Privacy Policy

Notice concerning the processing of personal data

(Articles 13 and 14 EUROPEAN REGULATION No. 679/2016)


Dear Customer,

KIOENE SpA, with registered office in 55, Via Caltana – 35010 Villanova di Camposampiero (PD), Tax ID and VAT No. 01359600283, as “Data Controller”, informs you, pursuant to articles 13 and 14 of European Regulation no. 679/2016 (hereinafter “EU Regulation”), that your data will be processed as described below:


Subject matter of the processing

The Data controller informs you that any personal, identification data (e.g. name, surname, company name, address, telephone number, email, bank and/or payment details), hereinafter “personal data” or even simply “data” relating to you, including data provided verbally by you or otherwise acquired from third parties in the past, as well as data collected in the future, may be processed in compliance with the EU Regulation. The Data Controller will process data lawfully, specifically for the execution of a contract of which you are a party or for the implementation of pre-contractual measures (e.g. preparation of an offer, etc.) requested by you (Article no. 6 of the EU Regulation).


Data processing means any operation or set of operations concerning your data, such as the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination or destruction of such data.


Legal basis and purpose of the treatment

Legal basis: EU Regulation no. 679/2016

A) without your express consent (art. 6 letter b), c), e) of the EU Regulation), for the following purposes:

– Fulfilling the pre-contractual, contractual and tax obligations deriving from existing relations with you;

– Fulfilling the obligations established by the law, by a regulation, by the community legislation or by an order of the Authority (such as in the matter of anti-money laundering);

– Exercising the rights of the Data Controller, for example the right to defence in court;

– Keeping general accounts;

– For management purposes (invoicing, document management, etc.);

– For credit management;

– Statistical analysis and quality checks;

– Insurance management;

– Technical assistance.

More specifically, your data shall be processed for purposes connected to the implementation of the following commitments, pertaining to legal or contractual obligations:

– Functional and technical access to the website, no data is kept after closing the Browser;

– Advanced browsing or personalised content management purposes;

– Statistical purposes and analysis of browsing and of users.

B) Only with your prior and specific consent (Article 7 of the EU Regulation) for the following commercial and/or marketing and/or profiling purposes:
– sending newsletters, commercial communications and or/advertising material on products or services offered by the Data controller via email, post and/or text message and/or telephone contacts and/or detecting the level of satisfaction on the quality of what has been done as per your request;

– sending commercial and/or promotional communications of third parties (e.g. business partners) via email, post and/or text messages and/or telephone.


Method of Data Processing

Your data shall be processed by means of the operations mentioned in Article 4 no. 2) of the EU Regulation and precisely: collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, erasure or destruction, blocking. Your personal data is subject to both paper and electronic processing and/or automated processing (in any case, suitable to guarantee the security and confidentiality of your data).


Data retention and other information.

The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case within the legal deadlines from the termination of the contract for the Purposes referred to in the existing contract.

As for personal data processed for Marketing Purposes or for Profiling purposes, they will be kept in compliance with the principles of proportionality and necessity, and in any case until the purposes of the processing have been pursued or until the withdrawal of consent by the data subject.

Specifically, the Data Controller will keep personal data collected for Marketing Purposes for no more than 24 months and data collected for Profiling Purposes for one year.

Your personal data will be processed “lawfully, correctly and transparently”, protecting your privacy and your rights.

A regular annual check will be carried out on processed data and on the possibility of deleting them if no longer necessary for the purposes for which it was collected.


Access to data

Your data may be made accessible for the purposes set out in art. 2. A) and 2. B):

– to associates, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as internal data processors and/or managers and/or system administrators;

– to third-party companies or other subjects that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors (e.g. group practices, lawyers, data processing companies, certifying bodies, accounting/tax consultants and generally all the organisations responsible for checking and monitoring the fulfilment of the aforementioned purposes, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, financial offices, municipal bodies and/or offices, consultants and service and workplace safety companies, which in turn may disclose such data, or grant access to them to their own associates, users and relative assignees for specific market research. The data collected and processed may also be communicated to subcontractors, suppliers, for the management of information systems, transport companies, freight forwarders and customs brokers in Italy and abroad).

For the sake of brevity, a detailed list of such parties is available for you to view at our registered office.


Disclosure of data

Without the need for express consent (article 6, letters b) and c) of the EU Regulation), the Data Controller may disclose your personal data for the purposes mentioned in the previous point 2.A) to supervisory bodies, legal authorities and insurance companies for the provision of insurance services, as well as to any parties to which disclosure is required by law to fulfil the above-mentioned purposes.

These parties will process the data in their roles as independent data controllers.

During and after browsing your data may be disclosed to third parties, namely to:

– Google: Advertising service, Advertising target, Analytics/Measurement, Content customisation, Optimisation;

– Google AdWords: Advertising service, Advertising target, Analytics/Measurement, Content customisation, Optimisation;

– Google Analytics: Advertising target, Analytics/Measurement, Optimisation.

Your data will not be disclosed.


