Premise

The companies belonging to the Kiwa Group, namely Kiwa Cermet Italia Spa, Kiwa Cermet Idea Srl, Kiwa UNAVIAcert Srl, Kiwa Italia Holding Srl, Kiwa Creiven Srl and Kiwa Moroni Srl (hereinafter also conventionally referred to only as “Kiwa” or the “Kiwa Group Companies” or the “Data Controllers”) consider the protection of the privacy of Users of their Websites as a fundamental value. Through this Privacy Policy, updated to conform with the regulatory provisions introduced by Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) Kiwa will illustrate what types of personal data it collects when Users browse its Websites, how the data processing takes place, what rights the Data Subjects can exercise and any other useful information referred to in Articles 13 and 14 of the GDPR.

Who we are (Data Controller)

The processing of data collected from Users of Kiwa’s Websites shall take place under the ownership regime between the following companies, all of which are part of the Kiwa Group:

• Kiwa Cermet Italia Spa (VAT no. 00627711203), with registered office in Via Cadriano 23, 40057 - Granarolo dell'Emilia (BO), Italy;

• Kiwa Cermet Idea Srl (VAT no. 03358231201), with registered office in Via Ferrarese 156, 40128 - Bologna (BO), Italy;

• Kiwa UNAVIAcert Srl (VAT no. 06882941005), with registered office in Via Cadriano 23, 40057 - Granarolo dell'Emilia (BO), Italy;

• Kiwa Italia Holding Srl (VAT no. 08335970961), with registered office in Viale Venezia 45, 31020 - San Vendemiano (TV), Italy;

• Kiwa Moroni Srl, (VAT no. 02525190423), with registered office in Via del commercio 14, 60021 - Camerano (AN), Italy;

• Kiwa Creiven Srl, (VAT no. 02599780281) with registered office in Corso Spagna, 12, 35127 - Padova (PD), Italy.

For certain services (including, for example, IT, website management, marketing, etc.) carried out by Kiwa Cermet Italia Spa on behalf of the other Kiwa Group Companies, the specific appointment as Data Processor has been conferred to the same, pursuant to and for the effects of Article 28 of the GDPR.

The Kiwa Cermet Italia Spa, Kiwa Cermet Idea Srl and Kiwa UNAVIAcert Srl companies have also identified and appointed a common DPO (Data Protection Officer) who can be contacted at one of the following addresses:

Mi.Zar S.r.l. (Tax Code / VAT no. 03592090264) with registered office in Via Zompini 24 - 31056 Roncade (TV), Italy, (Tel) +39 0422.841469 - Email dpo.italy@kiwa.com

Which personal data do we collect (Type of data processed)

a) Browsing data

IT systems and software procedures responsible for the functioning of Kiwa’s Websites acquire, as part of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols (Internet domain and IP protocol, type of browser and operating system of the computer used, date, time and length of stay on the website, pages viewed, possible search engine from which the User accessed the website). This data, although not collected in order to be associated with identified users, could make it possible to identify the site users if processed and associated with data held by third parties. This category includes “IP addresses” or the domain names of computers used by Users connecting to the Kiwa Group Companies Websites, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to support the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s IT environment. This data is used in order to obtain anonymous statistical data concerning the use of the website and to check its correct operation and is deleted immediately after the relative processing.

The automatically collected data may be used by Kiwa to ascertain responsibility in case of hypothetical computer crimes against the website, as well as for statistical purposes and to improve the navigation and content of the website.

