INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF
CUSTOMERS AND POTENTIAL CUSTOMERS

(Information pursuant to art. 13 and art. 14 of Reg. (EU) 679/2016, so-called. GDPR)

Below, we provide you with some information that you need to know, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are a fundamental part of our business.

This information is intended for customers and potential customers of Krupps Srl

Who is the data controller?

The Data Controller of your personal data is Krupps Srl ( VAT number IT04251180289), with registered office in Via Austria 19 – 35127, Padova (PD) – Italy, responsible for the legitimate and correct use of your personal data and which you can contact for any information or request at the following addresses: 049 7625156, privacy@krupps.com, krupps@pec.it

How do I contact the Data Protection Officer?

The Data Protection Officer (Data Protection Officer) Officer (DPO) can be contacted at the following addresses: dpo@krupps.com

Where is the data collected?

The data processed is communicated by you and/or by third parties, such as authorities and public bodies (e.g., the Chamber of Commerce) and/or collected from publicly accessible sources.

What data processing is carried out?

Your personal data is collected and processed, using both automated and non-automated methods, as specified below.

Customer Management

Purpose and legal basis	– Customer management – Follow up on customer or potential customer requests and manage pre-contractual or contractual obligations Both purposes are based on the execution of a contract and/or pre-contractual measures.
Data categories	Personal data, Personal data and contact details, Address data, Payment dates, Data relating to purchases or use of services
Shelf life*	10 years from the year of the contract or from the termination of the last contact
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom data disclosure is necessary for the purposes stated by the data controller, Banks, Credit Insurance Companies

Customer service

Purpose and legal basis	– Customer satisfaction survey – Technical customer support – Customer management These purposes are based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services, Access and identification data
Shelf life*	10 years from the year of termination of the last contract
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), and other entities for whom data disclosure is necessary for the purposes stated by the data controller.

Reception

Purpose and legal basis	– Monitoring of people entering the company, based on the owner’s legitimate interest in protecting company assets, worker safety, and organizational and production needs. – Filtering of telephone calls, based on the legitimate interest of the owner in organizational and production needs
Data categories	Personal data, Contact data, Address data, Data relating to identification/recognition documents
Shelf life*	1 year from the year of data acquisition
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes stated by the data controller, Authorities and public administrations with respect to which there is a legal obligation to communicate.

Marketing and communication activities

Purpose and legal basis	– Receive invitations for market analysis and research, informational and/or advertising communications, based on the interested party’s consent – Receive personalized information and/or advertising communications, based on the interested party’s consent
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services, Profiling data
Shelf life*	Until consent is revoked. Processing will then be limited to mere storage for 10 years from the year in which consent was revoked.
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), and other entities for whom data disclosure is necessary for the purposes stated by the data controller.

**Providing consent is always optional and can be revoked at any time. You can contact the Data Controller using the contact information above.

Warranty

Purpose and legal basis	– Allow the exercise of the right of guarantee, on the basis of the execution of a contract and/or pre-contractual measures, legal obligation – Allow adherence to guarantee formulas, based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Data relating to purchases or use of services
Shelf life*	10 years from the year of termination of the contract
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom data communication is necessary for the purposes stated by the data controller, Banks

Sale and pre-sale business activity

Purpose and legal basis	– Promotional activities, based on the execution of a contract and/or pre-contractual measures, legitimate interest of the owner to promote its activities – Offer of goods and services, based on the execution of a contract and/or pre-contractual measures, legitimate interest of the owner in offering goods and services – Facilitate commercial recontact and the provision of information on the requested products and services, based on the legitimate interest of the owner in managing contact requests and commercially promoting its products, including through the distributor network.
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services
Shelf life*	10 years from the year of competence
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom data disclosure is necessary for the purposes stated by the data controller, and local retailers.

Management control

Purpose and legal basis	– Internal control of company management, based on the legitimate interest of the owner in carrying out the business activity
Data categories	Personal data, Contact data, Work-related data
Shelf life*	10 years from the year of competence
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), and other entities for whom data disclosure is necessary for the purposes stated by the data controller.

Accounting

Purpose and legal basis	– Keeping of accounting records, based on a legal obligation – Tax obligations, based on a legal obligation
Data categories	Personal data, Contact data, Address data, Payment dates, Data relating to work activity, Data relating to purchases or use of services
Shelf life*	10 years from the year of termination of the last contract
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Authorities and public administrations with a legal obligation to communicate, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom data communication is necessary for the purposes stated by the data controller, Banks

Billing and delivery notes

Purpose and legal basis	– Shipping of documents and goods, based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Personal data and contact details, Address data
Shelf life*	10 years from the year of termination of the last contract
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), and other entities for whom data disclosure is necessary for the purposes stated by the data controller.

