PRIVACY NOTICE FOR WEBSITE USERS

In accordance with current legislation (Art. 13 General Data Protection Regulation, hereinafter also referred to as GDPR), users who access the website are provided with information on the processing of their data.

There are forms on the website that the user can use to send specific requests. For the processing of data carried out through these forms, please refer to the privacy policies that the user can view via the link at the bottom of the individual forms of interest.

WHO IS THE CONTROLLER AND HOW TO CONTACT THEM

The Processing Controller is BKT Europe Srl, represented by its pro tempore legal representative, with registered office in Viale Bianca Maria 25, 20122 Milan, and operating office in Viale della Repubblica 133, 20831 Seregno (MB), VAT number 05404270968. The Company can be contacted at the email address [email protected].

WHAT DATA IS PROCESSED

The data processed is navigation data and the data provided spontaneously by the user.

Browsing data

The IT systems and software procedures responsible for the functioning of this website acquire, during their normal operation, some personal data, the transmission of which is implicit in using the Internet communication protocols.

It is not information collected to be associated with specific data subjects, but by its very nature it could enable identification of users, by its processing and association with data held by third parties.

This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

Cookies and other tracking systems

With regard to cookies, please refer to the information contained in the cookie notice that can be accessed via a link in the footer of the website.

Google Tag Manager

The site uses Google Tag Manager, a service provided by Google Inc.
Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code snippets, collectively known as tags, on the Company’s website. By adding the small code segment of Tag Manager, you can securely and easily deploy analytics and measurement tag configurations.

Google Tag Manager does not set cookies on its own, with one exception: when someone uses their preview and debug mode. Only in this specific case, Google Tag Manager sets first-party cookies, allowing users to observe which tags are activated on each page.
These cookies only affect the user who has activated the preview and debug mode and do not affect regular visitors to the website. Importantly, once the user exits preview mode, these cookies are deleted.
To learn more about the use of Google Tag Manager data, please consult Google’s privacy notice:
https://policies.google.com/privacy?hl=it#whycollect.

Data provided directly by the user

This category includes all the personal data provided voluntarily by the user (so, for example, when information is requested by writing to email addresses given on the website).

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?

Navigation data

The navigation data is used to collect statistical information on the use of the website, for security purposes and to check the correct functioning of the website and could be used to ascertain liability in the case of any IT crimes to the harm of the website.

The legal basis of the processing of such data is the legitimate interest and, in the case of requests from the Authorities, the legal obligation.

Cookies and other tracking systems

With regard to cookies, please refer to the information contained in the cookie notice that can be accessed via a link in the footer of the website.

Google Tag Manager

Google Tag Manager allows the quick and easy updating of measurement codes and related code snippets, collectively known as tags, on the Company’s website. By adding the small code segment of Tag Manager, you can securely and easily deploy analytics and measurement tag configurations.
The legal basis for this processing is the legitimate interest of the data controller to optimize the management of the marketing tools it uses on the site itself.
The use of this tool is in any case subject to contractual obligations between the Data Controller and Google.

Data provided directly by the user

The personal data provided voluntarily by the user while contacting the Controller is used only to follow up any requests that are made..

The legal basis for the processing of such data is therefore the execution of pre-contractual measures and the obligations arising from the contract or the legitimate interest of the data controller to respond to the data subject’s request.

Should it be necessary, the data can also be used given the Controller’s legitimate interest in undertaking defensive initiatives or enforcing or defending a right in the courts.

HOW IS THE DATA MANAGED?

The data collected is processed with IT tools. Adequate security measures are adopted to prevent the loss of data, illegal or incorrect use and unauthorized access.

Transfer of data abroad

The Tag Manager service and the email service transfer data outside the European Union, transferring it to the USA with appropriate safeguards: in particular, the transfer takes place in the presence of an adequacy decision of the EU Commission (Data Privacy Framework).
For the email service, the data will also be transferred to non-EU countries (India), in the absence of adequacy decisions by the EU Commission, but the transfer will be assisted by adequate safeguards; in particular, the Standard Contractual Clauses will be used.

Storage period

The browsing data is stored for no longer than 7 days before being deleted, unless needed for criminal investigations by the judicial authority.

Data conferred directly by the user is retained for the time strictly necessary to follow up the requests and is then cancelled, without prejudice to any defensive needs (which could make longer retention necessary).

WHAT HAPPENS IF THE DATA IS NOT PROVIDED?

Except for navigation data which is necessary to implement IT and online protocols, the conferment of data by users through the various means made available is free and optional.

However, failure to confer the data will make it impossible to proceed with the requests forwarded or which the user intends to forward.

WHO CAN SEE THE DATA?

The data will be processed by employees of the Controller who are authorised to process it.
The data may be seen by the competent Authorities in the case of specific requests which the controller is legally required to implement, by the Parent company for the email service, by consultants or companies which provide IT supplies and assistance for the activities undertaken on behalf of the controller and by consultants for managing disputes and for legal assistance should there be disputes which make their involvement necessary.
It is noted that some of the indicated subjects operate as processing supervisors and that communication to people who operate as autonomous controllers is undertaken because it is prescribed by legal obligations or needed to fulfil the obligations arising from the contractual relationship or the controller’s legitimate interest which consists of maintaining the security of IT systems with maintenance work by qualified staff and in undertaking defensive action through legal consultants.
The data subject may request a detailed list of the recipients of the data from the Data Controller, to the extent that it is possible to specifically identify them.
Communication is in any case limited to the sole categories of data the transmission of which is necessary to undertake the activities and purposes being pursued.

WHAT ARE THE DATA SUBJECT’S RIGHTS?

The law recognizes for the data subject the right to ask the Processing controller for access to the personal data and its rectification or cancellation or limitation of the processing regarding them or to object to its processing, as well as the right to data portability.

The data subject may assert their rights at any time, without formalities, by contacting the Controller through the email [email protected].

Here below is a breakdown of the rights recognized by the law in force on the protection of personal data.

• The right of access, i.e. the right to obtain from the processing controller the confirmation that data processing is or is not taking place which regards them and, if so, to obtain access to personal data and to the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or the categories of recipients to whom the personal data has been or will be communicated, in particular if recipients in other countries or international organizations; d) when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period; e) the existence of the data subject’s right to ask the Processing controller to rectify or cancel personal data or to limit the processing of the personal data regarding them or to oppose its processing; f) the right to lodge a complaint to a supervisory authority; g) should the data not be collected from the data subject, all the information available on its origin; h) the existence of an automatic decision-making process, including profiling and, at least in these cases, significant information on the approach used, as well as the importance and consequences envisaged of this processing for the data subject. Should the personal data be transferred to another country or international organization, the data subject then has the right to be informed of the existence of adequate guarantees relating to its transfer.
• The right of rectification, i.e. the right to obtain from the processing controller the rectification of inexact personal data regarding them without unjustified delay. Taking account of the purposes of processing, the data subject has the right to integrate incomplete personal data, also by providing an additional statement.
• The right of cancellation, i.e. the right to obtain from the processing controller the cancellation of inexact personal data regarding them without unjustified delay if: a) the personal data is no longer necessary in regard to the purposes for which it was collected or otherwise processed; b) the data subject withdraws their agreement on which the processing is based and if there is no other legal basis for the processing; c) the data subject opposes the processing undertaken because necessary to carry out a public service or connected to the exercise of public powers with which the Controller is invested or to pursue a legitimate interest and there is no prevailing legitimate reason to proceed with the processing, or opposes the processing for direct marketing purposes; d) the personal data was illegally processed; e) the personal data must be cancelled to fulfil a legal obligation envisaged by the law of the European Union or of the Member state to which the Processing controller is subject; f) the personal data was collected in relation to the company’s offer of services for information to minors. The request for cancellation cannot, however, be accepted if the processing is necessary: a) to exercise the right to freedom of expression and information; b) to fulfil a legal obligation which requires processing as envisaged by the law of the European Union or of the Member state to which the Data Controller is subject or to execute a task undertaken in the public interest or in the exercise of public powers with which the Data Controller is invested; c) for reasons of public interest in the public health sector; d) for the purposes of archiving in the public interest, scientific or historic research or statistical purposes, to the extent to which cancellation risks making impossible or seriously compromising achieving the goals of such processing; or e) for verifying, exercising or defending a right in the courts.
• The right of limitation, i.e. the right to obtain that data is processed, except for its conservation, only with the agreement of the data subject or to verify, exercise or defend a right before the courts or to protect the rights of another natural person or corporation or for reasons of relevant public interest of the European Union or of a member State if: a) the data subject challenges the preciseness of the personal data, for the period necessary for the Data Controller to verify the exactness of this personal data; b) the processing is illegal and the data subject opposes the cancellation of the personal data and instead asks that its use is limited; c) although the Data Controller no longer needs it for processing purposes, the personal data is necessary for verifying, exercising or defending a right in the courts; d) the data subject has opposed the processing undertaken because necessary to carry out a public service or connected to the exercise of public powers with which the Controller is invested or to pursue a legitimate interest of the Data Controller or of third parties, pending verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the data subject.
• The right to portability, i.e. the right to receive the personal data regarding them provided to the Controller in a structured form, for shared use which can be read by an automatic device and has the right to transmit this data to another controller without impediment by the Controller to whom they have provided the data, as well as the right to obtain direct transmission of the personal data from one controller to another, if technically feasible, should the processing be based on agreement or on a contract and the processing is carried out with automated means. This right will not affect the right to cancellation.

Please note the il right to object, in particular, i.e., the right of the data subject to object at any time, on grounds relating to their particular situation, to the processing of their personal data as required for the performance of a task carried out in the public interest or in connection with the exercise of the official authority vested in the controller or for the furtherance of the legitimate interests of the Data Controller or of a third party. Should the personal data be processed for direct marketing purposes, the data subject has the right to oppose at any time the processing of the personal data regarding them undertaken for these purposes, including profiling to the extent this is connected to such direct marketing.

On the basis of the provisions of art. 22 of the GDPR, the data subject then has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision a) is necessary for the conclusion or performance of a contract between the data subject and a processing controller; b) is authorised by the law of the Union or of the Member State to which the controller is subject, who also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; c) is based on the explicit consent of the data subject.

The data subject is then informed that if they believe that the processing of their personal data is violating the provisions of the GDPR, they have the right to file a complaint with a Supervisory Authority (Art. 77 of the Regulation) or to take appropriate legal action (Art. 79 of the Regulation).

This privacy policy was last updated on 20 February 2026