Shopping Cart

Your shopping cart contains 0 items

No products in your shopping cart.
  • Change language:

NEW COLLECTION ONLINE Verified Payments Free Shipping over [300€] Buy with Scalapay

Menu
Customer Service
Returns
Find a Kaos reseller
Search
My Wishlist
0 Shopping Cart

Privacy Policy

Last updated on: 02/02/2024

KAOS S.p.A. with registered premises located in Argelato (BO), in the outlying ward of  Funo, address: Centergross Block 25, via Degli Speziali n. 138, tax identification number 03667390375 and VAT number: 00648471209, represented by the pro tempore legal representative thereof, owner of the website www.kaosstore.com (hereinafter referred to as the “Site”) has provided you with this notice pursuant to articles 13 and 14 of EU Regulation 2016/679 on the protection of personal data (also referred to as the “General Data Protection Regulation” or “GDPR”) and Italian Legislative Decree 196/2003 (“Personal Data Protection Code”). You are advised that this notice does not apply to other external websites that may be accessed via links found on the Site.


1. Data controller

The data controller is KAOS S.p.A., with registered premise located in Argelato (BO), in the outlying ward of Funo, address: Centergross Block 25, via Degli Speziali n. 138, tax identification number 03667390375 and VAT number: 00648471209, email privacy@kaosspa.net, which has appointed its own Data Protection Officer (DPO), who can be contacted either at the registered premises or via email at the following address: dpo@kaosspa.net.

2. Purpose of the processing

User data is processed for the following purposes:

  • to allow proper,  functional browsing on the Site;
  • to allow registration with the Site and use of the services only accessible to registered users;
  • to make and process sales of the goods offered on the Site;
  • to assign credit originating from the sale of goods offered on the Site to Scalapay S.r.l., and –  in the event of use of the service provided by Scalapay – to related parties and their assignees;
  • to manage and process requests made via email, telephone, LiveChat (provided by Text, Inc., www.livechat.com/legal/privacy-policy and www.livechat.com/legal/gdpr-faq), or via the forms provided on various pages of the Site (“Contacts”, “Returns”, “ Franchising”, “Work with us”);
  • to allow users to download the catalogue of goods sold by the data controller;
  • to send information and updates concerning the availability of goods on sale on the Site;
  • to send registered users who have already made purchases emails containing promotional messages and deals for the purchase of goods on the Site (known as soft marketing);
  • to email promotional information on the services provided and goods sold by the data controller to users who have signed up for newsletters;
  • to provide advertisements for carefully targeted, personalised services and goods while users are browsing the Site (via profiling or advertising cookies);
  • to comply with all the requirements imposed on the data controller by legislation in force;
  • to conduct aggregate statistical analyses on browsing and users (via third-party analytical cookies);
  • to defend a right in court.

3. Lawful basis for processing.

Your personal data is processed lawfully because this processing is:

  • necessary in order to perform the agreement to which you are party, or to take pre-contractual action in response to your request, as provided for in article  6. 1. b) of the GDPR, for the purposes set out above in subsections a), b), c), d), e), f), g);
  • necessary in order for the data controller to pursue a legitimate interest consisting of engaging in business and improving the Site and related services, as provided for in article 6. 1. f) of the GDPR, for the purpose set out above in subsection h); 
  • based on the user’s express consent, as provided for in article 6. 1. a) of the GDPR, for the purposes set out above in subsections i), j), l);
  • necessary to meet a legal requirement applicable to the data controller,  as provided for in article  6. 1. c) of the GDPR, for the purpose set out above in subsection k);
  • necessary for the purposes of the legitimate interest pursued by the data controller consisting of defending a right in court,  as provided for in article 6. 1. f) of the GDPR, for the purpose set out above in subsection m).

4. Type and sources of personal data processed

KAOS S.p.A. does not process the personal data of people aged under 18. By accessing the Site, registering a user account, using the services offered, or purchasing goods, the user expressly declares that they are at least 18 years old.

4.1 Data deriving from the User’s navigation

As part of normal Site operation, this data is acquired and transmitted implicitly through Internet communication protocol use. This information is not collected in order to be associated with identified individuals; however, the nature of this information is such that it could – through processing of data held by third parties – allow users to be identified.

This kind of data includes IP addresses, domain names of computers used by users who connect to the Site, as well as the URI (Uniform Resource Identifier) addresses of any resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the server reply status and other parameters relating to the user’s operating system and IT environment. 

This data is used solely to obtain anonymous aggregate statistical information about site usage and to check that the site is working properly, and it resides on third-party servers (hosting providers). The data could also be used to ascertain liability  in the event of any harmful unlawful conduct carried out either on or through the Site. However, the data controller never carries out these data processing and association activities. These data is used solely for the purpose of checking proper Site operation and is deleted automatically after processing.

4.2 Cookies.

For information on cookie use on the Site, please see the Cookie Policy

4.3 Data supplied by the user

This data is provided by the user during voluntary interaction with the Site in order to use services offered on the Site, to purchase products sold on the Site, to make enquiries, to seek assistance, or for any other personal use.

