We are committed to protecting your privacy and protecting the personal data you entrust to us according to the principles of transparency - correctness - fairness.

Drafted in accordance with art. 13 and 14 of the New EU Regulation 679/2016 (GDPR)

First Version May 2022

Why are you reading this statement?

personal data have a great value in our time and therefore the new community legislation not only entrusts information to a central role, but also a dynamic, changing and constantly updated character to guarantee the interested parties a correct and timely information about the processing of personal data. We therefore suggest that you pay the utmost attention, albeit without excessive fear: personal data can and must circulate in total security and for the interest of all.

What does the current legislation mean by "personal data"?

In general, the New Regulation defines as personal data any information concerning an identified or identifiable natural person ("interested party"). The natural person is considered "identifiable" who can be connected, directly or indirectly, through an element such as general information (name, surname, date of birth, etc.), location, online account, characteristics of physical, physiological, genetic identity, psychic, economic, cultural or social, bank details, those relating to the telephone number, address, place and type of work, photographs, videos that portray us / you, the sites visited. All these elements, even if indirectly, can tell a lot about us in terms, for example, of preferences and habits.

THE DATA CONTROLLER and Contact Details

The Data Controller is the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data; when the purposes and means of such processing are determined by the law of the Union or of the Member States, the Data Controller or the specific criteria applicable to its designation may be established by the law of the Union or of the Member States.

As required by the Guidelines on transparency WP 260/2017, the identification details of the Data Controller and all the information to contact him are provided first:

The Data Controller (who manages the site you are visiting) is Kymata , based in Taneto di Gattatico (Reggio Emilia), Via Don Minzoni 112.

Contact at the following references:
MAIL: kymata@pec.it
PEC: kymata@pec.it
SITE: www.kymata.it The updated list of Data Processors (if appointed), is available at the aforementioned office. The Data Protection Officer (RPD or DPO in English) can be contacted by sending an email to: kymata@pec.it .

SUBJECT OF THE INFORMATION

The information covered by this Notice concerns your personal data - both those that may have been collected before now, and those that will be acquired in the future in relation to contractual relationships with the Company, and that you have provided to us spontaneously by accessing this website - subject to processing by Kymata S.r.l which also assumes the responsibility for the processing being, as specified above, the Data Controller , in compliance with the aforementioned legislation and the confidentiality obligations which inspire our business.

In particular, therefore, it is clarified that your personal data are collected, as contact data and as better specified below, in order to be able to provide specific services, in general, to customers and / or users, visitors to this site.

It is specified that processing of personal data means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

Type of data processed

Kymata s.r.l. processes different categories of personal data, in particular:
Data Generated by accessing the site

Every time you visit our website, in fact, we collect some personal data:

  • the use of the website and the device used to access it, domain names, IP addresses, operating system used, type of browser used for connection;

These data are not accompanied by any additional personal information and are used to: i) obtain anonymous statistical information on the use of our website;
ii) manage the need to control how our website is used;
iii) ascertain responsibility in the event of hypothetical computer crimes.
The legal basis that legitimizes the processing of such data is the need to make the site's features usable following user access.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

Data provided voluntarily by the user
  • Other personal data spontaneously sent by the interested parties

In questa categoria rientrano i dati personali che Voi stessi deciderete di fornirci visitando il sito www.kymata.it e/o attraverso la compilazione dei forms  ivi presenti, e/o contattandoci ai recapiti sopra indicati, via e-mail, telefono o fax. I dati che tratteremo (e di cui avremo senz’altro cura come previsto e dettato dalla richiamata normativa Europea) sono quelli relativi alla tua/vostra identità, (nome , cognome, email), all’azienda per conto della quale ci contatterete, all’ubicazione geografica della stessa e alle modalità per ricontattare Voi e/o l’azienda (indirizzo e-mail aziendale e/o nominativo e/o numero di telefono aziendale/personale), nonché altre informazioni contenuti dati personali  eventualmente fornitici spontaneamente scrivendo nell’apposito riquadro di “messaggistica”. Sono altresì dati personali trattati da Kymata, sempre spontaneamente fornitici, quello acquisiti attraverso l’apposita “AREA PARTNER”…..che acquisisce i seguenti dati: nome, email, società, indirizzo, telefono.

