PRIVACY POLICY

Dear Data Subject,

This information notice describes how the website is managed with regard to the processing of the personal data of the users who consult it, as well as the data processing practices through this website. In compliance with art. 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of Regulation (EU) 2016/679 (henceforth GDPR) the following information is provided to the Users of this Website, which refers exclusively to the processing carried out through said Website and not through other websites that may be visited through links from this one, for which it is suggested that they read the relevant information provided by the respective Data Controllers. This Website and any services offered through the Website are reserved for persons aged 18 years or over. The Controller therefore does not process personal data relating to persons under the age of 18. At the request of such Users, the Controller will promptly delete all their personal data involuntarily collected.

1. Data Controller

Data Controller. KIOENE S.p.A., single-member company, with registered office in Via Caltana, 55 - 35010 Villanova di Camposampiero (PD), Tax Code and VAT no. 01359600283, (hereinafter referred to as “Controller”). The Controller reserves the right to appoint a web agency or consultant as Data Processor for the purposes of technical assistance, maintenance, technical management and the like of this Site, whose details may be communicated upon request to the addresses indicated above. The Data Controller and the Data Processor also process the Users’ data through their own in-house employees, who are specifically appointed with instructions to process the data.

The Data Protection Officer (DPO) can be contacted at the following contact details: phone +39 348 3165267, e-mail: privacy@kioene.it

Please note that this Website is the property of GRUPPO TONAZZO SRL but is in fact a WEB showcase for two other businesses: KIOENE S.p.A., single-member company, and COM.PA SRL that will follow up on your requests. These companies are based in the same area as the undersigned.

2. Category of data processed and sources

• Navigation data (the computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit was made, information on the pages visited by users within the site, access time, the length of time spent on the individual page, internal path analysis and other parameters relating to the user’s operating system and computer environment. These technical/informational data are collected and used exclusively in an aggregated and anonymous manner. These data are processed for the purpose of enabling and monitoring the correct use of this website, as well as to obtain anonymous statistical information on the use of this website, and are deleted immediately after processing)
• Cookies, on which we invite you to read our Cookie Policy
• Data provided voluntarily by the user, including:
• Common data (identification, biographical, billing and similar data)
• Only exceptionally, special data (art. 9 of the GDPR)
• Only exceptionally, criminal data (art. 10 of the GDPR)

Sources: navigation, other sites, cookies and the like; user; public sources.

We may primarily process navigation data, as well as cookies.

We may also process data provided voluntarily by the user, e.g. through the contact form or by sending an e-mail communication, including common personal data (identification, biographical, billing data and the like) and, exceptionally, special data within the meaning of art. 9 of the GDPR or criminal data pursuant to art. 10 of the GDPR to the strict extent that this is made necessary by the request for information received and with the consent of the data subject.

The data could come from automatic or voluntary sources, as well as from public sources. For example, they could come from the user’s browsing, which could bring with it information about previous consultations of other sites, including in particular cookies and other similar technologies. The data may also be provided voluntarily by the user or related parties. Other data may come from public sources, such as data processed in the context of searches and from certificates, public databases and the like.

3. Purpose of the processing

The personal data of the Users of the Website, as described above, will be processed in the manner and in the form prescribed by the GDPR, for the performance of the Website’s own functions, with particular, but not exclusive, reference to the navigation of the pages and the procedures described therein for data collection, contact form, possible registration/access to the reserved area, subscription to the newsletter and the like. In particular, the personal data provided to the Controller will be processed for the following purposes:

• to follow up specific requests made to the Controller by the User through the Website and its communication tools (contact forms, information request forms and the like);
• for communications of an informative nature relating to the services of the same Controller, following requests for information by e-mail or by filling in the contact form and other communication tools;
• for possible registration for events organised by the Controller and other related activities (e.g. verification of participation, notices of event updates or changes, etc.);
• for other purposes ancillary to or related to those indicated above and in any case falling within the scope of the Website’s activities;

