Users who provide their personal data through the form have the possibility of deciding whether or not to authorize the use of this information for marketing purposes. Data processing for this purpose, if authorized, is carried out by BKT Europe Srl, the processing controller, in accordance with the specifications set out hereafter.

With regard to information on the processing linked to the Company’s social pages and accounts, please refer to the “social network policy” that the data subject can view via the link in the footer of the website.

WHO IS THE CONTROLLER AND HOW TO CONTACT THEM

The Processing controller of data for marketing purposes is BKT Europe Srl, in the person of the pro tempore legal representative, with its registered office in Viale Bianca Maria 25, 20122 Milan and operating office in Viale della Repubblica 133, 20831 Seregno (MB), VAT no. 05404270968. The Company can be contacted through the email [email protected]

WHAT DATA IS PROCESSED

The data processed is identifying and contact data provided by the user by compiling the specific form.
The platform used by the controller to send emails enables, through tracking systems, the detection of information such as the opening of a message, the clicks made on hypertext connections contained in the email, from which IP address or with which type of browser the email is opened, and other similar details.

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?

The personal data provided by the user through the specific form is used for marketing purposes (i.e. to send advertising or direct sale material or to undertake market research or commercial communication of the business and services offered by the controller through traditional means, such as phone contact with an operator, as well as automatic means, such as email, SMS and other types of message, also through direct messages on social networks to which the user’s account refers in the case indicated).
The legal basis for data processing is consent (Art. 6 lit. a GDPR), which can be revoked at any time. The withdrawal of consent does not affect the lawfulness of the processing previously carried out. The user who gives consent will receive a confirmation email.
Any consent given for marketing purposes on the basis of Article 130, paragraphs 1 and 2, of Leg. Decree 196/2003 (Italian Privacy Code), implies the receipt of promotional and commercial communications and materials, not only through automated means of contact, but also through traditional means, such as postal deliveries or operator calls.
The platform used to send emails enables, through tracking systems, the detection of information such as the opening of a message, the clicks made on hypertext connections contained in the email, from which IP address or with which type of browser the email is opened, and other similar details. This information is used by the owner for the sole purpose of deleting inactive users from the contact list; the legal basis, therefore, is represented by the legitimate interest of the data controller to maintain only active contacts (art. 6 lett. f) GDPR). No profiling is carried out, but users can be catalogued to be segmented according to sectors of interest, country and professional role (in a B2B-oriented context), based on the legitimate interest of the data controller to improve, if necessary, communication and the services offered.
Should it be necessary, the data can also be used given a legitimate interest of the controller, which involves verifying the security and correct functioning of the IT systems used and carrying out defensive initiatives.

HOW IS THE DATA MANAGED?

The data collected is processed with IT instruments and only residually with print-based methods. Adequate security measures are adopted to prevent the loss of data, illegal or incorrect use and unauthorized access.

Transferring data abroad

The e-mail box transfers data outside the European Union, transferring them to the USA with adequate guarantees: In particular, the transfer takes place in the presence of an adequacy decision of the EU Commission (Data Privacy Framework).
For the e-mail service, the data will also be transferred to non-EU countries (India), in the absence of adequacy decisions from the EU Commission, but the transfer will be assisted by adequate safeguards; in particular, standard contractual clauses will be used.
Data for the management of marketing campaigns will be transferred abroad (USA) subject to an adequacy decision from the EU Commission; specifically, the Data Privacy Framework complied with by the provider will be applied.

Retention period

The data is kept until any request by the user to oppose its use and in any case for no more than two years from when agreement to the processing is given.
This is done without prejudice to any defensive requirements for which the data can be kept, including beyond the indicated deadlines.

WHAT HAPPENS IF THE DATA IS NOT PROVIDED

Transfer of the data is optional. Otherwise, it will not be possible to use them for the marketing purposes described. It should be noted that the user can decide to provide the data only for the purposes related to sending the request through the form, without authorizing the processing of data for marketing purposes.