For any information regarding the cookies used by Kiwa on its Websites, please consult the Cookie Policy available at the following link: https://www.kiwa.com/it/it/cookie-policy/

b) Data voluntarily provided through the various contact channels

Through their Websites, Kiwa Group Companies collect the personal data necessary for the provision of their services. The type of data collected varies according to the nature of the service provided to the User or, in any case, requested by the same (e.g. to participate in our webinars (https://www.kiwa.com/it/it/media/webinar/archivio/), to download materials and subscribe to our mailing list or to use the “Work with us” functionality available at https://www.kiwa.com/it/it/contatti/lavora-con-noi/ or the “Contact us for information” functionality available at https://www.kiwa.com/it/en/contact/). The requested/supplied data concerns, by way of example but not limited to, personal data (first and last name, date and place of birth, place of residence/domicile, tax code or VAT number), contact data (email address, landline or mobile number), Company for which the User carries out his/her professional activities and corporate role he/she holds.

The requested/supplied data may include so-called “special data”, processed by Kiwa only when this is deemed necessary for the provision of the service requested by the User (e.g. belonging to a protected category obtainable from the CV attached by the User in the “Work with us” section).

Why we process Users’ data (Purposes and legal bases of the data processing)

As regards navigation data, the log files and the data contained therein are processed by Kiwa in order to allow Users to use the web services (legal basis referred to in letter B of paragraph 1 of Article 6 of Regulation (EU) 2016/679) and to obtain statistical information on the use of services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.), as well as to verify the correct functioning of the website and to protect our systems, for example by identifying any attacks (legal basis referred to in letter F of paragraph 1 of Article 6 of Regulation (EU) 2016/679).

Data voluntarily provided by the User is processed by Kiwa for the purpose of providing the requested service (therefore, for example, for the purpose of evaluating the User’s spontaneous job application, to answer to the User’s request for information, to allow the User to take part in webinars, to send the User newsletters and/or commercial communications).

Where the legal basis legitimising the processing of the User’s personal data is not provided for by Article 6, paragraph 1 letter b of the GDPR (execution of a contract of which the Data Subject is a party or of pre-contractual measures adopted at the request of the same), personal data shall instead be processed only after obtaining the consent freely expressed by the User (Article 6, paragraph 1 letter a of the GDPR). This consent may, in this case, be revoked at any time without affecting the lawfulness of the processing based on consent before its withdrawal or for the purpose of fulfilling an obligation set out by law (Article 6, paragraph 1 letter c of the GDPR).

With particular reference to the User’s subscription to the Kiwa newsletter service and/or the sending of informative-advertising materials, this activity shall consist of the periodic sending of commercial/marketing data relating to the services offered by Kiwa, through any electronic or paper means of communication available, including via email. In cases where the Data Subject no longer wishes to receive such communications of an advertising nature, his/her right to “opt-out” shall always apply, which the latter can express through the “unsubscribe/disiscriviti” option found at the bottom of all emails of an advertising nature or, alternatively by contacting Kiwa at privacy.italy@kiwa.com. It being understood, however, that any revocation of consent on the part of the Data Subject, while being considered fully valid, shall not produce any retroactive effect.

Why is the provision of data mandatory and possible consequences of the failure to communicate the data

The provision of personal data is mandatory in order to allow Kiwa to provide the services requested by the User. Failure to provide such data, as well as partial or incorrect provision of the requested data would therefore result in the impossibility for Kiwa to provide the service desired by the User. However if, in addition to the provision of the service (e.g. participation in a webinar, evaluation of a job application, answer to a request for information by the User, etc.), the data collection is also carried out for the further purpose of marketing/registration to the newsletter, the consent for this purpose, being optional, may be expressly denied by the User (or subsequently revoked), without this in any way affecting the use of the additional services requested by the User and for which the User has provided their personal data.

How and for how long will Users’ data be processed (Methods and Duration of the data processing)

The data shall be collected by Kiwa through the digital compilation of the contact forms available on the Websites of the Kiwa Group Companies, directly by the Data Subject or by third parties such as, for example, the employer, in cases where the worker is registered for a training session organised by Kiwa. The personal data voluntarily provided through the aforementioned contact channels shall then be processed only by personnel – employees or freelance collaborators – expressly authorised, appointed and instructed by Kiwa pursuant to Articles 29 and 32, paragraph 4 of the GDPR.

