PRIVACY POLICY FOR

THIS WEB SITE

Consultation of this website involves the processing of data of identified or identifiable persons by H. Krull & C. S.p.A., as data controller.

“Personal data” means “any  information relating to  an  identified or  identifiable  natural person (‘data  subject’);  an identifiable natural person is  one  who  can  be  identified,  directly or  indirectly,  in  particular by reference to  an identifier such as a name, an identification number, location data, an online identifier or  to one or  more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

“Processing” of personal data means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.

Pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter the "Regulation"), this page provides information on how H. Krull & C. S.p.A. manages the processing of personal data of users (hereinafter the "User" or collectively "Users") who interact with its web services accessible electronically from the address: www.accakappa.com (hereinafter the "Site").

This notice is valid exclusively for this Site and for any of its possible sub-domains; it does not apply to other web sites visited by the User by means of hyperlinks or other links.

Please read this policy carefully before providing any personal data.

CONTENTS

1. DATA CONTROLLER
2. PURPOSE AND LAWFULNESS OF PROCESSING
3. NATURE OF THE DATA PROVISION
4. PERSONAL DATA STORAGE PERIOD
5. DATA PROCESSING MODALITIES
6. DATA RECIPIENTS CATEGORIES AND DATA TRANSFER
7. SOCIAL BUTTONS AND WIDGETS
8. CHILDREN
9. RIGHTS OF THE DATA SUBJECTS

1. 1. DATA CONTROLLER

The data controller is H. Krull & C. S.p.A., with registered office in Viale Luzzatti n. 21, 31100, Treviso (Italia), VAT N° 00177470267, fax n° +39 (0)422 308056, e-mail privacy@accakappa.it (hereinafter, the “Data Controller” or “Acca Kappa”).

2. PURPOSE AND LAWFULNESS OF PROCESSING

1. 1. A. Browsing data

IT systems and software procedures that manage this site while working acquire some personal data that are transmitted as a matter of course in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. Such data include IP addresses or user computer and terminal domain names, URI (Uniform Resource Identifier/Locator)  addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the answering file, the numerical code showing the status of the server answer (successful, error, etc.) and other parameters concerning the User’s operating system and IT environment.

These data are used only to obtain anonymous statistical information on the use of the site and to check its proper functioning, as well as to ensure the security of networks and information. In addition, navigation data may be used to defend or assert a right and/or for the detection and prevention of fraud and other crimes or offences.

The lawfulness of such processing resides in the compliance with legal obligations and respect for the legitimate interest of the Data Controller in the improvement of its services and the protection of the company's assets and the security of its infrastructure.

1. B. Cookies

The Data Controller uses so-called cookies. For additional information on cookies and their use in this Site, please refer to the Cookie policy page which is an integral part hereof.

1. C. Data voluntarily provided by the User

The discretionary, explicit and voluntary sending of e-mail messages to the addresses mentioned in this Site entails the acquisition of the sender’s address, which is necessary in order to satisfy any requests, and of any other personal data included in the message.

Data voluntarily provided by the User are collected in order to address the requests of the User and may also be processed by the Data Controller for the fulfilment of legal obligations, to defend or enforce a right and/or for the prevention and detection of fraud and other crimes or offences.

The lawfulness of such processing resides in its necessity for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract.

For particular activities carried out at the request of the User, please consult the specific information available at the links below:

• - registration on the Site,
• - purchase of items by non registered users,
• - subscription to the newsletter service,
• - sending of information to Acca Kappa using the contact form.

For these activities, specific information and, where necessary, specific consent will be provided in the relevant pages of the Site.

1. 3. NATURE OF THE DATA PROVISION

Apart from what is specified above for navigation data and cookies, the User is free to provide personal data when sending e-mails to the addresses indicated on the Site and in the request for specific Site services. It should be noted, however, that their provision may be necessary to meet the User's requests, where a refusal may make it impossible to respond to requests via e-mail or to proceed with the provision of the services requested as indicated in the relevant policies.

1. 4. PERSONAL DATA STORAGE PERIOD

The User's personal data will be stored by the Data Controller for a limited period of time depending on the purpose for which the data are collected and in particular:

• - browsing data are deleted after being processed;
• - data voluntarily provided by the User by e-mail to the addresses shown on the Site are stored for no  longer  than  is  necessary for the User’s requests to be addressed and, afterwards, for a period not exceeding 10 years, in compliance with the civil, fiscal and accounting legal obligations.

In any case, data collected through the web Site may be stored for longer periods than those mentioned above, in order to comply with legal obligations, defend or assert a right and/or for the prevention of fraud and other crimes or offences, in the measure allowed by the applicable laws and regulations from time to time in force.

1. 5. DATA PROCESSING MODALITIES

The Data Controller  shall process User data mainly by computer and telematic means.

Specific security measures shall be observed to prevent data loss, illicit or incorrect use thereof and unauthorised access. The Data Controller has adopted all appropriate security measures provided for by law.

1. 6. DATA RECIPIENTS CATEGORIES AND DATA TRANSFER

For the pursuit of the objectives for which the data are collected, the Data Controller may avail itself of the following categories of persons to whom the data may be communicated or who may come to know them as data processors:

• - providers of computer services, such as, for instance, direct marketing, internet service and cloud computing;
• - parties providing logistic, storage, promotion, supply, sales and delivery services regarding the  Data Controller products and services;
• - parties that carry out customer care activities;
• - firms and other parties that provide, assistance, advisory services and, without limitation, legal, tax, accounting, economic and financial, technical and organisational, data processing and communication services;
• - parties providing banking, financial, insurance and credit collection services;
• - subsidiaries, parent companies, investee companies and associated companies;
• - public authorities and supervisory and control bodies;
• - third-party companies in the context of mergers, acquisitions or disposals of the company or a branch of the same.

The updated list of designated Data Processors is available upon specific request to the Data Controller filed as detailed in paragraph 9 “Rights of the Data Subjects” below.

Personal data can also be made known to persons authorised by the Data Controller to process personal data in their capacity as:

• - order fulfilment staff;
• - administrative staff;
• - customer service staff;
• - information systems and marketing staff;
• - computer systems and Site management staff;
• - staff responsible for the provision of services on the Site; and
• - technical and sales staff.

No data collected through the Site  is subject to dissemination.

1. 7. SOCIAL BUTTONS AND WIDGETS

The Site also includes social buttons/widgets. These include social network icons, such as Facebook, Twitter, Pinterest, Google+, Youtube and Instagram, which allow users to reach their social networks by clicking on the icon. Using these tools, the User can, for example, share Site contents or recommend Site products on the social networks.

When the User clicks on any social buttons/widgets, the relevant social network may collect data relating to the visit to the Site. As mentioned in the introduction, this privacy policy does not apply to the processing of your data by the social network, for which you must refer exclusively to the privacy policy provided by the social network.

Except in cases where the User spontaneously shares his/her data with the social networks chosen by clicking on the social buttons/widgets, the Data Controller does not disclose or share any of the User's personal data with the social network.

1. 8. CHILDREN

The Site and its Services are not meant for children and therefore the Data Controller does not knowingly collect online personal data of people under 18 years of age.

1. 9. RIGHTS OF THE DATA  SUBJECTS

With regard to the data provided, the User, as the data subject to whom the personal data relate, has the right at any time to obtain from the Data Controller:

• - confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and a copy thereof (art. 15 of the Regulation);
• - the rectification of inaccurate personal data concerning him or her and, taking into account the purposes of the processing, the integration of such incomplete personal data (art.16 of the Regulation);
• - the erasure of personal data in the cases mentioned in art. 17 of the Regulation;
• - the restriction of  processing in the cases mentioned in art. 18 of the Regulation;
• - the right to object to processing of personal data (art. 21 of the Regulation);
• - the right to data portability (art. 20 of the Regulation);
• - if the data  subject has  given  explicit consent to  the  processing of  those  personal data  for  one  or more  specified purposes (art. 6 par. 1 lett. a of the Regulation), the right to revoke his or her consent, without prejudice for the lawfulness of any previous processing performed on the basis of the consent before it was revoked.

In order to exercise their rights, the data subject shall have to address their request to the Data Controller, H. Krull & C. S.p.A.:

• - by mail, at: Viale Luzzatti n. 21, 31100, Treviso (Italia), or
• - by fax, at: +39 (0)422 308056, or
• - by e-mail, at: privacy@accakappa.it.

The data subject, if registered on the Site, may also exercise the right to revoke any consent by accessing the “My account” area of the Site or, if they subscribe to the newsletter service, through the link contained in each communication received from the Data Controller.

Finally, it should be noted that the data subject also has the right, in the right circumstances and according to the relevant procedures, to lodge a complaint with the Data Protection Supervisor as supervisory authority.