Kebi Srl is the owner of the platform KEBI, hereinafter referred to as Company. In the management of the platform KEBI, the company gathers, treats and shares the users' personal data with third parties; the users will be hereinafter referred to as Participant Users, who will register on the platform www.kebi.events for whatever purpose.
The platform is located in Italy and therefore it is subject to the laws of the Italian State. The company acts in full respect of the European Regulation n. 679/2016 (hereinafter, for brevity: GDPR) and, in compliance with the regulations contained in it, this Privacy Statement and Policy
all the indications about the treatment of personal data and the rights of registered, not registered and participant users.
Before giving Your consent to the treatment of Your personal data, we therefore invite You to read our Policy carefully.
1. DATA CONTROLLER The Data Controller (that is to say the person dealing with decisions concerning the collection and processing, the purpose and the security of data and tools used) is KEBI’s legal representative Mr. Cesare Mario Viacava domiciled for this position at the Company’s legal headquarter in Via Mecenate 76/32, 20138, Milano (MI), Italia.
2. DATA PROTECTION OFFICER The person in charge, also known by the acronym DPO, is the person to turn to about the amendment/management of the data that every user gives through their consent.
The DPO shall monitor that the legislation on personal data is respected and shall cooperate with the supervisory authority (the Data Protection Authority). Particularly, this person has functions of support and monitoring, advisory functions, formative and informative functions concerning the concrete application of this Regulations.
The Data Treatment Oﬃcer has been appointed in the person of: Viviana Guerini.
3. PURPOSE OF THE TREATMENT AND LEGAL BASIS Users’ personal data (that is to say the data provided by those who register on the platform) are provided to KEBI and treated by the latter, also through the communication to third parties when necessary and fundamental, for the following purposes:
for purposes strictly connected and fundamental for the execution of obligations arising from relationships, also contractual, established with KEBI, to allow and manage the Users’ registration to the platform, to provide the services oﬀered and for administrational and accounting purposes, also to fulfill obligations laid down in the current legislation ex art. 6 b) GDPR;
to fulfill any kind of obligations required by laws, regulations, community legislations or related to obligations arising from regulations issued by legal authorities, administrative oﬃcials or law enforcements, entitled by the law or supervisory authorities ex art 6 c) GDPR;
for purposes connected to assert or defend a right in a Court of Law on the part of KEBI ex art. 6 c) GDPR. The authorization for the purposes of the previous points, namely a), b), and c) is mandatory; refusal might involve the impossibility for KEBI to provide the services and/or implement the obligations arising from the relations established through its own platform. The treatment finds its legal basis in the consent of the participant/user declared through the check mark placed during the registration process and subsequently through the consent to the platform’s general policies. The treatment, furthermore, fulfills legitimate interests of the Owner, among which: execution of the contract, invoicing, recovery of debts. The consent about personal data treatment for the following points, which have diﬀerent functional purposes for KEBI’s activity ex art. 6 a) GDPR, shall otherwise be considered purely optional and therefore any refusal should not be an obstacle to the provision of all the services supplied by Kebi.
The treatment requires Users’ consent;
- for marketing and/or promotional purposes with automated means (sms, mms, email, fax) or with traditional means (mail, phone contact);
- for communication of datas to third parties, with consequent possibility for them of data treatment, which will allow them to use data for marketing and/or promotional purposes;
- for internal analysis and/or profiling activities related to market research and/or statistical research. The treatment finds its legal basis in the consent of the participant declared through the check mark placed during the registration process.
4. SPECIAL CATEGORIES OF PERSONAL DATA In accordance and for the purposes of art. 9 GDPR, all the users data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation” are considered special categories of personal data.
These data are never collected by KEBI, but if that was to happen, KEBI will treat them exclusively after a specific and explicit declaration of consent by the Users, declared in written form in accordance and for the purposes of art. 9, co 2a) GDPR.
5. MODALITIES OF TREATMENT Users’ personal data collected for purposes directly connected to the provision of the services supplied through the platform KEBI, will be treated by employees and collaborators, both internal and external to KEBI, who will be formally entrusted and authorized in data treatment, in accordance with art. 4 GDPR.
The data treatment could happen through manual, computer and/or telematic systems, also automated, in accordance with standards and principles of lawfulness and fairness, through the most suitable ways to guarantee security and confidentiality. Data will be shared with third parties only when strictly necessary.
KEBI will not collect any data from any User’s Facebook profile. Likewise, data shared by Users on Kebi will not be transferred on Facebook, without specific authorization of the Users.
6. COMMUNICATION TO THIRD PARTIES KEBI, in accordance with everything that was agreed above, shares the data of its Users with:
- developers, to allow them to fulfill their obligations towards participants/ supporters;
- to external partners such as, for example, legals, accountants and similar, and/or partners and professionals which knowledge and expertise may be used by KEBI in the course of its business operations, through its platform;
- third parties with the purpose of knowing the ratings of satisfaction on the quality of services provided through the platform KEBI, and/or market research and clients profiling. Users personal data could be transferred abroad, within the European Union or, if outside its borders, so as to provide adequate and appropriate safeguards in accordance with artt. 46 or 47 or 49 of the Regulation 679/2016.
The requests regarding the rights and/or any information and explanation You might need could be forwarded through written request to the Data Controller, through mail at the address Via Mecenate 76/32, 20138, Milano (MI), Italia or through e-mail at the address firstname.lastname@example.org
7. DATA RETENTION PERIOD AND CRITERIA USED Personal data provided by the Users and those collected by Kebi will be stored and preserved for 10 years after the last access on the platform, unless they will be necessary to fulfill legal obligations or other obligations arising from the exercise of the rights in a Court not Law, or upon authorities request.
Data eventually treated, with the specific consent of the User for marketing and/or profiling purposes, will be treated for a maximum time of 24 months.
8. RIGHTS OF THE DATA SUBJECT European Regulations 679/2016 recognizes to the Users the rights listed below, which can be exercised towards the Data Controller.
9. RIGHT OF ACCESS Art. 15 of the European Regulations recognizes the User the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data in question.
10. RIGHT OF RECTIFICATION Art. 16 of the European Regulations recognizes the User the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
11. RIGHT OF ERASURE Art. 17 of the European Regulations recognizes the User the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the grounds described in the Regulations applies.
12. RIGHT TO RESTRICTION OF PROCESSING Art. 18 of the European Regulations recognizes the User the right to obtain from the Controller restriction of processing where one of the grounds described in the Regulations applies.
13. RIGHT TO DATA PORTABILITY Art. 20 of the European Regulations recognizes the User the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided.
Also, the User has the right to have the personal data transmitted directly from one Controller to another, where technically feasible.
14. RIGHT TO OBJECT Art. 21 of the European Regulations recognizes the User the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6, Paragraph 1, point e) or f), including profiling based on those provisions.
15. RIGHT TO WITHDRAW THE CONSENT Art. 7 of the European Regulations recognizes the User the right to withdraw his or her consent at any time. The withdrawal of consent shall not aﬀect the lawfulness of processing based on consent before its withdrawal.
16. RIGHT TO LODGE A COMPLAINT According to Art. 77 of the European Regulations the User, without prejudice to any other administrative or judicial remedy, shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the Regulation.
This Policy will be subject to updates and therefore we invite all the platform’s Users, starting from now, to periodically visit this page to stay constantly updated on the modalities of treatment of personal data collected on KEBI’s platform.
The Data Controller