Legal

Privacy policy

Dear Visitor, pursuant to Legislative Decree 196/2003 and Regulation (EU) 2016/679 (the «Regulation» or «GDPR»), this page describes how the personal data of users who browse the website available at https://www.kyronedu.it/ is processed, for the services offered by Kyron S.R.L. As a result of browsing this site, data relating to identified or identifiable persons may be processed. This information does not concern other sites, pages or online services reachable via hypertext links that may be published on the site.

Document updated on 08/06/2026 — Kyron S.R.L., VAT no. 18520271000, Via Cassia 515, 00189 Rome, Italy.

01

Identity of the Data Controller

The data controller is Kyron S.R.L., in the person of its legal representative pro tempore Livio Di Cesare, with registered office at Via Cassia 515, 00189 Rome (RM), Italy.

Controller contacts:

  • E-mail: info@kyronedu.it
  • PEC (certified email): kyron@arubapec.it
  • Website: https://www.kyronedu.it
  • VAT / Tax code: 18520271000

Kyron S.R.L. has not appointed a Data Protection Officer (DPO) because, pursuant to art. 37 GDPR, such an obligation does not apply given the nature and scale of the processing carried out. For any matter concerning the processing of personal data, the controller can be contacted at the addresses above.

02

Source and categories of data collected

2.1 Data provided by the User

The controller collects the personal data provided by users when using the site's services. The data collected may include, by way of example and not exhaustively:

  • identification data (first name, last name, company name);
  • contact data (email address, telephone number);
  • location data;
  • financial and creditworthiness information;
  • VAT number (for legal entities such as schools, institutions and suppliers).

When creating an account / registering on the site, the data collected may include identification data and contact data.

When subscribing to the newsletter service, the data collected may include first name, last name and email address.

When using the contact forms on the site, the data collected is that needed to respond to the request. The optional and voluntary sending of messages to the contact addresses entails the acquisition of the sender's data needed to reply.

Kyron S.R.L. also processes personal data of customers, schools and suppliers within the pre-contractual and contractual relationships established.

2.2 Browsing data

The computer systems that operate the site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category includes: IP addresses or domain names of the terminals used by users, URI/URL addresses of the requested resources, the time of the request, the method used, the size of the file obtained in response, the server status code and other parameters relating to the user's operating system and IT environment.

Such data is processed to obtain statistical information on the use of the services and to verify the correct functioning of the site. Browsing data is not kept for more than seven days and is deleted immediately after aggregation, except where investigation of offences by the judicial authority is required.

2.3 Cookies and other tracking systems

The kyronedu.it site uses exclusively technical cookies strictly necessary for the functioning of the site and the provision of the services requested by the user. No profiling cookies or third-party analytics cookies are installed.

Technical cookies do not require the user's consent pursuant to the Italian Data Protection Authority's measure of 8 May 2014 and the Cookie Guidelines of 10 June 2021.

03

Purpose of the processing

The controller uses the data collected for the following purposes:

  • to handle and fulfil requests for information, quotes and orders;
  • to manage pre-contractual and contractual relationships with customers, schools and suppliers;
  • to comply with accounting and tax obligations under applicable law;
  • to manage user registration and account on the site;
  • to send informational and promotional newsletters (subject to the data subject's consent);
  • to respond to communications, requests for information or assistance received through the site's contact channels;
  • to manage and control risks, and prevent possible fraud or contractual breaches;
  • to prevent and manage possible disputes and take legal action where necessary.
04

Legal basis of the processing

In relation to the purposes indicated above, the legal basis of the processing is as follows:

  • Performance of a contract or pre-contractual measures (art. 6(1)(b) GDPR): for managing relationships with customers, schools and suppliers, fulfilling orders, managing payments and related activities;
  • Legal obligation (art. 6(1)(c) GDPR): for tax, accounting and regulatory compliance;
  • Consent of the data subject (art. 6(1)(a) GDPR): for sending newsletters and promotional communications, for account creation and for any processing that explicitly requires it;
  • Legitimate interest of the controller (art. 6(1)(f) GDPR): for the prevention of fraud and insolvency and for protection in litigation.

The processing of any special categories of data contained in documents transmitted by the data subject is carried out where necessary to comply with specific legal obligations (art. 9(2)(b) GDPR).

05

Recipients of the data

The personal data processed by the controller is not disclosed to undetermined parties. It may be communicated to:

  • employees and collaborators of Kyron S.R.L., authorised to process the data within their respective duties and in accordance with the controller's instructions;
  • third-party service providers appointed as data processors pursuant to art. 28 GDPR, including hosting providers (with servers located in the European Union), email providers, cloud service providers and newsletter platforms. Such parties are provided only with the data strictly necessary to deliver the service; an up-to-date list of data processors is available on request by contacting the controller;
  • parties involved in the performance of contractual obligations (e.g. couriers, suppliers of goods and services) to the extent strictly necessary;
  • public authorities, judicial bodies or other parties entitled to access the data under laws or regulations.
06

Transfer of data

Users' personal data is processed and stored on servers located within the European Union. Any transfers to third countries or international organisations are made exclusively in compliance with Chapter V of the GDPR, in order to ensure an adequate level of protection.

07

Data retention

The controller retains personal data for the time strictly necessary to pursue the stated purposes. In particular:

  • Data relating to contractual relationships with customers, schools and suppliers: for the entire duration of the contractual relationship and thereafter for the period required by applicable civil and tax law (generally 10 years);
  • Data provided for newsletter and promotional purposes: for 24 months from collection, unless consent is withdrawn earlier;
  • Data collected for account creation: for the entire duration of the registration and in any case no longer than 12 months of inactivity;
  • Data collected through contact forms: for the time needed to respond to the request and in any case no longer than 12 months;
  • Browsing data: no longer than 7 days from collection;
  • In the event of litigation: for its entire duration, until the time limits for appeal have expired.

Should a user provide the controller with unsolicited or unnecessary personal data, Kyron S.R.L. will delete it as soon as possible.

08

Rights of the data subject

In relation to the data being processed, the data subject may exercise the following rights at any time:

  • Right of access to their personal data (art. 15 GDPR);
  • Right to rectification of inaccurate data or completion of incomplete data (art. 16 GDPR);
  • Right to erasure («right to be forgotten»), where the conditions under art. 17 GDPR apply;
  • Right to restriction of processing (art. 18 GDPR);
  • Right to data portability, in the cases provided for by art. 20 GDPR;
  • Right to object to the processing (art. 21 GDPR);
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (art. 7(3) GDPR).

Requests to exercise the rights above can be sent to the controller by email (info@kyronedu.it), PEC (kyron@arubapec.it) or registered post with return receipt (Kyron S.R.L., Via Cassia 515, 00189 Rome (RM), Italy).

A data subject who believes that the processing of their data infringes the GDPR has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), pursuant to art. 77 GDPR, or to bring the matter before the competent courts (art. 79 GDPR).

09

Refusal to provide data

Should the data subject fail to provide the data identified as necessary for the performance of the requested service, the controller will not be able to proceed with the processing connected to that service, nor with the obligations that depend on it.

Should the data subject not give consent for the activities that require it (e.g. newsletter), such processing will not take place for those purposes, without this affecting the provision of the other requested services. Withdrawal of consent does not affect the lawfulness of processing carried out previously.

10

Automated decision-making

The controller does not carry out processing consisting of automated decision-making, including profiling, within the meaning of art. 22 GDPR.

11

«Work with us» section

Kyron S.R.L. provides a section of the site dedicated to unsolicited applications and the submission of curricula vitae. Applicants' data (identification data, contact data and CV content) is processed exclusively to assess the application, in compliance with art. 88 GDPR and equal-opportunity employment rules, and retained for the time necessary for selection purposes.