This information describes the processing of personal data carried out by K-point through the website https://www.k-point.it/. The data processing is carried out in accordance with Articles 13 and 14 EU Regulation No. 2016/679 (hereinafter, "GDPR"), as also supplemented by the current Legislative Decree 196/1993 novated by Legislative Decree 101/2018 (hereinafter, "Privacy Code"). The data are processed in the manner and for the purposes specified below, and the processing is based on the principles of fairness, lawfulness, transparency and protection of confidentiality and related rights.

1. Data controller

The Data Controller is K-point, with registered office at Viale Giulio Cesare 14, 00192 Rome. For questions or requests regarding data processing, you may contact our Data Protection Officer (DPO) at [email protected].

2. Object of processing

The Controller processes the following personal data:

                  - Personally identifiable data: first name, last name, date of birth, place of residence, owned and owned real estate, email address, phone number provided when requesting quotes or information.

                  - Browsing data: IP address, site usage data, and cookies.

                  - Technical data related to domestic installations for specific consultations.

3. Purpose and legal basis of processing

Data are processed for:

                  - Service purposes: to respond to inquiries and provide services (e.g., energy consulting).

                  - Fulfillment of legal obligations.

                  - Purposes of legitimate interest: site improvement, fraud prevention.

                  - Marketing purposes: sending promotional communications (with prior consent).

The legal basis for processing includes performance of a contract, fulfillment of legal obligations, legitimate interest and, where required, user consent.

4. Consent management

When the processing of personal data is based on consent (e.g. for marketing purposes or the use of non-essential cookies), K-point collects such consent explicitly and transparently.

Methods of collecting consent:

                  - The user is informed clearly and completely before giving consent.

                  - Consent can be given, for example, by filling out online forms or checking appropriate boxes (opt-in).

Withdrawal of consent:

                  - Users can revoke their consent at any time without affecting the lawfulness of processing based on consent given before revocation.

                  - Withdrawal can be done easily through one's profile settings or by sending a request to [email protected].

Registration of consent:

                  - K-point keeps track of the consent given by the user, including the date and specific purpose for which it was given, in accordance with applicable regulations.

5. Violations of personal data

In the event of a personal data breach, K-point will take the following measures.

Notification of violation:

                  - If the breach may pose a risk to the rights and freedoms of individuals, K-point will notify the Data Protection Authority within 72 hours of discovery.

                  - If the breach poses a high risk, K-point will also notify affected users without undue delay, providing details of the breach and the measures taken to mitigate the risks.

Preventive measures:

                  - K-point implements technical and organizational measures to reduce the risk of data breaches, including encryption of sensitive data, restricted access, and continuous monitoring of systems to detect anomalies.

6. Data collected by third parties

On the K-point website, some third-party services may collect personal data independently. The main third-party services used include:

Google Analytics:

                  - K-point uses Google Analytics to analyze site traffic and improve user experience. Google Analytics collects browsing data, such as IP address and user behavior on the site. This data is processed anonymously and in aggregate.

Google Maps:

                  - Some pages of the site may include maps provided by Google Maps. In this case, Google may collect technical data such as the user's IP address.

ReCAPTCHA:

                  - The site uses Google reCAPTCHA to protect the site from automated access (bots). ReCAPTCHA collects technical information such as IP address and behavioral data to determine if the user is human.

Third-party liability:

                  - The data collected by these services are independently managed by the third parties. Users are encouraged to consult the relevant privacy policies to fully understand how they are processed.

7. Data security

K-point takes the following security measures to protect personal data:

                  - Encryption: Sensitive data transmitted online are protected using advanced encryption protocols (e.g., HTTPS).

                  - Limited Access: Only authorized personnel have access to personal data, and only for strictly necessary purposes.

                  - Protection systems: We use firewalls, antivirus and other protection systems to prevent unauthorized access and external attacks.

                  - Backup: Personal data is periodically saved on secure backup systems to ensure its recovery in case of an accident.

The measures are continuously monitored and updated in accordance with regulatory and technological developments.

8. Data Retention.

Personal data will be kept for as long as necessary to achieve the purposes for which it was collected, according to the following timelines:

                  - Data for service purposes: up to 10 years after collection.

                  - Data for marketing purposes: up to 2 years after collection or until consent is revoked.

At the end of these periods, the data will be deleted or anonymized.

9. Access to personal data

Personal data can be accessed by:

                  - Authorized employees of the Owner for administrative and operational purposes.

                  - Providers of technical services (hosting, IT) as data controllers.

                  - Competent authorities, upon request, in accordance with the law.

10. Communication and transfer of data

Personal data will not be transferred to countries outside the European Economic Area (EEA). Where necessary, we will ensure that appropriate measures are taken to ensure that the transfer complies with the GDPR.

11. Rights of data subjects

Users can exercise the following rights:

                  - Access your personal data.

                  - Request correction of inaccurate data.

                  - Request deletion of data (right to be forgotten).

                  - Oppose data processing for legitimate reasons.

                  - Request restriction of processing.

                  - Obtain data portability to another data controller.

You can exercise your rights by contacting the Controller at info@k-point. Users may also file a complaint with the Data Protection Authority.

12. Updates to the Privacy Policy

K-point reserves the right to change this Privacy Policy periodically in accordance with regulatory or operational changes. Any changes will be posted on this page and, if the changes are significant, you will be notified by email or through a notice on the site. We encourage you to review this policy regularly to stay up-to-date on any changes.

13. Contact

For more information about the processing of personal data or to exercise your rights, you can contact K-point by email at [email protected] or write to the registered office at Viale Giulio Cesare 14, 00192 Rome.

[Updated 14.10.2024]