INFORMATION ON THE PROCESSING OF PERSONAL DATA
(in accordance with EU Regulation 2016/679, Legislative Decree 196/2003, and subsequent amendments)
Dear customer,
Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards stakeholders is a fundamental part of our activity.
Data controller
The controller of your personal data is Krupps S.r.l, responsible for the lawful and proper use of your personal data, and who you can contact for any information or requests at the following address:
| P.IVA | IT04251180289 |
| Headquarter | Via Austria 19, Padova (PD), 35127 |
| Phone | 049 7625156 |
| privacy@krupps.com |
Data Protection Officer
The Data Protection Officer (DPO) can be contacted at the following contacts:
| dpo@krupps.com | |
| PEC | dataprotectionofficer@pec.it |
Categories of data processed and source of data
For treatments, the Data Controller will processed common data, such as: personal data, contact data, address data, payment data, data relating to purchase or use of services, access and identification data.
Treated data are communicated by you and/or third parties, such as public organisations (e.g. Chamber of Commerce) and/or collected by publicly accessible sources.
Treatments
Your personal data are collected and processed , by automated, semi-automated and non-automated methods, as specified below:
| Treatment | Purpose | Legal Base | Data Retention* |
| Customer Management | Customer management; Complying with customer or potential customer and managing pre-contractual or contractual fulfilments. | Performance of the contract or pre-contractual measures | 10 years form the years of contaction or termination of the last contract |
| Marketing | Marketing (analysis and market surveys); Sendind information and/or advertising material also by telephone and internet; | Consent of person concerned** | Until the consent is revoked. Then the treatment will be limited to mere storage for 10 years from the year in which consent was revoked. |
| Customer Service | Customer management; Customer satisfaction surveys; Technical assistance to customers; | Performance of the contract or pre-contractual measures | 10 years from the year of termination of the last contract |
| Reception | Monitoring of people entering the company; Filtering of phone calls; | Pursuit of the Controller’s legitimate interest in the protection of company assets/safety of workers/organisational and production requirements | 1 year from the year of data acquisition |
| Sale and pre-sale business activity | Promotional activities; Offer of goods and services; | Execution of contract or pre-contractual measures; Pursuit of the Controller’s legitimate interest in promoting its activities; | 10 years from the year of competence |
| Service quality | Checking the quality of the service | Pursuit of the Controller’s legitimate interest in verifying compliance with internal procedures | 10 years from the year of termination of the last contract |
| Warranty | Enabling the exercise of warranty rights | Performance of the contract or pre-contractual measures | 10 years from the year of exercise of the right |
| Billing and DDT | Shipping documents and goods | Performance of the contract or pre-contractual measures | 10 years from the year of termination of the last contract |
| Accounting | Keeping of accounting records; Tax obligations | Compliance of a legal obligation | 10 years from the year of competence |
| Management Control | Internal management control | Pursuit of the Controller’s legitimate interest in the conduct of business activities | 10 years from the year of competence |
| Accomodation Management | Accomodation Organisation | Performance of the contract or pre-contractual measures | 10 years from the year of organisation |
| Management and maintenance of IT systems | Management and maintenance of network and information systems | Pursuit of legitimate interest of the Data Controller; Fulfilment of a legal obligation (limited to what is provided for in the legislation on system administrators) | 2 years from the year of termination of the contractual relationship for accounts, passwords and usernames; 18 months for system administrators’ obligations |
| Defence of interests and rights of the owner | Preventing and/or detecting abuses and defending the rights and interests of the owner | Pursuit of the Controller’s legitimate interest in protecting its rights and interests in court or in the preparatory stages of any legal proceedings | The data shall be retained as long as the Controller or a third party has an interest in exercising its right or interest |
| Data protection compliance management | Data protection compliance management | Compliance of a legal obligation | For the time strictly necessary to implement the purpose |
* In addition to the time required for the accrual of prescriptive periods in relation to reciprocal rights and the retention time of backups.
** if you do not provide consent, your personal data will not be processed for the specific purposes. Consent may be revoked at any time by contacting the data controller at the contact details given above.
Provision of data
For the above-mentioned purposes, the provision of your data is a prerequisite; if you fail to provide them, processing may not be possible.
Data recipients
Your data may be disclosed exclusively for technical and operational requirements strictly related to the above-mentioned purposes, to parties who process the data on behalf of the data controller, appointed as data processors pursuant to Art. 28 of EU Reg. 2016/679, as well as to public bodies with respect to which there is a legal obligation to disclose the data (by way of example but not limited to the Chamber of Commerce, the Inland Revenue).
Extra-EU data transfer
The processing of personal data (e.g. storage, archiving and preservation of data on its own servers or in the cloud) will be circumscribed within the areas of circulation and processing of personal data of the countries that are part of the European Union, with an express prohibition to transfer them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of the protection tools provided by the EU Regulation 2016/679 (third country judged adequate by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).
Rights of the data subject
- You have the right, in accordance with Articles 15 et seq. of EU Reg. 2016/679, to request from the Data Controller access to your personal data, as well as its rectification and deletion or oblivion.
- You also have the right to request data portability or restriction of processing;
- You have the right, on grounds relating to your particular situation, to object to processing based on legitimate interests of personal data concerning you;
- For processing based on consent, you have the right at any time to withdraw your consent, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
- You may also lodge a complaint with the Italian Data Protection Authority, based at Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.
To exercise your rights or to request additional information, you may contact the Controller using the contact information above.
Amendments to this notice
We reserve the right to update our Privacy Policy. We will notify you of changes as we deem appropriate and update the date in this Privacy Policy. We therefore recommend that you consult our Privacy Policy periodically, including by requesting a copy from the Data Controller.
Last updated 19/01/2023