Privacy Policy EULA

This page describes how the websites of Kalliope S.r.l. manage the processing of personal data of users who browse them. This notice is provided pursuant to Article 13 of Regulation (EU) No. 2016/679 (hereinafter referred to as the “GDPR”) to users interacting with the web services of Kalliope S.r.l., accessible electronically from the address www.kalliope.com, corresponding to the corporate website of Kalliope S.r.l., as well as the product websites www.kalliopepbx.com and www.atenatesting.com.

This notice applies only to the websites of Kalliope S.r.l. and not to any other websites that may be accessed by the user through links.

This notice is also inspired by Recommendation No. 2/2001 adopted on May 17, 2001 by the European data protection authorities gathered in the Article 29 Working Party (now the European Data Protection Board), identifying minimum requirements for the online collection of personal data and, in particular, the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

Identity and Contact Details of the Data Controller and the Data Protection Officer

The Data Controller is Kalliope S.r.l., represented by its pro tempore legal representative, with registered office at Via Agostino Bassi, 5, 56121 Pisa, Italy.

The Data Controller has appointed Aksilia S.r.l., Corso di Porta Vittoria 28, Milan (MI), Italy, as Data Protection Officer (DPO). The DPO can be contacted at: aksilia@pec.it.

To exercise your rights or to obtain information regarding such rights and/or this Privacy Policy, you may write to: privacy@kalliope.com.

Data Processing

Processing related to the web services of the corporate websites is carried out exclusively by personnel authorized to process personal data. Personal data provided by users are used solely for the purpose of performing the requested service or activity and are disclosed to third parties only where necessary for that purpose.

Types of Data Processed and Retention Periods

Browsing Data

The IT systems and software procedures used to operate the corporate websites acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified individuals; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.

This category includes IP addresses or domain names of the computers used by users connecting to the websites, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.

These data are used solely to obtain anonymous statistical information on website usage and to ensure the proper functioning of the websites. They are deleted immediately after processing, except where their use may be necessary to ascertain liability in the event of cybercrimes against the websites.

Data Voluntarily Provided by the User

The voluntary provision of data for website registration, information requests, or newsletter subscriptions entails the subsequent acquisition of certain personal data of the requester, necessary to provide the requested service.

Specific summary notices will progressively be displayed on the pages of the websites dedicated to these particular on-demand services. Failure to provide such data may make it impossible to fulfill the request.

Such data are retained for the time necessary to process the requests received. After this period, your data will be anonymized or deleted, unless their retention is required for other purposes expressly provided for by law.

Cookies

Cookies are used to perform IT authentication, session monitoring, and storage of specific information regarding users accessing the server, and are generally present in each user’s browser.

Cookies may be divided into three categories:

  • Navigation and functional cookies, necessary for the proper functioning of the website. If the user is registered, these cookies allow access to the services offered and enable the website to recognize the visitor on subsequent visits. Functional cookies improve the quality and browsing experience. In some cases, disabling these cookies may not be technically possible, as they are necessary to ensure the operation of the website. The law provides that “technical” cookies may be used even without user consent.
  • Profiling cookies, used to create user profiles for the purpose of sending commercial messages based on preferences expressed during website visits or to improve the purchasing and browsing experience.
  • Statistical cookies, used to carry out statistical analyses on how users browse the website. The results of these analyses are used anonymously and exclusively for statistical purposes.

For details regarding the cookies used on Kalliope S.r.l. websites, please refer to the Kalliope Cookie Policy.

Processing Methods

Any personal data collected are processed using automated tools only for the time strictly necessary to achieve the purposes for which they were collected.

The systems are equipped with appropriate and necessary security measures to prevent data loss, unlawful or improper use, and unauthorized access.

No decision producing legal effects concerning you, or significantly affecting you, is based solely on automated processing.

Sharing, Communication, and Disclosure of Data

Personal data provided by users are used for the purpose of performing the requested service or activity and are disclosed to third parties only where necessary for the provision of the requested services (e.g., IT outsourcing providers).

The personal data collected will not be transferred outside the European Union.

Except in these cases, data will not be communicated or disclosed to anyone unless contractually required or authorized by the data subjects.

In this regard, personal data may be transmitted to third parties only where:

  • explicit consent has been given to share the data with third parties;
  • sharing information with third parties is necessary in order to provide the requested service;
  • it is necessary to comply with requests from judicial authorities or public security authorities.

Rights of Data Subjects

Pursuant to the GDPR, you are entitled to exercise the following rights as a Data Subject in relation to the Company:

  • obtain access from the Data Controller and confirmation as to whether or not personal data concerning you are being processed, in order to be informed about the processing and verify its lawfulness, correctness, and accuracy;
  • obtain the rectification of inaccurate personal data concerning you, as well as the completion of incomplete data, taking into account the purposes of the processing;
  • request the deletion of data concerning you where such data are no longer necessary for the purposes for which they were collected. Please note that deletion is subject to the existence of valid grounds. Deletion cannot be carried out where processing is necessary, among other things, for compliance with a legal obligation, the performance of a task carried out in the public interest, or for the establishment, exercise, or defense of legal claims;
  • request restriction of processing, namely the adoption of technical and organizational measures limiting access to and modification of your personal data. This does not mean that the data are deleted, but that the Data Controller must refrain from using them during the restriction period;
  • exercise the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you where such processing is necessary for the performance of a task carried out in the public interest, in the exercise of official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller or by a third party;
  • withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, exclusively for processing activities whose legal basis is consent.

These rights may be exercised by contacting the Data Protection Officer (DPO) using the contact details provided above, or by sending a registered letter with acknowledgment of receipt to the following address: Via Agostino Bassi, 5, 56121 Pisa, Italy, or by email to: privacy@kalliope.com.

You may also promptly notify the DPO, using the contact details provided above, of any circumstances or events that may potentially result in a personal data breach (meaning any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data), in order to enable immediate assessment and, where necessary, the adoption of measures aimed at addressing such event.

Finally, please note that you have the right to lodge a complaint with the Italian Data Protection Authority or another supervisory authority pursuant to Article 13(2)(d) of the GDPR.

Changes to this Policy

Kalliope S.r.l. periodically reviews its privacy and security policies and, where appropriate, updates them in relation to regulatory, organizational, or technological developments.

In the event of changes to these policies, the updated version will be published on this page of the website.