Privacy Policy Notice EULA

Notice pursuant to art. 13 and 14 of EU Regulation 2016/679 on the protection of personal data (GDPR) 

CUSTOMERS&RESELLERS 

Pursuant to art. 13 and 14 of EU Regulation 2016/679 (hereinafter “GDPR”),  Kalliope S.r.l. (hereinafter “Kalliope” or “Data Controller”) with registered office in Via Agostino Bassi, 5, 56121 Pisa, Italy, in its capacity of personal data controller, in the person of its legal representative pro tempore, informs you that the personal data of some of the physical persons of your employees and/or legal representatives and/or associates will be subject to processing on the part of Kalliope itself through manual processing or processing with electronic or automatic instruments, computers, or telematic instruments, strictly for the purposes listed below, and in any case in such a way as to guarantee the safety and confidentiality of the data. 

Identity and contact details of the Data Controller and of the Data Protection Officer 

The Data Controller is Kalliope, in the person of its legal representative pro tempore, with registered office in Via Agostino Bassi, 5, 56121 Pisa.  

The Data Controller has appointed Aksilia S.r.l. as Data Protection Officer, with registered office at Corso di Porta Vittoria, 28, Milan (MI), Italy. The Data Protection Officer can be contacted at aksilia@pec.it. 

To exercise your rights or to obtain information regarding such rights and/or this Privacy Notice, you may write to the following e-mail address privacy@Kalliope.com

Categories of data obtained from subjects other than the Data Subject  

For the purposes described in par. “Purposes and lawfulness of data processing”, Kalliope processes all categories of personal data obtained directly from the Data Subject (art. 13) or from your company (art. 14). Furthermore, Kalliope processes data concerning legal persons or entities (e.g. company name, contact email) for marketing purposes, as detailed below. 

Origin of personal data 

Personal data is provided directly by the Data Subject (art. 13) or by your company (art. 14). 

Purposes and lawfulness of data processing  

Personal data is processed by the Data Controller pursuant to art. 6 of the GDPR. The specific purposes of data processing and their legal basis are listed below: 

Purpose of data processing Legal basis of data processing 
Management of accounts receivable Performance of a contract or performance of pre-contractual measures Compliance with a legal obligation to which the Data Controller is subject1 
Marketing activities Express consent to processing of personal data 
Direct communication of company data via email to third party companies for marketing activities Express consent to processing of personal data 
Sales and after-sales management & customer management Performance of a contract or performance of pre-contractual measures 
Backup and restore management Pursuit of the legitimate interest of the Data Controller or third parties2 
Kalliope technical support Performance of a contract or performance of pre-contractual measures 
User and access profile management and control Pursuit of the legitimate interest of the Data Controller or third parties3 

Nature of data provision and consequences of refusal 

Data provision is obligatory for the fulfillment of legal and/or contractual obligations and those whose legal basis is legitimate interest. Therefore, any refusal to provide the obligatory data will entail the objective inability to pursue the purposes of data processing outlined in this Notice (par. “Purposes and lawfulness of data processing”). 

Provision of data where the legal basis is the consent of the Data Subject is instead optional and presupposes the consent of some of the physical persons of your employees and/or legal representatives and/or associates whose data will be subject to processing. This consent may be revoked at any time through the means described below. Personal data such as phone number and email addresses may be acquired: this data will be used for the purpose of communicating information or sending newsletters concerning product sponsorship and/or company events. 

Categories of recipients of the personal data 

The personal data provided and the data regarding the performance of the contractual relationship may be communicated to third parties belonging to the following categories: 

  1. Accounting firms; 
  1. Support providers (e.g. for data and backup conservation); 
  1. Companies responsible of the development of advertising forms on social media platforms and of the management of the Kalliope Tribe platform; 
  1. Banks and credit institutions; 
  1. Auditing firms; 
  1. Partner firms; 
  1. Parent company, affiliated companies, or in any case companies belonging to the same corporate group. 

All subjects belonging to the above categories to whom the data is communicated will use them in the capacity of “Data Processor” specifically appointed by Kalliope pursuant to art. 28 of the GDPR or of autonomous “Data Controller”. 

The data will furthermore be processed by subjects specifically authorized by the Data Controller pursuant to the GDPR. Personal data processed by Kalliope is not subject to disclosure. 

Company data processed by Kalliope may be subject to disclosure through publication on company social network pages and websites. 

Transfers to countries outside the EU 

For the purposes described above, personal data and data relating to legal entities may be transferred to the recipients indicated above, both within Italy and abroad, including to countries outside the European Union (EU). 

Where data are processed outside the territory of the EU in a country that does not ensure an adequate level of data protection as recognized by the European Commission, the transfer will be governed by the Standard Contractual Clauses, which shall regulate any such processing activities. 

With reference to transfers to the United States, the Processor and any Sub-processors shall verify on the Data Privacy Framework website whether the recipient in the United States is certified and whether the relevant data transfer is covered by such certification 

Retention period of personal data 

Personal data processed by Kalliope will be retained for the time necessary for the performance of the contractual relationship, as well as the time required by civil, tax, and regulatory laws. The data will then be archived until the limitation period required by law with respect to individual enforceable rights.  

