According to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter “GDPR”), KOTLER IMPACT INC. in the person of the legal representative (hereinafter "Data Controller") based in Canada, 1341 Beauty Bush Crt. Mississauga, L5V 1K4, VAT No. 82907 9003, in its capacity as "Data Controller", informs you that your personal data collected to conclude the contract and/or in the context of the execution and/or use of the requested service will be processed in compliance with the legislation mentioned above to guarantee the rights, fundamental freedoms, as well as the dignity of natural persons, with particular reference to confidentiality and personal identity. We inform you that, if the activities performed on your behalf should require the processing of third-party personal data of which you are the controller, you are responsible for ensuring that you have fulfilled the legal requirements regarding the Data Subjects to render its processing by us legitimate.
The processing of your personal data, directly provided by you, is carried out in a country of the European Union (Italy) by Kotler Impact Inc. in the person of its legal representative, based in Canada, 1341 Beauty Bush Crt. Mississauga, L5V 1K4, VAT no. 82907 9003, through the Data Processor Mr. Ahmad Kibria, to conclude the contract and/or in the context of the execution and/or stipulation of the same and / or in the use of the service requested by the User/Customer/Data Subject.
Furthermore, third-party personal data communicated to the Company by the Customer/User/Data Subject may also be processed. In this case, the Customer/User/Data Subject automatically becomes the data controller. It assumes the consequent legal obligations and responsibilities, thus holding the Company harmless against any complaints, claims or applications for damage compensation that the Company should receive from third-party Data Subjects.
In compliance with current legislation on the protection of personal data and without the need for specific consent from the data subject, the data will be stored, collected and processed by the Company through its appointed Data Processor under Article 28 GDPR and with the means and tools of the latter for the following purposes:
The legal basis for processing for purposes a) and b), above, are Articles 6.1 b) and 6.1 c) of the GDPR.
Provision of the Data for purposes a), b), c), d), e) is optional. However, failure or refusal to provide such Data would make it impossible for the Company’s representative to execute and/or conclude the contract and provide the services requested of it.
The legal basis for personal data processing for purposes c), d) and e) is Article 6.1 a) of the GDPR, since processing is based on consent; it should be noted that the Data Controller may obtain a single consent for the marketing purposes indicated above, under the General Provision of the Italian Data Protection Authority, "Guidelines on Promotional Activities and Combating Spam” of 4 July 2013. Provision of consent to use of the Data for marketing purposes is optional, and if the Data Subject wishes to oppose processing of the Data for marketing purposes using the methods indicated above, as well as revoking the consent provided, s/he may do so at any time with no consequences (aside from no longer receiving marketing communications) by following the instructions found in the “Rights of the Data Subject” section of this Policy.
The Data may be disclosed to third parties appointed as Data Processors under Article 28 of the GDPR and, in particular, to professionals with VAT numbers, banking institutions, to suppliers of services strictly necessary for the performance of the business, or to consultants of the company, where this proves necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations.
Your personal data, or personal data of third parties of which you are the controller, may also be communicated to external companies, identified on a case-to-case basis, to which Kotler Impact Inc. , through the external data processor, entrusts fulfilment of obligations arising from the assignment received, and to which only data necessary for the activities requested will be disclosed. All employees, consultants, temporary workers and/or any other "natural person" who carry out their business based on instructions received from Kotler Impact. Inc., through its Representative, under Article 29 of the GDPR, are appointed "people appointed to process data" (hereinafter also "Appointees"). Kotler Impact Inc. gives adequate operating instructions, with particular reference to the adoption and compliance with security measures to the Appointees or Data Processors to ensure the confidentiality and security of data. Concerning the personal data protection aspects, the Customer/User/Data Subject is invited, under Article 33 of the GDPR, to inform Kotler Impact Inc., through its Representative, any circumstances or events from which a potential "breach of personal data (data breach)" may arise by sending a communication to Kotler Impact Inc. at the addresses indicated below so that these circumstances or events can be immediately assessed, and actions aimed at counter them may be adopted to allow an immediate evaluation and the adoption of any measures aimed at countering this event.
Kotler Impact Inc is obliged to communicate data to Public Authorities upon specific request.
Your personal data may be transferred abroad where necessary for management of the assignment received. For processing of any information and data communicated, such parties shall be required to adopt equivalent levels of protection for personal data processing by their employees. In any event, only data necessary for the established purposes shall be communicated, and the regulatory tools provided for in Chapter V of the GDPR shall be applied.
Your Data shall be collected and recorded in a lawful and correct manner for the above-mentioned purposes, in accordance with the principles and requirements set out in Article 5, paragraph 1 of the GDPR.
Personal data processing shall be performed using manual, computerised and telematic tools with logics strictly correlated to the said purposes and, in any event, in such a way as to guarantee its security and confidentiality.
Personal Data will be processed by Kotler Impact Inc. for the entire duration of the assignment and also subsequently to assert or protect its rights or for administrative purposes and/or to fulfil obligations deriving from the applicable pro tempore regulatory and regulatory framework and in compliance with the specific legal obligations on the retention of data.
Under Article 4 of the GDPR, the Data Controller is Kotler Impact Inc., based in Canada
The external data processor is IndexWorld Private Limited - based in Lahore, Pakistan
The complete list of Data Processors can be requested at the addresses indicated above.