Infine, trattiamo e proteggiamo i dati eventualmente fornitici con l’invio di candidature per posizioni lavorative eventualmente aperte in Kymata s.r.l. o a candidature spontanee e, in generale, con l’invio del Curriculum vitae personale (nella sezione “lavora con noi”) raccolti e conservati esclusivamente per considerare l’eventuale candidatura e che verranno eliminati, al massimo, 12 mesi dopo la ricezione)

 Kymata S.r.l. potrebbe raccoglie anche dati diversi a seconda del tipo di servizio offerto ed erogato e, in questo caso, la modalità del loro trattamento saranno specificamente elencati e differentemente dettagliati all’interno delle Informative rese per il singolo e specifico servizio offerto e scelto dall’interessato.  

Purpose of the processing (for which personal data are intended) 

The processing of the data provided, personally and freely while browsing the site, in the ways and terms described above, will take place for institutional purposes, connected or instrumental to our business and in fulfillment of legal obligations. In particular: a) meet pre-contractual needs (eg. instruction of customer offers or purchase orders, information on the service provided by the company, requests / sending of estimates, technical assistance, etc.); b) fulfill contractual obligations (supply or purchase of goods and / or services); c) management of future customers and suppliers who, even if legal persons, also provide personal data of "interested" natural persons; d) for advertising, marketing, inclusion in mail lists, newsletters and our commercial communications relating to events, products, e) to fulfill the obligations established by law, by a regulation or by community legislation and for civil, administrative, accounting purposes and tax; f) to assert or defend in the competent offices (judicial, arbitration, administrative, etc.) rights of any nature, whether or not they are connected to a contractual relationship for the rendering of the services listed above (eg: default) or to other terms and legal conditions of the Site; Attention! Some data are collected, only with your specific consent, to send our newsletters and commercial communications relating to events, products, offers and, in general, for direct marketing purposes. Third Party Marketing - processing for marketing purposes carried out by our selected Partners (such as promotions, discounts, gifts). Personal data, as well as consumption habits, preferences and interests, will be processed exclusively in order to identify and offer more appropriate services. Profiling - in the presence of specific distinct consent (freely and consciously expressed at the time of registration / access to the site) Kymata may process the data provided by the user for further profiling purposes: i.e. for those activities aimed at categorizing and analyzing the traffic carried out by the individual user and directly attributable to it to evaluate tastes, preferences and consumption habits; We specify that, in these cases, it is always possible, at any time, to unsubscribe from our newsletter or change the reception settings by following the instructions in all e-mails with Kymata sender or by sending an email to Kymata @ pec. it
a) soddisfare esigenze precontrattuali (es. istruzione di offerte o ordini d’acquisto del cliente, informazioni sul servizio reso dall’azienda, richieste /invio di preventivi, assistenza tecnica ecc.); b) adempiere obblighi contrattuali (fornitura o acquisto di beni e/o servizi); c) gestione dei futuri clienti e fornitori che, anche se persone giuridiche, conferiscano anche dati personali di persone fisiche “interessati”; d) a scopo pubblicitario, marketing, inserimento in mail list, newsletter e le nostre comunicazioni commerciali relative a eventi, prodotti, e) per adempiere agli obblighi previsti dalla legge, da un regolamento o dalla normativa comunitaria e per finalità civilistiche, amministrative, contabili e fiscali; f) per far valere o difendere nelle sedi competenti (giudiziarie, arbitrali, amministrative, etc.) diritti di qualsiasi natura, siano essi connessi o meno ad un rapporto contrattuale per la resa dei servizi sopra elencati (es: inadempimento) o ad altri termini e condizioni legali del Sito;  

Attenzione!
 

Alcuni dati vengono raccolti, soltanto previo Vostro specifico consenso,  per inviare le nostre newsletter e le nostre comunicazioni commerciali relative a eventi, prodotti, offerte e, in generale, a scopo di marketing diretto. 

Marketing Terze parti - trattamenti per finalità di marketing effettuato da parte dei nostri Partner selezionati (come promozioni, sconti, omaggi). I dati personali, nonché abitudini di consumo, preferenze e interessi, saranno trattati esclusivamente al fine di individuare ed offrire servizi più appropriati.

