Information on the processing of personal data

In accordance with and for the purposes set out in articles13 et seq. of EU Regulation no. 679/2016 of 27 April 2016, (General Data Protection Regulation – GDPR) “relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (General Data Protection Regulation)” and of Legislative Decree 196/2003 and subsequent amendments.

By implementing the procedure for consulting the pages of the site and/or registering with our services, users voluntarily communicate to Margherita Lella, Data Controller, their personal data (for example, when creating an account, registering products, purchasing a product, downloading software updates, we may collect a series of data, including name, address, telephone number, email, contact preferences etc.).The personal data sent will be processed in compliance with the principles of protection of personal data established by EU Regulation no. 679/2016 and other applicable regulations.

Data Controller

The data controller is

Margherita Lella
NAF: ES X8915564M
Carretera de las Costes 61
Sitges, 08870, Barcelona
Spain

(hereinafter also the “Data Controller”) and can be contacted by written communication to be sent to:

Margherita Lella
Carretera de las Costes 61
Sitges, 08870, Barcelona
Spain

or to the email address:

info@kloe-ba.com

Nature of the data processed

They are the object of use and navigation data processing to the extent that the computer systems and software procedures used to operate this website acquire information whose transmission is based on the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but could nevertheless, through processing and association with data held by third parties, allow users to be identified (e.g. IP addresses, domain names of the computers used by users who connect to the site, the URI addresses of the resources requested, the time of the request, the method used to submit the request to the server and other parameters relating to the user’s operating system, browser and IT devices). Among the technologies used to collect and store information, cookies are of particular and autonomous importance, to whose specific information the attention of the user/data subject is referred (Cookie Policy).
The data provided by you voluntarily, at the time of registration, registration to our site and/or contact, and/or made manifestly public by you, including your personal identification data, name, surname, address, email, telephone number, fax, content of any messages etc. etc. as well as the data and information contained in any curricula uploaded and sent by you through the site and economic data that are strictly necessary for the performance of existing or future contractual relationships.
No special, sensitive or judicial data are processed, which may fall within those indicated by art. 4, letter d) and letter e) of the privacy code and art. 9 Reg. EU 2016/679, the processing of which, moreover, is prohibited by art. 9 paragraph 1 of EU Reg 2016/679 cited, except for specific and mandatory exceptions from the same article contemplated.
In this last regard, any sensitive data or particular attachments and/or contents in the curricula uploaded by you and sent through the site are excepted, whose processing is in any case previously subject to your consent.

Purpose and legal basis of the data processing

The personal data collected when filling out the forms on the “contacts” and “work with us” pages and through the newsletter subscription form of our website are processed in order to allow the user to acquire more information about our products and services and the company greater opportunities for commercial promotion, with a view to the possible establishment of negotiations and/or contractual relationships.
The legal basis for being able to process the data obtained is represented, pursuant to art. 6 Reg.EU 2016/679, by the following conditions:

  • the Data Subject has expressed his/her consent to the processing of his/her personal data;
  • the processing of data is necessary to execute a contract in which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • f) processing is necessary for the purposes of the legitimate interests pursued by a controller or third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.In the latter case, it should be noted that the legitimate interests of the Data Controller are the defence of one’s own right, the need for fraud prevention, and/or the development of promotional activities on services/products for direct marketing purposes.

In the event that the user/data subject has expressed consent at the time of activation of the service, or expresses it subsequently and until the revocation of the same, his/her personal data may be processed by the Data Controller for:

  • allow access to products, services and content;
  • send, in the event that users have expressed their consent at the time of activation of the service, or express it subsequently, and until the revocation of the same, commercial communications on their own products and services or those of third parties, also with automated methods, for direct sales purposes, as well as for sending market research and for verifying the degree of user satisfaction;
  • carry out, in the event that users have expressed their consent at the time of activation of the service, or express it subsequently, and until the revocation of the same, also by electronic means, analysis activities of specific behaviors and consumption habits, in order to improve the services provided and direct commercial proposals of interest to the user, also offering third parties the aggregate data summarizing the openings and clicks obtained through a tracking system by means of “cookies”.
  • communicate and transfer to third parties the data of users, in the event that they have expressed their consent at the time of activation of the service, or express it subsequently, and until the revocation of the same, for the sending of commercial communications on products and services of third-party companies, also with automated methods, for direct sales purposes, as well as for the sending of market research;
  • The Data Controller will also use personal data for administrative and accounting purposes and for the execution of contractual obligations towards users who are part of its customers.

In the case of special and/or sensitive cd data possibly attached and/or contained in the curricula uploaded and sent through the site, it is declared that the basis for the lawfulness of such processing are represented both by the consent, pursuant to art. 9, paragraph 2, letter a) of the GDPR, provided for the exclusive purpose of seeking and evaluating new opportunities for collaboration at the work and professional level, and by the provision of art. 9, paragraph 2, letter b) of the GDPR, in relation to data processing in the field of labor law and social security.

