Data processing Information

(Drafted pursuant to art. 13 EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016) The data controller is SC KIROS DIET SRL, with registered office in Bucharest, registered at the Trade Register under no. J40/2843/2021, fiscal code no. RO30021692 represented by Popa Andreea Teodora, as sole administrator.

Identity of the treatment

The collection and processing of data is carried out by SC KIROS DIET SRL for the activities and services connected to the website.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, where required.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

Cookies

Definitions, characteristics and application of the legislation Cookies are small text files that the sites visited by the user send and record on their computer or mobile device, to then be re-transmitted to the same sites on the next visit. Thanks to cookies, the site remembers the user’s actions and preferences (such as, for example, login data, the chosen language, font size, other display settings, etc.) so that they do not have to be indicated again. when the user returns to visit said site or browse from one page to another. Cookies, therefore, are used to perform computer authentication, session monitoring and storage of information regarding the activities of users who access a site and may also contain a unique identification code that allows you to keep track of the user’s navigation within. of the site itself for statistical or advertising purposes. While browsing a site, the user may also receive cookies from sites or web servers other than the one they are visiting on their computer or mobile device (so-called “third-party” cookies). Some operations could not be performed without the use of cookies, which in some cases are therefore technically necessary for the site to function itself. There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer or mobile device for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; CD. persistent cookies, which remain on the user’s equipment until a set deadline. According to current legislation in Italy, the user’s express consent is not always required for the use of cookies. In particular, “technical cookies”, ie those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user, do not require this consent. In other words, these are cookies that are essential for the operation of the site or necessary to perform activities requested by the user. Among the technical cookies, which do not require express consent for their use, the Italian Guarantor for the protection of personal data (see Prov. Gen. “Identification of simplified procedures for the information and the acquisition of consent for the use of cookies – May 8, 2014 “) also includes: “analytics cookies” when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site, navigation or session cookies (to authenticate), functionality cookies, which allow the user to browse according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided. For “profiling cookies”, vice versa, ie those aimed at creating profiles relating to the user and used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net, a prior consent of the ‘user. – Types of cookies used by the Site The Site uses the following cookies, except for third-party cookies for which the user must refer directly to the relative methods of selection and de-selection of the respective cookies indicated below by means of links: Technical-navigation or session cookies and strictly necessary for the functioning of the Site or to allow the user to take advantage of the contents and services requested by them. Technical-analytics cookies, which allow you to understand how the site is used by users. These cookies do not collect information on the user’s identity, nor any personal data. The information is treated in an aggregate and anonymous form. Technical-functional cookies, i.e. used to activate specific site features and a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided. ATTENTION: by disabling technical and / or functional cookies, the Site may not be available for consultation or some services or certain functions of the Site may not be available or may not work properly and the user may be forced to modify or manually enter some information or preferences every time he visits the site. Third-party cookies, i.e. cookies from websites or web servers other than that of the Data Controller, used for the purposes of these third parties, including profiling cookies. It should be noted that these third parties, listed below with the relative links to the privacy policies, are independent data controllers of the data collected through the cookies they serve; therefore, the user must refer to their personal data processing policies, information and consent forms (selection and de-selection of the respective cookies) indicated below (as specified in the Prov. Gen. Identification of simplified procedures for the information and the acquisition of consent for the use of cookies – May 8, 2014). All this is better highlighted in the privacy policy / Cookie available on the website: www.kirosdiet.com If you wish to receive any information on the processing of your data by the Data Controller, you can contact the undersigned company, the data controller, by simply communicating by letter, fax or email to the address info@kirosdiet.com.

Processing methods

The data will be processed – by the persons in charge of processing – with manual, IT and telematic tools within the scope and for the purposes specified above and, in any case, always respecting the security and confidentiality of the same, also in compliance with the law and the provisions of the Guarantor for the protection of personal data. In particular, it is guaranteed to keep and control the personal data being processed, also in relation to the knowledge acquired on the basis of the technical process, the nature of the data and the specific characteristics of the processing, in order to minimize, by adopting of suitable security measures, the risks of destruction or loss, even accidental, of the data, of unauthorized access to processing or not allowed or not in accordance with the purposes of the collection.

Responsible for data processing

The data processing manager: Dr. Popa Andreea. The designated managers constitute the contact point for interested parties who wish to receive information on the processing of their data and / or for the Supervisory Authority; they can be contacted at the e-mail address: info@kirosdiet.com

Persons in charge of processing

The persons in charge are the physical persons who, under the direct authority of the data owner or of the subjects appointed by him, carry out the processing operations of personal data. The company guarantees that it has nominated in writing its appointees and that it takes care to provide the above-mentioned subjects with detailed written instructions on the methods of processing, in compliance with the provisions of the law. In the event of changes in the attributions of the individual appointees, the latter will be communicated in writing.

Duty of supervision and control

The company guarantees to carry out training activities for its personnel involved in the processing operations, based on their respective duties, diversifying the level of detail and operating instructions based on the types of data processed by the persons in charge during their activity. Therefore, by virtue of this deed, it is guaranteed to supervise the work of its data processors.

