Privacy Policy

Information on the Processing of Personal Data Art. 13 Reg. (UE) 2016/679

Pursuant to art. 13 of the European Regulation 2016/679 (“GDPR”), the following information is provided to the Users of the website (“Site”). This information refers exclusively to the processing carried out through said Website and not through other websites that may be visited through links herein, for which the Users are advised to peruse the relevant privacy policies as provided by the respective Controllers.


KANBANBOX S.R.L., with registered office in 36100 Vicenza, via Zamenhof 817, Tax Code and VAT number 04520390289 – tel. +39 (0)4441620653 – e-mail



    1. Name, surname, e-mail address, telephone number, and personal data that may be included in the message.
    2. Web surfing data (personal data whose transmission is implicit in the use of Internet communication protocols, for example, IP addresses or domain names of the computers used by users, the time of the request and other parameters relating to the user’s operating system and computer environment).
    3. Name, surname, e-mail address, telephone number, company affiliation (if any), time zone, username, and password.
    4. Name, surname, e-mail address, telephone number, curriculum vitae, and personal data are possibly included in the cover letter.
    5. Name, surname, e-mail address.

    1. Reply to the requests sent by the User through the interaction methods present on the Site, or to the e-mail addresses available on the Site, by way of example, technical requests and requests for quotations, and job applications.
    2. Allow the user to browse the Site.
    3. Allow the creation of a personal user account on the Site, including for the purpose of requesting a demo.
    4. Sending spontaneous applications through the communication methods on the Site.
    5. Direct marketing activities through the transmission of communications or material (e.g., through e-mail and newsletter) regarding products/services similar to those for which the user has requested information through the Site.

    1. 1., 2., 3. And 4. Lawful processing is necessary for the implementation of a contract of which the data subject is a party, or for the execution of pre-contractual measures adopted at the request of the same – art. 6.1. (b) of the Regulation.
    2. 5. Lawful processing as necessary for pursuing a lawful interest of the controller – art. 6.1. (f) of the Regulation. The lawful interest of the Controller is represented by the promotion of its activity through direct marketing – see Recital no. 47 of the Regulation.

The Site does not process sensitive data (i.e. data concerning religious beliefs, trade union membership, sexual preferences and the others indicated in Article 9 of the Regulation) and we ask all users not to include such data when sending a contact through the Site, or in other forms of interaction provided by the Site.


The provision of data for marketing purposes is optional and failure to provide such data and/or the request not to use it for direct marketing purposes will not affect the possibility of browsing the Site and/or sending messages, requests and applications through the Site. The provision of other data is necessary for browsing and/or sending messages, requests and applications through the Site. Failure to provide such data may make it impossible to navigate the Site and/or to respond to messages, requests or applications.


The data may be communicated to (i) third parties who operate, also in the name and on behalf of the Controller, for the performance of services connected to the purposes indicated in this notice, and in particular, the management and maintenance of the Site, promotional activities, the sharing of information on products and/or services of the Controller, etc.; (ii) other companies connected to the Controller; (iii) consultants of the Controller; (iv) authorities and public bodies to whom communication is mandatory.
In some cases, personal data may be processed by the Controller through third-party services that provide for their possible transfer outside the European Economic Area (EEA) (e.g. Microsoft 365). In these cases, the Controller undertakes to select reputable providers and verify their commitment to comply with the provisions of the Regulation in relation to transfers of personal data outside the EEA.


The data provided by the User are kept in the Controller’s archives and are retained for a period of 10 (ten) years from the date of the last interaction with the User, in light of the limitation period of any claims arising from the relationship between the Controller and the user, as provided for by law. The web-surfing data will be stored for the technical time necessary to perform the functions for which they were collected.


At any moment, the data subject may exercise towards the Controller, the rights provided for in articles 15 to 22 of the Regulation, i.e. the right to ask for:

  1. access to personal data, or to be informed by the Controller of their personal data retained by the Controller, the purposes for which these data are processed, their origin and other information required by art. 15 of the Regulation;
  2. the rectification of personal data in case of inaccuracy of the same;
  3. the cancellation of personal data (so-called ‘right to be forgotten’);
  4. the limitation of the processing of personal data, or the right to obtain the suspension of the processing of personal data for the period necessary to verify the request for revision of personal data, or in other cases provided for by art. 18 of the Regulation;
  5. the right to the portability of data, i.e. the right to receive personal data in a structured format, commonly used and machine-readable format- even by requesting the direct transfer to another controller (with respect to data whose processing is carried out by automated methods);
  6. the right to object to the processing data pursuant to art. 6, paragraph 1, letters e) or f) of the Regulation (the right to object).
  7. the right to lodge a complaint pursuant to Articles 77 et seq. of the Regulation to a supervisory authority, which for the Italian State is identified in the Italian Data Protection Authority (Garante per la Protezione dei dati personali). The methods of the complaint are indicated at this link:


This privacy policy may be subject to changes over time – including those related to the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. The changes to the
policy become applicable at the time they are published on the Site, it being understood that the Controller may not use the data collected in advance for processing for purposes other than those described herein, without informing the user.


Last updated: June 2023

Link to cookie policy: