Privacy

Information pursuant to art. 13 of Regulation (EU) no. 2016/679 ("GDPR")

Keliweb S.r.l. (hereinafter "Keliweb") protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation.

As required by European Union Regulation no. 2016/679 ("GDPR"), and in particular to art. 13, below we provide the user ("Interested") with the information required by law relating to the processing of their personal data.

SECTION I.
Data controller and data processed
(art.13, first paragraph, letter a, art.15, letter b GDPR)

Keliweb s.r.l. (PI: 03281320782), current in 87036 - Rende (CS), via Bartolomeo Diaz, 35, in the person of the owner and legal representative, works as Data Controller and collects and / or receives information concerning the interested party, such as: Personal data (name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, fax, tax code, e-mail address (s), etc.), Electronic traffic data (Log, IP address of provenance).

Keliweb does not require the interested party to provide so-called data "Particular", that is, according to the provisions of the GDPR (art. 9), personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, data biometrics intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.

The Data Controller has appointed a Data Protection Officer -DPO who can be contacted for any information and request: e-mail: meduri@kelipec.it

SECTION II
Purpose of the treatment
(art.13, 1st comma GDPR)

The data are used by the Data Controller to follow up on the registration request and the supply contract for the chosen Service and / or the Product purchased, manage and execute the contact requests sent by the interested party, provide assistance, fulfill legal and regulatory obligations. which the Data Controller is required to work on. In no case Keliweb resells the personal data of the interested party to third parties or uses them for undeclared purposes.

In particular, the data of the interested party will be processed for:

• personal registration and requests for contact and / or information material

  The processing of the personal data of the interested party takes place to carry out the preliminary and consequent activities of the request for registration, the management of requests for information and contact and / or sending information material, as well as for the fulfillment of any other obligation arising.
  The legal basis for these treatments is the fulfillment of the services inherent in the request for registration, information and contact and / or sending information material and compliance with legal obligations.

• the management of the contractual relationship

  The processing of the personal data of the interested party takes place to carry out the preliminary and consequent activities to the purchase of a Service and / or a Product, the management of the related order, the provision of the Service itself and / or the production, the related billing and payment management, the handling of complaints and / or reports to the assistance service and the provision of assistance itself, the prevention of fraud and the fulfillment of any other obligation deriving from the contract.
  
  The legal basis for these treatments is the fulfillment of the services inherent to the contractual relationship and compliance with legal obligations.

• promotional activities on Services / Products similar to those purchased by the Data Subject (Recital 47 GDPR)

  The data controller, even without your explicit consent, may use the contact data communicated by the interested party, for the purpose of direct sale of its Services / Products, limited to the case in which it concerns Services / Products similar to those covered by the sale, unless the interested party explicitly opposes it.

• commercial promotion activities on Services / Products different from those purchased by the Data Subject

  The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to Services / Products that the Data Controller offers only if the interested party has authorized the treatment and does not object to this.
  This treatment can take place, automatically, in the following ways:

  
  
  • - email;

  and can be done:

  
  
  • 1. if the interested party has not revoked his consent for the use of the data.

  The legal basis for these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).

• the cyber security

  The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and / or recipients), the personal data of the interested party relating to traffic to a strictly necessary and proportionate extent to ensure the safety of the networks and information, i.e. the ability of a network or information system to withstand, at a given level of security, unexpected events or illegal or malicious acts that compromise availability, authenticity, integrity and confidentiality of personal data stored or transmitted.
  
  The Data Controller will promptly inform the interested parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to personal data breach notifications.
  
  The legal basis for these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out treatments relating to the purpose of protecting the corporate assets and security of the offices and systems.

• profiling

  The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen Services / Products, to propose advertising messages and / or commercial proposals in line with the choices made by the users themselves) only if the interested party has provided explicit and informed consent.
  
  The legal basis for these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).

• fraud prevention (recital 47 and art.22 GDPR)
  • the personal data of the interested party, with the exception of particular (Art 9 GDPR) or judicial (Art 10 GDPR) will be processed to allow controls for the purpose of monitoring and prevention of fraudulent payments, by software systems that carry out a verification so automated and prior to the negotiation of Services / Products;
  • passing these checks with a negative result will make it impossible to carry out the transaction; in any case, the interested party may obtain an explanation or contest the decision by motivating their reasons to the Customer Support service;
  • the personal data collected for anti-fraud purposes only, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.
• the protection of minors

  The Services / Products offered by the Data Controller are reserved for subjects legally capable, on the basis of the national reference legislation, to conclude contractual obligations.
  
  In order to prevent illegitimate access to its services, the Data Controller implements preventive measures to protect his legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data of the identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (Article 13, 1st paragraph of the GDPR)

The communication of the personal data of the interested party takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities related to the relationship established and to respond to certain legal obligations, such as: Accounting obligations related to the contractual performance , Provision of services (pec and electronic invoicing) connected to the requested service, Fulfillment of legal obligations, exercise of rights, protection of contractual rights, recovery of credit (eg. Communication of data upon request by the judicial authority).