At the end of such limitations the personal data will be anonymized or deleted except in the case where conservation is necessary for other purposes expressly required by law. 

The details concerning the duration of the data retention period for the purposes outline above, i.e. the criteria used for determining such periods, are listed below (particular data is written in italics): 

Purpose Category of personal data Required limitation period before deletion 
Management of accounts receivable Tax code and other personal identification codes, name, address, bank details (IBAN) [only for individual firms and independent contractors], email address Ten years and six months after the accounting entry or the end of any litigation 
Marketing activities Name, address or other personal identification details, email address, telephone number 24 months after the cancellation of the newsletter or after the last marketing campaign 
Direct communication of company data via email to third party companies for marketing activities Company name, company email address 24 months after the cancellation of the newsletter or after the last marketing campaign 
Sales and after-sales management & customer management Name, address or other personal identification details, user ID – password, email address, telephone number Ten years and six months after the accounting entry or the end of any litigation 
Kalliope technical support Name, address or other personal identification details, user ID – password, email address Ten years and six months after the registration of the support request in the ticketing system or more in case of litigation 
Backup and restore management All data concerning the purposes listed above, archived in backup storage Ten years and six months after the accounting entry or the end of any litigation 
User and access profile management and control Name, address or other personal identification details, user ID – password, email address Ten years and six months after the deactivation of the account or more in case of litigation 

Automated decision-making 

In the pursuit the purposes listed above, no decision will be made based only on automated processing that may cause any legal consequences for the Data Subject or that may similarly have a significant impact on their person. 

Rights of the Data Subject 

Pursuant to and in accordance with the GDPR, the Data Subject has the following rights that may be exercised towards Kalliope: 

  1. the right to obtain from the Data Controller confirmation of whether or not personal data concerning the Data Subject is being processed and, in such a case, to obtain access to their personal data and any information provided for in art. 15 and specifically those concerning the purposes of data processing, the categories of the personal data in question, or the categories of the recipients to whom the personal data has been or will be communicated, the retention period, etc.;  
  1. the right to obtain the rectification of any errors in the personal data concerning the Data Subject, as well as the integration of the any data that is considered incomplete for the purposes of data processing (art. 16); 
  1. the right to obtain the deletion (“right to be forgotten”) where one of the grounds provided for in art. 17 applies;  
  1. the right to restrict data processing where one of the cases provided for by art. 18 applies; 
  1. the right to data portability pursuant to art. 20; 
  1. the right to object to data processing pursuant to art. 21; 
  1. the right to revoke consent at any time without compromising the legality of any processing performed before the revocation, only for purposes whose legal basis is the consent of the Data Subject. 

Those rights may be exercised by contacting the Personal Data Protection Officer (RPD), also referred to as the Data Protection Officer (DPO), using the contact details provided above, or by sending a request via registered mail with return receipt to the following address: Via Agostino Bassi, 5, 56121 Pisa, or by sending an email to: privacy@kalliope.com. 

The Data Subject may also inform the DPO of any circumstances or events that may potentially cause a violation of their personal data (i.e. any violation of security that may accidentally or illicitly cause the destruction, loss, alteration, unauthorized disclosure, or access to the data), for the purpose of allowing an immediate assessment and, if necessary, taking preventative measures sending an email to aksilia@pec.it. 

Please note that the Data Subject has the right to lodge a complaint to the Data Protection Authority or any other supervisory authority pursuant to art. 13, par. 2, letter d) of the GDPR. 

Changes to this notice  

This notice may change. It is therefore recommended to regularly check the privacy section of https://www.kalliope.com 

Notice pursuant to art. 13 and 14 of EU Regulation 2016/679 on the protection of personal data (GDPR) 

POTENTIAL CUSTOMERS&RESELLERS 

Pursuant to art. 13 and 14 of EU Regulation 2016/679 (hereinafter “GDPR”), Kalliope S.r.l. (hereinafter “Kalliope” or the “Data Controller”) – with registered office in Via Agostino Bassi, 5, 56121 Pisa, Italy – , in its capacity of personal data controller, in the person of its legal representative pro tempore, hereby informs you that the personal data of certain of your employees and/or legal representatives and/or shareholders who are natural persons will be processed by Kalliope through manual processing activities or by means of electronic, automated, IT, or telematic tools, using methods strictly related to the purposes listed below and, in any case, in such a way as to ensure the safety and confidentiality of the data. 

Identity and contact details of the Data Controller and of the Data Protection Officer 

The Data Controller is Kalliope, in the person of its legal representative pro tempore, with registered office in Via Agostino Bassi, 5, 56121 Pisa.  

The Data Controller has appointed Aksilia S.r.l. as Data Protection Officer, with registered office at Corso di Porta Vittoria, 28, Milan (MI), Italy. The Data Protection Officer can be contacted at aksilia@pec.it. 

