INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF
CUSTOMERS AND POTENTIAL CUSTOMERS

(Information pursuant to art. 13 and art. 14 of Reg. (EU) 679/2016, so-called. GDPR)

Below we provide you with some information that is necessary to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards interested parties is a fundamental part of our business.

This information is addressed to customers and potential customers of Krupps Srl .

Who is the data controller?

The Data Controller of your personal data is Krupps Srl ( P.iva IT04251180289), with registered office in Via Austria 19 – 35127, Padova (PD) – Italy, responsible for the legitimate and correct use of your personal data and which you can contact for any information or request at the following addresses: 049 7625156, privacy@krupps.com, krupps@pec.it

How do I contact the Data Protection Officer?

The Data Protection Officer (Data Protection Officer – DPO) can be contacted at the following addresses: dpo@krupps.com

Where is the data collected?

The data processed are communicated by you and/or by third parties, such as authorities and public bodies (e.g. Chamber of Commerce) and/or collected from sources accessible to the public.

What data processing is carried out?

Your personal data is collected and processed, using automated and non-automated methods, as specified below.

Customer Management

Purpose and legal basis	– Customer management, based on the execution of a contract and/or pre-contractual measures – Follow up on customer or potential customer requests and manage pre-contractual or contractual obligations, based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Personal data and contact details, Address data, Payment data, Data relating to purchases or use of services
Shelf life*	10 years from the year of the contract or from the termination of the last contact
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purposes of carrying out the purposes declared by the owner, Banks, Credit Insurance

Customer service

Purpose and legal basis	– Customer satisfaction survey, based on the execution of a contract and/or pre-contractual measures – Technical support to customers, based on the execution of a contract and/or pre-contractual measures – Customer management, based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services, Access and identification data
Storage time*	10 years from the year of termination of the last contract
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Reception

Purpose and legal basis	– Monitoring of people entering the company, based on the legitimate interest in protecting company assets, worker safety, organizational and production needs – Filtering of telephone calls, based on legitimate interest in organizational and production needs
Data categories	Personal data, Contact data, Address data, Data relating to identification/recognition documents
Shelf life*	1 year from the year of data acquisition
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner, Authorities and public administrations for which there is a legal obligation to communicate

Marketing and communication activities

Purpose and legal basis	– Marketing (market analysis and research), Sending of information and/or advertising material, based on the consent of the interested party**
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services, Profiling data
Storage time*	Until consent is revoked. Then the processing will be limited to mere storage for 10 years from the year in which consent was revoked
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

**The provision of consent is always optional and can be revoked at any time, you can contact the Owner via the contact information above.

Warranty

Purpose and legal basis	– Allow the exercise of the right of guarantee, on the basis of the execution of a contract and/or pre-contractual measures, legal obligation – Allow adherence to guarantee formulas, based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Data relating to purchases or use of services
Shelf life*	10 years from the year of termination of the effects of the contract
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purposes of carrying out the purposes declared by the owner, Banks

Sale and pre-sale business activity

Purpose and legal basis	– Promotional activities, based on the execution of a contract and/or pre-contractual measures, legitimate interest in promoting its activities – Offer of goods and services, on the basis of the execution of a contract and/or pre-contractual measures, legitimate interest in offering goods and services
Data categories	Personal data, Contact data, Address data, Data relating to purchases or use of services
Storage time*	10 years from the year of competence
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Management control

Purpose and legal basis	– Internal control of company management, based on the legitimate interest in carrying out business activities
Data categories	Personal data, Contact data, Data relating to work activity
Storage time*	10 years from the year of competence
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Accounting

Purpose and legal basis	– Keeping of accounting records, based on a legal obligation – Tax obligations, based on a legal obligation
Data categories	Personal data, Contact data, Address data, Payment data, Data relating to work activity, Data relating to purchases or use of services
Shelf life*	10 years from the year of termination of the last contract
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Authorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for which the communication of data is necessary for the purposes of carrying out the purposes declared by the owner, Banks

Billing and DDT

Purpose and legal basis	– Shipping documents and goods, based on the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Personal data and contact details, Address data
Shelf life*	10 years from the year of termination of the last contract
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), other entities for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Accommodation Management

