Privacy policy

INFORMATION PURSUANT TO EUROPEAN REGULATION NO. 2016/679 (GENERAL DATA PROTECTION REGULATION – GDPR)

DATA CONTROLLER  

De-LAB S.r.l. Società Benefit, Via Sebenico 25, 20124 – Milan, VAT number 10351340962 (hereinafter: “Controller”).

1.PURPOSES OF DATA PROCESSING

1.1 To display web pages and use the services offered on the website https://www.kokono.life/ (hereinafter: the “Website”).
1.2 To comply with obligations established by regulations and applicable national and supranational laws.
1.3 If necessary, to ascertain, exercise, or defend the Controller’s rights in court.
1.4 The IT systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature, through processing and association with data held by the Controller or third parties, it could allow users of the site to be identified.

2.LEGAL BASES OF PROCESSING

2.1 Contractual purpose: execution of a contract to which you are a party.
2.2 Legal obligations: necessity to comply with legal obligations.
2.3 Rights of the Controller: legitimate interest.
2.4 Website operation: legitimate interest.

3.PERSONAL DATA RETENTION PERIOD

3.1 Contractual purposes, legal obligations: for the entire duration of the contract and, after termination, for 10 years.
3.2 Rights of the Controller: in the event of legal disputes, for the entire duration of the dispute until the expiration of appeal deadlines.
3.3 Website operation: for the duration of the browsing session on the website.
After the expiration of the above retention periods, your personal data will be destroyed, deleted, or anonymized, in compliance with technical deletion and backup procedures.

4.TYPES OF PERSONAL DATA PROCESSED

4.1 Personal data processed for contractual purposes – legal obligations – rights of the Controller – debt recovery: Personal identification data, contact details, administrative and accounting data.
4.2 Personal data processed for website operation: IP addresses or domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of requested resources, request times, methods used to submit requests to the server, file size obtained in response, numerical codes indicating the server’s response status (success, error, etc.), other parameters related to the user’s operating system and IT environment, information about user behavior on the Website, pages visited or searched, to select and display specific advertisements to the user, and browsing behavior data using, for example, cookies.

5.MANDATORY NATURE OF DATA PROVISION

Providing the personal data referred to in point 4.1 for the purposes outlined in point 1.1 is mandatory.
Refusal to provide this personal data makes it impossible to use the services/content offered on the Website.
Some personal data referred to in point 4.2 is strictly necessary for the operation of the Website, while others are used solely to obtain anonymous statistical information about the Website’s use and to ensure its proper functioning. These data are deleted immediately after processing. In processing personal data that may directly or indirectly identify you, we strive to adhere to a principle of strict necessity. For this reason, we have configured the Website to minimize the use of personal data and limit its processing to cases of necessity or upon request from authorities and law enforcement (e.g., for traffic data or your Website session or IP address) or to establish liability in the event of potential cybercrimes against the Website.

Data may be processed by external entities acting as controllers, such as supervisory and control authorities and bodies, and public or private entities entitled to request data, as well as individuals, companies, associations, or professional firms providing assistance and consultancy services.
Data may also be processed on behalf of the Controller by external entities designated as data processors under Article 28 of the GDPR, to whom appropriate operational instructions are given. These entities primarily fall into the following categories:

a. Companies providing website and IT system maintenance services;
b. Companies managing and maintaining the Controller’s database.

With your explicit consent, your data may be processed by third parties to whom the data is disclosed.
Personal data will not be disseminated but may be transmitted to Public Authorities that expressly request it for administrative or institutional purposes, as provided by national and European regulations.

7. AUTHORIZED DATA PROCESSORS

Your data may be processed by employees of the Controller’s corporate functions tasked with pursuing the purposes outlined above, who are expressly authorized to process and have received appropriate operational instructions.
The data referred to in point 4.4 collected during Website navigation may be processed by employees, collaborators of the Controller, or external parties acting as data processors, performing technical and organizational tasks on the Website on behalf of the Controller.

8. YOUR RIGHTS AS A DATA SUBJECT – COMPLAINTS TO THE SUPERVISORY AUTHORITY
Under certain conditions, you have the right to request from the Controller:
– Access to your personal data;
– A copy of the personal data you have provided (so-called portability);
– Correction of data in our possession;
– Deletion of any data for which we no longer have a legal basis for processing;
– Objection to processing where applicable under current law;
– Withdrawal of your consent, where processing is based on consent;
– Limitation of how we process your personal data within the limits provided by data protection laws.
If you wish to file a complaint under Article 77 GDPR with the competent supervisory authority based on your habitual residence, workplace, or the place of the alleged rights violation, for Italy, the competent authority is the Data Protection Authority, which can be contacted via the contact details on their website: http://www.garanteprivacy.it.
The exercise of these rights is subject to certain exceptions aimed at safeguarding public interests (e.g., crime prevention or identification) and our interests (e.g., maintaining professional secrecy). If you exercise any of the above rights, we will verify your entitlement to do so and provide feedback.

9. DATA SECURITY
Your personal data will be processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected and in compliance with the principles of necessity and proportionality, avoiding processing personal data where anonymous data or other methods suffice. Specific security measures have been implemented to prevent data loss, unlawful or improper use, and unauthorized access. However, please remember that ensuring the security of your data also depends on equipping your device with up-to-date antivirus software and ensuring your Internet provider guarantees secure data transmission through firewalls, anti-spam filters, and similar measures.

10. CONTROLLER’S CONTACT INFORMATION
To exercise the rights referred to in point 8, you can contact the Controller at the following addresses: De-LAB S.r.l. Società Benefit, Via Sebenico 25, 20124 – Milan, VAT number 10351340962, email: kokono@delab.it

11. COOKIE FEATURES USED BY THE WEBSITE