Profilazione - in presenza di specifico distinto consenso (espresso liberamente e consapevolmente al momento della registrazione/accesso al sito) Kymata potrà trattare i dati forniti dall’utente per le ulteriori finalità di profilazione: ossia per quelle attività volte alla categorizzazione e analisi del traffico effettuato dal singolo utente ed ad esso direttamente riconducibile per valutare gusti, preferenze ed abitudini di consumo; 

Specifichiamo che, in questi casi, è sempre possibile, in ogni momento, cancellare l’iscrizione alla nostra newsletter o modificare le impostazioni di ricezione seguendo le istruzioni presenti in tutte le e-mail con mittente Kymata oppure inviando una mail a Kymata@pec.it

Legal basis of the processing

The processing of the data provided, personally (by completing and electronically sending the forms presented during the provision of our services, and in the other ways highlighted above), will take place for institutional purposes, connected or instrumental to our activity and in fulfillment of the legal obligations.

In particular , the legal basis that legitimizes the processing is the execution of a contract of which the interested party is a party or the execution of pre-contractual measures adopted at the request of the same (letter a ) and b) of the prev. Art.); the legitimate interest of the Data Controller (letters c) and e) of the preceding Art.), The legal obligation (letter d) of the preceding Art.). Furthermore, in the cases expressly indicated, the legal basis is the consent freely provided by the interested party.

How do we use the collected data? In particular , due to the activity carried out by Kymata S.r.l., the aforementioned personal data will be processed in a lawful and correct manner for following purposes:

a) for the periodic sending, via email, of newsletters (promotional communications, reports on the publication of posts on our blog, special promotions, updates on our activities, ideas and suggestions, news and previews on new products, invitations to events or to participate in market analysis and research);
b) for carrying out customer relationship activities based on contractual agreements;
c) for administrative purposes and for the fulfillment of legal obligations such as for example those of an accounting, tax or to process requests from the judicial authorities;
d) to personalize your online experience and ensure that the content is presented in the best possible way for you;
e) to update you on changes regarding: our services, our website, our terms of use and these privacy policies;
f) to measure and understand the effectiveness of the advertisements we offer and make it more effective our marketing activities;
g) to administer, maintain and improve our website and for internal operations such as: troubleshooting, data analysis, research purposes, tests, statistics;

Nature of the provision

The processing of functional data for the fulfillment of these obligations is necessary for proper management of the relationship and their provision is mandatory to implement the purposes indicated above. The Data Controller also announces that any non-communication, or incorrect communication, of one of the mandatory information, may cause the Data Controller to be unable to guarantee the adequacy of the processing itself, the impossibility of establishing or continuing the relationship and, if they technically prevent the provision of the specific service requested. 

Processing methods

The data you provide us will be processed with the aid of electronic tools (but also in manual mode and subsequently stored in "physical" archives) suitable and by software platforms, equipped with tools capable of guaranteeing their security and confidentiality. , in compliance with logic strictly related to the purposes themselves, in order to avoid unauthorized modification or destruction . All the analyzes underlying the services offered are carried out ensuring maximum security, according to one of the main distinctive features of the Kymata platform.

Human operators, moreover specifically appointed for this purpose and trained, intervene in the processing of data through strictly controlled access through authentication and tracking procedures. The processing may also be carried out by third parties who provide specific processing, administrative or instrumental services necessary for the achievement of the aforementioned purposes.

Place of processing

The data collected is processed: (i) in the premises of the company headquarters, (ii) in a data center separate from the company headquarters, (iii) as well as in a cloud managed by a third party provider . From the operational headquarters of the company, the maintenance and development of the platform governed by Kymata are carried out. In all cases, the places dedicated to the processing of personal data have characteristics that make them safe and suitable for the purpose and, for this reason, constantly monitored, efficient and resilient.