Quality of service

Purpose and legal basis	– Verify the quality of the service, based on the legitimate interest of the owner to verify compliance with internal procedures
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services
Shelf life*	10 years from the year of termination of the last contract
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), and other entities for whom data disclosure is necessary for the purposes stated by the data controller.

Accommodation Management

Purpose and legal basis	– Organization of accommodation , on the basis of the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Data relating to work activity, Data relating to identification/recognition documents
Shelf life*	10 years from the year of organization
Data recipients	Authorized data processors appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), Accommodation facilities , Transfer services, and other entities for whom data disclosure is necessary for the purposes stated by the data controller.

Creation and subsequent publication/dissemination of multimedia content

Purpose and legal basis	– Communication, promotion and documentation of the Data Controller’s activities, based on the interested party’s consent**
Data categories	Personal data, Contact data, Multimedia content (including photos and videos) in full and/or partial form
Shelf life*	The data will be retained, subject to disclosure, until consent is revoked or an explicit request for deletion is accepted. In any case, once the purpose for which it was collected no longer applies, the data will be deleted.
Data recipients	Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other parties to whom the communication of data is necessary for the purposes stated by the data controller, Data Processors appointed pursuant to art. 29 of EU Regulation 2016/679. Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other parties to whom the communication of data is necessary for the purposes stated by the data controller, Data Processors appointed pursuant to art. 29 of EU Regulation 2016/679.

**Providing consent is always optional and can be revoked at any time. You can contact the Data Controller using the contact information above.

* In addition to the time required for the statute of limitations to accrue in relation to mutual rights and the time for keeping backups.

In addition to the above, as part of activities aimed at the proper management of the organization, your personal data will also be processed by duly authorized internal or external personnel for:

management and maintenance of the network and IT systems, when processing occurs even through partially automated methods (for example, when data passes through Krupps Srl’s IT systems), based on the legitimate interest in protecting the data and for information security obligations; the data is stored in compliance with security implementations and with the provisions for the primary processing of reference among those described above;
manage compliance and governance activities, including personal data protection obligations, as required by law, in accordance with the retention periods established for the primary processing in question;
to prevent and detect abuse and to defend the rights and interests of the Data Controller, retaining them until the expiration of the limitation periods, except in the event of litigation (in which case, the data will be retained until the matter of the dispute has been definitively resolved), based on the legitimate interest of the Data Controller in protecting his rights and interests.

Are there automated processes?

The processing is not based on automated decision-making.

Is it mandatory to provide data?

Except for any purposes based on consent, providing your data is a necessary requirement: failure to provide the data indicated as mandatory may have legal and contractual consequences. Therefore, failure to provide the data may result in the desired outcome being lost or only partially achieved.

Is data transferred outside the European Union?

The processing of personal data (e.g., storage, archiving, and retention of data on our servers or in the cloud) will be limited to the areas of circulation and processing of personal data in countries within the European Economic Area. We are expressly prohibited from transferring personal data to non-EU countries that do not guarantee (or lack) an adequate level of protection, or in the absence of the protection measures provided for by EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCRs, model contractual clauses, data subject consent, etc.).

What rights are recognized?

You have the right, pursuant to Articles 15 et seq. of EU Regulation 2016/679, to request from the Data Controller access to your personal data, as well as their rectification, erasure, or oblivion;
You also have the right to request data portability or limitation of processing;
You have the right, for reasons relating to your particular situation, to object to the processing of personal data concerning you based on the legitimate interest;
You have the right to view the essential contents of any joint ownership agreements signed;
For processing based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent given before the withdrawal;
You can also lodge a complaint with the Italian Data Protection Authority, located at Piazza Venezia 11, 00187 Rome, Italy – protocollo@pec.gdpd.it.

To exercise your rights or to request additional information, you can contact the Data Controller using the contact information above.

Can the information in this policy change?

We reserve the right to update our Privacy Policy. We will communicate any changes as appropriate, and we will update the date in this Privacy Policy. Therefore, we recommend periodically reviewing our Privacy Policy, including requesting a copy from the Data Controller.

Last updated: 10/10/2025

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	[vc_row][vc_column][vc_column_text]YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.[/vc_column_text][/vc_column][/vc_row]

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	[vc_row][vc_column][vc_column_text]This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.[/vc_column_text][/vc_column][/vc_row]
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.