INFORMATION ON THE PROCESSING OF PERSONAL DATA
(Articles 13 and 14 EU Reg. 2016/679 and Legislative Decree 196/2003 et seq.)

Dear Interested,

Below we provide you with some information that we need to bring to your attention, not only in order to comply with legal obligations, but also because transparency and fairness towards the persons concerned is a fundamental part of our activity.

Data controller

The Data Controller of your personal data is Krupps S.r.l., which is responsible to you for the lawful and correct use of your personal data and which you may contact for any information or request at the following addresses:

VAT NumberIT04251180289
HeadquartersVia Austria 19 – 35127, Padova (PD) – Italia
Contact details049 7625156, privacy@krupps.com, krupps@pec.it

Data Protection Officer

The Data Protection Officer (DPO) can be contacted at the following addresses:

Contact detailsdpo@krupps.com – Xifram S.r.l.

Data source

The data processed are communicated by you and/or third parties, such as authorities and public bodies (e.g. Chamber of Commerce) and/or collected from publicly accessible sources. Some of these sources are publicly accessible: Yes.

Treatments

Your personal data are collected and processed, by automated, semi-automated and non-automated means, as specified below:

Management Control

Purpose and legal basis – Internal management control, based on: Legitimate interest, Exercise of business activity
Categories of dataBiographical data, Contact data, Data relating to work activity
Storage time*Common data: 10 years from the year of accrual
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

Accounting

Purpose and legal basis – Tax obligations, based on: Legal obligation, To be specified
Categories of dataBiographical data, Contact data, Address data, Payment data, Employment data, Data relating to purchases or use of services
Storage time*Common data: 10 years from the year of termination of the last contract
Data recipientsAuthorities and public administrations with respect to which there is a legal obligation to communicate, Banks, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other entities for which the communication of the data is necessary for the purposes of the declared purposes of the controller

Billing and DDT

Purpose and legal basis – Shipment of documents and goods, on the basis of: Performance of a contract and/or pre-contractual measures, To be specified
Categories of dataBiographical data, Contact data, Address data
Storage time*Common data: 10 years from the year of termination of the last contract
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

Customer service

Purpose and legal basis– Customer satisfaction survey, based on: Execution of a contract and/or pre-contractual measures, To be specified – Technical assistance to customers, based on: Execution of a contract and/or pre-contractual measures, To be specified – Customer management, based on: Execution of a contract and/or pre-contractual measures, To be specified
Categories of dataBiographical data, Contact data, Address data, Data relating to purchases or use of services, Access and identification data
Storage time*Common data: 10 years from the year of termination of the last contract
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

Marketing and communication activities

Purpose and legal basis – Marketing (market analysis and surveys), Sending of information and/or advertising material, based on the consent of the data subject**
Categories of dataBiographical data, Contact data, Address data, Data relating to purchases or use of services, Profiling data
Storage time*Common data: Until consent is revoked. Then processing will be limited to mere storage for 10 years from the year in which consent was revoked
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

**The provision of consent is always optional and may be revoked at any time, you may contact the Data Controller using the contact information above.

Warranty

Purpose and legal basis – Allow the exercise of the right of guarantee, on the basis of: Execution of a contract and/or pre-contractual measures, Legal obligation, To be specified – Allow the adherence to guarantee formulas, on the basis of: Execution of a contract and/or pre-contractual measures, To be specified
Categories of dataBiographical data, Contact data, Data relating to purchases or use of services
Storage time*Common data: 10 years from the year the contract ceases to have effectc
Data recipientsBanks, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other entities for which the communication of the data is necessary for the fulfilment of the declared purposes of the data controller

Sale and pre-sale business activity

Purpose and legal basis – Promotional activities, on the basis of: Execution of a contract and/or pre-contractual measures, Legitimate interest, Promoting its activities – Offering goods and services, on the basis of: Execution of a contract and/or pre-contractual measures, Legitimate interest, Offering goods and services
Categories of dataBiographical data, Contact data, Address data, Data relating to purchases or use of services
Storage time*Common data: 10 years from the year of accrual
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

Service quality

Purpose and legal basis – Verify the quality of the service, based on: Legitimate interest, Verify compliance with internal procedures
Categories of dataBiographical data, Contact data, Address data, Data relating to purchases or use of services
Storage time*Common data: 10 years from the year of termination of the last contract
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

Reception

Purpose and legal basis – Monitoring of people entering the company, on the basis of: Legitimate interest, Protection of company assets, Worker safety, Organisational and production needs – Filtering of telephone calls, on the basis of: Legitimate interest, organisational and production needs
Categories of dataBiographical data, Contact data, Address data, Identification/recognition document data
Storage time*Common data: 1 year from the year of data acquisition
Data recipientsAuthorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), Authorised Persons appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of the data is necessary for the performance of the declared purposes of the controller

