WHO WE ARE
Personal Data Processing Policy in accordance with Article 13 of EU Regulation 2016/679
This policy will be reviewed and adjusted as necessary in the event of any regulatory updates (July 2023)
Dear Customer.
For the purposes envisaged by Regulation (EU) No. 1 of 2016/679 (General Data Protection Regulation - GDPR) on the protection of individuals with regard to the processing of personal data, we hereby inform you that the personal data provided by you and obtained by KOSOOM SRL shall be processed in accordance with the aforementioned provisions, in compliance with the rights and obligations arising therefrom. In this regard, KOSOOM SRL informs you of the following points in accordance with Article 13 (GDPR).
1. Identity and details of the data controller
The data controller is KOSOOM SRL, whose registered office is located at Via Talamoni, 6, 20861 Brugherio MB, Italy
Contact details of the data controller:
a) VAT number/tax code: IT00343170510
b) Telephone: +39 3400054590
c) Email: [email protected]
d) Certified e-mail: [email protected]
2. 2. Data Protection Officer (DPO)
The Data Protection Officer (DPO) designated by the Data Controller in accordance with Article 37 (GDPR) is KOSOOM SRL, address is Via Talamoni, 6, 20861 Brugherio MB, Italy
The contact information for the data processor is
a) Telephone: +39 3400054590
b) Email: [email protected]
c) Certified e-mail: [email protected]
d) VAT number: 06387650481
3.Personal data processed
In addition to any data you may provide, the personal data collated includes identifying data such as name and email address.
Usage data required for your browsing of this website will also be processed.
Usage data is information collected automatically through this website (including through third party applications integrated into this website) and includes: the IP address or domain name of the computer used by the user connecting to this website, the address) representation in the URI (Uniform Resource Identifier), the time of the request, the method used to forward the request to the server, the size of the file obtained in the response, a numeric code indicating the status of the server response numeric code, country of origin, browser and operating system used by the characteristic visitor, various times of access (e.g. length of time spent on each page) and details of the itinerary followed within the application, in particular the order of reference pages, parameters related to the user's operating system and computer environment.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
4. Purpose, legal basis for processing, nature of grant
The data should be processed for the following purposes and in accordance with the relevant legal basis. The necessary information on the nature of the data provision is also provided, namely
A)Purpose: to facilitate navigation and consultation of this website; legal basis: Article 6.1(f) (GDPR) taking into account that the processing is necessary for the pursuit of the legitimate interests of the data controller; nature of the provision: necessary for navigation of this website.
B)Purpose: to respond to requests for assistance or information that we receive by e-mail using the appropriate form; legal basis: Article 6.1(b) (GDPR) necessary for the performance of a contract to which the data subject is a party or for the fulfilment of pre-contractual measures taken in response to a contractual request; nature of the provision: necessary in order to be able to request assistance or information.
C)Purpose: to send communications concerning products and services offered by the controller (newsletter activities); Legal basis: consent in accordance with Article 6.1(a) (GDPR). You may revoke your consent at any time. Revocation does not affect the legality of processing based on the consent granted prior to revocation; nature of consent: necessary to register for the service.
D)Purpose: registration of the reserved area for access to all product documentation (product warranty, assembly instructions, photometry, 3D, DWG files) and proprietary content provided by the controller; legal basis: Article 6.1(b) (GDPR), necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request; nature of grant: registration is required for access to Reserved areas.
E)Purpose: registration of the personal account associated with the "Work with us" section in order to respond to job offers posted by the data controller or to submit spontaneous applications; legal basis: Article 6.1(b) (GDPR), necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures at the request of the data subject Necessary; nature of grant: necessary for the creation of a personal account.
F)Purpose: to comply with a legal obligation; legal basis: Article 6.1(c) (GDPR), necessary to comply with the legal obligations assumed by the data controller; nature of the provision: mandatory.
G)Purpose: for security and fraud prevention purposes, the data controller implements an automated control system involving the detection and analysis of user behaviour on the website in relation to the processing of personal data (including IP addresses); legal basis: Article 6.1(f) (GDPR), the processing is necessary for the pursuit of the controller's legitimate interests; nature of the provision: necessary to enable the exercise of rights in a court of law.
5. Possible recipients of data
Your personal data may be disclosed to:
a) parties who normally act as data controllers, i.e:
Individuals or companies who provide assistance and consultancy services to the data controller;
Parties with whom interaction is necessary for the provision of services;
Parties entrusted with technical maintenance activities (including the maintenance of network equipment and electronic communication networks) .
b) parties, institutions or authorities to whom disclosure of your personal data is required by law or by order of the authorities;
c) persons authorised by the data controller to process personal data necessary to carry out activities strictly related to the provision of the services, who have undertaken to maintain confidentiality or are under an appropriate legal obligation of confidentiality, such as employees of the data controller;
A full list of data processors can be obtained by sending a written request to the data controller to the above e-mail address.
6.Transfer of data abroad
The management and storage of personal data by the data controller shall take place on a server located in the EU of the data controller.
In any case, it should be understood that the data controller shall have the right to move the location of the server to Italy and/or to EU and/or non-EU countries if necessary. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will be carried out in accordance with the applicable legal provisions.
The management and storage of personal data by the Data Controller shall take place on servers located in the Data Controller's territory in the EU.
In any case, it shall be understood that the Data Controller shall have the right to move the location of the server to Italy and/or to EU and/or non-EU countries if necessary. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions.