The computer systems and software procedures used to operate our services acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

Communication and Dissemination

For the purposes listed above, the personal data collected may be disclosed to recipients who will process them as Authorized Subjects and Data Processors, in order to assist the Data Controller in providing the services offered through this website.
Kymata S.r.l., Data Controller, undertakes not to disclose personal data to third parties, except, in certain cases, in order to comply with legal obligations and to carry out pre-contractual and contractual measures, it will be necessary to communicate your data to:

1) banks and credit institutions, for making payments;
2) professionals and professional firms (lawyers, accountants, auditors, etc.)
3) other companies, entities and / or persons physical persons who carry out instrumental, support or functional activities for the execution of the contracts or services requested;

These subjects will process and, in turn, will communicate the data to third parties as "owners" or "external managers", as well as the subjects who collect data through technical and navigation cookies. The updated list containing the names of the Data Processors is available at the headquarters of the Data Controller, which can be requested by email by writing to info @ kymata. it This list can be subsequently integrated and / or updated as needed User data will not be disclosed to third parties nor will they be transferred to EXTRA EU countries or international organizations.

Security of the processed data

In order to protect the security and confidentiality of your personal data we adopt - and require each service provider and / or third party responsible for the processing of personal data on our behalf to adopt, as per our instructions - technical and organizational measures aimed at prevent the loss and destruction, even accidental, of data, unauthorized access and illicit or abusive use of data. Furthermore, IT systems and software programs are configured so that personal and identifying data are used only when necessary to achieve the specific processing purposes envisaged from time to time.
We use a wide range of advanced security technologies and procedures to promote the protection of personal data against the risks described above. For example, the personal data provided by users are stored on secure servers located in controlled places.

Conservazione dei Dati (Tempi di conservazione dei dati trattati) 

Nel rispetto di quanto previsto dall’art. 5 comma 1 lett. e) del Regolamento Europeo 2016/679, i dati personali raccolti verranno conservati in una forma che consenta l’identificazione degli interessati per il tempo necessario a conseguire le finalità di trattamento per cui sono stati raccolti e per gli altri scopi consentiti e correlati o in base a quanto previsto dalla normativa applicabile. Di seguito sono indicate nello specifico i tempi di conservazione dei dati raccolti tramite la navigazione del sito web in oggetto: 

  • i dati acquisiti durante la navigazione del presente sito web sono conservati per la durata della sessione di navigazione;
  • i dati forniti dagli utenti che inoltrano richieste sono conservati per il periodo necessario all’esecuzione della richiesta inoltrata;
  • I dati sono conservati, comunque, in modo da non potere essere modificati senza lasciare traccia. Essi sono conservati per tutto il tempo della durata del servizio o fino alla revoca del consenso dell’interessato qualora prestato. Nel caso di Newsletter: fino a revoca del consenso da parte dell’interessato.
  • I dati forniti per finalità amministrative e contabili sono conservati per i tempi previsti dalla legge;
  • I dati possono essere mantenuti anche dopo la cessazione del servizio o la richiesta dell’utente, se richiesto per questioni legali;
  • I dati trattati per finalità di marketing o profilazione saranno conservati nel rispetto del principio di proporzionalità e comunque fino a che non siano state perseguite le finalità del trattamento ( accettato con il consenso esplicito dell’interessato) o fino a che – se precedentemente – non intervenga la revoca del consenso specifico da parte dell’interessato (e comunque non oltre 12 mesi dall’ultimo utilizzo del servizio).
  • Nel caso di esercizio del diritto all’oblio attraverso richiesta di cancellazione espressa dei dati personali trattati dal Titolare, ricordiamo che tali dati saranno conservati, in forma protetta e con accesso limitato, unicamente per finalità di accertamento e repressione dei reati, per un periodo non superiore ai 12 mesi dalla data della richiesta e successivamente saranno cancellati in maniera sicura o anonimizzati in maniera irreversibile;
  • Ti rammentiamo infine che per le medesime finalità, i dati relativi al traffico telematico, esclusi comunque i contenuti delle comunicazioni, saranno conservati per il tempo massimo consentito dalla legge attualmente in vigore (c.d. Data Retention).
  • Al momento della cancellazione è possibile che i dati vengano comunque conservati ma totalmente ed irreversibilmente anonimizzati cioè non più idonei per ricondurre in alcun modo all’identificazione, neanche potenziale, di un singolo e specifico individuo persona fisica.

Al momento della cancellazione è possibile che i dati vengano comunque conservati ma totalmente ed irreversibilmente anonimizzati cioè non più idonei per ricondurre in alcun modo all’identificazione, neanche potenziale, di un singolo e specifico individuo persona fisica.