Kiwa shall keep the Users’ personal data for the duration strictly necessary to allow the requested service to be provided.

Users’ personal data shall be primarily processed using computerised/telematic tools. Moreover, for the processing in question, the use of adequate technical and organisational security measures shall be ensured, pursuant to and for the purposes of Article 32 of EU Regulation 2016/679, appropriate to reduce the risk of destruction, loss, unauthorised access or processing of personal data, not permitted or in any case not compliant with the purposes for which the data was originally collected.

Users’ personal data shall be stored in Kiwa’s data centre and/or cloud, on servers located in the European Union.

In order to safeguard data security, Kiwa makes use of industry-leading suppliers who offer guarantees on the application of the broadest and most stringent IT security measures and on compliance with privacy regulations in force. When the execution of the service involves the processing of personal data falling under Kiwa’s ownership, these subject have been duly appointed as external Data Processors pursuant to Article 28 of the GDPR.

What are your rights with regard to the personal data provided (Rights of the Data Subjects)

In accordance with the provisions of Articles 15 et seq. of Regulation (EU) 2016/679, Kiwa hereby informs the User that he/she may at any time exercise, in their capacity as Data Subject and towards each Data Controller (Kiwa Cermet Italia Spa, Kiwa Cermet Idea Srl, Kiwa UNAVIAcert Srl, Kiwa Italia Holding Srl, Kiwa Moroni Srl and Kiwa Creiven Srl), the following rights:

1. Right of Access, which gives the User access to their personal data and entitles him/her to obtain a copy thereof, or to request information concerning the processing purposes and methods;

2. Right of Rectification, which entitles the User to request the correction of his/her data, where the data is inaccurate, or integration of the data, where the data is incomplete;

3. Right of Deletion, (the so-called “right to be forgotten”) which entitles the User to the deletion of his/her data in the cases provided for by Article 17 of Regulation (EU) 2016/679;

4. Right of Limitation of the Data Processing, which entitles the User to the limitation of the processing of his/her data in the cases provided for by Article 18 of Regulation (EU) 2016/679;

5. Right of Portability, which entitles the User to receive his/her personal data in a structured, commonly used and machine-readable format and, if technically feasible, to transmit such data, under the responsibility of each Data Controller (Kiwa Cermet Italia spa, Kiwa Cermet Idea Srl, Kiwa UNAVIAcert Srl, Kiwa Italia Holding Srl Kiwa, Moroni Srl and Kiwa Creiven Srl), to another Data Controller; Please note that such right is exercisable to the extent that the processing is based on consent or on the execution of a contract, is carried out by automated means and is not prejudicial to the rights and freedoms of third parties;

6. Right to object, which entitles the User to object, at any time, to the processing of his/her data, in accordance with the provisions of Article 21 of Regulation (EU) 2016/679;

7. Right to file a Complaint, which entitles the User to submit a complaint with the Authority for the Protection of Personal Data in accordance with and for the purposes of Article 77 of Regulation (EU) 2016/679.

For the purposes of exercising the rights referred to in Article 15 et seq. of Regulation (EU) 2016/679 or to obtain more information on Kiwa’s Privacy Policy, the User may contact one of the Data Controllers (Kiwa Cermet Italia spa, Kiwa Cermet Idea Srl, Kiwa UNAVIAcert Srl and Kiwa Italia Holding srl, Kiwa Creiven Srl, Kiwa Moroni Srl) by sending an email to privacy.italy@kiwa.com (the email address is shared among the aforementioned Data Controllers). It is hereby specified that, before being able to satisfy any of the rights exercised, it may be necessary to verify the identity of the Data Subject.

Information about this Privacy Policy

This Privacy Policy was last updated on 4 October 2021. The Data Controllers reserve the right to modify or further update this document, publishing such changes on the Kiwa Group Companies Websites or alternatively by sending the appropriate updated Privacy Policy to the Data Subjects concerned.