Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Dear Customer,

In compliance with the obligations provided by the European Privacy Regulation EU 2016/679 (GDPR) and Legislative Decree No. 196 of June 30, 2003 (Code on Personal Data Protection), we hereby inform you that KITE automation S.r.l., as Data Controller, will process the personal data that concerns you and that have been or may be provided/communicated to us—by you or by other parties—during our relationship.

The data processing, freely provided by you or otherwise collected, will be carried out in compliance with current privacy regulations; it will be based on the principles of fairness, legality, and transparency, and conducted in accordance with the principles of relevance, completeness, and non-excessiveness.

Therefore, in accordance with Article 13 of the European Regulation 2106/679 (GDPR), we inform you that:

1. Identification of the Data Controller

KITE automation S.r.l.
Via Morandi 10 - 20077 Melegnano (MI)
VAT: 04436780268
Email: info@kite-automation.it

2. Purpose of the Processing

The data provided by you will be processed for the following purposes:

• Needs related to filling out form fields on the website for information requests and explanations.
• Needs related to course requests provided by the company.

3. Category and Nature of Processed Data

The categories of processed data are:

• Personal information (e.g., name, surname, email address).

4. Retention Period

In accordance with Article 5, paragraph 1, letter e) of the GDPR, personal data is stored in a form that permits the identification of the data subject for a period not exceeding the purposes for which the data is processed or according to the deadlines established by legal regulations. Data obsolescence verification is carried out periodically under the supervision of the Data Controller.

Specifically:

• When processing is necessary for the execution of a contract and/or pre-contractual measures, data will be processed until contract execution is completed and will be retained for the following 10 years, subject to the legitimate interest of the Data Controller in the event of legal disputes;
• When processing is necessary to fulfill a legal obligation to which the Data Controller is subject, data will be retained as long as legally allowed;
• When processing is necessary to pursue the legitimate interest of the Data Controller, data will be retained as long as legally permitted.

Personal data will, in any case, be retained to fulfill obligations (e.g., tax and accounting) that continue after the contract ends (Article 2220 of the Civil Code); for these purposes, the Data Controller will retain only the data necessary for the relevant purpose for the following 10 years, subject to the legitimate interest of the Data Controller in the event of legal disputes.

5. Processing Method

The processing will be carried out in a non-automated manner. It may involve operations such as collection, registration, organization, storage, consultation, use, elaboration, modification, selection, extraction, comparison, interconnection, transmission, communication, deletion, destruction, blocking, and limitation.

Processing will be performed both with paper-based support and with the aid of electronic, computer, and telematic tools suitable for ensuring data security and confidentiality, in accordance with Article 32 of the European Regulation 2016/679.

During processing operations, all technical, IT, organizational, logistical, and procedural security measures will be adopted to ensure an adequate level of data protection as required by law. The aforementioned methodologies applied to the processing will ensure data access only to the subjects specified in points 4 and 5.

6. Nature of Provision

Data provision and processing are:

• Mandatory and do not require your consent for purposes connected to obligations established by laws, regulations, or EU legislation;
• Essential and do not require your consent for all personal data indispensable for the proper establishment of the professional relationship, as well as for the management and continuation of the professional service;
• Essential and do not require your consent for the performance of tasks of public interest or the exercise of public authority of which the Data Controller is invested;
• Essential and do not require your consent for the pursuit of legitimate professional interests or those of third parties;
• Optional and require your explicit consent for all personal data collected for purposes not directly and/or indirectly connected to contractual, pre-contractual, legal obligations, safeguarding vital interests, performing public tasks, exercising public authority, or pursuing legitimate interests.

A refusal to provide the above data, although legitimate, could compromise the proper conduct of the relationship with our organization, and in particular, regarding the personal data defined as mandatory and essential, it could result in our inability to perform the normal conduct of the professional assignment and the regular provision of requested professional services.

