Privacy Policy

Date of last update: 09/10/2023

The purpose of this document is to inform users, also pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR") regarding the processing of personal data collected and/or conferred by them through the website www.kitra-advisory.com (the "Site").

The user's personal data will be processed in accordance with applicable privacy and data protection regulations and provisions. Therefore, before submitting your personal data and using the Site, you are encouraged to read this Privacy Policy carefully.

1. Data controller

The Data Controller is Kitra Advisory S.p.A., with registered office in Corso Europa 16 - 20122 Milan (MI), P. IVA 12868850962 ("Kitra"). Users may contact Kitra at any time by emailing amministrazione@kitra-advisory.com.

2. Purpose and legal basis for processing

Navigation on the Site is free.

Kitra may use and/or collect your personal data for the purposes and according to the legal bases below. However, you can always ask Kitra to clarify the legal basis of each processing by writing to amministrazione@kitra-advisory.com.

A. Processing necessary for the provision of services rendered through the Site or for the adoption of pre-contractual measures at the request of the user

From the moment the user accesses the Site, on the basis of contractual obligations related to the services offered/performed through it, as well as to take any pre-contractual measures, Kitra will process the user's personal data for:

  • Allow the user to navigate and use the services on the Site;

  • Allow the user to send inquiries about Kitra's services;

  • Handle user applications for job positions at Kitra, submitted through the Site, according to the additional specific information provided in this regard.

B. Compliance with legal or regulatory obligations

Based on the obligations, statutory and/or regulatory, to which Kitra is subject, your personal data may be processed for:

  • To fulfill legal obligations or, upon request, any orders of the competent authorities;

  • To inform or respond to any requests from the competent Authorities for the establishment of liability in case of damage to the Site, as well as for the prevention of crimes;

  • Fulfill accounting, tax and administrative obligations possibly related to the sale of services offered through the Site.

C. Pursuit of the legitimate interest of the Owner

Based on Kitra's legitimate interest, coinciding with the need to improve and protect the Site, your personal data may be processed for:

  • Prevent fraud of any kind from being committed through the Site;

  • enable Kitra to ascertain, exercise or defend a right of its own in pre-litigation or judicial proceedings;

  • Improve the services offered and/or delivered through the Site.

 

3. Categories of data subject to processing

When you use the Site, Kitra may request and/or have access to the following categories of personal data.

  • Identification and contact data: including first name, last name, address, place and date of birth, e-mail, PEC, telephone number, etc. In case the user acts representing the interests of his/her company or for professional purposes, data related to his/her work activity and his/her company/professional contact data may also be processed. If, on the other hand, the user is interested in cooperating with Kitra, information about his or her professional experience may also be processed, where spontaneously disclosed.

  • Technical and navigation data: the computer systems and software procedures used to operate the Site may acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols (this category includes, for example, IP addresses, domain names used by users browsing the Site, addresses in URI/URL notation, pages visited, actions taken, resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained, etc;

  • Personal data collected through cookies or similar technologies: the Site uses cookies, web beacons, unique identifiers and other similar technologies to collect personal data through the pages, links visited and other actions performed by the User through the Site. For more information, please refer to the Cookie Policy accessible by clicking here https://www.iubenda.com/privacy-policy/87730574/legal?an=no&s_ck=false&newmarkup=yes.

4. Compulsoriness of the user's provision of personal data

Users are not obliged to provide their personal data. However, their non-, partial or inaccurate conferment may not allow him/her to complete the registration process, purchase services and/or products or access specific services made available through the Site.

Withdrawal or failure to provide consent for direct marketing purposes, does not entail any consequences for the user, although, in this case, the user will not be able to receive communications and updates regarding the activities, products and services offered by Kitra.

