Privacy Policy pursuant to Regulation (EU) 2016/679 (GDPR)
Last updated: 20 May 2026
This Privacy Policy describes how Kestevo SRL collects, uses, and protects the personal data of users who visit the website kestevo.com (hereinafter, the "Website").
1. Data Controller
The Data Controller for personal data processing is:
Kestevo SRL Email: privacy@kestevo.com Website: https://kestevo.com
For any enquiry regarding the processing of personal data, you may contact the Data Controller at the email address above.
2. Personal Data Collected
The Data Controller collects the following categories of personal data:
2.1 Data voluntarily provided by the user
Through the contact form on the Website (managed via HubSpot), the user may provide the following data:
- Full name
- Company name
- Email address
- Phone number (optional)
- Free-text message
2.2 Browsing data collected automatically
The Website uses analytics cookies (PostHog) to collect, subject to user consent, the following browsing data:
- IP address (anonymised)
- Browser type and operating system
- Pages visited and time spent on pages
- Referral source (referrer)
- Anonymous session identifier
2.3 Cookies
For detailed information about the cookies used by the Website, please refer to our Cookie Policy.
3. Purposes of Processing
Personal data is processed for the following purposes:
| Purpose | Legal basis |
|---|---|
| Responding to enquiries submitted through the contact form | Consent of the data subject (Art. 6(1)(a) GDPR) |
| Aggregated analysis of Website traffic and browsing patterns | Consent of the data subject (Art. 6(1)(a) GDPR) |
| Improvement of the Website and services offered | Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
4. Legal Basis for Processing
The processing of personal data is based on the following legal grounds under Art. 6(1) of the GDPR:
- Consent (Art. 6(1)(a)): for submitting data through the contact form and for enabling analytics cookies. The user may withdraw consent at any time without affecting the lawfulness of processing based on consent given before its withdrawal.
- Legitimate interest (Art. 6(1)(f)): for aggregated and anonymised analysis aimed at improving the Website and services. The Data Controller's legitimate interest is limited to improving the user experience and does not override the fundamental rights and freedoms of the data subject.
- Legal obligation (Art. 6(1)(c)): for compliance with applicable legal requirements.
5. Methods of Processing
Personal data is processed using electronic and automated means, with logic strictly related to the purposes indicated above, and with the adoption of adequate technical and organisational security measures designed to prevent loss, unlawful or improper use, and unauthorised access.
6. Retention Period
Personal data is retained for the time strictly necessary to fulfil the purposes for which it was collected:
| Data category | Retention period |
|---|---|
| Contact form data | 24 months from collection, unless a contractual relationship is established |
| Browsing and analytics data | 14 months from collection |
| Data required for legal obligations | For the period required by applicable law |
At the end of the retention period, data is deleted or irreversibly anonymised.
7. Disclosure and Transfer of Data
7.1 Data recipients
Personal data may be disclosed to:
- HubSpot, Inc. — for managing the contact form and commercial enquiries
- PostHog, Inc. — for web traffic analysis (only with prior user consent)
7.2 Transfer of data outside the EU
Personal data is hosted on servers located within the European Union. Should a transfer to third countries become necessary, such transfer shall take place exclusively in compliance with the safeguards provided by the GDPR, including:
- Adequacy decisions of the European Commission (Art. 45 GDPR)
- Standard contractual clauses approved by the European Commission (Art. 46(2)(c) GDPR)
- Other appropriate safeguards under Chapter V of the GDPR
8. Rights of the Data Subject
Under Articles 15-22 of the GDPR, the user has the right to:
- Access (Art. 15): obtain confirmation of the existence of personal data processing and access to such data
- Rectification (Art. 16): obtain rectification of inaccurate personal data or completion of incomplete data
- Erasure (Art. 17): obtain erasure of personal data (right to be forgotten), where the conditions provided by law are met
- Restriction of processing (Art. 18): obtain restriction of processing in the cases provided by law
- Data portability (Art. 20): receive personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller
- Objection (Art. 21): object to the processing of personal data based on the Data Controller's legitimate interest
- Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal
To exercise these rights, the user may send a written request to: privacy@kestevo.com
The user also has the right to lodge a complaint with the competent supervisory authority:
Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) Piazza Venezia, 11 — 00187 Rome, Italy Website: https://www.garanteprivacy.it
9. Data Security
The Data Controller adopts adequate technical and organisational measures to protect personal data from destruction, loss, alteration, unauthorised disclosure, or unauthorised access, including:
- Encryption of data in transit (HTTPS/TLS)
- Data access restricted to authorised personnel only
- Backup and recovery procedures
- Periodic review of security measures
10. Changes to this Privacy Policy
The Data Controller reserves the right to amend this Privacy Policy at any time. Changes will be published on this page with an updated "last updated" date. Users are advised to review this page periodically.
11. Contact
For any questions or requests concerning this Privacy Policy or the processing of personal data, you may contact:
Kestevo SRL Email: privacy@kestevo.com Website: https://kestevo.com