA
The personal data of the interested party are stored in paper, computer and telematic archives located in countries where the GDPR is applied (EU countries). The data is not transferred outside the European Union.
SECURITY OF PROCESSING (Article 32 GDPR)
The Data Controller implements adequate security, technical, administrative and physical measures to protect personal information from unauthorized access, use and disclosure, in order to preserve the confidentiality, integrity and availability of the personal data of the Data Subjects and prescribes to its external suppliers, to the internal authorized to adopt similar security measures.
Specific information is made available through links or displayed on the pages of the site for the particular services requested.