INFORMATION ON THE PROCESSING OF PERSONAL DATA
IKLOUD, MYKRUPPS, KRUPPS REMOTE CONTROL
(Articles 13 and 14 of EU Regulation 2016/679 and Legislative Decree 196/2003 and subsequent amendments)
Dear User,
Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards data subjects is a fundamental part of our business.
This policy is intended for Users who use the MyKrupps and Krupps Remote Control apps or access iKloud via ikloud.krupps.com.
Who is the data controller?
The data controller of your personal data is Krupps S.r.l. (VAT number IT04251180289), with registered office in Via Austria 19, 35127, Padua (PD) – Italy, which is responsible for the legitimate and correct use of your personal data and which you can contact for any information or requests at the following addresses: 049 7625156, privacy@krupps.com, krupps@pec.it
How do I contact the Data Protection Officer?
The Data Protection Officer (DPO) can be contacted at the following addresses: dpo@krupps.com
From which sources is the data collected?
The data processed is communicated by the user or other users associated with the former and/or collected automatically during the use of applications and services.
What data processing is carried out?
Your personal data is collected and processed, both automatically and manually, as specified below.
Use of the Krupps platform and app
| Purpose and legal basis | to enable user registration and authentication, as well as the use of services reserved for registered users, based on: Performance of a contract and/or pre-contractual measuresproviding assistance, including technical assistance, based on: Performance of a contract and/or pre- contractual measuresto enable remote management of the connected dishwasher, as well as the viewing and downloading of technical usage reports, based on: Performance of a contract and/or pre-contractual measuresacquiring the location to enable the functionality connected to the location of the connected dishwasher, based on the consent of the Data Subject**enabling full use of the platform’s features, based on: performance of a contract and/or pre- contractual measures |
| Categories of data | Personal details, contact details, address details, details relating to purchases or use of services, access and identification details, technical and application usage details, including activity logs, details relating to the provision of an electronic communications service, diagnostic details of the connected dishwasher associated with the relevant user ID, geolocation details (if shared when configuring the dishwasher in order to associate the location where the dishwasher is installed. No continuous geolocation is provided), any other data that the user decides to share voluntarily |
| Retention period* | Common data: 24 months from account deletion or from the year of termination of the contractual relationship; for cookies: based on the analysis tool Location data: until the next detection or up to 24 months from the cancellation of the account or the year of termination of the contractual relationship Please note that if you unsubscribe from the application, your personal data will be anonymised within 60 days and stored in this form for statistical purposes. |
| Recipients of the data | Persons authorised to process data appointed pursuant to Article 29 of EU Regulation 2016/679, Data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other subjects for whom the communication of data is necessary for the purposes of carrying out the declared purposes of the data controller, including, for example, third-party service providers used in the app/platform, app store managers, authorities and public bodies, with respect to whom there is a legal obligation to communicate data |
**Consent is always optional and may be revoked at any time (including independently using the application settings). You may contact the Data Controller using the contact details provided above.