The data provided in a generic manner will be processed, also following automatic collection during navigation, for the sole purpose of ascertaining and controlling access to the Website. This also applies to technical cookies, to be understood as session, functionality or analytics cookies that meet the requirements specified by the Italian Data Protection Authority. In particular, with regard to the latter, it is clarified that they can be assimilated to technical cookies where these are made and used directly by the website. In any case, for said analytics cookies, the Website, also in compliance with the Data Protection Authority’s clarifications, has provided for the anonymisation of IP addresses and the amendment to data processing; the collection and use of said browsing data (without prejudice to the anonymisation of IP addresses) make it possible to monitor the Website’s performance and make it possible to improve the service offered, offering the User a better browsing experience. Please refer to the relevant Cookie Policy for further information.

4.Legal basis for the processing

The processing of personal data is based on the fulfilment of contractual or pre-contractual obligations inherent to the request made by the User (e.g. requests for information on the services provided by the Controller, requests for estimates, etc.), as well as, where necessary, on consent through the free and conscious filling in of the appropriate information fields in the form dedicated to the collection and conferment of data and the ticking of the appropriate checkbox where provided.

It should be noted that filling in the fields provided in the form for the request for information is inherent to the request itself and therefore entails the fulfilment of a pre-contractual or contractual obligation, depending on the context. Consent may be required at a later date for the processing of further data.

A specific information notice on privacy will be present wherever it is needed (an information notice other than this one).

In any case, processing is also based on legitimate interest, including the right to information, for which please refer to the next paragraph.

5. Legitimate interest of the Controller

The processing of personal data is also based on the legitimate interests of the Data Controller, such as the exercise of its rights in the context of the information society, the performance of contractual services and the carrying out of direct marketing operations (in the manner, by the means and within the timeframe provided for by the legislation).

6. Obligation to provide the data

The provision of browsing data by Users, for the above-mentioned purposes, depends on the degree of privacy that the User has enabled or disabled via their browser. In some cases, disabling it may affect navigation on this website. For certain modules of this Website, the provision of navigation data and/or the use of technical cookies is mandatory for the proper functioning of the Website.

The provision of some of one’s own data is in any case necessary for the very structure of the website and its procedures. Any request for other optional data will instead be preceded by an approval tick. The provision of all other data is optional, in accordance with the type of information the User wishes to provide to the Website.

Notwithstanding the above, for instance, the provision of the e-mail account is necessary in order to be able to reply to the request made via the contact form, as well as the other mandatory data indicated therein with an asterisk. Other data are optional.

Failure to provide the data required for the requested action (e.g. of the e-mail account via the form for requesting information by this means) makes it impossible for the Controller to process the request.

PROVISIONS APPLICABLE TO ALL PROCESSING

In any event, even where the data subject has given consent to authorise the Controller to pursue all the purposes mentioned in the above points, he/she shall remain free at any time to revoke it.

We specifically and separately inform you, as required by art. 21 of the Regulation, that the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for the above purposes and that, if the data subject objects to the processing, the personal data may no longer be processed for those purposes.

7. Possible recipients of the personal data

The data may be disclosed to companies connected, associated with or controlled by the Controller, as well as to consultants, or even to third parties operating, also on behalf of the Controller, for the performance of services connected with the purposes set out in this information notice, both EU and non-EU (in the latter case, these will only be subjects adhering to the regulations in force).

Browsing data and the like (for which please refer to the above), as well as profiling cookies also from third parties (for which please refer to the Cookie Policy of this Website), which will be disclosed to the respective third parties where they do not handle them directly as Data Controllers.

In any case, the data may be communicated to Data Processors, as well as to persons authorised to process and duly instructed, always within the scope of the purposes of processing.

For the sake of brevity, a detailed list of these figures is available from our office.

8. Retention period

The data provided voluntarily by the Data Subject will be stored until expressly revoked by the Data Subject, including by action on his/her browser, cleaning of cookies, express request or otherwise manifested. Browsing data will be stored, in accordance with the principle of proportionality, in a form that allows the identification of the Data Subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

Excluded from the above time limits are cases where it is necessary to retain the data for an additional period of time to defend or enforce a right or to fulfil any legal obligations or orders of the authorities.

