Privacy Page

Privacy Policy of KIRA Coffee 1. Data Controller DASC S.r.l. (P.VAT 03150270613), with registered office in Piazza Matteotti 7, 80133 (NA), Italy, is the data controller of user/visitor data collected through the Site (“Holder” o “KIRA Coffee”). Owner's e-mail address: shop@kiracaffe.com The personal data of users/visitors that the Owner collects through the Site include: - Personal data (name, surname, company name, date of birth, tax code, VAT number ); - Your contact details (email address, telephone number, physical shipping address and billing address); e - Any responses from users/visitors to the questions provided and feedback requested by the Site through forms and online surveys (hereinafter, "Personal data”). The Personal Data listed above are collected by the Site at the moment: - of the first log-in of the user already registered on the Site when it was managed by the previous owner, MFS Web S.r.l. (“User”); - registration on the Site, for users who register now for the first time on the Site ("User”); or - the purchase of one or more of the products offered for sale through the Site, for users not registered on the Site ("Guest”). Unless otherwise specified within the Site, all Personal Data requested are to be considered mandatory. It is therefore understood that failure to provide Personal Data marked as mandatory prevents registration on the Site or use of the services offered therein; failure to provide Personal Data that may be marked as optional does not prevent registration on the Site or use of the services offered therein, but could in any case make their use less immediate and user friendly. The User/Guest assumes responsibility for the Personal Data of third parties that he has published or shared through this Site and guarantees that he has the right to communicate or disseminate them, and that he has disclosed this Privacy Policy to said third parties, freeing the Owner from any liability to such third parties. 3. Purposes and legal bases of the processing of Personal Data Purpose of the processing The Personal Data of Users/Guests will be processed by the Data Controller according to principles of necessity, data minimization, lawfulness, correctness, proportionality and transparency for the following purposes: (a) to provide the Site , allow access and registration to the Site, as well as the use of the services offered through the Site, or the purchase of products online and order management and any other service that may be offered in the future through the Site of which the User /Guest requests the performance, as well as to improve the Site and the services offered therein; (b) ensure the User/Guest the assistance service (by filling in the appropriate form provided on the Site or by contacting the Owner directly) during registration on the Site and/or use of the Site and the services offered therein, and also to resolve any reports of malfunctions and/or disputes; (c) fulfill legal obligations, respond to requests from the competent Authorities, protect one's rights and interests, identify any malicious or fraudulent activity; (d) provide the User/Guest, via the e-mail address indicated when registering on the Site or making a purchase through the Site, commercial information and newsletters relating to products and services similar to those already purchased/requested by the User /guests; (e) send advertising material to the User and carry out promotional, marketing and/or direct sales activities for products and/or services sold and/or supplied by the Owner; (f) to send the User commercial and promotional communications relating to products and/or services of selected third parties (i.e. companies of the Group to which the Owner belongs, parent companies, subsidiaries and/or associates, companies affiliated with the Owner and partners third parties), with whom the Data Controller maintains legal relationships (without in this case there being communication of Personal Data to third parties); (g) carry out profiling activities in relation to the User of the Site, i.e. evaluate his preferences, consumption habits and tastes, also by means of an invitation to participate in market research, for the subsequent sending of profiled marketing communications. Legal basis of processing The aforementioned purposes of processing (see section "Purpose of processing", letters from (a) to (g)) are processed by the Data Controller on the following legal bases: (a) execution of the contract with the User/Guest and legitimate interest of the Data Controller; (b) execution of the contract or pre-contractual measures at the request of the User/Guest and legitimate interest of the Owner (c) fulfillment of a legal obligation to which the Owner is subject and/or legitimate interest of the Owner; (d) legitimate interest of the Owner, unless opposed by the User/Guest; (e) express consent of the User; (f) express consent of the User; and (g) your express consent. With reference to the purpose referred to in point (d) above, the User/Guest may oppose the receipt of such communications at any time by clicking on the link at the bottom of the relative e-mail or by contacting the Owner at the e-mail address indicated to art. 1 above. The contact methods aimed at direct marketing activities, on behalf of third parties and profiling as in points (e), (f) and (g) above, may be either automated (via e-mail, text messages, push notifications , other mass messaging tools, etc.) and of the traditional type (telephone calls with an operator and postal items). In any case, the User may revoke his consent, even partially, for example by consenting only to traditional contact methods. If the User allows the profiling indicated in point (g) above, it will presuppose an automated activity in order to place the User in a category of subjects with homogeneous characteristics (in terms of purchase preferences, product of interest and shopping areas) on the basis of your previous shopping experiences, the market analyzes in which you may have participated, your demographic class and your activities on the Site. Third Party Websites and Applications The User is reminded that the Site may incorporate or otherwise interact with third party applications and websites ("Third Party Websites and Applications”), to make some of the ancillary services offered through the Site available to Users/Guests. Third Party Websites and Applications are governed by their own terms and conditions of use and privacy policies. The use by Users/Guests of Third Party Websites and Applications will therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which reference is made. 4. Processing methods; Recipients of Personal Data; Place and period of retention of Personal Data Processing methods The Data Controller adopts the appropriate security measures pursuant to art. 32 GDPR, aimed at preventing unauthorized access, disclosure, modification or destruction of the Personal Data of Users/Guests. The treatment is carried out on paper and/or using IT and/or telematic tools, with organizational methods and with logics strictly related to the purposes indicated in art. 3 above. Recipients of Personal Data The processing of Personal Data of Users/Guests will be entrusted, in the individual operations, to the employees and/or collaborators of the Data Controller (administrative, commercial, marketing, legal, system administrators), duly authorized and appointed. Any third parties delegated by the Data Controller to process the Personal Data of Users/Guests (e.g. suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies), will be appointed Data Processors pursuant to art. 28 GDPR. The updated list of Data Processors can always be requested from the Data Controller, by contacting him at the e-mail address indicated in article 1 above. The Personal Data of Users/Guests will not be disseminated or transferred outside the European Union. Place and period of retention of Personal Data The Personal Data of Users/Guests will be stored on the Data Controller's servers, all located in the EU. That said, Users/Guests are reminded that the Site may incorporate or in any case interact with Third Party Websites and Applications, in order to make the ancillary services offered through the Site available. Third Party Websites and Applications are governed by their own terms and conditions of use and privacy policies. The use by Users/Guests of Third Party Sites and Applications will therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which reference is made. The Personal Data of Users/Guests are processed by the Data Controller and kept for the time necessary for the purposes indicated in art. 3 above. In particular: - for the purposes referred to in points (a), (d), (e), (f) and (g) of the art. 3 above, the Users' Personal Data will be kept by the Data Controller (but not used as regards the purposes (d), (e), (f) and (g) in the event of opposition, or in the absence or subsequent withdrawal of consent ) until the User cancels his account. However, it is understood that the Data Controller may keep the Personal Data of Users to defend their rights in relation to disputes existing at the time of the request or on indication of the public authorities. The User can cancel his account or by sending an express request for cancellation of Personal Data to the Owner (see art. 1 above); - for the purpose referred to in point (a) of the art. 3 above, the Personal Data of the Guests will be kept until the execution of the contract or pre-contractual measure in place is completed. For the purpose referred to in point (d) of the art. 3 above, the Personal Data of the Guests will be kept, except in the case of opposition, as long as the legitimate interest of the Data Controller persists. The Personal Data of the Guests will not be processed - and therefore stored - for the purposes referred to in points (e), (f) and (g) of the art. 3 above; - for the purposes referred to in point (b) of the art. 3 above, the Personal Data of the Users/Guests will be kept for the time strictly necessary to resolve the request for assistance, report and/or dispute and provide the Users/Guests with feedback. Even in this case, however, it is understood that the Data Controller may keep the Personal Data, within the limits of the law, to defend their rights in relation to existing disputes or on indication of the public authorities; and - for the purpose referred to in point (c) of the art. 3 above, the Personal Data of Users/Guests will be kept by the Data Controller as long as the need for processing persists to fulfill said legal obligations. At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to the portability of Personal Data can no longer be exercised. 5. Rights of the User/Guest Users/Guests can exercise certain rights with reference to the Personal Data processed by the Owner. In particular, the User/Guest has the right to: - obtain information in relation to the purposes for which his Personal Data are processed, the period of processing and the subjects to whom the Personal Data are communicated (so-called right of access); - obtain the rectification or integration of inaccurate Personal Data concerning him (so-called right of rectification); - obtain the cancellation of Personal Data concerning him in the following cases (a) the Personal Data is no longer necessary for the purposes for which it was collected; (b) has withdrawn his consent to the processing of Personal Data if they are processed on the basis of his consent; (c) has opposed the processing of Personal Data concerning him in the event that they are processed for a legitimate interest of the Data Controller; or (d) the processing of your Personal Data does not comply with the law (so-called right of cancellation). However, we inform the User/Guest that the retention of his Personal Data by the Owner is lawful if it is necessary to allow him to fulfill a legal obligation or to ascertain, exercise or defend a right in court; - obtain that the Personal Data concerning him is only kept without any other use being made of them in the event that (a) he contests the accuracy of his Personal Data, for the period necessary to allow us to verify the accuracy of such Personal data; (b) the processing is unlawful but you still oppose the cancellation of your Personal Data by the Data Controller; (c) the Personal Data is necessary for him to ascertain, exercise or defend a right in court; (d) has opposed the processing and is awaiting verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party (so-called right of limitation); - receive the Personal Data concerning him in a commonly used format, readable by an automatic and interoperable device (so-called portability right). - obtain the cessation of processing in cases where your Data is processed for the purpose of commercial communications/newsletters relating to products or services identical to those already purchased/provided by the Data Controller (so-called right of opposition); and - withdraw your consent to the processing of Personal Data at any time, without prejudice to the lawfulness of the processing based on the consent before the withdrawal. How to exercise the rights To exercise the rights listed above, Users/Guests can send a request to the contact details of the Owner indicated in article 1 above. Requests are filed free of charge and processed by the Data Controller as soon as possible. Finally, we remind you that the User/Guest has the right to contact the Guarantor for the protection of personal data, based in Piazza di Monte Citorio, 121 - 00186 Rome (RM), to assert his rights in relation to the processing of his Personal Data by the Owner. 6. Cookie Policy This website uses cookies and other tracking tools. To find out more, the User/Guest can consult our Cookie Policy. 7. Changes to this Privacy Policy Without prejudice to the fact that the Data Controller in any case does not proceed with processing operations other than those expressly authorized and/or requested by the Users/Guests, this Privacy Policy may be subject to changes to comply with new legal provisions , to the changed Personal Data processing policies by the Data Controller and/or following the modification of the characteristics of the Site and/or the services offered therein. Each updated version of this Privacy Policy will be made available on the Site in the dedicated section: the Owner therefore invites Users/Guests to periodically consult the Privacy Policy published on the Site to always be informed of the latest published version.

Cookie Policy This Website uses Cookies and other tracking tools. To find out more, the User/Guest can consult our Cookie Policy.