when you interact with www.kokoagnes.com (the “Site”) operated by Koko Agnes;
when you use or request services from Koko Agnes;
when you contact us with general or specific questions or requests;
when we communicate with you as part of our service or marketing activities.
Who are we?
We are Koko Agnes Ltd (“we”, “our”, “us”)we operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact us.
We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.
We collect and process your personal data in accordance with all applicable data protection laws .If you live in the European Economic Area, Regulation (EU) 2016/679 (General Data Protection Regulation) is the European Regulation and in Italy, it is the Personal Data Protection Code (legislative decree No. 196/2003).
The Supervisory Authority
The Italian Data Protection Authority (Garante per la protezione dei dati personali) (GPDP) in Italy is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the GPDP (www.garanteprivacy.it). We would, however, appreciate the chance to deal with your concerns before you approach the GPDP so please contact us in the first instance.
What is personal data?
Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Automated decision-making and profiling
We do not use automation for decision-making and profiling.
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
What are the consequences if I refuse to provide Personal Data?
Except in relation to the surfing data, providing your personal data may be a requirement necessary to enter into or to perform a contract, including for the performance of certain services and functionalities offered by the Site, such as subscription to the Site, replying to and managing of request of information, questions, communication or feedback. In the above referenced circumstances, refusal to provide your personal data would make it impossible for us to perform the contract or to provide the requested services, products or information as above specified.
Providing your personal data for survey, marketing and other profiling purposes as below specified is optional; refusal to provide your personal data for these purposes will not have any impact on the entering into or performance of the contract. When requested, we will collect your prior consent before proceeding to processing your personal data for these purposes.
What data do we collect?
We may collect data or ask you to provide certain data when you use our website and services. The sources from which we collect Personal Data are:
Data collected directly from you or your device relating to an identified or identifiable natural person (“Data Subject”) and may include direct identifiers such as name, address, email address, phone number.
Data collected online or through indirect identifiers such as login account number, login password, payment details, or IP address.
Data collected that is linked, for example if you have used our service and later choose us again, we will link your data and treat that linked data as Personal Data and if we have already collected some of your data, we will only ask you for the remaining data that is necessary to carry out the service contracted for.
What are the purposes for processing?
Provision of the online offer, its contents and Site functions.
Provision of contractual services, service and customer care.
Answering contact enquiries and communication with users.
Marketing, advertising and market research.
What are the relevant legal bases for processing your data?
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.
How long will my personal data be processed?
Personal data are not kept for longer than the time necessary to achieve the specific data processing purposes described herein, unless shorter or longer retention periods apply under applicable Laws.
When do we disclose your Personal Data?
We disclose your Personal Data in response to your business enquiry or your request for information within our Company in order to provide the best service possible and within our legitimate interest.
We may disclose personal information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
How do we protect your Personal Data?
We are committed to protect the security and confidentiality of your personal data. We take – and require that any service provider and/or third party processor processing personal data on our behalf and on our instructions takes – appropriate technical and organizational measures to prevent loss and destruction, even accidental, of data, unauthorized access to data, unlawful or unfair use of data. Moreover, information systems and software programs are configured so that personal and identification data are used only when necessary to achieve the specific processing purpose from time to time sought.
We deploy a variety of advanced security technologies and procedures to help protecting personal data against the risks outlined above. For example, personal data provided by users are stored on secured servers placed in controlled locations. Moreover, for the transmission of some data through the Internet are deployed encryption techniques such as the Secure Socket Layer (SSL) protocol.
However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect your personal data, we cannot guarantee that loss, misuse, or alteration of data will never occur.
What are my rights in relation to the processing of my personal data?
Right of access - Subject to applicable law, you have the right to obtain confirmation from us as to whether or not personal data that concerns you is processed, and, if so, to request access to such personal data including, without limitation, the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipients. However, we do have to take into account the rights and freedoms of others, so this is not an absolute right. If you request more than one copy of the personal data undergoing processing, we may charge a reasonable fee based on administrative costs.
Right to rectification - You have the right to request from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you also have the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.
Right to erasure ('right to be forgotten') - You have the right to request from us the erasure of personal data concerning you in certain circumstances as defined under applicable law. When your request falls within one of those circumstances, we will erase your personal data without undue delay. If, for technical and organisational reasons, we were not able to erase your personal data, we will ensure that it is fully and irreversibly anonymized so that we will no longer be holding such personal data about you.
Right to restriction of processing - In certain circumstances as defined under applicable law, you have the right to request the restriction of processing of your personal data. In such case, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to data portability - In certain circumstances as defined under applicable law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that data to another controller or to have such personal data transmitted directly from us to another controller, where technically feasible.
Right to object - In certain circumstances as defined under applicable law, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. This notably applies in case of processing of your personal data based on our legitimate interests or for statistical purposes.
Right to object to direct marketing - Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such direct marketing (including profiling related to such direct marketing).
Right not to be subject to a decision based solely on automated processing - Subject to certain restrictions, you have the right not to be subject to a decision based solely on automated processed, including profiling, which produces legal effects on you similarly significantly affects you.
Our main operations are based in Italy and your personal information is generally processed, stored and used within Italy and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the EEA.
Where we need to transfer your data outside Italy or the EEA we will use one of the following safeguards:
The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
Transfers to a non-EEA country with privacy laws that give the same protection as Italy and the EEA.
Economic Analyses and Market Research
In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing and market research.
In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.
If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
Collection of access data and log files
On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the website previously visited), IP address and the requesting provider.
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.
Online presences in social media
We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Social Media Widgets
Queries and Complaints
Any comments or queries on this policy should be directed to us directly. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the GPDP.