7. Data retention period
Navigation data will be retained until the end of the session.
Any data posted by the user will be retained for a period of time in order to respond to their request.
8. Rights of the data subject, complaints and judicial remedies
In relation to the data itself, the data subject (or a person authorised in writing) may exercise the following rights:
a) the right of access in accordance with Article 15 (GDPR)
b) the right to rectification in accordance with Article 16 (GDPR)
c) the right to be forgotten under Article 17 (GDPR)
d) the right to restrict processing in the event of one of the circumstances set out in Article 18 (GDPR)
e) the right to obtain proof that the operations pursuant to Articles 16, 17 and 18 (GDPR) have been brought to the attention of the person to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort (Article 19) (General Data Protection Regulation)
f) the right to data portability in accordance with Article 20 (GDPR)
g) the right to object to the processing of personal data in accordance with Article 21 (GDPR)
h) the right to withdraw consent at any time in accordance with Article 7 (GDPR)
i) the right to lodge a complaint with the supervisory authority in accordance with Article 77 (GDPR)
j) the right to judicial review in accordance with Articles 78 and 79 (GDPR).
9. The rights you are interested in
a) Right of access
You have the right to obtain confirmation from the data controller as to whether we are processing personal data relating to you.
If such processing is taking place, you have the right to obtain the following information from the data controller:
(1) The purpose of the processing of the personal data;
(2) The categories of the personal data concerned;
(3) The recipients or categories of recipients to whom your personal data have been or will be disclosed;
(4) The retention period envisaged for the personal data relating to you or, if it is not possible to specify specific data in this regard, the criteria used to determine that period;
(5) Whether you, as an interested party, have the right to request the data controller to correct or cancel the personal data or to restrict the processing of the personal data concerning you or to object to its processing;
(6) The right to lodge a complaint with the supervisory authority;
(7) If the data was not collected from the data subject, all available information about its origin;
(8) The existence of automated decision-making, including analysis in accordance with Article 22(1) and (4) of the GDPR, and, at least in this case, meaningful information about the logic used and the importance and expected consequences of such processing of the data subject.
You have the right to access the information regardless of whether your personal data is transferred to a third country or to an international organization. In this case, you can request information about the appropriate safeguards in connection with the transfer in accordance with Article 46 of the GDPR.
b) Right to rectification
You have the right to rectification and/or supplementation of the controller if the personal data processed about you is inaccurate or incomplete. The data controller is obliged to carry out the correction without undue delay.
c) Right to restrict processing
You have the right to request a restriction of the processing of your personal data when:
(1) you challenge the accuracy of the personal data relating to you within the time required for the controller to verify the accuracy of the personal data;
(2) Where the processing is unlawful and you object to the deletion of the personal data and request a restriction on its use;
(3) You determine, exercise or defend in court the personal data necessary for the exercise of your rights, even though the data controller no longer needs the personal data for the purposes of processing;
(4) You object to the processing in accordance with Article 21 (1) of the GDPR, pending verification of whether the data controller's legitimate grounds prevail over your grounds.
If the processing of personal data concerning you is restricted, except for storage, only if you have given your consent or if the processing of such data is necessary for the evaluation, exercise or defence of rights in court or for the protection of the rights of other natural or legal persons or for reasons of public importance for the EU or the Member States.
If the processing is based on the above-mentioned hypothetical restriction, the data controller will inform you before revoking this restriction.
d) Right of cancellation
You have the right to request the immediate cancellation of personal data relating to you by the data controller and the data controller is obliged to cancel such data immediately if one of the following reasons exists:
(1) The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You withdraw your consent to the processing on the basis of Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing;
(3) You object to the processing in accordance with Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) of the GDPR;
(4) Your personal data is processed unlawfully;
(5) Personal data must be deleted in order to comply with the legal obligations of the controller under the laws of the Union or Member States to which the controller is subject;
(6) Your personal data is collected for the purpose of providing the information society services referred to in Article 8 (1) of the GDPR.
d.2. Information accessible to third parties
If a data controller discloses personal data concerning you and is obliged to delete such data in accordance with Article 17 (1) of the GDPR, he will take reasonable measures (including technical measures) to inform the data controller, taking into account the available technology and implementation costs. The data controller who is processing your personal data deletes any links, copies or reproductions of your personal data upon your request.
d.3. Exceptions
The right to rescind cannot be exercised if it is necessary to
(1) in order to exercise the right to freedom of expression and information
(2) in order to comply with a legal obligation to process under Union or Member State law with which the controller is required to comply, or in order to carry out a task performed in the public interest, or in order to exercise the public authority granted to the controller data controller;
(3) for reasons of public interest in the field of public health in accordance with Article 9 (2), h) and i) and Article 9 (3) of the GDPR
(4) for archival purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right under a) may result in the failure to achieve or seriously impair the achievement of the following objectives: the purpose of that treatment; or
(5) the right is established, exercised or defended in a court of law.
e) Right to information
If you have exercised your right to correction, deletion or restriction of processing to the data controller, he is obliged to inform each recipient to whom your personal data has been disclosed of these corrections, deletions or restrictions. To carry out data processing, unless this proves impossible or involves disproportionate work.
You have the right to obtain information about these recipients from the controller.
10. Cookies
Please refer to Cookie Policy。
In order to exercise your rights, you may contact the data controller via the contact point for data controllers specified in this policy.
This policy was updated in July 2023. If there are any changes to the processing, the controller should provide evidence of these by updating this text.