The Data Controller requires third parties to comply with security measures equal to those adopted against the interested party by restricting the perimeter of action of the Data Processor to the processing related to the requested service.

The Data Controller transfers personal data to countries where the GDPR (non-EU countries) is not applied in cases of purchase of domains whose extension is different from .it for which the interested party will be informed in advance and will have to give his consent.

The legal basis for these treatments is the fulfillment of the services inherent in the relationship established, compliance with legal obligations and the legitimate interest of Keliweb to carry out treatments necessary for these purposes.

SECTION III
Refuse to provide the data
(Art. 13, 2nd paragraph, lett. And GDPR)

The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested Product. If the interested party does not provide the personal data expressly provided as necessary in the order form or registration form, the Data Controller will not be able to follow up on the processing related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.

Failure to consent to the processing of personal data for commercial promotion activities on Services / Products different from those purchased

In the event that the interested party does not give his consent to the processing of personal data for these purposes, the treatment will not take place for the same purposes, without this having effects on the provision of the requested services, nor for those for which he already has given consent, if required.

In the event that the interested party has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, your data will no longer be processed for these activities, without this leading to consequences or detrimental effects for the interested party and for the performance required.

Data processing of the interested party (art. 32 GDPR)

The Data Controller arranges for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the Data Subject's personal data and imposes similar security measures on third party suppliers and Managers.

The personal data of the interested party are stored in computer and telematic archives located in countries where the GDPR is applied (EU countries).

Data retention of the interested party (art. 13, 2nd paragraph, letter to GDPR)

Unless an explicitly express to remove them, the personal data of the interested party will be kept as long as they are necessary with respect to the legitimate purposes for which they were collected.

In particular, they will be kept for the entire duration of your personal registration and in any case no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this term, there are no Associates of the Services and / or purchased of the Products through the the registry itself.

In the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the Data Subject, for which he initially gave consent, these will be kept for 24 months, unless the consent is revoked.

In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless a revocation of the consent.

It should also be added that, in the event that a user forwards unsolicited or unnecessary personal data to Keliweb in order to perform the requested service or to provide a service strictly connected to it, Keliweb cannot be considered owner of this data and will delete them as soon as possible.

Regardless of the determination of the interested party to remove them, personal data will in any case be kept according to the terms provided for by current legislation and / or national regulations, for the exclusive purpose of guaranteeing the specific fulfillment of some Services (for example but not limited to, Certified Electronic Mail).

Furthermore, personal data will in any case be kept for the fulfillment of the obligations (e.g. tax and accounting) that remain even after the termination of the contract (art. 2220 of the Italian Civil Code); for these purposes, the Data Controller will retain only the data necessary for the relative pursuit.

This is without prejudice to cases in which the rights deriving from the contract and / or from the personal registration should be brought to court, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit.

The rights of the interested party (articles 15 - 20 GDPR)

The interested party has the right to obtain the following from the data controller:

• the confirmation that personal data concerning him or her is being processed and in this case, to obtain access to personal data and to the following informations:
  
  
  • the purposes of the treatment;
  • the categories of personal data;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  • when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  • the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
  • the right to lodge a complaint to a supervisory authority;
  • if the data are not collected by the data subject, all available information on their origin;
  • the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
  • the adequate guarantees provided by the third country (outside the EU) or an international organization to protect any data transferred.
• the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In the event of further copies requested by the interested party, the data controller can charge a reasonable expense contribution based on administrative costs;
• the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay;
• the right to obtain from the data controller the cancellation of personal data concerning him without undue delay, if there are the reasons provided for by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law always exist; and in any case if the treatment is not justified by another equally legitimate reason;
• the right to obtain the limitation of processing from the data controller, in the cases provided for by art. 18 of the GDPR, for example where it has contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in reasonable times, also of when the suspension period has been completed or the cause of the limitation of the treatment has ceased, and therefore the limitation itself revoked;
• the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been sent, unless this proves impossible or involves a disproportionate effort;
• the right to receive personal data concerning him in a structured, commonly used and machine-readable format and the right to transmit such data to another data controller without hindrance by the data controller to whom he has provided them, in cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.

For any further information and in any case to send your request you must contact the Data Controller at privacy@keliweb.it . In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.

Oppose the processing of your personal data (Art. 21 GDPR)

For reasons relating to the particular situation of the interested party, the same can object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller to the address privacy@keliweb.it

The interested party has the right to delete his personal data if there is no prevailing legitimate reason for the owner compared to the one that gave rise to the request, and in any case in the event that the interested party opposed the treatment for commercial promotion activities.

Complaint (Art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint to the competent supervisory authority on the Italian territory (Guarantor Authority for the protection of personal data) or to the one that carries out its duties and exercises its powers in the Member State where the violation of the GDPR occurred.

All the updates of this information will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the data of the interested party for purposes other than those referred to in this information before proceeding and following the manifestation of the relative consent of the Interested if necessary.