Information on the processing of personal data

This information is provided to you pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter “GDPR”)to inform you of the methods of processing your personal data that you may provide to us in the event that you decide:

  • to register on our website and obtain a “personal account” that will allow you to stay updated on our initiatives and use our online store to buy our products or
  • without registering and obtaining a personal account, to stay up to date on our initiatives and use our online store to buy our products.

 

  1. Data Controller:

Pursuant to the GDPR, Kidaria Bioscience S.r.l. with registered office in Monterosso al Mare, 8 (SP), C.F. and P.IVA 01542720113 in the person of its pro-tempore legal representative, is the Data Controller, for any request you can contact us at the email: privacy@kidaria.it

  1. Purpose of the processing

The personal data that will be requested from you and that will be processed are necessary in order to be able to contact you and inform you about Kidaria products, promotional initiatives and to conclude and execute with you contracts relating to our products.

In particular, your data will be used to:

  1. activities related to the management of your requests, as a potential customer and/or interested in our products and initiatives, including sending newsletters, economic offers and technical documentation to your addresses and/or contacts where requested by you;
  2. purchase by you of products of Kidaria through our online store;
  3. marketing activities, i.e. sending advertising, promotional and commercial material relating, in general, to products of Kidaria and/or promotional initiatives whenever there are ongoing campaigns (the “Advertising Material“).
  1. Categories of personal data that may be requested from you

You will be asked to provide personal data such as: name, surname, personal e-mail, tax code, VAT number, address.

  1. Nature of the processing

We would like to point out that with regard to the purposes referred to in points 2.a and 2.b, the provision  and the processing of your personal data is mandatory in order to be able to contact you in response to your request to receive newsletters and information, as well as to be able to conclude sales contracts with you (and perform) and deliver the related products.

Any refusal to provide such data will make it impossible to provide you with information, evaluate your requests and/or provide you with our products.

With regard to point 2.c, on the other hand, your consent to the processing of data is free, optional and can always be revoked without consequences, simply. Therefore, without your consent, we will not consider you included in our database, we will not carry out marketing campaigns on you and therefore you will not receive Advertising Material.

  1. Legal Basis of the Processing and Request for Consent

The legal basis for the processing depends on the purpose for which it is processed.

With regard to the purpose referred to in art. 2.a, the legal basis is the execution of pre-contractual and contractual measures requested by you, in particular aimed at the execution of the newsletter service, i.e. the sending of information and/or offers for products that you may request from time to time.

With regard to the purpose referred to in art. 2.b, the legal basis is the performance of a contract concluded with you concerning our products.

With regard to the purpose referred to in art. 2.c The basis is your consent.

In this sense, after having read this information, for the purposes of 2.c you may, in a dedicated section, consent or not to the proposed processing.

  1. Processing methods and retention period

The processing will be carried out in automated and/or manual form, in compliance with the security measures referred to in art. 32 of the GDPR, by specially appointed persons, in compliance with the provisions of Article 29 of the GDPR.

We would like to point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR, the retention period of your personal data.

The data collected for the registration of your account will be automatically deleted after 12 months from the date of your registration, unless you decide to keep your account active through a special procedure that will be made available close to the expiry of the registration term.

In any case, and regardless of whether you have opted to keep your account active:

  • for the data collected in relation to the purposes referred to in art. 2.b the retention period is set at a period of ten years from the date of delivery of the Products, i.e. equal to the limitation period of the rights arising from the contract.
  • for the data collected in relation to the purposes referred to in art. 2.a and 2.c the retention period is set at a period of 24 months, a term that we consider appropriate in order to be able to carry out marketing activities relating to the sending of Advertising Material and other processing related to the newsletters, as well as requests that you may have made.
  1. Transfer and Disclosure of Personal Data

The data collected for the purposes referred to in 2.a and 2.b may be communicated to:

  1. Mail Up S.p.a.;
  2. subjects who manage/support/assist, even if only occasionally, the Data Controller in the administration of the information system and telecommunications networks (including e-mail, web platforms, cloud, etc.).

On the other hand, the data collected for the purposes referred to in Article 2.b may be transferred and/or communicated to:

  1. Mail Up S.p.a., the company that manages the e-mail marketing platform we use to contact you;
  2. Service companies contracted by us to publish online reviews, including “Trustpilot A/S”, a company that collects and publishes your comments on our products and services;
  3. Recipients belonging to the following categories:
    1. entities provided for by current accounting and tax legislation as recipients of mandatory communications;
    2. competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request;
    3. subjects who manage/support/assist, even if only occasionally, the Data Controller in the administration of the information system and telecommunications networks (including e-mail, web and cloud platforms);
    4. banking institutions and equivalents;
    5. firms or professional companies based in Italy in the context of legal, tax and administrative/accounting assistance and consultancy relationships;
    6. any suppliers of services functional to the execution of the contracts in place between the parties (i.e. deliveries of products, etc.).

The above subjects will act as our external data processors. With reference to them, we specify that:

  1. they operate in jurisdictions subject to the GDPR;
  2. your data will not be transferred outside the European Economic Area.
  1. Rights of the data subject

At any time, pursuant to art. from 15-22 of the GDPR, you can exercise the right to:

  1. ask for confirmation of the existence or otherwise of their personal data;
  2. obtain information about the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
  3. obtain the rectification and deletion of data;
  4. obtain the restriction of processing;
  5. obtain data portability, i.e. receive them from Kidaria, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance.
  6. object to the processing and also in the case of processing for direct marketing purposes;
  7. revoke consent to the processing of the data provided;
  8. object to automated decision-making relating to physical persons, including profiling;
  9. lodge a complaint with the Data Protection Authority or other competent supervisory authority.

You can exercise your rights by sending a written request to Kidaria at the postal address of the registered office or at the email address privacy@kidaria.it