Privacy Policy

Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”) 

Information to be provided where personal data are collected from the data subject 

According to Regulation (EU) 2016/679 (General Data Protection Regulation) we provide you the due information concerning the processing of collected personal data. This notice is not to be considered valid for other websites attainable trough links and data controller shall not be held responsible for third parties’ web pages.   

This notice is provided pursuant to art. 13 of the Regulation (EU) 2016/679 (General Data Protection Regulation) and according to the provisions of the Directive 2002/58/CE, as amended by Directive 2009/136/CE on Cookies. 

Cookies 
For more information on how this website uses Cookies, please visit the Cookie Policy available here. 

  1. Data Controller  
    1. Pursuant to art. 4 and 24 of the Reg. (EU) 2016/679, the Data Controller is Kiwikit Ltd with registered office in Manchester House, Grosvenor Hill, Cardigan, Ceredigion, Wales, SA43 1HY, in person of its Legal Representative
  2. Personal data
    1. Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).
  3. Purposes and Lawfulness of Processing, Data Retention and Nature of Conferral 

PURPOSE OF PROCESSING 

LEGAL BASIS 

DATA RETENTION 

NATURE OF CONFERRAL 

a) 

Allowing website browsing and the management of technical operation relating to the platform. 

 

The computer systems used to operate this website acquire,  in order to operate the site,  personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the users operating system and computer environment. 

Legitimate interest 

Art. 6 (1)(f) and recital 47 GDPR: Activities strictly necessary to the operation of the website and to allow the user to browse the platform. 

 

 

Browsing data will be retained for the single session only. 

 

Necessary for the legitimate interest of data controller with due regard to user’s rights and fundamental freedoms. The lack of data subject’s conferral will prevent the Data Controller to supply his services. 

b) 

Contact or Information Request:  

To provide feedback to requests of information addressed to the Data Controller, filling out the contact form. 

Execution of pre-contractual measures pursuant to Art. 6 (1)(b) GDPR:  processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. 

 

year 

Necessary: The provision of personal data is mandatory or optional depending on specific form; where mandatory, in case of lack the Data Controller will not be able to reply or guarantee his services. 

c)  

Signin-Up / Signin-In to Reserved Areas: 

In order to create a User account and benefit from the services provided by the Data Controller. (eg…) 

 

 

Contract 

Art. 6 (1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; 

10 years or otherwise stated by law 

Necessary: The provision of personal data is mandatory or optional depending on specific form; where mandatory, in case of lack the Data Controller will not be able to reply or guarantee his services. 

d) 

Fulfilling Contractual and Pre-Contractual obligations and for related administrative and accounting purposes 

In eg. Payments for goods, management of shippings, etc.)  

 

Contract 

Art. 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; 

10 years or otherwise stated by law 

Necessary: The provision of personal data is mandatory or optional depending on specific form; where mandatory, in case of lack the Data Controller will not be able to reply or guarantee his services. 

e) 

Direct Marketing 

Whether the data subject fills any forms meant to collect data related to Direct Marketing purposes: prior consent and until opposition for direct marketing, market research, direct sales, surveys on satisfaction degree, newsletters and promotionals, commercial and advertising material or regarding events and initiatives, through automated means of E-Mail, telefax, messages, SMS, MMS or other types, as well as operator-phone calls, paper mail or other information pack. The Data Controller uses newsletters and promotional communication reports to compare and possibly improve results. Thanks to reports, the Data Controller will be able to discover, for example: the number of readers, single openings, unique “clickers” and clicks; devices and operating systems employed to read the communication; user’s detailed activity; details of sent, delivered and forwarded emails; All these data are employed with the purpose of comparing, and possibly improving, the result of communication. 

Consent 

Art. 6(1)(a) GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes 

 

Until consent withdrawal by means of opt-out procedures or contacting the Data Controller 

 

OptionalThe data conferral is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefit from other purposes. 

 

4. Recipients or Categories of Recipients of Personal Data  

Provided data may be communicated to recipients who will act as Processors (art. 28 of the Reg. EU 2016/679) and/or persons acting under the authority of the Controller and the Processor (art.29 of the Reg. UE 2016/679) for the purposes pointed ahead. Precisely, your data may be communicated to recipients being part of the following categories:  

  • Subjects providing services for the management of the information system and communications networks (including E-mail boxes), newsletter services, freelancers, Offices or companies in the context of assistance and consultancy; 
  • Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request; 

An up-to-date Data Processors’ listing could be requested contacting the Data Controller. 

 

5. Data Transfer to A Third Country and/or International Organisation  

Personal data may be transferred to a third Country within or outside the EEA, subject to the limits and conditions set forth by art. 44 and following articles of the Regulation EU 2016/679, namely: 

  • to third countries or international organisations on the basis of an adequacy decision of the Commission (art. 45 Regulation EU 2016/679) (SWITZERLAND); 
  • to third countries or international organisations that have provided appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (art. 46 Regulation EU 2016/679); 
  • to third countries or international organisations on the basis of derogations for specific situations (art. 49 Regulation EU 2016/679).

6. Data Subject’s Rights  

You may freely exercise your rights, at any time, under Reg. EU 2016/679 – GDPR pursuant to art. 15 GDPR and following contacting the Data Controller at: [email protected] 

You have the right, at any time, to obtain from the Data Controller the access to your personal data (art. 15), request their rectification (art. 16), erasure (art. 17) or request processing restriction (art. 18). Furthermore, you have the right to object anytime to personal data processing based upon the legitimate interest of Data Controller (art. 21), withdraw your consent where previously given, as well as to ask for data portability (where envisaged) (art. 20). 

To unsubscribe from direct marketing feeds (eg. Newsletters, E-Mail), please write to [email protected] or use our automated unsubscribing tools. 

Without prejudice to any other administrative or judicial remedy, in case you consider the processing conflicting with Reg. UE 2016/679 you have the right to lodge a complaint with a supervisory authority (www.ico.org.uk).  

Amendments: Data processor retains the right to modify, update, add or remove parts of this informative at any time. Date of review: March 16, 2021