Legal document

Privacy Policy

Information on the processing of personal data pursuant to Regulation (EU) 2016/679 (GDPR)

Last updated: 08/02/2026

1. Data Controller

Kubee S.r.l.

Registered office: Via Como 43/1, 30027 San Donà di Piave (VE), Italia

P.IVA / Tax ID: IT04134300271

Email: [email protected]

Phone: +39 0421 1898012

PEC: [email protected]

Email support: [email protected]

Kubee S.r.l. (hereinafter "Controller", "Kubee" or "We") is the Data Controller for personal data collected through the website kubee.it (hereinafter "Website" or "Application"), pursuant to Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 ("Privacy Code").

This privacy notice is provided pursuant to Articles 13 and 14 of the GDPR to all those who interact with the Website and the web services accessible electronically.

2. Types of Personal Data collected

a) Data voluntarily provided by the User

  • Identification data: name, surname, company name, job title
  • Contact data: business email address, phone number
  • Communication content: messages, technical issue descriptions, specific requests sent through Website forms
  • Reputation Scanner data: email address and business domain name entered for breach scanning

b) Data collected automatically

  • Navigation data: IP address, browser type and version, operating system, screen resolution, browser language, pages visited, referring URL, access date and time, session duration
  • Cookies and similar technologies: as described in our Cookie Policy

c) Data NOT collected

The Website does not intentionally collect special categories of data (sensitive data) referred to in Art. 9 of the GDPR, nor data relating to criminal convictions and offences referred to in Art. 10 of the GDPR. Users are requested not to provide such data through Website forms.

3. Purposes and legal bases for processing

Personal Data is collected for the following purposes, each with its own legal basis:

PurposeLegal basis (GDPR)Data processed
Responding to contact, quote and information requestsPerformance of pre-contractual measures at the data subject's request (Art. 6(1)(b))Name, surname, company, email, phone, message
Managing technical support requests (tickets)Pre-contractual measures / contract performance (Art. 6(1)(b))Name, company, email, phone, issue description, priority
Providing the Reputation Scanner service (email breach scan)Explicit consent of the data subject (Art. 6(1)(a))Business email, domain name
Sending commercial communications and newslettersExplicit consent of the data subject (Art. 6(1)(a))Email address
Anonymized statistical analysis and Website improvementLegitimate interest of the Controller (Art. 6(1)(f))Anonymized navigation data
Fulfillment of tax, accounting and regulatory obligationsLegal obligation (Art. 6(1)(c))Identification and billing data
Defense of a right in courtLegitimate interest of the Controller (Art. 6(1)(f))All relevant data

Providing Personal Data marked as mandatory in forms is necessary for request management. Failure to provide them makes it impossible for the Controller to deliver the requested service. Providing optional data is voluntary and their absence does not affect service delivery.

4. Methods of processing

Personal Data is processed using IT and/or electronic tools, with organizational and logical methods strictly related to the stated purposes. In addition to the Controller, authorized personnel (administrative, commercial, technical staff) or external parties (technical service providers, hosting providers) appointed, where necessary, as Data Processors pursuant to Art. 28 of the GDPR, may have access to the Data.

5. Data disclosure and dissemination

Personal Data may be disclosed to:

  • IT, hosting and cloud computing service providers (as Data Processors pursuant to Art. 28 GDPR)
  • Transactional email service providers
  • Web analytics tool providers (e.g. Google Analytics, in anonymized form)
  • Appointed consultants and professionals (accountants, lawyers, labor consultants)
  • Judicial or administrative authorities, in cases provided for by law

Personal Data is NOT subject to dissemination, i.e. it is not made accessible to indeterminate parties.

6. Data transfers outside the EU

Data is primarily processed within the European Economic Area (EEA). Should certain service providers (e.g. Google for statistical analysis) involve data transfers outside the EEA, the Controller ensures that such transfers comply with Chapter V of the GDPR (Articles 44-49), using:

  • European Commission adequacy decisions (Art. 45 GDPR)
  • Standard contractual clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR)
  • EU-US Data Privacy Framework, where applicable

7. Data retention period

Personal Data is retained for the time strictly necessary to achieve the purposes for which it was collected, in accordance with the minimization principle under Art. 5(1)(e) of the GDPR.