Cookie information (what are cookies)

Cookies are short fragments of text (letters and / or numbers) that allow the web server to store information on the client (the browser) to be reused during the same visit to the site (session cookies) or later, even at a distance of days (persistent cookies). Cookies are stored, according to user preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for example, web beacons, clear GIFs and all forms of local storage introduced with HTML5, can be used to collect information on user behavior and use of services. In the following of this information we will refer to cookies and all similar technologies by simply using the term "cookie".

Types of first-party cookies and how to manage preferences 

Utilizziamo tre tipologie di cookie: tecnici, analitici e pubblicitari. 

cookie tecnici sono necessari per rendere fruibile il sito web, i suoi contenuti e i suoi servizi. Senza questo tipo di cookie il sito non è in grado di funzionare correttamente. Se non desideri l’installazione dei cookie tecnici sul tuo device ti invitiamo a non utilizzare il sito. 

cookie analitici, anche di terze parti, attraverso la raccolta di dati anonimi, consentono di comprendere come il sito viene utilizzato dagli utenti (ad esempio: la lingua preferita o la località nella quale ti trovi) e migliorare la loro esperienza di navigazione. 

cookie di pubblicità, anche di terze parti, sono cookie sono utilizzati al fine di inviarti messaggi pubblicitari in linea con le tue preferenze manifestate nell’ambito della navigazione in rete.

La piattaforma Kymata utilizza cookie tecnici per il servizio di memorizzazione delle password nell’area partner, che viene attivato esclusivamente dall’utente in modo volontario.

Il nostro sito usa cookie per poterti offrire una migliore esperienza di navigazione e ci permettono di conteggiare le visite in modo anonimo e non ci consentono in alcun modo di identificarti direttamente. Utilizziamo unicamente tipologie di cookie tecnici e analitici. 
I cookie tecnici sono necessari per il corretto funzionamento di alcune aree del sito. Comprendono sia cookie persistenti che cookie di sessione. In assenza di tali cookie, il sito o alcune porzioni di esso potrebbero non funzionare correttamente. I cookie di questa categoria vengono sempre inviati dal nostro dominio. I cookie analitici vengono utilizzati per raccogliere informazioni sull’utilizzo del sito. Sono la base per analisi statistiche, per azioni di miglioramento e semplificazione delle funzionalità, per il monitoraggio del corretto funzionamento. 
Questo tipo di cookie raccoglie informazioni in forma anonima sull’attività degli utenti nel sito e sul modo in cui sono arrivati al sito e alle pagine visitate. Il nostro sito contiene inoltre cookie di terze parti cioè cookie provenienti da altri siti e contenuti in vari elementi ospitati nelle nostre pagine (icone di social network che consentono ai visitatori l’interazione con esso). I cookie di questa categoria sono inviati dai domini dei siti che offrono le funzionalità presenti nel sito, non sono quindi inseriti o letti da Kymata. Le terze parti possono utilizzare i dati raccolti per propri scopi. Per ulteriori informazioni su questi cookie e la modalità di utilizzo da parte di ciascuna delle terze parti, puoi utilizzare i collegamenti riportati di seguito. Kymata si avvale del servizio Google Analytics della società Google, Inc. per capire come i visitatori interagiscono con i contenuti del sito. Google Analytics utilizza un set di cookie per raccogliere informazioni e generare statistiche di utilizzo del sito senza identificazione personale dei singoli visitatori. Google fornisce a Kymata i dati in forma aggregata e mai collegati all’identità degli utenti, attraverso report e altri servizi informatici. Per consultare l’informativa privacy della società Google, relativa al servizio Google Analytics, puoi visitare il sito Internet: 

http://www.google.com/intl/en/analytics/privacyoverview.html  Inoltre integriamo nei nostri siti web alcune funzionalità di siti web di terze parti, in particolare di alcuni social network (Google, Facebook ed Auth0). Tali funzionalità a volte integrano degli script o altri elementi in grado di riconoscere, e talvolta inserire sul dispositivo dell’utente, dei cookie provenienti da questi social network. Non abbiamo accesso a questi cookie né controllo sugli stessi né sui dati raccolti da questi cookie, ma poiché integriamo funzionalità e servizi di social Login sul sito web di Kymata desideriamo informare gli utenti sull’utilizzo di tali elementi. Per ulteriori informazioni, consultare l’elenco dei possibili cookie dei social network, di seguito. 