IT system management and maintenance
| Purpose and legal basis | – Management and maintenance of the network and IT systems, based on: Legitimate interest, Legal obligation |
| Categories of data | Access and identification data |
| Retention period* | Common data: 24 months from account deletion or from the year of termination of the contractual relationship; 18 months for compliance with system administrator requirements |
| Data recipients | Persons authorised to process data appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other persons for whom the communication of data is necessary for the purposes declared by the data controller, public authorities and bodies, with respect to which there is a legal obligation to communicate data |
Customer management
| Purpose and legal basis | Customer management, based on: Performance of a contract and/or pre-contractual measuresResponding to requests from customers or potential customers and managing pre-contractual or contractual obligations, based on: Performance of a contract and/or pre-contractual measures |
| Categories of data | Personal details, contact details, address details, data relating to purchases or use of services |
| Retention period* | 10 years from the year of the contract or from the termination of the last contact |
| Data recipients | Persons authorised to process data appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other persons for whom the communication of data is necessary for the purposes of the data controller, banks, Credit insurance companies, Authorities and public bodies, with respect to which there is a legal obligation to communicate |
Sale and commercial activity prior to sale
| Purposes and legal basis | Promotional activities, based on the performance of a contract and/or pre-contractual measures, legitimate interest of the data controller in promoting its activitiesOffer of goods and services, based on the performance of a contract and/or pre-contractual measures, legitimate interest of the data controller in offering goods and servicesFacilitating commercial contact and the provision of information on requested products and services, based on the legitimate interest of the data controller in managing contact requests and promoting its products, including through its network of distributors |
| Categories of data | Personal details, contact details, address details, data relating to purchases or use of services |
| Retention period* | 10 years from the relevant year |
| Data recipients | Persons authorised to process data appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other persons for whom the communication of data is necessary for the purposes of the data controller, local retailers, Public authorities and bodies, with respect to which there is a legal obligation to communicate |
Marketing and communication activities
| Purposes and legal basis | Receiving invitations for market analysis and surveys, informative and/or advertising communications, based on the consent of the data subject**Transfer or communicate your personal data to commercial partners for their own promotional and marketing purposes, based on the specific and separate consent of the data subject** |
| Categories of data | Personal details, contact details, address details, data relating to purchases or use of services. |
| Retention period* | Until consent is revoked. After that, processing will be limited to mere storage for 10 years from the year in which consent was revoked. |
| Data recipients | Persons authorised to process data appointed pursuant to Article 29 of EU Regulation 2016/679, data processors appointed pursuant to Article 28 of EU Regulation 2016/679 (see register of data processors), other persons for whom the communication of data is necessary for the purposes of the controller’s stated purposes, Public authorities and bodies, with respect to which there is a legal obligation to communicate, commercial partners |
**Consent is always optional and may be revoked at any time. You may contact the Data Controller using the contact details provided above.
In addition to the above, as part of activities functional to the proper management of the organisation, your personal data will also be processed by duly authorised internal or external personnel for:
- manage compliance activities, including personal data protection obligations, as required by law, in accordance with the retention periods provided for the main processing in question;
- prevent and detect abuse and defend the rights and interests of the Data Controller, retaining them until the expiry of the limitation periods, except in the event of litigation (in which case, the data will be retained until the final resolution of the dispute), based on the Data Controller’s legitimate interest in protecting its rights and interests.
Are there any automated decision-making processes?
The processing is not based on automated decision-making.
Is it mandatory to provide data?
Except for any purposes based on consent, the provision of your data is a necessary requirement: failure to provide the data indicated as mandatory could entail legal and contractual consequences. Therefore, in case of failure to provide the data, you may not obtain the expected result or obtain it only partially.
Is the data transferred outside the European Union?
The processing of personal data (e.g. storage, archiving and retention of data on our servers or in the cloud) will be limited to the areas of circulation and processing of personal data of countries belonging to the European Economic Area, with an express prohibition on transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, i.e. in the absence of the safeguards provided for in EU Regulation 2016/679 (third countries deemed adequate by the European Commission, group BCRs, model contractual clauses, consent of the data subjects, etc.).
What are your rights?
- In accordance with Articles 15 et seq. of EU Regulation 2016/679, you have the right to request the Data Controller to access your personal data, as well as to correct and delete or erase it;
- You also have the right to request data portability or restriction of processing;
- You have the right, for reasons related to your particular situation, to object to the processing of personal data concerning you based on legitimate interests;
- You have the right to view the essential contents of any joint controller agreements signed;
- For processing based on consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal; please note that you can withdraw your consent at any time and also independently using the application settings.
- You may also lodge a complaint with the Data Protection Authority, located at Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.
To exercise your rights or request additional information, you may contact the Data Controller using the contact details provided above.
Can the information in this policy change?
We reserve the right to update this Privacy Notice. Any changes will be communicated in the manner deemed most appropriate and we will update the date in this Privacy Policy. Therefore, we recommend that you periodically consult our Privacy Policy, including by requesting a copy from the Data Controller.
Last update: 16/10/2025