Privacy Policy
Huulke S.r.l.(VAT no. 09309820968), with registered office in Via Paleocapa 1, 20121 Milan, as the data controller (hereinafter the "Controller") of the website https://www.huulke.com/ (hereinafter the "Website"), informs the visitors of the Website (hereinafter the "Data Subjects") pursuant to Article 13 of the European Regulation No. 2016/679, the General Data Protection Regulation (GDPR).
The Controller is aware of the importance of processing personal data and is therefore committed to clearly indicating what data is processed and how. By browsing the Website or requesting the services it offers, the Data Subject declares that they have read and accepted this privacy notice (hereinafter the "Policy"), thereby giving consent to the processing of their personal data by the Controller.
For any information, questions or requests regarding this Policy, the Controller provides the following email address: [email protected]
What are the Data Subject’s rights regarding personal data processing?
The Data Subject has the following rights:
- The right to be informed about the existence of data processing and, if so, access the processed personal data;
- The right to rectify personal data;
- The right to erase personal data (right to be forgotten);
- The right to restrict the processing of personal data;
- The right to data portability to receive or transfer personal data to another Controller in a structured, commonly used and machine-readable format;
- The right to object to the processing of personal data;
- The right to withdraw previously given consent;
- The right to lodge a complaint with the competent authorities for personal data processing violations.
How to exercise your rights?
The Data Subject may exercise their rights by writing to the email address indicated above.
The Controller does not intend to charge Data Subjects to exercise their rights. However, the Controller may request specific information to confirm the identity and proceed with the request.
Such requests are usually handled within 30 days from receipt. If this deadline cannot be met (e.g., due to a high number of requests or complexity), the Controller will inform the Data Subject and provide updates.
What personal data is processed?
The Controller processes personal data provided by the Data Subject or by third parties in order to respond to contact requests made through the Website (hereinafter the "Services").
Data provided directly by the Data Subject
| Category of personal data | Data types |
|---|---|
| Identification and contact data | First name, last name, residence/address, email address, phone number, website |
| Technical data | IP address |
Data collected from third parties
| Third-party data source | Data types |
|---|---|
| Analytics providers |
|
Aggregated data
The Controller may collect, use and share aggregated data, such as statistical or demographic data, for any purpose.
Aggregated data may be derived from personal data but is not considered personal under the GDPR as it does not directly or indirectly identify the Data Subject. However, if combined with personal data enabling identification, it will be treated as personal data.
Special categories of data
The Controller does not process any special categories of personal data (e.g., racial or ethnic origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, genetic, biometric or health data), nor any data relating to criminal convictions or offences.
Why is personal data processed?
The Controller processes personal data for the purposes listed in the following table. The GDPR requires a legal basis for each purpose of data processing.
The Controller may rely on the Data Subject’s consent as a legal basis. Consent may be withdrawn at any time, but processing carried out before withdrawal remains valid.
| Purpose | Description | Legal basis | Retention |
|---|---|---|---|
| Provision of Services | The Data Subject may request to be contacted through the Website to receive information, appointments, or service estimates | Contract performance | Until the requested Service is completed |
| Provide support to Data Subjects | To resolve technical issues during navigation, respond to support requests, improve services and the Website, and provide necessary assistance | Contract performance | Until the support request is fulfilled |
| Newsletter | The Controller may send non-commercial updates to inform the Data Subject about business developments, such as partnerships or event participation | Consent | Data will be stored for 24 months |
| Compliance with legal, regulatory and business protection obligations | The Controller may process personal data to comply with legal and regulatory requirements, court or administrative orders, or to protect their rights and interests (e.g., in legal proceedings or due diligence) | Legal obligations | Data will be retained as required by law, regulations or competent authorities |
What happens if personal data is not provided?
If the data is required to provide the Services or Support, the Controller will not be able to deliver them. The Controller may alternatively request additional data or delete the request altogether.
For other purposes, providing data is optional and refusal will not affect the aforementioned processing purposes.
Who can access and receive personal data?
Disclosure
Personal data may be disclosed to third parties, as listed below:
| Recipients | Purpose of disclosure |
|---|---|
| Service providers | Support for Website operation, hosting, maintenance, backup, and virtual infrastructure |
| External consultants | To comply with legal obligations or contractual obligations, such as accountants or legal advisors |
| Authorities and judicial bodies | To comply with applicable law, court orders, or to defend legal rights and interests |
Dissemination
Personal data will not be publicly disseminated.
Where is personal data stored?
Data is stored in paper archives at the Controller's office and electronically within the EU or, if necessary, outside the EU with appropriate safeguards such as adequacy decisions, Privacy Shield frameworks, or contractual clauses ensuring adequate protection.
How is personal data processed?
The Controller applies appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.
Data is processed using electronic systems, telecommunication means, and occasionally on paper by authorized personnel and external processors based on contractual agreements.
What is the data processing policy for minors?
The Services are not intended for minors under the age of 14. The Controller does not knowingly process data of individuals under 14 years old and requests that they refrain from using the Services.
Parents or guardians are encouraged to supervise minors and educate them not to submit personal data via the Website.
If the Controller becomes aware of data relating to individuals under 14, such data will be deleted.
What if there are links to other websites?
This Policy applies only to the Website. If there are links to other websites, Data Subjects should review their privacy policies before submitting any personal data.
The Controller is not responsible for the data provided to other websites.
Changes to this Policy
The Controller reserves the right to update this Policy at any time. Updates will be published on this page. Data Subjects are encouraged to check for updates and verify the version date.
By continuing to use the Website after changes are made, the Data Subject accepts the updated Policy and related data processing.
Last update: 12/01/2024
