Privacy Policy

Privacy policy under Art. 13 reg. EU 679/2016 (“RGPD”) for visitors to this website.

With this page, we intend to provide all the directions stipulated in Art. 13 of EU Regulation 2016/679 (hereinafter also “Regulation” or “GDPR”) regarding the processing of personal data of visitors to this website.
The information does not pertain to other sites, pages, or online services that can be reached through hyperlinks posted on this website.
This information is provided, in accordance with EU Regulation 2016/679, to all users who interact with the Site and its services.
Information regarding the use of cookies on this site is outlined in the Cookie Policy, at the end of this policy.

Pursuant to the regulations on the processing of personal data:

(a) “We,” the owners of this site, are the “Owner” of the processing;

(b) “You” are the “Data Subject” and have the rights and obligations we outline below.

  1. Data controller

The Data Controller is Kria Srl, based in Desio (MB) – Via Lavoratori Autobianchi no. 1, 20832

  1. Place and manner of processing

Data processing originating from the consultation of this website takes place in the European Economic Area and in accordance with European standards. The processing of users’ personal data is carried out by individuals authorized to process the data by the Data Controller and duly instructed in accordance with Articles 4.10, 29, 32.4 of the GDPR and Article 2-quaterdecies of the Personal Data Protection Code Legislative Decree. 196/2003 as amended by Legislative Decree. n. 101/2018, by means of automated and computerized tools for the time strictly necessary to achieve the purposes for which they were collected.
The Controller processes the personal data it comes into possession of by means including computer and telematic methods on the basis of the processing principles set forth in Art. 5 of the GDPR (lawfulness, fairness, transparency, minimization, purpose limitation, accuracy, storage limitation, integrity and confidentiality).
The Data Controller shall take specific security measures to protect the rights and freedoms of natural persons, in particular to prevent and prevent unauthorized disclosure, modification or destruction of data, loss of data, unlawful or incorrect use and unauthorized access by reducing the risks concerning the confidentiality, availability and integrity of collected personal data, in adherence to Art. 32 GDPR.

  1. Purposes and Legal Basis for Processing

3.1 Your personal data are processed while you are browsing the site for the purpose of proper technical operation of the site.

3.2 The computer systems and software procedures responsible for the ordinary operation of this site acquire certain personal data (navigation data), the transmission of which is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.

  1. Data controllers, Recipients of personal data, Dissemination

4.1 Both navigation data and data voluntarily provided by the user through e-mail messages to the published e-mail addresses may be communicated to external parties formally appointed by the Data Controller as Data Processors and belonging to the following categories:

  • Companies that provide maintenance services for the Site and computer systems;
  • Companies that provide telematic communications services and, especially, electronic mail;
  • Companies that perform management and maintenance services for the Owner’s databases.

These entities have the right to rely on additional, own Data Processors, operating in the same areas.

4.3 Data may also be disclosed to additional external parties, operating as autonomous Data Controllers such as the Judicial Authority, administrative or other public entity entitled to request them, in cases provided for by law.

4.4 Data will not be disseminated.

4.5 The data controller is the administrator of the company Data Controller.

As stipulated in Art. 37, seventh paragraph, of the RGPD, the contact details of the Data Protection Officer are given below:

Pec: kria@pcert.it

e-mail: info@kria.biz

  1. Data Retention Period

5.1 With reference to the browsing data collected for the purpose of Section 3, num. 1, they are retained for a period to allow the Owner to ensure the security of the users’ connection to the site.

5.2 If you are looking for information regarding the use of cookies on this site, you can easily find it in the cookie policy, at the link given above.

  1. Nature of Data Disclosure and Consequences of Failure to Disclose Data

6.1 For the purpose of Section 3, num. 1, the provision of data is necessary and not optional.

  1. Transfer of data to non-EU countries

7.1 The transfer abroad carried out in this way is in line with this legislation, since it is implemented only to countries that have been the subject of an adequacy decision and which, therefore, guarantee an adequate level of protection of personal data, or on the basis of standard contractual clauses validated by a European Supervisory Authority and conforming to the models proposed by the Commission in Decision 2010/87/EU. With specific reference to the United States of America, any transfer of data to that country is made only to companies certified under the Privacy Shield, an agreement that imposes stringent obligations on U.S. companies to protect the personal data of European citizens and subject to the control of U.S. authorities.

  1. Rights of the Interested Party

8.1 The Data Controller shall take all reasonable measures to ensure data quality and to eliminate incorrect or unnecessary personal data.

8.2 Regulation (EU) 2016/679 grants you, as a Data Subject, several rights, which you can exercise by contacting the Data Controller at the contact details set out in points 1 and 2 of this policy.

Among the rights that can be exercised, provided the prerequisites are met from time to time in the regulations (in particular, Articles 15 et seq. of the Regulations) are:

  • The right to know whether the Data Controller is processing personal data concerning you and, if so, to have access to the data being processed and to all information relating thereto;
  • The right to rectification of inaccurate personal data concerning you and/or to supplement incomplete personal data;
  • The right to the deletion of personal data concerning you;
  • The right to restriction of processing;
  • The right to object to the processing;
  • The right to portability of personal data concerning you;
  • The right to revoke consent at any time, without affecting the lawfulness of processing, based on consent, carried out prior to revocation.

8.3 In any case, you also have the right to file a formal Complaint with the Data Protection Authority in the manner you can find at the following link: https://www.garanteprivacy.it/home.

8.4 To receive more information about your rights, you can contact the Owner directly, or consult the official pages of the Guarantor Authority https://www.garanteprivacy.it/home/diritti and https://www.garanteprivacy.it/web/guest/regolamentoue/diritti-degli-interessati.

8.5 To exercise your rights regarding this privacy policy, send an e-mail to info@kria.biz