Privacy Policy

Privacy Notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)


Dear User,
this Privacy Notice is provided not only to comply with the obligations set out by data protection laws—namely Regulation (EU) 2016/679 (“GDPR”), Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018 (the “Italian Data Protection Code”), and the relevant provisions issued by the Italian Data Protection Authority—but also because we consider the protection of personal data to be a core value of our activities.
Our aim is to provide you with clear and transparent information to help you safeguard your privacy and understand how your personal data are used when you browse the website concura.studio (the “Website”).
Personal data means any information relating to an identified or identifiable natural person (the “data subject” or “User”), such as identification data, browsing data, information relating to economic conditions, health status, lifestyle, and similar data.
To facilitate access to the information, this Privacy Notice is structured into sections corresponding to the different areas of the Website in which personal data may be processed, so that Users can easily identify how their data are handled while browsing each section.

Data Controller

The Data Controller—the entity that determines the purposes and means of processing personal data and to whom Users may address requests to exercise their rights under the GDPR—is:

Kubla srl
Registered office: Piazza della Repubblica 32, Milan, Italy
VAT number: 13626240967

The Data Controller may be contacted at: info@kubla.net

Sources and categories of data processed, nature of data provision, and processing methods

Personal data are primarily collected directly from Users when they browse the Website or use the services made available through it. This Privacy Notice applies exclusively to data processing activities carried out through the Website and does not concern other websites that Users may access via links.

Data are processed mainly by electronic means, using software and IT procedures designed to ensure appropriate technical and organizational security measures, including secure transmission protocols (e.g. HTTPS).

Browsing data
Types of data and nature of provision
The IT systems and software procedures used to operate the Website automatically collect certain personal data during their normal operation. The transmission of such data is inherent to the use of Internet communication protocols.
These data include, by way of example: IP addresses or domain names of the devices used by Users, URI addresses of requested resources, date and time of requests, request methods, size of the response file, server response status codes, and other parameters relating to the User’s operating system and IT environment (such as device type and name).
Although these data are not collected to be associated with identified individuals, they could, by their nature, allow Users to be identified through processing and association with data held by third parties.
The provision of such data is necessary for browsing the Website. If Users choose not to provide these data, they will not be able to access the Website or use its functionalities.

Purposes of processing

(i) To obtain anonymous statistical information on the use of the Website, to monitor its correct functioning, to improve service quality, and to optimize Website performance.
(ii) To ensure network and information security, in a manner that is strictly necessary and proportionate.

Legal basis
Article 6(1)(f) GDPR – Legitimate interest of the Data Controller in ensuring the security of the Website and preventing its misuse for unlawful activities or fraud (see Recital 47 GDPR).

Data retention period
Browsing data are retained for up to 6 months from the date of collection, unless the User exercises the right to object, as described in the section “Data subject rights”.

Cookie Policy

The Website uses different types of cookies. Detailed information on the cookies used and the related processing activities is available in the Cookie Policy, accessible via the dedicated link.
Recipients of personal data and data transfers outside the EEA
Access to personal data is limited to authorized persons who have been duly instructed in accordance with Article 29 GDPR and are subject to confidentiality obligations (e.g. staff responsible for handling requests submitted via the Website contact forms).
Personal data may also be accessed by external professionals and consultants acting as independent data controllers or as data processors pursuant to Article 28 GDPR.

By way of example, personal data may be processed by:
  • Service providers responsible for managing IT systems and communication networks (including email services);
  • Companies supporting Kubla srl in the administration and maintenance of the Website (e.g. hosting and internet service providers);
  • Competent authorities, where required by law or upon explicit request.
An updated list of recipients may be requested by contacting info@kubla.net , specifying the reason for the request.
Kubla srl guarantees that personal data will not be disclosed and will not be transferred outside the European Economic Area (EEA). Where a transfer to a third country becomes necessary, it will take place only in the presence of an adequacy decision by the European Commission or other appropriate safeguards provided for by applicable data protection laws (such as Standard Contractual Clauses), ensuring an equivalent level of data protection.

Minors

Users under the age of 18 must not provide personal data without the consent of a parent or legal guardian. We therefore encourage parents and guardians to inform minors about safe and responsible internet use and to supervise any initiatives involving the processing of minors’ personal data.

Data subject rights

The exercise of the rights listed below is free of charge and subject to no formal requirements, except in the case of manifestly unfounded or excessive requests, pursuant to Article 12(5) GDPR.
In relation to the processing described in this Privacy Notice, Users may exercise the following rights:

  • Right of access to personal data and related information (Article 15 GDPR);
  • Right to rectification of inaccurate personal data and completion of incomplete data;
  • Right to erasure, except where data must be retained by law or where overriding legitimate grounds exist;
  • Right to restriction of processing in the cases provided for by Article 18 GDPR;
  • Right to object to processing, subject to mandatory processing necessary for establishing or managing a relationship;
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

Users also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it ) or with the supervisory authority of the EU Member State in which they habitually reside or work, or where the alleged infringement occurred.

Requests may be submitted to the Data Controller by email at info@kubla.net

Changes to this Privacy Notice

This Privacy Notice was last updated on 24 October 2023. Any future changes will be published on this page. Users are encouraged to review this Privacy Notice regularly to stay informed of any updates. Where required, changes will be notified to Users by email.