Data typeRetention period
Contact and quote requests24 months from request, unless a contractual relationship is established
Technical support ticketsDuration of contractual relationship + 24 months
Reputation Scanner data12 months from scan execution
Newsletter dataUntil consent withdrawal (deletion on request)
Accounting and tax data10 years (pursuant to Art. 2220 Italian Civil Code and tax regulations)
Navigation data and analytics cookies26 months (in anonymized form)
Security logs6 months

At the end of the indicated retention periods, data is deleted or irreversibly anonymized.

8. Cookies and tracking technologies

The Website uses technical cookies necessary for operation and, with User consent, analytics cookies to understand Website usage. For detailed information on the types of cookies used, purposes and preference management, please refer to the Cookie Policy.

9. Data subject rights

Under Articles 15-22 of the GDPR, the User has the right to:

Right of access (Art. 15)

Obtain confirmation of processing and access to personal data, as well as a copy thereof.

Right to rectification (Art. 16)

Obtain correction of inaccurate personal data or completion of incomplete data.

Right to erasure (Art. 17)

Obtain erasure of personal data in cases provided by the GDPR ("right to be forgotten").

Right to restriction (Art. 18)

Obtain restriction of processing when certain conditions are met.

Right to data portability (Art. 20)

Receive data in a structured, commonly used and machine-readable format and transmit it to another controller.

Right to object (Art. 21)

Object to processing based on legitimate interest or for direct marketing purposes.

Withdrawal of consent (Art. 7)

Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Right to lodge a complaint (Art. 77)

Lodge a complaint with the competent supervisory authority (Italian Data Protection Authority).

To exercise their rights, the User may send a written request to:

Email: [email protected]

PEC: [email protected]

Mail: Kubee S.r.l. — Via Como 43/1, 30027 San Donà di Piave (VE)

The Controller must respond within 30 days of receiving the request, extendable by a further 60 days in case of complexity or number of requests.

Supervisory Authority

The User has the right to lodge a complaint with the Italian Data Protection Authority:

Garante per la Protezione dei Dati Personali

Piazza Venezia 11 — 00187 Roma

Web: www.garanteprivacy.it

Email: [email protected] — PEC: [email protected]

10. Security measures

The Controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk, pursuant to Art. 32 of the GDPR, including:

  • Data encryption in transit (HTTPS/TLS) and at rest
  • Access control with strong authentication
  • Periodic backups and disaster recovery procedures
  • Continuous IT infrastructure monitoring
  • Training of personnel authorized to process data
  • Incident response and breach notification procedures (Articles 33-34 GDPR)

11. Processing related to specific services

a) Reputation Scanner (Email Breach Scan)

The "Reputation Scanner" service allows the User to check if email credentials associated with a business domain have been compromised in known data breaches. The User provides their email address and business domain name. Processing is based on explicit consent (Art. 6(1)(a) GDPR), expressed through a dedicated checkbox before submitting the request.

  • Data is processed by the KUBEE Security Intelligence platform hosted on European servers.
  • Analysis uses exclusively OSINT (Open Source Intelligence) sources and public data breach databases.
  • The report is sent exclusively to the indicated email and is not accessible to third parties.
  • The service can be used once per email address. Data is retained for 12 months.
  • The service is reserved for business domains. Free email providers are not accepted.

b) Contact and information request forms

Completing contact forms involves the acquisition of data voluntarily entered by the User. Processing is based on pre-contractual measures (Art. 6(1)(b) GDPR). Data is retained for 24 months.

c) Newsletter

Newsletter subscription is voluntary and based on the User's explicit consent (Art. 6(1)(a) GDPR). The User can withdraw consent at any time via the unsubscribe link in each communication or by writing to [email protected].

12. Changes to this notice

The Controller reserves the right to make changes to this notice at any time, informing Users on this page and, if possible, through available contact channels. Please check this page regularly. In case of substantial changes affecting ongoing processing, the Controller will, where necessary, obtain new consent.

Where changes concern consent-based processing, the Controller will collect the User's consent again, where necessary.

Kubee S.r.l.

P.IVA IT04134300271 — Via Como 43/1, 30027 San Donà di Piave (VE)

This notice is drawn up pursuant to Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 and subsequent amendments.