Skip links


Newsletter Information

Information on the processing of personal data for sending the newsletter

Aida S.r.l. provides you with the information referred to in Article 13 of the European Regulation No. 2016/679 (hereinafter “GDPR”) regarding the processing of your personal data relating to the sending of the newsletter.

1 Data controller

The Data Controller is Aida S.r.l. with registered office at Via Porlezza 16, Milan and e-mail address mariavittoria.lupi@aida-app.it (hereinafter, ‘Company’ or ‘Data Controller’).

2 Purpose, legal basis of processing and retention periods

Your email address will be used by the Company to send – to those who explicitly request it, by filling in the subscription form – its newsletter and in particular to send by email communications of an informative nature on the latest news from Kipy and/or notification of events relating to Kipy .

The processing is necessary to fulfil a request from the data subject. The legal basis for the processing is therefore the performance of a contract to which the data subject is a party.

The data will be stored until you unsubscribe from the newsletter service. After this time, they will be destroyed or anonymised, consistent with the cancellation and back-up procedures.

3 Provision of data

Pursuant to Art. 13, para. 2, letter e) of the GDPR, we inform you that the provision of your email address is necessary; therefore, any refusal to provide it does not allow the sending of the newsletter.

4 Categories of data recipients

Your personal data will be processed by employees and/or collaborators of the Company who have received appropriate operating instructions and who have been expressly authorised to process them by the Company.

The data may be processed by subjects designated by the Company as data processors who provide the Company with services instrumental to the sending of the newsletter, such as for example: the company in charge of the maintenance/management of the Company’s website and of the electronic and/or telematic tools used by the same and the company that manages the subscription and/or sending of the newsletter.

Your data may be communicated to autonomous data controllers such as authorities and supervisory and control bodies and, in general, public or private entities entitled to request/receive the data.

5 Rights of the data subject

The data subject may exercise, insofar as applicable, the rights recognised by Articles 15-22 of the GDPR and in particular may request access to the data concerning him/her and to the information referred to in Article 15 (purpose of processing, categories of personal data, etc.), their deletion in the cases provided for in Article 17, the rectification of inaccurate data, the integration of incomplete data, and the restriction of processing in the cases provided for in Article 18.

To exercise their rights, the data subject may contact the Data Controller by sending a written communication to privacy@kipy.it.

The person concerned has in any case the right to object to receiving the newsletter by clicking on the unsubscribe link at the bottom of each email.

At any time, the data subject may lodge a complaint with the Data Protection Authority (Art. 77 GDPR), as well as take legal action (Art. 79 GDPR).

Pursuant to Article 17 of the GDPR, the data controller is obliged to delete personal data without undue delay if one of the following reasons applies:

  • personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;
  • the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing pursuant to Article 21(2) personal data have been processed unlawfully;
  • personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
  • personal data were collected in connection with the provision of information society services as referred to in Article 8(1).

Pursuant to Article 18 of the GDPR, the data subject has the right to obtain from the data controller the restriction of processing when one of the following cases occurs:

  • the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such personal data;
  • the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead that their use be restricted;
  • although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the establishment, exercise or defence of a legal claim;
  • the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the data controller’s legitimate reasons prevail over those of the data subject.

Where processing is restricted pursuant to paragraph 1, such personal data shall, except for storage, only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.

A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the controller before that restriction is lifted.