Processing methods

The personal data sent through the registration procedures can be processed by the Data Controller with automated tools and paper supports.
Without prejudice to the possibility for the data controller to process the aforementioned data in aggregate form, in compliance with the measures prescribed by the Guarantor Authority and by virtue of the specific exemption from the consent provided for by the same, for analysis and electronic processing (e.g.: classification of the entire clientele into homogeneous categories for levels of services, consumption, expenditure, etc.) aimed at periodically monitoring the development and economic performance of the activities of Margherita Lella, to guide the related industrial and commercial processes, to improve services, as well as to design and implement commercial communication campaigns. These are therefore legitimate and necessary treatments to ensure a service that increasingly meets the expectations of users/customers.
Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorised access.
The processing connected to the web services of this site takes place both at the aforementioned headquarters of the Data Controller and is handled only by technical personnel authorised for the processing and at the premises of the Software House Company of reference for the management of the site.
In any case, personal data are recorded and stored on electronic databases located in Italy, in countries belonging to the European Economic Area (EEA) and in third countries that guarantee an adequate level of data protection.

Obligations and authority to provide data

The provision of data is optional.

However, failure to provide the data deemed mandatory will prevent the correct completion of the contact forms, as well as the possibility of providing feedback on any requests for information on our products and services, and, in the event of purchase, the acceptance by Margherita Lella of the order proposal and the execution of the related contract and in the event of failure to acquire the curriculum, to evaluate the opportunity to establish any collaborations on a work and professional level.

Extent of knowledge of your data

The following categories of subjects may become aware of your data, as external data processors or authorised internal data processors, appointed by the Data Controller:

  • Internal personnel in charge of administrative-accounting activities;
  • Internal staff responsible for the execution of contracts;
  • Directors, accountants and external consultants for accounting and administrative activities.

The processing of personal data provided by users may also be carried out by companies, entities or consortia, appointed as data processors pursuant to art. 28 of the aforementioned EU Regulation, which, on behalf of the Data Controller, provide specific processing services or related, instrumental or support activities (such as, by way of example: software developers and website managers, IT companies, network providers, electronic communication services, IT and telematic data storage and management services, shippers, transport companies; or consultants, lawyers or collaborators of the company, tax consultants of the company, subjects who carry out on behalf of Sinatech. S.r.l. technical and organisational tasks; credit agencies, banks, financial companies, insurance companies; companies or persons providing assistance to customers; companies reselling our products), within the limits strictly necessary to carry out their assignment at our or their organisation, subject to our letter of assignment imposing the duty of confidentiality and security.

Communication and dissemination

The personal data provided by users will not be disclosed by us, with this term meaning to make them known to indeterminate subjects in any way, including by making them available or consulting them, but may be communicated by us, giving knowledge to one or more specific and qualified subjects, in the following terms:

  • to investee or associated companies;
  • to subjects to whom the right to access personal data is recognised by law, regulations or Community legislation;
  • to subjects against whom communication is required by law or regulation, or by public subjects for the performance of their institutional functions.

Rights of the Data Subject

The user/data subject may exercise the rights provided for in Articles 15-22 of the GDPR at any time by contacting the Owner of this site.
Below is the extract of article 15 Reg Eu 2016/679, relating to your right of access to us to remind you that you can obtain the following information:

The data subject has the right to obtain confirmation from the data controller on whether the processing of personal data is ongoing and in this case, to obtain access to such personal data and the following information: a) the purpose of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular whether recipients are in third countries or international organisations; d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; e) the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of their personal data or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the data subject, all information available on their origin; (h) the existence of an automated decision-making process, including the profiling referred to in Article 22, Paragraph 1 and 4 and, at least in such cases, significant information on the reasoning applied, and the importance and expected consequences of such processing for the data subject.

Furthermore, the interested party has the right to:

  • to obtain from the data controller the correction of inaccurate personal data concerning him/her without undue delay, pursuant to art. 16 Reg. EU 2016/679.
  • to obtain cancellation of personal data concerning him without justified delay where there is one of the reasons listed in art. 17 Reg. EU 2016/679.
  • to the limitation of processing when one of the hypotheses described in art. 18 Reg. EU 2016/679.
  • to object at any time to the processing of data concerning him in the cases referred to in art. 21 Reg. EU 2016/679.
  • to receive in a structured, commonly used and machine-readable format the personal data concerning him/her provided to a data controller and to transmit such data to another data controller without hindrance by the data controller to whom he/she has provided them, in the cases provided for by art. 20 Reg. EU 2016/679.
  • to withdraw consent at any time, if the processing is exclusively based on art. 6, paragraph 1, letter a), or on art. 9, paragraph 2, letter a), in any case without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
  • to lodge a complaint, pursuant to art. 77 Reg.EU 2016/679, to the competent Supervisory Authority of the Privacy Guarantor, in particular in the EU Member State in which he habitually resides, works, or of the place where the alleged violation occurred, in addition to the ordinary right to file an effective judicial appeal, pursuant to art. 79 Reg. EU 2016/679, if you believe that your rights under the aforementioned EU Regulation have been violated as a result of processing.

Possible data of minors

The site, pursuant to Article 8 of the GDPR, paragraph 1, does not collect information or carry out data processing operations relating to subjects under the age of 16.

Period of data retention

The retention period of the personal data referred to above is in line with the regulatory provisions in force: in compliance with the principles of minimisation, proportionality and necessity, the data will not be stored for longer periods than those necessary to achieve the purposes indicated above and, therefore, to the service offered or to the specific rules of law (e.g. in our legal system there is a period of at least 10 years regarding the storage of company administrative documents).
In any case, the company will provide without delay the secure deletion or irreversible anonymization of the data when the retention of personal data is not further justified.

Further information

This privacy disclaimer may be subject to change.
If substantial changes are made to the use of personal data by the Data Controller, or the latter intends to further process the personal data for a purpose other than that for which they were collected, the latter will be required to inform the Data Subjects in advance and again.