INFORMATION ON THE PROCESSING OF PERSONAL DATA

Welcome to the Acca Kappa website.
On this page, we provide you with information pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR") on the processing of your personal data that we collect when you browse www.accakappa.com (the "Site") and interact with the related services.

 

This information is provided only for the Site and any of its subdomains, and not also for other websites that may be visited through hyperlinks or web links.

 

Please read this policy carefully before providing us with your personal information.

 

1. DATA CONTROLLER

Krull & C. S.p.A., with registered office at Viale Luzzatti n. 21, 31100, Treviso (Italy), VAT No. 00177470267, e-mail privacy@accakappa.it (the "Data Controller" or "Acca Kappa") is the data controller.

 

2. CATEGORIES OF PERSONAL DATA COLLECTED

a) Navigation data

Browsing the Site and accessing its services entails the acquisition of certain personal data relating to your browsing, such as, for example, the IP addresses or domain names of the computers you use to connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and computer environment you’re using. This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify such data subjects.

 

b) Personal data you voluntarily provide to us

The Data Controller processes personal data that you voluntarily provide to us when you register with the Site, access related services, purchase a product, or interact with customer service, such as, for example, biographical data, contact data, purchase data and banking data.

 

c) Cookies

The Site uses so-called cookies. For more information about cookies and their use on the Site, see the  cookie page.

 

3. PURPOSE, LEGAL BASIS AND RETENTION PERIOD

I. Your personal data will be processed by the Data Controller in the following ways:

#

PURPOSE

LEGAL BASIS

RETENTION PERIOD

A

Site navigation: navigation data are processed to allow you to navigate the Site and access the related services and, in particular, to obtain anonymous statistical information on the use of the Site and the services offered, to check its correct functioning and for security reasons

Legitimate interest of the Data Controller

For the period necessary for the relevant processing

B

Site registration (personal account): to allow you to create your personal account on the Site and take advantage of related services, such as wishlist and purchased product history

Performance of the contract or pre-contractual measures you requested

Until your request to delete the account or, failing that, for a period of 24 months from your last login

C

Sale of products: for the conclusion and execution of the contract for the sale of products offered on the Site, including the management and processing of purchase orders, delivery of products, communication of any circumstances connected to the order, and management of payments

Performance of the contract or pre-contractual measures you requested

For the time necessary to process the purchase order (subject to further storage, where necessary, for the purposes that follow)

D

Customer Care: for handling and responding to requests you send to us, such as in relation to returns, complaints, and refunds on purchased products

Performance of the contract or pre-contractual measures you requested

For the period of time necessary to respond to your request (subject to further retention, where necessary, for the purposes that follow)

E

Fulfillment of legal obligations: for the fulfillment of legal obligations (particularly civil, tax, public safety, banking and data protection)

Fulfillment of legal obligations

For the period stipulated in the regulations. Invoice data are kept for 10 years from the date of invoice issuance

F

Litigation and tort prevention: to defend or enforce a Data Controller's right and/or for the detection and prevention of fraud and other crimes or torts

Legitimate interest of the Data Controller

For as long as necessary for the purpose for which the data are collected in accordance with applicable law (e.g., statute of limitations)

and, only with your express consent, for the following purposes:

G

Newsletter: to sign up for Acca Kappa's newsletter and keep up to date by emailing you informative communications about our products, services and events.

Your consent

Until your consent is revoked or, failing that, when the service is terminated

 

4. NATURE OF PROVISION OF DATA

The provision of the data present in the fields marked with an asterisk (*) for the purposes referred to in Article 3, letters A) to F) above, is necessary to navigate and register you on the Site, take advantage of the related services and purchase products on the Site, and failure to provide such data will result in the impossibility of obtaining the products and services requested. On the other hand, the provision of the data in the fields not marked with an asterisk, while it may be useful to facilitate relations with the Data Controller, is optional and failure to provide it does not affect the obtaining of the products and services requested.

With reference to the newsletter subscription referred to in art. 3, letter G), the provision of data is optional and your refusal will result in the impossibility of subscribing and receiving the newsletter, but will not prevent you from browsing and registering on the Site, purchasing products and taking advantage of the related services in accordance with the provisions of art. 3, letters A) to F) above.

 

5. CATEGORIES OF RECIPIENTS OF PERSONAL DATA AND DISSEMINATION OF DATA

To pursue the purposes for which the data are collected, the Data Controller may use the following categories of subjects to whom the data may be communicated as autonomous data controllers or who may become aware of the data as data processors:

  • IT service providers, such as internet service and cloud computing;
  • subjects who carry out logistics, warehousing, promotion and delivery of products and services;
  • subjects who perform customer service activities;
  • firms and other entities that provide assistance, advice and services of particular kinds, e.g., legal, tax, accounting, economic/financial, technical/organizational, data processing, communications;
  • subjects who provide banking, financial, insurance and debt collection services;
  • subjects providing anti-fraud payment control activities;
  • subsidiaries, parent companies, investees and affiliates;
  • public authorities and supervisory and control bodies.

The updated list of data processors is available upon specific request to the Data Controller by the means indicated in Section 7.

Exclusively for the purposes specified above, your personal data may also be known to persons within the Data Controller who are authorized to process it by reason of their respective duties.

No data collected at the Site is subject to dissemination.

 

6. DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANIZATION

Your personal data may be transferred, for the purposes for which it is collected, to United States of America which is a country outside the European Union. The transfer of personal data to subjects located in the United States of America will take place exclusively pursuant to the standard contractual clauses adopted or approved by the Commission of the European Union and/or the adequacy decision of the Commission of the European Union of 10-07-2023 on the adequacy of the level of protection of personal data with the EU-US Data Privacy Framework (articles 45 and 46, par. II, letters c and d of the Regulation GDPR).

 

7. MINORS

The Site and services are intended for the sale of products and services to individuals over the age of 18. Therefore, the Data Controller does not intentionally collect personal data from persons under the age of 18. If you access the services of the Data Controller, you declare that you are of legal age.

 

8. RIGHTS OF DATA SUBJECTS

In relation to the personal data you have provided, you have the right at any time to request:

  • confirmation of whether or not personal data concerning you is being processed and, if so, to obtain access to the personal data and to obtain copies of it (Art. 15 of the GDPR);
  • rectification of inaccurate personal data concerning you, as well as the updating of the same where deemed incomplete, always in relation to the purposes of processing (Article 16 of the GDPR);
  • deletion of personal data in the cases referred to in Article 17 of the GDPR;
  • limitation of processing in the cases referred to in Article 18 of the GDPR;
  • objecting to the processing of personal data in accordance with Article 21 of the GDPR;
  • data portability, if the processing is based on your consent or a contract and is carried out by automated means (Art. 20 of the GDPR);
  • when you have given explicit consent to the processing of such personal data for one or more specific purposes (Art. 6(1)(a) of the GDPR), revocation of consent without affecting the lawfulness of the processing based on the consent given before revocation.

To exercise these rights, you can write to: privacy@accakappa.it.

If you are registered for the newsletter, you can exercise the right to withdraw any consent given via the link contained in each communication received from the Controller. Finally, please note that, if the appropriate conditions are met, you also have the right to lodge a complaint with the Data Protection Authority as the supervisory authority, in accordance with the established procedures.