5. Disclosure of data

Kitra may disclose users' personal data to the following categories of parties:

  • providers of the services accessible through the Site (e.g., outside recruitment agencies, etc.);

  • Providers who provide, on behalf of Kitra, maintenance and support services for the Site;

  • freelancers, firms or professional associations appointed to defend and/or protect Kitra's interests, including in pre-litigation proceedings or in proceedings of any kind;

  • Public Security Authorities, Judicial Authorities, subjects or Entities to which it is obligatory to communicate users' personal data by virtue of legal provisions or orders of the competent Authorities.

The data subject to communication will concern only the data necessary to achieve the purposes for which the same were conferred or collected. The user may request an updated list of said subjects by writing to amministrazione@kitra-advisory.com.

6. Transfer of data abroad

Within the European Union, Kitra may transfer data collected through the Site in order to comply with legal, regulatory or European law obligations. Personal data processed by Kitra is stored at its hosting service provider "Aruba", whose servers are located in Italy.

Kitra does not transfer data processed through the Site to countries outside the European Union.

7. Period of retention of personal data

Your personal data will be kept for the period of time necessary to fulfill the purposes for which they were collected, provided or subsequently processed, as well as in compliance with applicable legal and regulatory obligations. In particular:

  • in the event of the user's exercise of the right to erasure, the data may be retained, in a protected form and with limited access (where this is necessary for the purposes of investigating and prosecuting crimes) for a period not exceeding 12 months from the date of the request, after which it will be erased or anonymized, unless there is no other legal basis for processing;

At the end of the retention period, the user's personal data will be irreversibly erased and/or anonymized within 30 days, subject to Kitra's need to protect its rights in the appropriate forums (which may require further retention of the user's personal data).

8. Rights of users

At any time, users may seek clarification or exercise their rights under Articles 15 et seq. of the GDPR. In particular, the user will have the right to:

  1. revoke consent at any time, without prejudice, however, to the lawfulness of the processing performed prior to said revocation;

  2. Object to the processing of their personal data;

  3. accessing their personal data, asking Kitra to confirm and indicate the processing performed, as well as requesting copies of the personal data held by Kitra via e-mail;

  4. verify and request rectification of one's personal data in the event that those in Kitra's possession are incorrect (e.g., because they are different from those provided when registering with the Site) or are incomplete;

  5. Obtain the limitation of processing when the cases provided for by law occur;

  6. Obtain, in whole or in part, the deletion of their personal data;

  7. request the portability of your personal data, so that you can obtain - in a structured, commonly used, machine-readable format - the data held by Kitra or request that it be transmitted to another data controller;

  8. without prejudice to any other administrative or jurisdictional recourse, to lodge a complaint with the Guarantor Authority for the Protection of Personal Data in the event that the user believes that the processing carried out by Kitra is in conflict with or violates the current legislation on the protection of personal data. For more information, the user is invited to visit www.garanteprivacy.it.

To exercise their rights, users may address their requests to the contacts listed in Article 1 above and/or to the address at amministrazione@kitra-advisory.com.

9. Other websites

The Site may contain links to third party services, sites, applications and/or platforms through special links or other means of connection (e.g. APIs) made available through it. However, access to and consultation of such sites, services, applications or platforms remain outside the scope of the activities, controls and/or security measures taken by Kitra to protect users' personal data. In such cases, Kitra assumes no responsibility in relation to the data processing performed by operators of other sites and/or applications. To this end, users are invited to carefully read the terms of use and privacy policies prepared by the aforementioned entities in order to understand how they process users' personal data.

10. Updates

Kitra may amend this Privacy Policy should this become necessary in connection with any changes relating to the services/products made available on the Site, as well as to enable Kitra to comply with any changes in the legislation on the protection of personal data or in the event of any directions from the relevant Authorities. To this end, users are invited to periodically consult this page to stay informed about the processing carried out by Kitra.

Any new version of the Privacy Policy will be posted on the Site and will be communicated to users by email or in the manner Kitra deems appropriate. In the event that the user does not wish to accept said changes, he/she may exercise one of the rights mentioned in Article 8 above within the period of 30 days from the aforementioned communication, otherwise the new Privacy Policy will be considered accepted and, therefore, valid and binding.