Privacy Policy

kiricù, Milan. Email: hello@kiricu.com

For any questions regarding the processing of your personal data, you can write to the email address above.

A Data Protection Officer (DPO) has not been appointed, as the conditions set out in Article 37 of the GDPR are not met.

2.1 Data provided voluntarily through the contact form

We collect the data you provide by filling out the contact form on the website. In particular:

The provision of name, email address, company or activity name, video type, and indicative budget is necessary for us to reply to you: without these data, we will not be able to process your request. The other fields are optional and only serve to better frame the project.

We do not collect sensitive data (data related to health, political, religious, or sexual orientation).

2.2 Navigation data and technical logs

For reasons of security, abuse prevention, and the proper functioning of the site, our infrastructure provider (Cloudflare) automatically collects some technical data, including IP address, user agent, date and time of the request, and visited pages. These data are processed for security, anti-bot, anti-DDoS, and diagnostic purposes.

Legal basis: legitimate interest of the data controller to ensure the security and availability of the site (Art. 6, para. 1, let. f of the GDPR).

The data provided through the contact form are processed exclusively to respond to your request and evaluate a possible collaboration.

Legal basis: execution of pre-contractual measures adopted at the request of the data subject (Art. 6, para. 1, let. b of the GDPR).

Navigation data and technical logs are processed for IT security and site operation purposes, based on the legitimate interest of the data controller (Art. 6, para. 1, let. f of the GDPR).

We do not use your data for marketing, profiling, or newsletter purposes without your explicit consent.

For the proper functioning of the site, we rely on the following providers, who process your data on our behalf as data processors:

Formspree, Inc. Form management service provider. Headquarters: Austin, Texas, USA. Privacy Policy: formspree.io/legal/privacy-policy

Cloudflare, Inc. Hosting/CDN, DNS, security (anti-bot, anti-DDoS), and privacy-first analytics provider. Headquarters: San Francisco, California, USA. Privacy Policy: cloudflare.com/privacypolicy

Extra-EU Transfers

Both providers are located in the United States. Data transfer occurs based on the EU-US Data Privacy Framework (DPF) adequacy decision adopted by the European Commission on July 10, 2023, and, subordinately, based on the Standard Contractual Clauses (SCC) approved by the European Commission.

This site uses Cloudflare Web Analytics, a traffic analysis tool that does not use cookies and does not track individual users. No personal data is collected for analytical purposes.

The only cookie potentially set is the technical cookie __cf_bm by Cloudflare, used for Bot Management and security purposes, lasting 30 minutes. As a cookie strictly necessary for the functioning and security of the site, it does not require user consent under Art. 122 of the Privacy Code and the Guarantor's Guidelines on cookies.

We do not use Google Analytics, Meta Pixel, or other tracking tools based on profiling cookies. Therefore, a cookie banner is not required.

We keep the data collected through the contact form for the time strictly necessary to manage your request, and in any case no longer than 12 months from receipt of the form, unless a contractual relationship is established (in which case the legal terms for the retention of accounting and tax documents apply, generally 10 years).

Technical and security logs managed by Cloudflare are kept for the times indicated in the provider's privacy policy, generally no longer than necessary for security purposes.

You can request the deletion of your data at any time by writing to hello@kiricu.com.

We adopt appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 of the GDPR. In particular:

As a data subject, you have the right to:

To exercise these rights, write to: hello@kiricu.com

We will reply to your request within one month of receipt, optionally extendable by a further two months in case of particular complexity, giving you notice.

You also have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

The site is not intended for minors under 14, and we do not knowingly collect personal data from minors. If we become aware of having collected personal data from a minor without a valid legal basis, we will promptly delete it.

This Privacy Policy may be updated periodically. In case of substantial changes, we will update the date at the top of the document. We encourage you to review it periodically.

Kiricù is a video advertising studio based in Milan. This Privacy Policy is drafted pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.