More specifically, this data includes:

  • personal data required to sign up and create a personal user profile, such as: first name and surname, email address;
  • personal data required to make and process sales of goods offered on the Site, which may also involve transfer of credit to Scalapay S.r.l., and –  in the event of use of the service provided by Scalapay – to related parties and their assignees, such as: delivery and invoicing addresses, telephone number, date of birth, payment details (credit card, with the exception of payment via Scalapay, which is managed independently by the provider thereof);
  • data provided via LiveChat, including details of the technology used by the user, their location and, where necessary, their name, and email address;
  • data necessary to contact KAOS S.p.A. via the following forms provided on the Site:
    •  “Contact details” page: first name, surname, email address, telephone number, reason for the request;
    •  “Returns” page: first name, surname, email address used for the purchase, telephone number, order number, reason for the return, collection options, further information;
    •  “Franchising” page: company name, email address, telephone, location, state, region, city, message;
    •  “Work with us” page: first name, surname, email address, telephone, country, company department of interest, CV, message;
  • data required to sign up for the newsletter and receive promotional information concerning the services provided and goods sold by the data controller: name and email address;
  • personal data of third parties when provided voluntarily by the user, for example to  purchase an item and have it sent to a friend or to give a gift.

5. Processing methods.

Your personal data is processed employing methods which are strictly necessary to comply with the  purposes stated above, which may involve some or all of the activities stated in article 4.2) of EU Regulation 2016/679, namely: collection, recording, organisation, structuring, storage, accessing, processing, adaptation, alteration, selection, extraction, alignment, use, interconnection, restriction, disclosure, erasure, or destruction of data. These activities may be performed with or without the aid of electronic, online, or in any way automated tools, and in any case in compliance with the provisions of article 32 of EU Regulation 2016/679. Your personal data will not undergo any fully automated decision-making process, including profiling,  performed directly by KAOS S.p.A.

6 Provision of personal data.

While not compulsory, the provision of your personal data is a necessary requirement in order to ensure each of the following purposes is met:

  • to allow proper, functional browsing on the Site;
  • allow registration with the Site and use of the services only accessible to registered users;
  • to purchase goods offered on the Site;
  • to assign credit originating from the sale of goods offered on the Site to Scalapay S.r.l., and –  in the event of use of the respective service – to related parties and their assignees;
  • to handle enquiries and requests made by email, telephone, LiveChat and/or through the forms provided on the “Contacts”, “Returns”, “Franchising”, and “Work with us” pages;
  • to allow users to download the catalogue of goods sold by the data controller;
  • to receive information and updates concerning the availability of goods on sale on the Site;
  • to allow registered users who have already made purchases to receive emails containing promotional messages and deals for the purchase of goods on the Site;
  • to allow users who have signed up for newsletters to receive emails containing promotional information on the services provided and products sold by the data controller;
  • to provide advertisements for carefully targeted, personalised services and goods while users are browsing the Site;
  • to conduct aggregate statistical analyses on browsing and users;

therefore, failure to provide data will make it impossible to meet these purposes.

In any case, by providing the data controller with your personal data for any of the purposes listed above, the data controller may also process such data to fulfil legal obligations and to pursue its legitimate interest to defend its rights in court.

7 Personal data retention.

Your personal data will be processed and stored for as long as is necessary to fulfil the purposes set out above, and more specifically:

  • the data collected to enter into and perform purchase agreements for the goods on sale on the Site (which may also involve the transfer of credit to Scalapay S.r.l., and to related parties and their assignees) is retained until the agreement has been performed and the administrative and accounting formalities have been completed, while the invoicing data is kept for ten years as of the invoice date;
  • transaction data relating to the purchase of goods on the Site is retained until the payment has been certified and the relative administrative and accounting formalities have been completed  following expiry of the right of withdrawal and the terms applied for disputing the payment;
  • the data collected in order to register a user account is retained until the account is deleted;
  • the data collected for the use of any services offered on the Site, including downloading the catalogue of goods sold by the data controller and receiving information and updates on the availability of goods on sale on the Site, is retained until termination of use of the service;
  • the data collected to manage requests or enquiries made via email, telephone, LiveChat and/or forms provided on the Site is retained until the request has been processed or for longer in the event of processing for other purposes providing for more extended retention periods;
  • the data collected when a user signs up for the newsletter will be retained until they object to the processing thereof or decide to unsubscribe from the newsletter, and in any case for a maximum of 2 (two) years from subscription;
  • the data used to send registered users who have already made purchases emails containing promotional messages and deals for the purchase of goods on the Site (known as soft-marketing) will be kept until they object to the processing thereof or for as long as they are registered with the Site or, if longer, for no more than three (3) years as of the date of the last purchase made on the Site;
  • the data collected to allow proper, functional browsing on the Site, to provide advertising for carefully targeted, personalised services and goods during Site browsing, and to conduct aggregate statistical analyses on browsing, is retained for the period stated in the Cookie Policy;
  • the data collected to fulfil legal obligations is retained for the period required by applicable laws or regulations;
  • the data used to defend a right in court is retained for as long as is envisaged by the statute of limitations with regards to the right in question or – if legal proceedings have already been initiated – until the such proceedings reach an end.

8 Disclosure of personal data.

To meet the purposes listed above and to provide, improve, protect, and promote our services, your personal data may be disclosed to, or come into the possession of, the following parties:

  • parties authorised to process data, i.e. independent contractors and/or employees of the data controller;
  • data controllers and additional parties including data processors and parties authorised to process data, such as, for example but not only: accountants, consultants, service providers, providers of IT services or  support, and related technical personnel, independent contractors, and any parties assigned to provide occasional maintenance, all of whom are appropriately trained in confidentiality issues;
  • banking institutions and online payment infrastructures;
  • in the event of payment via Scalapay, personal data will be transferred to Scalapay S.r.l., and to related parties and their assignees;
  • couriers, carriers, and shipping agents;
  • judicial or administrative authorities, to fulfil legal obligations;
  • parties assigned to process data in compliance with specific legal obligations.

9 Transfer of personal data.

Personal data may be transferred to countries outside the European Union or the European Economic Area for the following services:

  • to email promotional messages and the newsletters provided by ActiveCampaign, LLC, based in Chicago (IL), United States, and servers located in the United States;
  • LiveChat, the service being provided by Text, Inc., based in Boston (MA), United States, and servers located in the United States;
  • Google Analytics 4, web analysis service provided by third party Google Ireland Ltd., based in Dublin, Ireland, and servers also located in the United States, at holding company Google LLC.

These transfers are however permitted, as envisaged in article 45 of the GDPR, pursuant to the European Commission adequacy decision concerning the EU-USA Data Privacy Framework, and likewise in compliance with the provisions of article  46 of the GDPR, pursuant to acceptance of specific standard contractual clauses approved by the European Commission.

10 Rights of the data subject.

Pursuant to articles 7, 15-18, and 20-21 of the GDPR, you have the right:

  • to withdraw, at any time, consent given for certain purposes, without this affecting the lawfulness of processing carried out on the basis of consent given before such withdrawal;
  • to obtain information about the purposes for which your personal data is processed, the processing period, and the parties to whom the data is disclosed (also known as the right of access);
  • to obtain the rectification or supplementation of inaccurate personal data concerning you (also known as right to rectification or correction);
  • to obtain the deletion of personal data concerning you in the event that (a) the data is no longer required for the purposes for which it was collected; (b) you have withdrawn your consent to the processing of data based on your consent; (c) you have objected to the processing of personal data concerning you which has been processed for our legitimate interest; or (d) your personal data is processed unlawfully. However, you are advised that the retention of personal data by the data controller is lawful when necessary to allow fulfilment of a legal obligation or to establish, exercise, or defend a right in court. This right to have your data deleted is also known as the right to erasure;
  • to ensure personal data concerning you is only stored, and therefore no other use is made of  it, in the event that: (a) you, as the data subject, have disputed the accuracy of the personal data, in which case the data will be restricted pending our verification of the accuracy of this personal data; (b) the processing is unlawful but you, as the data subject, still object to deletion of the personal data; (c) the personal data is necessary for the data subject to establish, exercise, or defend a right in court; (d) you, as the data subject, have objected to the processing and are awaiting the results of our activities to establish whether or not our legitimate reasons for the processing override those of the data subject (also known as the right to restriction), or e) it is in the public interest;
  • to have processing stopped in  the event that personal data is processed for our legitimate interest and the existence of this interest is disputed (also known as the right to object);
  • to receive – in a commonly used format readable by an interoperable automatic device – any personal data concerning you which is processed by automated means and to be informed as to whether or not such data is processed under contract or on the basis of consent (also known as the right to portability).

You can exercise your rights by contacting the data controller directly using the contact details stated above.

With specific reference to the processing purpose consisting of emailing promotional information about the services provided and goods sold by the data controller, the user may unsubscribe from the newsletter at any time by either sending a message to the data controller using the contact details stated above, or via a specific link provided in each newsletter email. After a user has unsubscribed, the data controller will delete their email address, unless there is another lawful basis to pursue other processing purposes, as stated in this notice.

Finally, if the data subject wishes to lodge a complaint regarding the methods used to process their data  or regarding the way in which a complaint filed is handled, they are entitled to submit a request directly to the data protection authority, which – in Italy – is known as the  Garante per la Protezione dei dati personali (www.gpdp.it).

12 Changes to the Privacy Policy.

KAOS S.p.A. reserves the right to amend, update, add or remove parts of this Privacy Policy at its discretion and at any time. 

Users, as data subjects, are required to periodically check for any changes published on the Site.

Fast Deliveries
within 48h

Free Shipping
more than 300€

Safe
Payments

Follow us on

Copyright © 2024 KAOS S.p.A.
Sede legale in Argelato (BO), fraz. Funo – Centergross Blocco 25, via Degli Speziali n. 138
C.F. 03667390375 e P. IVA: 00648471209 - N.REA BO - 307441

Design/Development & Digital Marketing by: