Privacy Policy

Privacy Policy

Privacy Policy
pursuant to the art. 13 EU Regulation 2016/679

To whom it may concern,

With this document (the “Privacy Policy“), we intend to renew our commitment to ensure that the processing of personal data collected through the website (the “Website“), with the use of both automated and manual methods, takes place in full compliance with the protections and rights recognized by Regulation (EU) 2016/679 (“GDPR” or the “Regulation“) and by the other applicable rules on the protection of personal data.
The personal data term refers to the definition in art. 4 paragraph 1 of the Regulation, ie “any information concerning an identified or identifiable physical person; the physical person, who can be identified, directly or indirectly, is considered identifiable with particular identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social” (the “Personal Data“).
This Privacy Policy – drafted on the basis of the principle of transparency and inclusive of all the elements required by art. 13 of the Regulation – aims to provide you in a simple and intuitive way with all the useful and necessary information so that you can provide your Personal Data in a conscious and informed way and, at any time, apply your rights under the GDPR.

The company, that will process your Personal Data for the purposes indicated in this document, will become the holder of the treatment, ie “the natural or legal person, public authority, service or other entity which, individually or together with others, determines the purposes and means of the processing of personal data“is Keesy Srl, with registered office in Viale S. Lavagnini 20, 50129 – Florence (FI) (the “Controller “).

During the implementation of the activities, the Controller will process your Personal Data for the following purposes:

Browsing data
The computer systems and software procedures used to operate the Website acquire during their normal operation some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: the IP addresses, the type of browser used, the operating system, the domain name and the addresses of the websites from which log in or log out was carried out, information on the pages visited by users within the Website, the log in time, the stay on the single page, the analysis of the internal procedure and other parameters relating to the operating system and the user’s IT environment.
These technical or IT data are collected and used exclusively in an aggregate and non-identifying method and could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website.

The processing will be legally based on the legitimate interest of the Controller for the best functioning of its systems, the optimization and improvement of the browsing experience, to avoid fraudulent activities and to improve the security of the Website (Article 6, paragraph 1, letter f) of the Regulation).
For more information on Cookies and their use on the Website, you can view a specific policy available at the following link.

Data provided deliberately by the visitor
This is all the Personal Data provided voluntarily by the visitor on the Website such as, to register and / or access a reserved area, download free resources, request information on a specific product or service through form, subscribe to the newsletter service, write to an e-mail address or call a telephone number displayed on the Website to have direct contact with the company (for the purpose of, for example, request assistance or more information on a product / service of the Owner). This treatment will be lawful under art. 6, paragraph 1, letter b) of the Regulations (execution of a contract or pre-contractual measures adopted at the request of the interested party) as well as for the fulfillment of any legal obligations, pursuant to art. 6, paragraph 1, lett. c) of the GDPR.
To allow the Controller to carry out the processing activities for these purposes, it will be necessary to provide the Personal Data requested in the appropriate forms. If you fail to fill in even one of the fields marked as mandatory, it may not be possible to process your Personal Data and, consequently, it is not possible to provide you with the information and services requested.
No Personal data relating to your health and, in general, “special” categories of personal data pursuant to art. 9 of the Regulations.

Direct Marketing
In addition to those mentioned above, your Personal Data may be processed by the Controller for the purposes of cd. direct marketing, or rather the carrying out of promotional activities (with both automated and traditional methods) of the products and / or services of your sold interest and / or provided by the Owner. With regard to the purpose of this direct marketing, it should be noted that, by virtue of art. 6 paragraph 1 letter. f) of the Regulations and art. 130 paragraph 4 of the Privacy Code (so-called soft spam exception), the Controller may carry out this activity based on its legitimate interest, regardless of your explicit consent, as better explained in Recital 47 of the Regulation in which it is “considered legitimate interest of the owner to process personal data for direct marketing purposes “. This will be possible after the assessments made by the Controller regarding the possible prevalence of your interests, fundamental rights and freedoms that require the protection of Personal Data on your legitimate interest in sending direct marketing communications. Moreover, you can lawfully at any time (even partially) revoke receiving promotional communications, without this, in any way, prejudicing the treatment for other purposes.

Your Personal Data may be managed, on behalf of the Controller, exclusively by personnel expressly authorized to process (pursuant to art.29 GDPR) and by third parties expressly appointed as data processors (pursuant to art.28 GDPR) , in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Policy.
Where required by law or to prevent or suppress the commission of a crime, your Personal Data may also be disclosed to public entities or the judicial authorities.

In compliance with the principle of limitation of the retention period (Article 5, paragraph 1, letter e) GDPR), your Personal Data will be processed by the Controller limited to what is necessary for the pursuit of the purposes referred to in this Policy. In particular, the Personal Data necessary for the execution of the contract will be kept for a period not exceeding thirty-six months from their collection.
Furthermore, in application of the principle of proportionality, your Personal Data, if used only for direct marketing purposes, will be kept for a period not exceeding twenty-four months from their collection.

From the Website it may be possible to connect through specific links to other third party websites.
In this regard, the Controller cannot be held responsible for any management of Personal Data by third party websites and for the management of authentication credentials provided by third parties.


You can exercise your rights at any time under Articles. 15 and ss. of the Regulations towards the Owner. In particular, you have the right to obtain:

  • the confirmation as to whether or not your Personal Data is being processed and to obtain access to the data and the following information: purpose of the processing, categories of personal data, recipients and / or categories of recipients to whom the data were and / or will be communicated as well as the retention period;
  • the rectification of your inaccurate Personal Data and / or the integration of incomplete Personal Data, including by providing a supplementary declaration;
  • the cancellation of your Personal Data and the limitation to processing in the cases provided for by the GDPR and by the current privacy legislation;
  • where applicable, the portability of your Personal Data and, in particular, the possibility of requesting the direct transmission of your Personal Data to another data controller;
  • the opposition to the treatment at any time, for reasons related to your particular situation, to the processing of your Personal Data in full compliance with the current privacy legislation.

To exercise your rights, you can contact the Controller at the following e-mail box, attaching a copy of your identity document:

In any case, if you believe that the processing of Personal Data is contrary to the Privacy Law, you will always have the right to lodge a complaint with the Authority for the Protection of Personal Data pursuant to art. 77 of the GDPR.

Your Personal Data will be processed exclusively within the territory of the European Union.