Purpose and legal basis	– Organization of accommodation , on the basis of the execution of a contract and/or pre-contractual measures
Data categories	Personal data, Contact data, Data relating to work activity, Data relating to identification/recognition documents
Shelf life*	10 years from the year of organization
Data recipients	Authorized data processing entities appointed pursuant to art. 29 of EU Regulation 2016/679, Data Processors appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of data processors), Accommodation facilities, Transfer services, other entities for which the communication of data is necessary for the purposes of carrying out the purposes declared by the owner

Creation and subsequent publication/dissemination of multimedia content

Purpose and legal basis	– Production of explanatory videos for technical support, based on the execution of a contract and/or pre-contractual measures – Brand awareness , based on the legitimate interest in brand recognition – Promotional purposes, based on the interested party’s consent**
Data categories	Personal data, Contact data, Multimedia content (including photos and videos)
Shelf life*	The data will be retained, except for disclosure, until the revocation of consent or acceptance of an explicit request for cancellation. In any case, once the purpose for which they were acquired has ceased to exist, the data will be deleted. For explanatory videos, they are retained for up to 10 years from the loss of effectiveness of the video
Data recipients	Data controllers appointed pursuant to art. 28 of EU Regulation 2016/679 (see register of controllers), other subjects for whom the communication of data is necessary for the purposes of carrying out the purposes declared by the owner, Subjects authorised to process data appointed pursuant to art. 29 of EU Regulation 2016/679

**The provision of consent is always optional and can be revoked at any time, you can contact the Owner via the contact information above.

* In addition to the time required for the statute of limitations to accrue in relation to the reciprocal rights and the time for keeping the backups.

In addition to the above, within the scope of activities functional to the good management of the organization, your personal data will also be processed by internal or external personnel duly authorized for:

1) the management and maintenance of the network and IT systems, when the processing occurs through even partially automated methods (for example when the data passes through the IT systems of Krupps Srl), on the basis of the legitimate interest in protecting them and for the obligations inherent to information security; the data are stored in compliance with the security implementations and with what is foreseen for the main processing of reference among those described above;

2) manage compliance activities, including personal data protection obligations, as required by law, in accordance with the retention periods established for the main processing in question;

3) to prevent and detect abuse and to defend the rights and interests of the Data Controller, retaining them until the expiry of the limitation periods, except in the event of litigation (in which case, the data will be retained until the matter of the dispute has been definitively resolved), on the basis of the legitimate interest of the Data Controller in protecting its rights and interests.

Are there automated processes?

The processing is not based on automated decision-making.

Is it mandatory to provide data?

Except for any purposes based on consent, the provision of your data is a necessary requirement: failure to provide the data indicated as mandatory could lead to legal and contractual consequences. Therefore, in the event of failure to provide them, you may not obtain the expected result or obtain it only partially.

Is data transferred outside the European Union?

The processing of personal data (e.g. storage, archiving and conservation of data on its own servers or in the cloud) will be limited to the areas of circulation and processing of personal data of the countries belonging to the European Economic Area, with an express prohibition on transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of protection instruments provided for by EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCR, model contractual clauses, consent of the interested parties, etc.).

What rights are recognized?

You have the right, pursuant to articles 15 and following of EU Reg. 2016/679, to request from the Data Controller access to your personal data, as well as their rectification, cancellation or oblivion;
You also have the right to request data portability or limitation of processing;
You have the right, for reasons relating to your particular situation, to object to the processing of your personal data based on the legitimate interest;
You have the right to view the essential contents of any joint ownership agreements signed;
For processing based on consent, you have the right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
You may also lodge a complaint with the Data Protection Authority, located in Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.

To exercise your rights or to request additional information, you can contact the Owner using the contact information above.

Can the information in this policy change?

We reserve the right to update our Privacy Policy. We will communicate changes as appropriate and update the date in this Privacy Policy. Therefore, we recommend that you periodically consult our Privacy Policy, including by requesting a copy from the Data Controller.

Last updated: 29/11/2024

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	[vc_row][vc_column][vc_column_text]YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.[/vc_column_text][/vc_column][/vc_row]

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	[vc_row][vc_column][vc_column_text]This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.[/vc_column_text][/vc_column][/vc_row]
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.