7. Data Communication

The subjects or categories of subjects who may become aware of your data or to whom personal data may be communicated, in addition to the Legal Representative of the Data Controller, are:

• Authorized subjects for processing (such as employees);
• Data Processors (such as consultants, freelancers, software service providers).

The updated list of Data Processors and Appointees is kept at the Data Controller's registered office.
Your personal data, in any case, will not be disseminated.
Your personal data may also be communicated to the Public Administration, Welfare and Assistance Bodies, Public Entities, Law Enforcement Agencies, Judicial Authorities, or other Public and Private Subjects, but only to fulfill the professional assignment and legal, regulatory, or EU obligations.
The data in question will not be communicated to subjects other than those indicated in this notice, and data suitable for revealing the data subject's health status will, in any case, not be disseminated.

8. Processing of Particularly Sensitive Data

Should the processing also concern personal data falling within the category of sensitive data as defined by Article 9 GDPR (such as data suitable for revealing racial and ethnic origin, religious, philosophical, or other beliefs, political opinions, membership of political parties, unions, religious, philosophical, political, or trade union associations or organizations, as well as personal data suitable for revealing health status and sexual life) or "judicial" data (such as data suitable for revealing criminal record proceedings, administrative sanction registry, and related pending charges or the status of being charged or investigated), processing will be carried out within the limits and according to the methods provided by European Regulation 2016/679 and Legislative Decree 196/2003 and for purposes strictly necessary for the proper conduct of business activities, related operations for fulfilling professional assignments, and for compliance with contractual and/or legal or regulatory obligations.

In this case, the subjects or categories of subjects who may become aware of sensitive data or to whom data may be communicated, in addition to the Legal Representative of the Data Controller, are:

• Authorized subjects for processing (such as employees);
• Data Processors (such as consultants, freelancers, software service providers).

The updated list of Data Processors and Appointees is kept at the Data Controller's registered office.

9. Data Storage Location

Your personal data are processed and stored at the Data Controller's operating offices and are archived in paper and electronic format at the server and archives of the structure, at Via Morandi 10 - 20077 Melegnano (MI)

10. Data Subject's Rights

You may always request, at any time, from the Legal Representative of the Data Controller, using the contact details provided in this notice, a copy of your personal data, information on where your personal data is processed, and an updated list with the identifying details of all Data Processors and System Administrators authorized to process your data.

At any time, you may freely withdraw the consent provided, without any charges and without prejudice to the lawfulness of the processing up to that point, and, as a data subject, exercise the rights of Access, Rectification, Deletion, Limitation, Objection, Portability, and Complaint to the Data Protection Authority concerning the Data Controller as provided by Article 15 of the European Regulation 2016/679.

More specifically, as a data subject, you have the following rights:

• To obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
• To obtain information on: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of processing with electronic tools; d) the identification details of the Data Controller, Data Processors, designated representative under Article 5, paragraph 2, of the Privacy Code and Article 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or who may learn of it as designated representatives within the State, Data Processors, or Appointees;
• To obtain: a) updating, rectification, or, where interested, integration of data; b) deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including data that does not need to be stored for the purposes for which they were collected or subsequently processed; c) confirmation that the operations in a) and b) have been notified, as regards their content, to those to whom the data have been communicated or disseminated, unless this proves impossible or involves a disproportionate effort compared to the protected right;
• To object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for sending advertising or direct sales materials or for conducting market research or commercial communications, through automated call systems without operator intervention via email and/or traditional marketing methods by phone and/or paper mail.
• It should be noted that the data subject's right to object mentioned in the previous point b) for direct marketing purposes through automated methods extends to traditional ones, and that the data subject may still exercise the right to object even only in part. Therefore, the data subject may decide to receive communications only through traditional methods or only through automated communications or neither of the two types of communication.

11. Contact Details of the Data Controller

The contact details for exercising your rights are as follows:

KITE automation S.r.l.
Via Morandi 10 - 20077 Melegnano (MI)
P.iva: 04436780268
Email: info@kite-automation.it