REGULATION(EU) 2016/679 ON THE PROCESSING OF PERSONAL DATA - ART. 13

Kruso Kapital S.p.A., with its registered office at Largo Augusto 1/A, corner of Via Verziere 13 - 20122Milan, VAT No. 10753220960 (hereinafter referred to as the “Controller”), in its capacity as Data Controller, informs you pursuant to Legislative Decree196/2003, as amended by Legislative Decree 101/2018 (the “Privacy Code”) and Article 13 of Regulation (EU) 2016/679 (“GDPR”), that your personal data will be processed in accordance with the principles of fairness, lawfulness and transparency, and in accordance with the purposes and methods set out below,collecting only what is strictly necessary and relevant for the purposes of processing. The Data Protection Officer (DPO) may be contacted at: privacy@krusokapital.com where you may also exercise the rights provided for in Articles 15 and following of the GDPR.

1. Subject of the Policy

This Privacy Policy outlines the processing methods related to the use of the website https://www.krusokapital.com/en. Please note that this policy applies solely to the present website (hereinafter the “Site”) and not to any other websites that may be accessed via links. Further information may be provided where necessary upon requesting a specific service. “Processing of personal data” refers to any operation or set of operations, carried out with or without automated means, applied to personal data or sets of personal data, whether or not included in a database, such as collection, recording, organisation, structuring, storage, adaptation oralteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Types of Data Collected

Pursuant to Regulation (EU)2016/679, by using our services, you consent to our Company collecting certain personal data. This notice explains what data we collect, why and how we use it. We collect and process the following categories of personal data:

a) Data voluntarily provided by the user: throughs pecific sections of the site (e.g., “Contact” form) or by voluntarily contacting the addresses provided, you may provide personal data such as

  • Identifying and personal data (e.g., first and last name);
  • Contact information (e.g., email address, telephone number);
  • Other personal data you may provide directly (e.g., data included in contact forms)

b) Browsing data: the IT systems and software procedures used for this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but due to its nature, could, through processing and associations with third-party data, lead to identification. This includes IP addresses or domain names of the users’ computers, URI (Uniform Resource Identifier) addresses, the time of the request, method used in submitting the request, file size obtained, server response code (success, error, etc.), and other parameters regarding the user’s operating system and IT environment. These data may be used to ascertain liability in case of potential cybercrimes against the site.

c) Data collected via cookies orsimilar technologies: see our Cookie Policy fordetails on the types of cookies used and how to disable them.

3. Purposes of the Processing andLegal Basis

Apart from browsing data, which are necessary for IT protocol purposes, your personal data will be processed for the following:

3.1) Provision of the requested service:

  • Allow user access to https://www.krusokapital.com/en;
  • Allow users to request information;
  • Provide user support;
  • Handle any disputes that may arise;
  • Provide the requested service.

Legal basis: contractual or pre-contractual measures (Art. 6, para. 1, lett. b) GDPR).

3.2) Legitimate interest

  • Collect statistical information (e.g. most visited pages, user traffic, origin);
  • Exercise or defend a legal right;
  • Manage IT systems and ensure security.

Legal basis: legitimate interest of the Data Controller (Art. 6, para. 1, lett. f) GDPR).

3.3) Legal obligations:

  • Compliance with laws, regulations, authority orders, and fiscal/accounting obligations.

Legal basis: legal obligation (Art.6, para. 1, lett. c) GDPR).

4. Processing Methods

Processing is performed using paper and electronic means and includes collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure and destruction, as defined by Art. 4(2) GDPR.

5. Data Access and Disclosure

Your data may be made accessiblefor the purposes under point 3 to:

  • Employees and collaborators of the Controller in their capacity as authorised processors and/or system administrators;
  • Other companies of the Banca Sistema Banking Group, solely for purposes strictly related to the provision of the service, e.g., IT infrastructure management;
  • Third parties (such as IT service providers, website hosts, consultants, professional firms, data archiving services) acting as external data processors on behalf of the Controller.

Data may also be disclosed to:

  • Supervisory authorities, law enforcement, judicial bodies, public entities and any other party to whom disclosure is required by law. These entities will process the data as independent controllers.

Your data will not be disseminated.

6. Data Retention Period

Browsing data are retained only for the time strictly necessary. After this, they will be deleted or anonymised, unless required for security or legal defence. Data voluntarily provided by users will be processed and stored only for the time necessary to fulfil the purpose for which they were collected, after which they will be deleted or anonymised, unless required for legal defence purposes.

7. Data Transfer

Your personal data may be transferred outside the European Union. Any such transfer will comply with applicable legal provisions:

  • If the destination country is deemed adequate by the European Commission, the transfer may proceed;
  • If not, the transfer may be based on applicable derogations and/or on the use of Standard Contractual Clauses approved by the European Commission.

In particular, please note that the site’s hosting provider, Webflow Inc., uses data centres located in the United States. The provider ad heres to the EU-US Data Privacy Framework, which ensuresan adequate level of data protection and is accessible via: https://www.dataprivacyframework.gov also incorporating the European Commission’s Standard Contractual Clauses.

8. Nature of Data Provision

Providing your data for the purposes in point 3 is mandatory where required by legal or contractual obligations. Refusal to provide such data may make it impossible for the Controller to provide its services. For cookies, see the Cookie Policy.

9. Data Subject Rights and How to Exercise Them

You may, at any time and where applicable, exercise your rights under Articles 15 et seq. of the GDPR:

  • Confirm whether or not your personal data exists and obtain a copy;
  • Request data updates, rectifications or integration;
  • Request deletion of your data (within legal limits);
  • Object, in whole or in part, to the processing of your data;
  • Request restriction of processing in certain cases;
  • Request portability of your data provided electronically;
  • Withdraw your consent to processing, where consent was required;
  • Request human intervention in the event of fully automated decisions, including profiling.

If you believe your rights have been violated, you may file a complaint with the Data Protection Authority. To exercise your rights, you may contact the Data Controller at compliance&antiriciclaggio@krusokapital.com
or the DPO at privacy@krusokapital.com 

DOCUMENTI INFORMATIVI

Privacy Policy
Privacy Policy- App Kruso Kapital
Privacy Policy - Web Estimate
Privacy Policy - Customers Buyers at Auction