9. Rights of the data subject

Each Data Subject has the right of access, rectification, erasure (oblivion), restriction, receipt of notification in the event of rectification, erasure or restriction, portability, objection and not to be subject to an individual automated decision, including profiling, pursuant to articles 15 to 22 of the GDPR. These rights may be exercised in the form and under the terms set out in art. 12 of the GDPR, by written notice sent to the Controller (see point 10).

The Controller will provide render an appropriate response as soon as possible and in any event within 1 month of receipt of the request.

10. Right to withdraw consent (Means of exercising the rights)

You may revoke your consent, where applicable, at any time and/or exercise your rights by sending:

• a registered letter with advice of receipt to the writer with an express request (see address on letterhead);
• an e-mail to info@kioene.com; PEC (certified e-mail): kioenespa@pec.it

11. Complaints

Each data subject has the right to lodge a complaint pursuant to art. 77 et seq. of the GDPR to a supervisory authority, which for the Italian state is identified in the Italian Data Protection Authority. The forms, means and time limits for lodging complaints are laid down and governed by the applicable national legislation. The complaint is without prejudice to administrative and legal actions, which for the Italian State may be brought alternatively before the same Data Protection Authority or the competent Court.

12. Profiling

The personal data provided through browsing this website and filling in any forms published on it may be subject to profiling by third-party providers through third-party cookies.

Profiling enables these third-party providers, autonomous Controllers of their respective personal data processing for profiling purposes, other than the Controller of this website, to assess certain personal aspects of the Data Subject relating in particular to his or her preferences, interests, tastes with reference to the pages consulted and the activities carried out, in order to allow these autonomous and different Controllers to offer the Data Subject a more specific service targeted to his or her needs.

For more information, the User is invited to read the cookie policy.

13. Controller, D.P.O. , Appointees/Authorised Persons, Data Processors

Below we provide you with some information that we need to bring to your attention, not only in order to comply with legal obligations, but also because transparency and fairness towards the persons concerned is a fundamental part of our activity.

Data Controller. The Data Controller of your personal data is KIOENE S.p.A., single-member company, which is liable towards you for the legitimate and correct use of your personal data and which you may contact for any information or request at the following contact details: telephone +39 049 922 2311, e-mail: info@kioene.com; PEC (certified e-mail): kioenespa@pec.it.

D.P.O. (Data Protection Officer) You may also contact the Data Protection Officer to obtain information and make requests concerning your data or to report inefficiencies or any problems you may encounter and who can be contacted at the following e-mail address: privacy@kioene.com.

Appointees/Authorised Persons. The up-to-date list of appointees/persons authorised with processing is kept at the Data Controller’s registered office.

Data processors.
For the sake of brevity, a detailed list of these figures is available from our office.

14. Social media plug-ins

This website may contain plug-ins from certain social media (e.g. Facebook). Social plug-ins are special tools that allow social network functionalities to be incorporated directly into the site (e.g. the Facebook “like” function) and are marked with the logo of the respective social platform. When you visit a page on this website and interact with the plug-in (e.g. by clicking the “like” button) or decide to leave a comment, the corresponding information is transmitted from your browser directly to the social networking platform (in this case Facebook) and stored there. For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social networking platform, as well as on how to exercise your rights, please consult the social network’s privacy policy.

15. Links to third-party websites

From this website it is possible to connect via links to other third-party websites. The Data Controller disclaims any liability with regard to the possible management of personal data by third-party websites and with regard to the management of authentication credentials provided by third parties.

16. Cookies

Cookies are packets of information sent by a web server (e.g. the website) to the user’s Internet browser, automatically stored by the latter on the computer and automatically sent back to the server each time the website is accessed. For all information on the characteristics, types, methods of use and possibilities for removing, deleting or disabling cookies on the website, please refer to the specific Cookie Policy.

The Data Controller

KIOENE S.p.A., single-member company

To contact us

KIOENE S.p.A., single-member company will gladly receive comments on this information notice on privacy.

Please contact us at: info@kioene.com; PEC (certified e-mail): kioenespa@pec.it.