WHO CAN SEE THE DATA

The data will be processed by employees of the Controller who are authorized to process it.
The data may be known by the competent authorities in the event of specific requests which the Controller is legally obliged to comply with and by the companies that provide IT supply services, by the parent company for the email service, by advertising agencies, by the supplier used to manage the form and marketing campaigns and by consultants for the management of disputes and for legal assistance in the event of any disputes for which their involvement is necessary.
Please note that some of the indicated subjects act as controllers and others as data processors and that communication to those who operate as independent controllers is carried out since prescribed by legal obligations or is necessary to fulfil the obligations arising from the pre-contractual relationship or the legitimate interest of the controller in maintaining the security of the IT systems and in adopting defensive initiatives through legal consultants.
The data subject may request a detailed list of data recipients from the Data Controller, to the extent to which they can be identified specifically.
Please note that communication of the personal data is limited, in any event, to the data categories the transmission of which is necessary to undertake the activities and purposes being pursued.

WHAT ARE THE DATA SUBJECT’S RIGHTS?

The law recognizes for the data subject the right to ask the Data Controller for access to the personal data and its rectification or cancellation or limitation of the processing regarding them or to object to its processing, as well as the right to data portability.

In particular, it is noted that there is the possibility to object to the processing of data done for marketing purposes.

The data subject may assert their rights at any time, without formalities, by contacting the Controller through the email [email protected]

Details are provided below of the rights recognized by the applicable law on the protection of personal data.

• The right of access, i.e. the right to obtain from the processing controller the confirmation that data processing is or is not taking place which regards them and, if so, to obtain access to personal data and to the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for storing the personal data, or, if not possible, the criteria used to determine such period; e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the Data Subject, any available information as to their source; h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject. Where personal data are transferred to a third country or to an international organization, the Data Subject will have the right to be informed of the appropriate safeguards in place relating to the transfer.
• The right of rectification, i.e. the right to obtain from the processing controller the rectification of inexact personal data regarding them without unjustified delay. Taking account of the purposes of processing, the Data Subject has the right to make any incomplete personal data complete, also by providing an additional statement.
• The right to erasure (right to be forgotten), i.e., the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where: a) the personal data are no longer required for the purposes for which they were collected or otherwise processed; b) the Data Subject withdraws the consent on which the processing is based, and where there is no other legal ground for processing; c) the Data Subject objects to processing and there are no overriding legitimate grounds for processing, or the Data Subject objects to processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; f) the personal data have been collected in relation to the offer of information society services to minors. The request for erasure cannot, however, be accepted if processing is required: a) to exercise the right to freedom of expression and information; b) to fulfill a legal obligation which requires processing as envisaged by the law of the European Union or of the Member State to which the Controller is subject or to execute a task undertaken in the public interest or in the exercise of public powers with which the Controller is invested; c) for reasons of public interest in the public health sector; d) for the purposes of archiving in the public interest, scientific or historic research or statistical purposes, to the extent to which cancellation risks making impossible or seriously compromising the task of achieving the goals of such processing; or e) for verifying, exercising, or defending a right in the courts.
• The right to restriction of processing, i.e., the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the Data Subject, for the period required by the Controller to verify the accuracy of the personal data; b) processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the Controller no longer needs the personal data for the purposes of processing, but they are required by the Data Subject for the establishment, exercise, or defense of legal claims; d) the Data Subject has objected to processing because it is required for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the Controller or for pursuing the legitimate interests of the Controller or a third party, pending verification as to whether the legitimate grounds of the Controller override those of the Data Subject.
• The right to data portability, i.e., the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or a contract, and the processing is carried out by automated means. This right will not affect the right to cancellation.

Please note, in particular, the right to object, i.e., the data subject’s right to object at any time, on grounds relating to their particular situation, to the processing of their personal data as required for the performance of a task carried out in the public interest or in connection with the exercise of the official authority vested in the controller or for the furtherance of the legitimate interests of the Data Controller or of a third party. Should the personal data be processed for direct marketing purposes, the Data Subject has the right to oppose at any time the processing of the personal data regarding them undertaken for these purposes, including profiling, to the extent this is connected to such direct marketing.

Based on the provisions of art. 22 of the GDPR, then, the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision a) is necessary for the conclusion or signing of a contract between the data subject and a processing controller; b) is authorized by Union or Member State law that the processing controller must observe, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; c) is based on the explicit consent of the data subject.

The data subject is then informed that, if they believe that the processing of their personal data is in violation of the provisions of the GDPR, they have the right to lodge a complaint with the Supervisory Authority (Article 77 of the Regulation) or to take legal action (Article 79 of the Regulation).

This privacy policy was last updated on 20 February 2026