Purpose and legal basis of data processing

The data collected and processed will be used exclusively for: COMMERCIAL purposes. The processing of personal data – including any sensitive data (“special categories of data” art. 9 GDPR) and relating to criminal convictions or offenses (“judicial” art. 10GDPR) for which it is necessary your consent to be expressed at the bottom of this information – collected, takes place for the management purposes identified above. All data collected is therefore processed exclusively for obligations related to the activity of the Data Controller, whose legal basis can be found upon acceptance and signing of the casting procedure. In the absence of a written document, the data processing will be carried out with the explicit consent of the interested party and considered as a condition of lawfulness pursuant to and for the purposes of art. 6 of the EU Regulation. The services / products offered by the owner are reserved for subjects legally able, on the basis of the relevant national legislation, to conclude obligations

Nature of the provision of data

The provision of personal data and the consequent processing by the Data Controller, for the aforementioned purposes, are necessary for the establishment, for the continuation and for the correct management of the relationship between the Data Controller and the Data Subject or must be understood as mandatory based on law, regulation or community legislation; any refusal to provide the personal data requested may cause the impossibility, in whole or in part, to perfect and manage the relationship in place or in progress. The provision of personal data and the consequent processing by the Data Controller for the purposes referred to in point 6) is optional and failure to provide it, even partial, will not entail any consequences.

Right of access and data portability

The right concerns the data “provided” by the interested party and is limited only to personal data in a broad sense or it also extends to personal data generated (observed) by the activities of the interested party (eg location data, history of searches, navigation). The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in an intelligible form. On the other hand, the data generated by the owner on the basis of the analysis of the data provided or collected by the interested party (inferred and derived data, eg credit score), nor obviously the data obtained by third parties are not included. The right to data portability does not imply any obligation to keep data beyond the period established by the regulations for the sole purpose of guaranteeing the exercise of portability. The interested party has the right to receive, free of charge, the data in a structured and readable form by a data processor (therefore absolutely not in paper format), in a commonly used format (“structured format, commonly used and readable by an automatic device” ). In compliance with article 20, the interested party has the right to transmit personal data from one owner to another “without obstacles”. The data must be provided “without undue delay and, in any case, at the latest within one month of receiving the request” (Article 12.3 GDPR). Data portability will be guaranteed only in the event that the processing of data is based on consent or contractual necessity, and in any case only if the processing is based on electronic processing (therefore not on paper), in all other cases it does not apply.

Categories of subjects to whom the data may be communicated:

The processing of personal data will be carried out by means of subjects expressly and specifically designated as specifically trained appointees; these subjects will process the data in accordance with the instructions received from the Data Controller, according to operational profiles assigned to them in relation to the functions performed. The data may also be processed by third parties (outsourcers), which are used for the provision of services related to the purposes pursued, which our organization evaluates from time to time, to ensure greater protection, if to appoint as external managers of the treatments from these places in place. In all cases, these subjects will process the data in accordance with the instructions received from the Data Controller, according to operational profiles attributed to them in relation to the functions performed, limited to what is necessary and instrumental for the execution of specific operations within the requested services and exclusively for the achievement of the purposes indicated in this information. The data will not be subject to disclosure.

Data retention period

The data collected will be kept for a period of time not exceeding that necessary for the purposes for which they were collected, to fulfill contractual or pre-contractual, legal and / or regulatory obligations (without prejudice to the statutory and statutory limitations, in the respect for rights and in compliance with consequent obligations). In particular, the criteria used to determine the retention period are established by specific laws governing the activity of the Data Controller the processing or specific provisions of the Guarantor for the protection of personal data that have regulated the processing activity and the purposes pursued by the Data Controller; finally, it is specified that your personal data may also be kept up to the time permitted by Italian law. Modification and withdrawal of consent to data processing The interested party has the right to: obtain the cancellation or transformation into anonymous form or the blocking of data processed in violation of the law; obtain the updating, correction and integration of data; obtain certification that these operations have been brought to the attention of those to whom the data are communicated; oppose for legitimate reasons the processing of data or any automated decision-making process (including profiling); obtain the limitation of the processing or the portability to another holder. To this end, it will be necessary to send the request, through specific communication by e-mail addressed to info@kirosdiet.com (specifying “Privacy” in the subject).

Minors

In communicating personal data, it must be ensured that you are at least 16 years old, pursuant to art. 8. On this point, it should be noted that the aforementioned article does not refer to any online data processing, nor any information society service to which minors can access. The rule applies only to services subject to direct offer, and in the context of which the data processing is legitimate only if based on the informed consent of the interested party.

Complaint to the Authorities

If the interested party identifies possible violations in the processing of data, he has the right to lodge a complaint with the competent authorities.

Consent

Having read the information, I consent to the processing of my personal data for the achievement of the aforementioned purposes. For informed consent, please read the additional note attached to the site.