Skip to main content

Information notice on the processing of personal data pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)

1. Data Controller

KiRa Technology S.r.l.
Via Giorgio Amendola, 30/b, 47039 Savignano sul Rubicone (FC), Italy
E-mail: privacy@kiratechnology.com

The Data Controller has not appointed a Data Protection Officer (DPO), based on the information currently available pursuant to Art. 37 of the Regulation.

2. Data collected and purposes of processing

The kiratechnology.com website does not use visitor tracking systems, profiling cookies or behavioural analysis tools. Personal data is collected exclusively in the cases described below.

2.1 Contact form

Data collected: name, e-mail address, message text.

Purpose: to respond to the information request submitted by the user; subject to optional consent, to send commercial communications and updates (newsletter).

Legal basis: Art. 6(1)(b) GDPR (execution of pre-contractual measures taken at the request of the data subject) for requests of a commercial nature. In residual cases of general contact, Art. 6(1)(f) GDPR (legitimate interest of the Data Controller in responding to communications received). For the newsletter: Art. 6(1)(a) GDPR (consent expressed via an optional, unticked checkbox).

Retention: data relating to the request is retained for a maximum of 24 months. Data of contacts who have consented to the newsletter is retained until consent is withdrawn.

Withdrawal of newsletter consent: write at any time to privacy@kiratechnology.com.

2.2 Technical documentation request form (brochure)

Data collected: name, e-mail address, user type, plant information (energy source, heat source, interest in biochar).

Purpose: to send the requested technical material and qualify the request to provide adequate commercial support; subject to a separate optional consent, to send commercial communications and updates (newsletter).

Legal basis: Art. 6(1)(b) GDPR (execution of pre-contractual measures taken at the request of the data subject) for sending the requested documentation. For the newsletter: Art. 6(1)(a) GDPR (consent expressed via an optional, unticked checkbox, separate and independent from the brochure request).

Retention: data is retained for a maximum of 24 months from collection, or until consent is withdrawn. Data of contacts who have consented to the newsletter is retained until consent is withdrawn.

Withdrawal of consent: the data subject may withdraw consent at any time by writing to privacy@kiratechnology.com. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

2.3 Server technical logs

Data collected: IP address, browser type, operating system, requested page, date and time of access.

Purpose: to ensure the security and proper operation of the site; to detect unauthorised access attempts or technical anomalies.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Data Controller in the security of its IT system). Processing is limited to technical data that, as a rule, are not used to directly identify the data subject; the Controller's interest in protecting the site is proportionate and prevailing over the minimal impact on the data subject.

Retention: logs are retained for a maximum of 30 days, unless required for security incident investigations.

3. Cookies

The site uses only technical cookies necessary for the operation of the service, in particular to remember the language selected by the user during navigation. These cookies may process technical data (e.g. IP address, browsing preferences) which, if combined with other information, may be considered personal data under the GDPR. Such cookies do not require consent pursuant to Art. 122 of Italian Legislative Decree no. 196/2003 (Privacy Code) and the relevant rulings of the Italian Data Protection Authority.

No profiling cookies, tracking cookies or third-party cookies for advertising purposes are used.

4. Technical third parties

To ensure the correct functioning of certain site features, components are loaded from third-party providers. These providers may receive the user's IP address as a normal part of the HTTP protocol:

  • jsDelivr (jsdelivr.net) and unpkg (unpkg.com): content delivery networks (CDN) used to load open-source software libraries. Policy: jsDelivr Privacy Policy, unpkg.
  • OpenStreetMap (openstreetmap.org): open-source mapping service used to display the partner map. Policy: OpenStreetMap Privacy Policy.

The IP address is considered personal data under the GDPR. The Data Controller does not voluntarily transmit any personal data beyond the technical IP address to these providers. These providers may process the IP address as independent data controllers; in relation to such processing, the Controller does not determine the purposes and means.

5. Voluntary nature of data provision

Providing personal data through the site's forms is voluntary. However, failure to provide the mandatory data (name and e-mail) makes it impossible to respond to the contact request or send the requested technical documentation. Providing additional data (telephone number, plant information) is always optional and does not affect the handling of the main request. The data collected is limited to what is strictly necessary for the stated purposes (principle of data minimisation, Art. 5(1)(c) GDPR).

6. Recipients of data

Personal data collected through the forms is not sold, transferred or disclosed to third parties for commercial or marketing purposes.

Access to data may be granted, to the extent strictly necessary, to:

  • Authorised internal staff of KiRa Technology S.r.l.;
  • Technical service providers acting as Data Processors pursuant to Art. 28 GDPR, including: hosting and web infrastructure providers, e-mail service managers, internal communication platforms.

The updated list of Data Processors is available on request by writing to privacy@kiratechnology.com.

7. Transfer of data outside the EU

Data collected through the forms is processed within the European Union. The CDN providers mentioned in section 4 (jsDelivr, unpkg) are based or have infrastructure in third countries (including the USA): transfers are made on the basis of Standard Contractual Clauses adopted pursuant to Art. 46 GDPR and, where necessary, supplementary security measures (technical and organisational) adopted by the providers to ensure an adequate level of protection. Please refer to their respective privacy policies for details.

8. Rights of the data subject

The data subject may exercise the following rights at any time, pursuant to Arts. 15-22 GDPR:

  • Access (Art. 15): obtain confirmation that personal data is being processed and receive a copy.
  • Rectification (Art. 16): correct inaccurate or incomplete data.
  • Erasure (Art. 17): obtain erasure of personal data ("right to be forgotten"), where the conditions set out in the provision are met.
  • Restriction (Art. 18): obtain restriction of processing in certain cases.
  • Portability (Art. 20): receive personal data in a structured, machine-readable format, where processing is based on consent or contract and carried out by automated means.
  • Objection (Art. 21): object to processing based on legitimate interest, unless the Controller demonstrates compelling legitimate grounds.
  • Withdrawal of consent (Art. 7(3)): withdraw consent at any time, without prejudice to the lawfulness of prior processing.
  • Complaint (Art. 77): lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the supervisory authority of the Member State where the data subject habitually resides.

Requests should be sent to: privacy@kiratechnology.com. Exercise of rights is free of charge and is not subject to any formal requirements. The Controller will respond within 30 days of receipt; in cases of particular complexity, this period may be extended by a further 60 days, with a reasoned notification to the data subject.

9. Automated decision-making and profiling

The Data Controller does not carry out decision-making processes based solely on automated processing, nor does it carry out user profiling activities pursuant to Art. 22 GDPR.

10. Updates

This notice may be updated following regulatory, technological or operational changes. The current version is always available on this page with the date of the last update.

Last updated: June 2026