Clicca sui link di seguito riportati per leggere le diverse informative e valutare se prestare oppure no il consenso: 
Login di Auth0 (consente all’utente di accedere al proprio account di Auth0 e di interagire con i nostri siti web attraverso l’account): Login di Facebook (consente all’utente di accedere al proprio account di Facebook e di interagire con il nostro sito web attraverso l’account): https://www.facebook.com/policies/cookies  Login di Google (consente all’utente di accedere al proprio account di Google e di interagire con il nostro sito web attraverso l’account): https://policies.google.com/privacy?hl=it  Hai comunque la possibilità di negare il consenso all’uso dei diversi cookie. La navigazione nel nostro sito potrà continuare regolarmente, ma non essendo più attive alcune funzionalità si potrebbero incontrare problemi in altre situazioni (ad esempio l’accesso al portale di dell’area partner).  Per disattivare l’utilizzo delle diverse tipologie di cookie seleziona l’impostazione appropriata presente sul tuo browser che consente di rifiutarli o di cancellarli alla fine di ogni sessione.  
Di seguito i link con indicazioni su come disabilitare i cookie per i browser più diffusi. 
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies  
Google Chrome: https://support.google.com/chrome/answer/95647  
Mozilla Firefox: https://support.mozilla.org/it/kb/Bloccare%20i%20cookie  
Safari: https://support.apple.com/it-it/HT201265  
Opera: https://www.opera.com/help/tutorials/security/cookies   

Validity and policy updatel  

The information relates to the use of own and third-party cookies, detected on the date of drafting of the version in force. The owner guarantees the commitment to periodically check the contents of this information, in order to keep it updated with technological and regulatory developments.

RIGHTS OF THE INTERESTED PARTY: That is your rights

the following points serve to attract your attention to a series of rights that the Privacy - personal data protection legislation reserves for you in order to better protect your personal data

Pursuant to articles 13, paragraph 2, letters (b) and (d), to articles 15-22 of the Regulation (GDPR 679/2016), interested parties are informed that, by entrusting their personal data to Kymata Srl, it is possible to exercise the following rights, the exercise of which is not subject to any formal constraint and is free .
The Privacy Code and the Regulations give the data subject a series of rights which, pursuant to the Guidelines on Transparency WP 260 , it is mandatory to summarize in their main content within the information. These rights are summarized and summarized below:

  • Right to ask the Data Controller for access to personal data, to correct or cancel them or limit their processing or to oppose their processing, in the cases provided for;
  • Right to propose - in Italy - a complaint to the Guarantor for the protection of personal data, if competent Authority, following the procedures and indications published on the official website of the Authority on www.garanteprivacy.it;
  • Right to lodge a complaint with another competent European Privacy Authority located in the place of habitual residence or domicile in Europe of those who dispute a violation of their rights, following the appropriate procedures and indications;
  • Any corrections or cancellations or limitations of the processing carried out at the request of the interested party - unless this proves impossible or involves a disproportionate effort - will be communicated to the Data Controller to each of the recipients to whom the personal data have been transmitted. The Data Controller may communicate these recipients to the interested party if the interested party requests it.
  • Right to the portability of personal data: Article 20 of the GDPR introduces the new right to data portability. This right allows the interested party to receive personal data concerning him provided to a Data Controller (for example if he intends to pass to another Data Controller) in a structured format, commonly used and readable by an automatic device, and under certain conditions - to transmit them to a another holder of the treatment without impediments by the holder of the previous holder;
  • Right to object : the interested party has the right to object at any time, for reasons connected with his particular situation, to the processing of personal data concerning him carried out by the owner;
  • Right not to be subjected to automated decisions, including profiling : the interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or that similarly significantly affects your person.

Detailed information concerning the rights of the interested party. Extended (in this case the following can be clicked) Right of access of the interested party (art. 15 GDPR)

1. The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data in question;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations;
  • when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
  • the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
  • the right to lodge a complaint with the supervisory authority;
    if the data are not collected from the data subject, all available information on their origin;
  • l’esistenza di un processo decisionale automatizzato, compresa la profilazione di cui all’articolo 22, paragrafi 1 e 4, e, almeno in tali casi, informazioni significative sulla logica utilizzata, nonché l’importanza e le conseguenze previste di tale trattamento per l’interessato.

