Privacy Policy
- INTRODUCTION – WHO ARE WE
Xingu S.r.l. with registered office in via Carlo Poma, 40 – 20129 Milan, VAT no. 10206600966 (hereinafter, “Data Controller“), owner of the website www.kiliagon.com (hereinafter, the “Website“), in its capacity as the Data Controller of the personal data of the users browsing the Website (hereinafter, “Users“) provides below the privacy policy pursuant to Article 13 of the EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation“, or “Applicable Law“). - HOW TO CONTACT US?
The Controller takes the right to privacy and the protection of personal data of its Users into the utmost consideration. For any information in relation to this privacy policy, Users may contact the Controller at any time, using the following methods:- By sending a registered letter with return receipt to the Controller’s registered office in via Carlo Poma, 40 – 20129 Milan;By sending an e-mail to the address info@kiliagon.com.
- WHAT DO WE DO? – PURPOSE OF PROCESSING
The User, by browsing the Website, can contact the Data Controller through the appropriate form. In connection with these activities, the Data Controller collects personal data relating to Users. This Website and the services that may be offered through the Website are reserved for subjects who have reached the age of eighteen. The Data Controller therefore does not collect personal data relating to persons under the age of 18. At the request of Users, the Data Controller will promptly delete all personal data involuntarily collected relating to persons under the age of 18. In particular, Users’ personal data will be lawfully processed for the following purposes:
- Allowing browsing of the Website: the User’s data collected by the Data Controller for this purpose include all personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures used to operate the Website acquire in the course of their normal operation: the IP addresses or domain names of the computers used by Users, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system.) and other parameters relating to the User’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to allow it to function correctly. Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances will the Data Controller make Users’ personal data accessible to other Users and/or third parties;
- Fulfilling the User’s request: Users’ personal data are collected and processed by the Data Controller for the sole purpose of fulfilling their request. The User’s data collected by the Data Controller for this purpose include first name, last name, e-mail address, company name, type of service request and all further User data that may have been voluntarily communicated by the User. No other processing will be carried out by the Data Controller in relation to the User’s personal data. Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances shall the Controller make the personal data of the Users accessible to other Users and/or third parties.
- Administrative-accounting purposes, i.e. to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
- Legal obligations, i.e. to fulfil obligations laid down by law, by an authority, by a regulation or by European legislation.The provision of personal data for the above-mentioned processing purposes is optional but necessary, as failure to provide such data will make it impossible for the User to make his/her request to the Data Controller. Personal data that are necessary for the pursuit of the processing purposes described in this paragraph 3 are indicated with an asterisk in the request form.
- Allowing browsing of the Website: the User’s data collected by the Data Controller for this purpose include all personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures used to operate the Website acquire in the course of their normal operation: the IP addresses or domain names of the computers used by Users, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system.) and other parameters relating to the User’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to allow it to function correctly. Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances will the Data Controller make Users’ personal data accessible to other Users and/or third parties;
- LEGAL BASIS
- Allowing browsing of the Website (as described in para. 3(a)): the legal basis is Art. 6(1)(b) of the Regulation, as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures taken at the User’s request.
- Fulfilment of the User’s request (as described in para. 3(b)): the legal basis is Art. 6(1)(b) of the Regulation, as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures taken at the User’s request.
- Administrative-accounting purposes (as described in para. 3(c)): the legal basis is Art. 6(1)(b) of the Regulation, as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures taken at the User’s request.
- Legal obligations (as described in para. 3(d) above): the legal basis is Art. 6(1)(c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.
- Allowing browsing of the Website (as described in para. 3(a)): the legal basis is Art. 6(1)(b) of the Regulation, as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures taken at the User’s request.
- PROCESSING METHODS AND DATA RETENTION PERIODS
The Data Controller will process the Users’ personal data by means of manual and computerised tools, with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data. The personal data of Users will be kept for the time strictly necessary to fulfil the primary purposes (as described in paragraph 3 above), or in any case as necessary for the protection in civil law of the interests of the Data Controller and the Users. - SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA
The User’s personal data may be transferred outside the European Union and, in this case, the Data Controller shall ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation. The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website and the Users’ requests. These subjects, who have been instructed to do so by the Data Controller pursuant to art. 29 of the Regulations, will process Users’ data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Regulations. Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors pursuant to Article 28 of the Regulation, such as, by way of example, suppliers of IT and logistical services functional to the operation of the Data Controller’s Website, suppliers of outsourcing or cloud computing services, professionals and consultants. The User has the right to obtain a list of any data processors appointed by the Data Controller by making a request to the Data Controller in the manner indicated in paragraph 7 below. - RIGHTS OF THE DATA SUBJECTS
The User may exercise the rights guaranteed by the Applicable Rules at any time by contacting the Data Controller in the following ways:- By sending a registered letter with return receipt to the Controller’s registered office in via Carlo Poma, 40 – 20129 Milan;
- By sending an e-mail to the address info@kiliagon.com.
The Data Controller has not identified the figure of the Data Protection Officer (DPO), since it is not subject to the designation obligation provided for in Article 37 of the Regulation. Pursuant to the Applicable Regulations, the User has the right to obtain information on (i) the source of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) the identification details of the data controller and data processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as data processors or persons in charge of processing. Furthermore, the User has the right to obtain:
- access, update, rectification or, where interested, integration of the data;
- the cancellation, transformation into anonymous form or restriction of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- certification that the operations referred to in points a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, unless this proves impossible or involves a manifestly disproportionate effort compared with the right protected.
As well as: - the right to withdraw consent at any time, if the processing is based on your consent;
- (where applicable) the right to data portability (the right to receive all personal data concerning him/her in a structured, commonly used and machine-readable format);
- the right to object:
- in whole or in part, for legitimate reasons, the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
- in whole or in part, to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
- where personal data are processed for direct marketing purposes, at any time, the processing of the data for that purpose, including profiling insofar as it is related to such direct marketing.
- if he/she considers that the processing concerning him/her is in breach of the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where he/she normally resides, in the Member State where he/she works or in the Member State where the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, based in Piazza Venezia, n. 11, 00187 – Rome (RM) (http://www.garanteprivacy.it/).
The Data Controller is not responsible for the updating of all links displayed in this Policy, therefore whenever a link is not working and/or updated, the User acknowledges and accepts that he/she must always refer to the document and/or section of the websites referred to by that link.
Registered and operating office
Xingu Srl Via Carlo Poma, 41 – 20129 Milan (MI), Italy – VAT IT10206600966 – Registered Capital 14.127,27 – REA MI-2513905