Data transfer

Personal data are stored on devices located at the registered office of the Data Controller or at providers within the European Union. In any case, it is understood that, if necessary, the Data Controller reserves the right to relocate its servers, even to countries outside the EU. In this case, the Data Controller guarantees from now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the contractual clauses and standard checks stipulated by the European Commission.

Both with regards to data kept on its own devices, and any data kept at the provider, the Data Controller has put adequate technical and organisational measures in place to guarantee an appropriate level of security, in full compliance with the provisions of art. 32 of the EU Regulation.

Web browsing: your browsing data may also be transferred, solely for the above-mentioned purposes, to the following states: – EU countries, – the USA.

Cookies Management: if you have any doubts or concerns about using cookies, you can always intervene to prevent it from being set up and read, for example, by changing your privacy settings within your browser to block certain types of cookies.

If you prefer to act independently through your web browser’s preferences, you may find detailed information on the required procedure in your browser guide – as web browsers differ significantly from one another, and differences are often found even among different versions of a same browser.


Nature of data provision and consequences of refusal to provide data

The provision of data for the purposes mentioned in the previous point 2.A) is compulsory. In their absence, we cannot guarantee the provision of the Services outlined in 2.A).

The provision of data for the purposes mentioned in the previous point 2.B) is instead optional. You can therefore decide to not provide any data or to subsequently deny the possibility to process data already provided. In this case, you will not be able to receive newsletters, commercial communications and advertising material and/or anything else related to Services offered by the Data Controller.

You will, however, continue to be entitled to the Services referred to in point 2.A).


Rights of Data Subjects

In your capacity as data subject, you have rights as per article 15 of the EU Regulation, as listed below and specifically:

You have the right to obtain confirmation from the Data Controller as to whether or not your data is currently being processed and, in such cases, to obtain access to the personal data and the following information:

a) the purposes of data processing;

b) the categories of personal data in question;

c) the recipients or categories of recipients to whom the personal data have been or will be communicated, particularly if the recipients are in third countries or international organisations;

d) wherever possible, the storage period of personal data provided or, if that is not possible, the criteria used to determine said period;

e) the existence of your right to request from the Data controller the correction or deletion of personal data, or the restriction of the processing of your personal data, or to object to their processing;

f) the right to lodge a complaint with a supervisory authority (the Data Protection Supervisor);

g) in the event that personal data are not collected from the data subject, all available information regarding their origin;

h) the existence of an automated decision-making process, that includes profiling referred to in article 22, paragraphs 1 and 4 of the EU Regulation, and at least in such cases, meaningful information on the logic used, as well as the importance and the consequences of such processing for the data subject.

In the event that personal data is transferred to a third country or an international organisation, you have the right to be informed of the existence of appropriate safeguards in accordance with article 46 of the EU Regulation relating to the transfer.

The Data Controller will provide you with a copy of your personal data being processed if you request it.
In the event that you ask for further copies, the data controller may charge a reasonable fee based on administrative costs. If you submit the request by electronic means, and unless otherwise specified, the information will be supplied to you in a commonly-used electronic format.

The right to obtain a copy referred to in paragraph 3 must not adversely affect the rights and freedoms of others.


Furthermore, where applicable, you can enjoy the rights referred to in articles 16 to 22 of the EU Regulation and more precisely you have:

– the right to rectification of personal data;

– the right to be forgotten (right of erasure);

– the right to data processing restriction;

– the right to data portability;

– the right to object;

– the right to complain to the Data Protection Supervisor.

You also have the right to withdraw, at any time, your previously-given consent without affecting the lawfulness of processing based on consent given before your withdrawal.


How to exercise your rights

You can exercise your rights at any time by sending:

– a registered letter with delivery receipt to the undersigned (see the address in the letterhead);

– an e-mail to



Anything provided by the Data Controller and that forms the basis of our relationship with you does not include the intentional collection of personal information referring to minors. In the event that information about minors is inadvertently recorded, the Data Controller will delete it in a timely manner at the request of the data subject.


Personal data not obtained from the data subject

It may be possible that the undersigned is not the Data Controller to whom you have given your personal data but is co-controller of the data or in charge of externally processing data and has therefore subsequently received your data due to a contract between the parties. In this case it is specified that the undersigned will make every effort to ensure that you are informed and have given consent to processing. At any time, you may ask the undersigned to provide the source of your data.


Data Controller, D.P.O. and processors


Below is some information that needs to be brought to your attention, not only to comply with legal obligations, but also because transparency and fairness towards our customers is an essential part of our business.


Data controller. The Data Controller of your personal data is KIOENE SpA on behalf of which signs Mr. Albino Tonazzo, responsible for the lawful and correct use of your personal data. You may contact him for any information or requests by phone at +39 (0)49 9220788, and by e-mail at:


D.P.O. (Data Protection Officer) You may also contact the Data Protection Officer for any information or requests about your data or to report a disservice or any other problems that you may have.

The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Officer, who can be contacted at: phone +39 348 3165267, e-mail:

Data processors. An updated list of data processors is kept at the registered office of the Data Controller.