Customer management

Purpose and legal basis – Customer management, on the basis of: Execution of a contract and/or pre-contractual measures, To be specified – Following up on customer or potential customer requests and managing pre-contractual or contractual fulfilments, on the basis of: Execution of a contract and/or pre-contractual measures, To be specified
Categories of dataBiographical data, Contact data, Address data, Payment data, Data relating to purchases or use of services
Storage time*Common data: 10 years from the year of the contract or the termination of the last contact
Data recipientsCredit Insurers, Banks, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other entities for which the communication of the data is necessary for the fulfilment of the declared purposes of the controller

Management and maintenance of IT systems

Purpose and legal basis – Management and maintenance of the network and information systems, based on: Legitimate interest, Legal obligation, Legitimate interest in the protection of the network and information systems; legal obligation limited to the provisions of the regulations on system administrators
Categories of dataAccess and identification data
Storage time*Common data: 2 years from the year of termination of the contractual relationship for accounts, passwords and user names; 18 months for system administrators’ obligations
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

Defence of interests and rights of the Controller

Purpose and legal basis – Prevent and/or detect possible abuses and defend its rights and interests on the basis of: Legitimate interest, to protect one’s own rights and interests in court or in the preparatory stages of its possible establishment
Categories of dataData useful for the defence of the Controller’s interests and rights
Storage time*Data useful for the defence of the Controller’s interests and rights: The data will be retained for as long as the Data Controller has an interest in exercising its right or interest
Data recipientsAuthorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), Authorised Persons appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of the data is necessary for the performance of the declared purposes of the controller

Data protection compliance management

Purpose and legal basis – Personal data protection obligations, based on: Legal obligation, To be specified
Categories of dataBiographical data, Contact data, Address data
Storage time*Common data: For as long as strictly necessary to fulfil the purposes
Data recipientsAuthorities and public administrations with respect to which there is a legal obligation to communicate, Data Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see Register of Data Processors), Authorised Persons appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of the data is necessary for the performance of the declared purposes of the controller

Accommodation management

Purpose and legal basis – Accommodation organisation, on the basis of: Execution of a contract and/or pre-contractual measures, To be specified
Categories of dataBiographical data, Contact data, Employment data, Identification/recognition document data
Storage time*Common data: 10 years from the year of organisation
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Transfer services, Authorised data processors appointed pursuant to Art. 29 EU Reg. 2016/679 , Accommodation facilities, other entities for which the communication of data is necessary for the performance of the declared purposes of the data controller

Creation and subsequent publication/dissemination of multimedia content

Purpose and legal basis – Creation, use and publication/dissemination of multimedia content, in whole or in part, on the basis of the consent of the Data Subject**
Categories of data 
Storage time*Common data: The data will be kept, subject to disclosure, until consent is revoked or an explicit request for deletion is granted. In any case, once the purpose for which the data was acquired no longer exists, it will be deleted.
Data recipientsData Processors appointed pursuant to Art. 28 EU Reg. 2016/679 (see register of data processors), Authorised Data Processors appointed pursuant to Art. 29 EU Reg. 2016/679 , other persons for whom the communication of data is necessary for the performance of the declared purposes of the data controllerc

**The provision of consent is always optional and may be revoked at any time, you may contact the Data Controller using the contact information above.

* In addition to the time required for the accrual of prescriptive periods in relation to reciprocal rights and the retention time of backups.

Automated process

The processing is not based on automated decision-making.

Provision of data

Failure to provide compulsory data may entail legal and contractual consequences, while failure to provide optional data may result in the processing not being carried out or being carried out only partially. Therefore, in the event of failure to provide data, the data subject may not obtain the expected result or may only obtain it partially.

Extra-EU data transfer

The processing of personal data (e.g. storage, archiving and preservation of data on its own servers or in the cloud) will be circumscribed within the areas of circulation and processing of personal data of the countries that are part of the European Union, with an express prohibition to transfer them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of the protection tools provided by the EU Regulation 2016/679 (third country judged adequate by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).

Rights of the data subject

  • You have the right, in accordance with Articles 15 et seq. of EU Reg. 2016/679, to request from the Data Controller access to your personal data, as well as its rectification and deletion or oblivion;
  • You also have the right to request data portability or restriction of processing;
  • You have the right, on grounds relating to your particular situation, to object to processing based on legitimate interests of personal data concerning you;
  • You are entitled to see the essential contents of any signed co-ownership agreements;
  • For processing based on consent, you have the right at any time to withdraw your consent, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
  • You may also lodge a complaint with the Italian Data Protection Authority, based in Piazza Venezia 11, 00187 – Rome – protocollo@pec.gdpd.it.

To exercise your rights or to request additional information, you may contact the Controller using the contact information above.

Amendments to this notice

We reserve the right to update our Privacy Policy. We will notify you of changes as we deem appropriate and update the date in this Privacy Policy. We therefore recommend that you consult our Privacy Policy periodically, including by requesting a copy from the Data Controller.

Last updated: 10/08/2023