To exercise your rights or to obtain information regarding such rights and/or this Privacy Notice, you may write to the following e-mail address privacy@Kalliope.com

Categories of data obtained from subjects other than the Data Subject  

The personal data acquired and processed may include: name, address or other personal identification details, e-mail address, and telephone number. 

For the purposes described in par. “Purposes and lawfulness of data processing”, Kalliope processes all categories of personal data obtained directly from the Data Subject (art. 13) or from your company (art. 14). Furthermore, Kalliope processes data concerning legal persons or entities (e.g. company name, contact email) for marketing purposes, as detailed below. 

Origin of personal data 

Personal data is provided directly by the Data Subject (art. 13) or by your company (art. 14). 

Purposes and lawfulness of data processing  

Personal data is processed by the Data Controller pursuant to art. 6 of the GDPR. The specific purposes of data processing and their legal basis are listed below: 

Purpose of data processing Legal basis of data processing 
Marketing activities (e.g. marketing communications of an advertising, informational, or promotional nature regarding products and services offered by Kalliope) Express consent to the processing of personal data 

Nature of data provision and consequences of refusal 

The legal basis for processing is your consent. Any consent given may be freely withdrawn at any time through the means and methods described below, without affecting the lawfulness of processing carried out prior to such withdrawal. 

Categories of recipients of the personal data 

The personal data provided may be communicated to third parties belonging to the following categories: 

  1. support providers (e.g. for data and backup storage); 
  1. parent companies, subsidiaries, affiliates, or companies belonging to the same corporate group. 

All subjects belonging to the above categories to whom the data is communicated will use them in the capacity of “Data Processor” specifically appointed by Kalliope pursuant to art. 28 of the GDPR or of autonomous “Data Controller”. 

The data will furthermore be processed by subjects specifically authorized by the Data Controller pursuant to the GDPR. Personal data processed by Kalliope is not subject to disclosure. 

Company data processed by Kalliope may be subject to disclosure through publication on company social network pages and websites. 

Transfers to countries outside the EU 

For the purposes described above, personal data and data relating to legal entities may be transferred to the recipients indicated above, both within Italy and abroad, including to countries outside the European Union (EU). 

Where data are processed outside the territory of the EU in a country that does not ensure an adequate level of data protection as recognized by the European Commission, the transfer will be governed by the Standard Contractual Clauses, which shall regulate any such processing activities. 

With reference to transfers to the United States, the Processor and any Sub-processors shall verify on the Data Privacy Framework website whether the recipient in the United States is certified and whether the relevant data transfer is covered by such certification 

Retention period of personal data 

Personal data will be retained for a period not exceeding 24 months from the date consent is given for such processing activities and/or from the cancellation of the newsletter subscription. 

After such period, personal data will be anonymized or deleted unless their retention is required for other purposes expressly provided for by law. 

Automated decision-making 

In the pursuit the purposes listed above, no decision will be made based only on automated processing that may cause any legal consequences for the Data Subject or that may similarly have a significant impact on their person. 

Rights of the Data Subject 

Pursuant to and in accordance with the GDPR, the Data Subject has the following rights that may be exercised towards Kalliope: 

  1. the right to obtain from the Data Controller confirmation of whether or not personal data concerning the Data Subject is being processed and, in such a case, to obtain access to their personal data and any information provided for in art. 15 and specifically those concerning the purposes of data processing, the categories of the personal data in question, or the categories of the recipients to whom the personal data has been or will be communicated, the retention period, etc.;  
  1. the right to obtain the rectification of any errors in the personal data concerning the Data Subject, as well as the integration of the any data that is considered incomplete for the purposes of data processing (art. 16); 
  1. the right to obtain the deletion (“right to be forgotten”) where one of the grounds provided for in art. 17 applies;  
  1. the right to restrict data processing where one of the cases provided for by art. 18 applies; 
  1. the right to data portability pursuant to art. 20; 
  1. the right to object to data processing pursuant to art. 21; 
  1. the right to revoke consent at any time without compromising the legality of any processing performed before the revocation, only for purposes whose legal basis is the consent of the Data Subject. 

Those rights may be exercised by contacting the Personal Data Protection Officer (RPD), also referred to as the Data Protection Officer (DPO), using the contact details provided above, or by sending a request via registered mail with return receipt to the following address: Via Agostino Bassi, 5, 56121 Pisa, or by sending an email to: privacy@kalliope.com. 

The Data Subject may also inform the DPO of any circumstances or events that may potentially cause a violation of their personal data (i.e. any violation of security that may accidentally or illicitly cause the destruction, loss, alteration, unauthorized disclosure, or access to the data), for the purpose of allowing an immediate assessment and, if necessary, taking preventative measures sending an email to aksilia@pec.it. 

Please note that the Data Subject has the right to lodge a complaint to the Data Protection Authority or any other supervisory authority pursuant to art. 13, par. 2, letter d) of the GDPR. 

Changes to this notice  

This notice may change. It is therefore recommended to regularly check the privacy section of https://www.kalliope.com