Privacy Policy

Last updated: 3 December 2024

This Privacy Policy describes how Kalpa collects, uses and protects your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679).

Table of Contents

  1. 1. Data Controller
  2. 2. Data Collected
  3. 3. Purpose of Processing
  4. 4. Legal Basis
  5. 5. Cookies and Tracking Technologies
  6. 6. Third-Party Services
  7. 7. Data Retention
  8. 8. Data Subject Rights
  9. 9. Data Security
  10. 10. Children's Data
  11. 11. Changes to Privacy Policy
  12. 12. Contact

1. Data Controller

Kalpa S.r.l.
Registered office: Via Carducci 39, 20099 Sesto San Giovanni (MI) - Italy
VAT Number: 07690990960
Email: privacy@kalpa.it
PEC: kalpa.mail@pec.it
Phone: +39 02 87187579

For any request regarding the processing of your personal data, you may contact us at the email address indicated above.

2. Data Collected

Browsing Data

While browsing the website, we automatically collect certain technical information:

  • IP address (anonymised)
  • Browser type and version
  • Operating system
  • Pages visited and session duration
  • Referral sources (referrer)
  • Date and time of visits

Contact Data (If Provided)

If you choose to contact us via the form or email, we collect:

  • First and last name
  • Email address
  • Company / Role (optional)
  • Message / Request
  • Phone number (if provided)

Cookies and Preferences

We store your cookie preferences in the local browser storage (LocalStorage) to respect your choices. See the Cookies section for details.

3. Purpose of Processing

Your personal data is processed for the following purposes:

a) Website Operation

Ensuring the proper technical operation of the website and saving cookie preferences.

b) Analysis and Improvement

Analysing anonymous usage statistics to improve the user experience (only if you have consented to analytics cookies).

c) Request Management

Responding to your information or demo requests submitted via the contact form.

d) Legal Obligations

Complying with obligations required by laws, regulations and European legislation.

5. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. We use cookies to improve the browsing experience and analyse website performance.

Essential Cookies

Always active - Required for the website to function correctly.

  • kalpa_cookie_consent - Stores your cookie preferences (LocalStorage)
  • Duration: 12 months
  • Purpose: Respect your cookie choices

Analytics Cookies (Optional)

Require your consent - We use Google Analytics 4 to understand how users interact with the website.

  • Property ID: G-9X9WYZCMR8
  • _ga - Distinguishes users (2 years)
  • _ga_* - Maintains session state (2 years)
  • IP Anonymisation: Enabled
  • Consent Mode: Enabled (GDPR-compliant)
  • You can disable these cookies at any time via the preferences panel.

Cookie Management

You can change your cookie preferences at any time:

6. Third-Party Services

Google Analytics 4

We use Google Analytics 4 to analyse website usage statistics.

  • Provider: Google LLC (USA)
  • Measurement ID: G-9X9WYZCMR8
  • Data collected: Pages visited, session duration, device, approximate geographic location (anonymised)
  • IP Anonymisation: Enabled (anonymize_ip: true)
  • Consent Mode v2: Implemented (GDPR-compliant)
  • Privacy Policy: policies.google.com/privacy
  • Legal basis: Consent (Art. 6.1.a GDPR)

AWS Bedrock (Virtual Assistant Infrastructure)

The Kalpa virtual assistant uses AWS Bedrock with a Zero-Retention policy.

  • Provider: Amazon Web Services EMEA SARL (Luxembourg)
  • Data collected: No user data is retained by the LLM. Data uploaded by clients remains segregated and encrypted.
  • Privacy Policy: aws.amazon.com/privacy
  • Certifications: ISO 27001, SOC 2, GDPR-compliant

CDN and Libraries

We use Content Delivery Networks to improve website performance:

  • Tailwind CSS CDN: cdn.tailwindcss.com
  • Chart.js CDN: cdn.jsdelivr.net
  • Flag Icons CSS: cdn.jsdelivr.net
  • Google Fonts: fonts.googleapis.com

These services may collect basic technical information (IP, user agent) to deliver content. We do not transmit personally identifiable data to these services.

7. Data Retention

We retain your personal data only for the period strictly necessary for the purposes for which it was collected:

Data Type Retention Period
Cookie preferences (LocalStorage) 12 months or until revoked
Analytics data (Google Analytics) 26 months (GA4 setting)
Contact requests 24 months or until deletion is requested
Browsing data (server logs) 7 days (for technical security only)

After these periods, data is deleted or irreversibly anonymised.

8. Data Subject Rights (GDPR)

In accordance with Articles 15-22 of the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15)

Obtain confirmation that we are processing your personal data and receive a copy thereof.

Right to Rectification (Art. 16)

Request the correction of inaccurate personal data or the completion of incomplete data.

Right to Erasure (Art. 17)

Request the deletion of your personal data when it is no longer necessary.

Right to Restriction (Art. 18)

Request the restriction of processing in specific circumstances.

Right to Data Portability (Art. 20)

Receive your data in a structured format and transfer it to another controller.

Right to Object (Art. 21)

Object to the processing of your data on legitimate grounds.

How to Exercise Your Rights

To exercise one or more of the rights listed above, please send a request to:

Email: privacy@kalpa.it
Subject: "GDPR Rights Request - [Your Name]"

We will respond within 30 days of receiving your request. In the case of complex requests, this period may be extended by an additional 60 days, subject to prior notification.

Right to Lodge a Complaint

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):

Garante per la Protezione dei Dati Personali
Piazza Venezia, 11 - 00187 Roma
Tel: +39 06 696771
Email: garante@gpdp.it
Web: www.garanteprivacy.it

9. Data Security

Kalpa adopts appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, destruction or accidental disclosure:

🔐

Encryption

HTTPS/TLS connections for all communications

🛡️

Firewall and Protection

AWS infrastructure with enterprise-grade security

🔒

Restricted Access

Only authorised personnel can access personal data

📊

Audit and Monitoring

Access logs and continuous anomaly monitoring

RAG Zero-Retention Architecture: The Kalpa virtual assistant uses an architecture that does not train the public AI on client data. Uploaded manuals remain segregated in isolated and encrypted tenants.

10. Children's Data

This website is intended for B2B professionals and businesses. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected data from a minor without parental or guardian consent, we will promptly delete such data.

11. Changes to Privacy Policy

Kalpa reserves the right to modify this Privacy Policy at any time. Changes shall take effect from the date of publication on the website.

We encourage you to review this page periodically to stay informed about our privacy practices. The last update date is always indicated at the top of the page.

Last updated: 3 December 2024
Version: 1.0

12. Contact

Have Questions About Privacy?

For any questions regarding this Privacy Policy or the processing of your personal data, please do not hesitate to contact us:

Email

For privacy and GDPR requests:

privacy@kalpa.it

For general enquiries:

info@kalpa.it

Address

Kalpa S.r.l.
Via Carducci 39
20099 Sesto San Giovanni (MI)
Italy

VAT: 07690990960
Tel: +39 02 87187579
PEC: kalpa.mail@pec.it

Back to Home