Privacy Policy


Why a Privacy Policy?

• This document describes how the website and the web pages linked to it (hereinafter, the “Site”) are managed with regard to the processing of personal data (hereinafter, “Personal Data”) of the user (hereinafter, the “Data Subject”).

• This information is provided pursuant to Article 13 of the EU Regulation 679/2016 (hereinafter, “Regulation” or “GDPR”) to all those who interact with the Site.

• The information is provided only for the Site and not for other links.

1. Data Controller

The Data Controller is Kim-Joar Myklebust, Milano (MI), Via Bernardo Quaranta, 45, postcode 20139 (hereinafter referred to as “Data Controller”).

Email address:

The Data Controller shall process Personal Data in compliance with the Regulation, with national laws and regulations on the protection of personal data, as well as with any provisions of the National Data Protection Authority and/or the European Committee for the Protection of Personal Data.

2. Personal Data processed

Navigation Data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected for the purpose of identifying the Data Subject, but by its very nature could lead to the indirect identification of users. This category of Personal Data includes, by way of example, the IP addresses or domain names of the computers used by the users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the computer environment of the person concerned.

Data provided by the Data Subject

These are the Personal Data that the interested party voluntarily provides to the Site during its use, such as personal data, email, etc. Failure by the Data Subject to provide Personal Data, if they are a necessary requirement for processing the Data Subject’s requests, will result in the Data Controller being unable to process such requests. The user who communicates to the Data Controller Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.


The Site uses cookies to access statistical information about activities on the Site and to improve the user experience. To find out more, please see the Site’s Cookie Policy.

3. Purposes and legal basis of processing

Site navigation

The processing of Personal Data is carried out in order to guarantee the correct functioning of the Site, also through the analysis of statistics on the use of the data subject. Processing is necessary for the performance of a contract to which the Data Subject is a party or for the performance of pre-contractual measures taken at the request of the same.

Managing and responding to requests from the Data Subject

Through the form “Get in contact with us”, the interested party can communicate his/her personal data in order to be contacted by the Controller. In relation to this purpose, the legal basis is the execution of a contract to which the Data Subject is a party or the execution of pre-contractual measures taken at his/her request.


The interested party has the possibility of registering with the Controller’s contacts database in order to receive information and updates on the service, as well as messages of a commercial and promotional kind. In relation to this purpose, the legal basis is the consent of the Data Subject.


The processing of Personal Data is carried out in order to analyze the behaviour of the Data Subject. The legal basis for this processing is the consent of the Data Subject.

Fulfilment of legal obligations

The processing of Personal Data may be necessary to comply with a legal obligation to which the Controller is subject.

Cybersecurity and protection of the interests and rights of the Data Controller

The processing of Personal Data is carried out in order to prevent and detect abuse of the Site or fraudulent activities carried out through it, and to allow the Data Controller to defend its rights. The legal basis for this processing is the legitimate interest of the Data Controller to defend its rights.

4. Methods of processing Personal Data

The processing of Personal Data may include any type of operation, including collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction. Personal Data will be processed mainly by automated means, by the Data Controller or by third parties appointed, where necessary, as external data processors.

5. Security measures

The processing is carried out according to methods and with instruments suitable to guarantee the security and confidentiality of Personal Data, the Data Controller having adopted appropriate technical and organizational measures that guarantee, and allow it to be demonstrated, that the processing is carried out in compliance with the reference legislation.

6. Where Personal Data are processed

Personal Data are processed mainly at the Data Controller’s premises and at the locations of the data processors. For further information, please contact the Data Controller at the addresses indicated.

7. Data retention period

In order to ensure compliance with the principles of necessity and proportionality of processing, the Data Controller processes Personal Data for the time strictly necessary to pursue the purposes indicated in this Privacy Policy. All Personal Data will be deleted at the end of the retention period. Upon expiry of this period, the rights of access, deletion, rectification and the right to portability of Personal Data may no longer be exercised.

8. Recipients of Personal Data

The Data Controller will share Personal Data with:

a) subjects with whom it is necessary to interact in order to provide the services offered by the Site, who typically act as autonomous data controllers or data processors for the Data Controller. An updated list of the data processors may be requested from the Data Controller at any time;

b) persons authorized by the Controller who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees of the Controller);

c) persons, entities or authorities to whom Personal Data must be disclosed by law or by order of the authorities.

9. Transfer of personal data outside the European Economic Area

Personal Data may be transferred outside the European Economic Area, i.e., outside the European Union and Iceland, Norway and Liechtenstein. The transfer is carried out by the Data Controller, subject to the conclusion of Standard Contractual Clauses in accordance with the models prepared by the European Commission with the suppliers of the servers and/or services, assessed on a case-by-case basis, or within the framework of specific agreements between the European Union and the destination State.

10. The rights of the interested party

The GDPR gives the Data Subject the right to:

a) obtain from the Data Controller confirmation of the existence or otherwise of Personal Data, even if not yet recorded, and their communication in intelligible form, as well as access to Personal Data (by obtaining a copy) and to the relevant information (including the purposes of processing, the categories and origin of Personal Data, the categories of recipients to whom they have been or may be communicated, the storage period, the rights that may be exercised);

b) obtain from the Controller the rectification of Personal Data and the integration of incomplete Personal Data;

c) obtain from the Controller the erasure of Personal Data without undue delay, inter alia, when the Personal Data are no longer necessary in relation to the purposes for which they were processed or when there is no longer any legal basis for their processing;

d) obtain from the Data Controller the transformation into an anonymous form or the blocking of the processing of Personal Data, where processed in breach of the law, including those whose storage is not necessary, in relation to the purposes for which the Personal Data were collected or subsequently processed;

e) obtain from the Controller the limitation of the processing of Personal Data, inter alia, when the Data Subject contests its accuracy or objects to its processing, for the period necessary for the respective verifications;

f) receive, in a structured, commonly used and machine-readable format, the Personal Data and transmit or, if technically feasible, obtain the direct transmission of the Personal Data to another data controller without hindrance, where the processing is carried out by automated means and is based on the data subject’s consent or is necessary for the performance of a contract to which the data subject is party;

g) withdraw consent to the processing of Personal Data for any of the purposes for which it was given. Withdrawal of consent will not affect the lawfulness of any processing based on consent given before such withdrawal.

Requests should be addressed to the e-mail address

The Data Controller shall, within the time limits established by the GDPR, provide a timely response to requests to exercise the rights of the Data Subject.


Pursuant to the applicable legislation, the Data Subject has in any case the right to lodge a complaint with the competent supervisory authority if Data Subject considers that the processing of Personal Data is contrary to the applicable legislation, or Data Subject may apply to the same authority to request information on the exercise of his/her rights under the applicable legislation.

11. Social Buttons Data

Controller uses Social Buttons on the Site, i.e., direct links to social network platforms configured in each button. The operators of the social networks to which the buttons refer are independent data controllers. You can find more information about the privacy policies of the corresponding social platforms on their websites.

12. Changes to the Privacy Policy

Data Protection legislation and its enforcement is constantly developing. Our policies and procedures are, therefore, subject to continuous revision. The date on which the latest version of the Privacy Policy was amended can be found at the end of this document. If the changes affect processing whose legal basis is consent, the Data Controller will collect the Data Subject’s consent again, where necessary.


Last update: 10/01/2021