Privacy policy

Pursuant to the EU Regulation 679/2016 (General Data Protection Regulation – “GDPR”) the following information is provided on the processing of the personal data of the Users and/or Visitors that have access to and navigate the online Platform published at the URL www.kepown.com (known hereafter as “Kepown” or “the Platform”).

The Data Controller is AD FUTURAM MEMORIAM s.r.l., registered office in Gorizia (GO), 34170, via Silvio Pellico n. 6 (hereafter “AFM”.

• email: [redazione@kepown.com]
• PEC: [*]

Filling in and sending the form uploaded on the Platform will entail the acquisition and processing of the sender’s contact data, which are necessary to provide an answer to the sender; the Platform will also acquire and process all personal data included in the text.

• Purpose of and legal basis for data processing (GDPR Art. 13, paragraph 1, lett. c)

Contact data requested are processed in order to provide an answer to and/or contact the Data Subject.

• Scope of communication (GDPR Art. 13, paragraph 1, lett. e, f)

Data are processed uniquely by persons specifically put in charge of, and authorized and trained in the data processing method.

Data are neither shared with nor transferred to non-EU Countries.

• Data retention period (GDPR Art. 13, paragraph 2, lett. a)

Data shall be stored for as long as necessary in order to reply to the Data Subject.

• Provision (GDPR Art. 13, paragraph 2, lett. e)

Failure to provide the mandatory data will make it impossible to send the message.

Registration on Kepown entails the acquisition of personal data and of any other information (images, photos, and personal content included in the Kebooks, etc.) that the registered User spontaneously decides to upload on their profile.

• Purpose and legal basis of data processing (GDPR Art. 13, paragraph 1, lett. c)

Mandatory data requested include personal details (name and surname), pseudonym (“Alias”), and contact data (email) in order to complete the registration.

The legal basis for the processing is the execution of the contract to which the Data Subject is a Party (art. 6, lett. b, GDPR).

For any other (possible) data and/or information uploaded by the User to their Profile, the legal basis is consent provided by the Data Subject.

• Scope of communication (GDPR Art. 13, paragraph 1, lett. e, f)

Data are processed uniquely by persons specifically put in charge of, and authorized and trained in the data processing method.

Data uploaded by the User (excluding contact data) are shared with all Users and/or Visitors to the Platform.

Data could become the object of indexing by search engines and/or Third parties (for example, by Google).

• Data retention period (GDPR Art. 13, paragraph 2, lett. a)

Data shall be stored for a period identified according to a criterion of strict necessity and according to the different objectives pursued, always in compliance with the regulations in force in the matter of personal data protection and according to a principle of protection of the Data Controller (statute of limitations provided for are found in the Civil Code).

• Provision (GDPR Art. 13, paragraph 2, lett. e)

Failure to provide the mandatory data will make it impossible to register on the Platform.

This processing concerns the voluntary and non-mandatory choice of the Data Subject to submit the content uploaded on their Profile for evaluation, including any hashtags and Kebooks they have displayed, in order to improve their reading suggestions and recommendations of similar Profiles when the User is carrying out research.

• Purpose and legal basis of data processing (GDPR Art. 13, paragraph 1, lett. c)

Data are processed to analyze or predict aspects concerning the personal preferences of the Data Subject by means of the content uploaded on the Platform. The legal basis is the consent of the Data Subject

• Scope of communication (GDPR Art. 13, paragraph 1, lett. e, f)

Data are processed uniquely by persons specifically put in charge of, and authorized and trained in the data processing method, and with the help of automatic procedures. Data are neither shared with nor transferred to non-EU Countries

• Data retention period (GDPR Art. 13, paragraph 2, lett. a)

Data shall be stored until the Data Subject makes a request for a waiver.

• Provision (GDPR Art. 13, paragraph 2, lett. e)

Failure to provide the mandatory data will imply the impossibility of improving reading suggestions and of suggesting similar Kepowners profiles when carrying out research.

This processing concerns the voluntary and non-mandatory choice of the Data Subject to receive commercial and promotional messaging about the activities of the Data Controller at the email address provided during registration. This processing concerns the personal and contact data of the Data Subject (name, surname, address, and email address to which communications are sent).

• Purpose and legal basis of data processing (GDPR Art. 13, paragraph 1, lett. c)

Data are processed to send regular electronic communication concerning the activities of the Data Controller, commercial products, and relevant news to the Data Subject. The legal basis is the consent of the Data Subject.

• Scope of communication (GDPR Art. 13, paragraph 1, lett. e, f)

Data are processed uniquely by persons specifically put in charge of, and authorized and trained in the data processing method. Data are neither shared with nor transferred to non-EU Countries.

• Data Retention period (GDPR Art. 13, paragraph 2, lett. a)

Data shall be stored until the Data Subject makes a request for a waiver.

• Provision (GDPR Art. 13, paragraph 2, lett. e)

Failure to provide the mandatory data will imply the impossibility of receiving the above-mentioned messaging.

During the navigation on the Platform, a series of personal data is processed, including IP addresses, the dominion name of computers utilized by the Users, incoming and outgoing web pages, the URI/URL addresses of resources requested, the date and time of the visit, information concerning the operating system and browser of the Data Subject, and further technical data concerning User navigation.

• Purpose and legal basis of data processing (GDPR Art. 13, paragraph 1, lett. c)

Data are processed automatically and as an aggregate exclusively with the aim of managing the Platform and for statistical purposes. Data may, moreover, be used to ascertain culpability in the case of cybercrime against the Platform and/or other illegal activity. The legal basis is the legitimate interest of the Data Controller.

• Scope of communication (GDPR Art. 13, paragraph 1, lett. e, f)

Data are processed uniquely by persons specifically put in charge of, and authorized and trained in the data processing method and by the supplier of development and maintenance services for the website, identified as person in charge of processing. Data are neither shared with nor transferred to non-EU Countries.

• Data Retention period (GDPR Art. 13, paragraph 2, lett. a))

Except in the case of investigation following illegal acts, data are generally stored for no more than ninety (90) days.

• Provision (GDPR Art. 13, paragraph 2, lett. e)

Data are not provided by the Data Subject but acquired automatically by the technological systems of the Website.

Facebook and Apple platforms allow access to other websites using Facebook and Apple accounts. In this case, Facebook and Apple provide the Website with the User ID, without sharing the password.

Kepown pages integrate social plug-ins from Facebook, WhatsApp, X, Telegram. Interaction with plug-ins enables the creation of links with the content on the Platform. Such sharing occurs on the initiative of the User, who clicks on the specific buttons.

The Data Subject has a right to ask and obtain the following from the Data Controller, in specific cases:

• access to personal data and information (art. 15 of GDPR);
• correction or deletion of data and information (art. 16 e 17 of GDPR);
• a limitation in the processing of the personal data (art. 18 of GDPR.

Whenever the processing is based on the consent of the Data Subject, they have a right to withdraw this at any time, without prejudice to the lawfulness of the previous processing.

The Data Subject may exercise their rights by contacting the Data Controller at the abovementioned address.

The Data Subject who considers the processing of their data to have been carried out in violation of that provided for in the GDPR has a right to file a complaint at the competent supervisory authority.