2. If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to Article 46 relating to the transfer.

3. The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 must not affect the rights and freedoms of others.

Right of rectification (Article 16)
The interested party has the right to obtain from Data Controller the rectification of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.

Right to cancellation (" right to be forgotten ") art. 17
1. The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay, if one of the following reasons exists:

  • the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; 4.5.2016 L 119/43 Official Journal of the European Union EN
  • the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing;
  • the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2;
  • the personal data have been unlawfully processed;
  • personal data must be deleted to fulfill a legal obligation under the law of the Union or of the Member State to which the data controller is subject;
  • the personal data was collected in relation to the information society service offer referred to in Article 8, paragraph 1.

2. The data controller, if he has made personal data public and is obliged, pursuant to paragraph 1, to delete them, taking into account the available technology and implementation costs, adopts reasonable measures, including technical ones, to inform the data controllers who are processing the personal data of the request of the interested party to delete any link, copy or reproduction of his personal data. 

3. I paragrafi 1 e 2 non si applicano nella misura in cui il trattamento sia necessario: 

  • for the exercise of the right to freedom of expression and information;
  • for the fulfillment of a legal obligation that requires the processing provided for by the law of the Union or of the Member State to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of public authority referred to the data controller is invested;
  • for reasons of public interest in the public health sector in accordance with Article 9, paragraph 2, letters h) and i), and Article 9, paragraph 3;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the objectives of that treatment; or e) for the establishment, exercise or defense of a right in court.

Right to restriction of processing (art. 18)
1. The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:

  • the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
  • the processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited;
  • although the data controller no longer needs it for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
  • the interested party opposed the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

2. If the processing is limited pursuant to paragraph 1, such personal data are processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Journal of the European Union EN 

Diritto di notifica (art. 19) 
Obligation to notify in case of rectification or cancellation of personal data or limitation of processing 
Il titolare del trattamento comunica a ciascuno dei destinatari cui sono stati trasmessi i dati personali le eventuali rettifiche o cancellazioni o limitazioni del trattamento effettuate a norma dell’articolo 16, dell’articolo 17, paragrafo 1, e dell’articolo 18, salvo che ciò si riveli impossibile o implichi uno sforzo sproporzionato. 

Right to data portability (Article 20)
The user has the right to request complete documentation regarding the processing of personal data provided to Kymata Srl as the Data Controller. In other words, if the interested party intends to request services from another "manager" other than Kymata srl, he has the right to request and obtain from this the delivery of all personal data previously provided.

  • The interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the data controller to whom he provided them if:
  • a) the processing is based on consent pursuant to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), or on a contract pursuant to Article 6, paragraph 1, letter b); 
  • b) the processing is carried out by automated means.
  • In exercising their rights relating to data portability in accordance with paragraph 1, the interested party has the right to obtain the direct transmission of personal data from one data controller to the other, if technically feasible.
  • The exercise of the right referred to in paragraph 1 of this article is without prejudice to article 17. This right does not apply to the processing necessary for the performance of a task in the public interest or connected to the exercise of public authority vested in it. the data controller.

The right referred to in paragraph 1 must not affect the rights and freedoms of others.
Diritto di opposizione (art. 21)

  • The interested party has the right to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court. 
  • If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent that it is connected to such direct marketing.
  • If the interested party objects to the processing for direct marketing purposes, the personal data are no longer processed for these purposes. 4.5.2016 L 119/45 Official Journal of the European Union EN.


Right of revocation and complaint
It is the right of the interested party to revoke the consent given in any moment. This operation must be as easy as the one that allowed the data to be processed. At the same time, the interested party has the right to lodge an official complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority on www.garanteprivacy.it .

For further information, please refer to the indications of the Privacy Authority, all available at this link: https: // www .garanteprivacy.it / Regulationue / rights-of-data subjects

To exercise all your rights as identified above, simply contact the Data Controller in the following ways:

  • by sending an e-mail to kymata@pec.it to contact the Kymata Privacy Office directly
en_GB