Privacy Policy

1. Data Controller

The Data Controller of personal data processing is:

To exercise your rights or for any request relating to data processing, you can contact us at: marketing@rmkble.studio.

2. Categories of data collected

2.1 Data voluntarily provided

Through contact forms, information requests, subscriptions and — where the platform provides it — user account creation or purchase activities, we collect:

• First and last name
• Email address
• Phone number (optional)
• Company name and role (for B2B requests)
• Postal address (where required for billing or shipping)
• Payment data (where transactions are handled; PCI-DSS compliant providers)
• Access credentials (where a user account is provided)
• Content of the message or request
• Any additional data the user chooses to share

2.2 Browsing data

The IT systems and software procedures used to operate our services acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols (IP addresses, browser type, operating system, pages visited, date and time of access, referrer).

2.3 Cookies and tracking technologies

We use technical cookies and, with consent, possible third-party cookies. Consent management is handled by Cookiebot. For web tracking we use Plausible Analytics, a privacy-friendly service that does not use cookies and does not collect identifying personal data. You can modify or revoke consent at any time via the cookie banner. For detailed information see the Cookie Policy.

3. Purposes and legal bases of processing

Personal data is processed exclusively for the purposes listed below. Each purpose applies only to projects that actually involve it.

• Response to contact requests — to process and respond to requests sent via forms. Legal basis: pre-contractual measures (art. 6.1.b GDPR).
• Service delivery and contract management — to provide services, manage accounts, orders and payments. Legal basis: contract (art. 6.1.b GDPR).
• CRM management and commercial follow-up — Legal basis: legitimate interest (art. 6.1.f GDPR).
• Direct marketing / Newsletter / Lead nurturing — with explicit consent. Legal basis: consent (art. 6.1.a GDPR), revocable at any time.
• Statistical analysis and service improvement — Legal basis: legitimate interest (art. 6.1.f GDPR).
• Legal, accounting and tax obligations — Legal basis: legal obligation (art. 6.1.c GDPR).
• Protection of the Controller's rights — Legal basis: legitimate interest (art. 6.1.f GDPR).

4. Processing methods and retention

Data is processed using electronic tools and stored in a way that guarantees security and confidentiality, through technical and organizational measures appropriate to the risk (encryption, access controls, backups).

Retention periods:

• Contact data and information requests: up to 24 months from collection.
• Contractual and account data: duration of the relationship and up to 10 years after termination.
• Marketing data: until consent is withdrawn or objection is exercised.
• Browsing data: not exceeding 13 months.

5. Data processors (Sub-Processors)

Personal data may be communicated, within the limits strictly necessary for the indicated purposes, to the following data processors:

• CloudPepper — hosting provider for the Odoo ERP system. European data centres.
• Plausible Analytics — privacy-friendly web analytics, cookieless.
• Cookiebot (Cybot A/S / Usercentrics) — cookie consent management.
• Mailgun (Sinch Email) — transactional/marketing email delivery (where used).
• Payment providers (e.g. Stripe, PayPal) — PCI-DSS compliant.
• Infrastructure hosting providers — IaaS/PaaS providers for technical delivery.

The providers above act as Data Processors and are bound by GDPR-compliant agreements (art. 28). Data is not transferred to third parties for third-party marketing purposes.

6. Transfer of data outside the EU

Where service providers may transfer data to non-EU countries, such transfers take place in compliance with the GDPR guarantees (artt. 44-49), in particular through standard contractual clauses or adequacy decisions.

7. Rights of the data subject

Pursuant to Articles 15-22 of the GDPR, you have the right to:

• Access (art. 15) — obtain confirmation and a copy of your data
• Rectification (art. 16) — correct inaccurate or incomplete data
• Erasure (art. 17) — request deletion of your data
• Restriction (art. 18) — limit processing in certain cases
• Portability (art. 20) — receive your data in a structured format
• Object (art. 21) — object to processing based on legitimate interest
• Not be subject to automated decisions (art. 22)
• Withdraw consent at any time

To exercise your rights, write to marketing@rmkble.studio.

You also have the right to lodge a complaint with the competent supervisory authority. In Italy: Garante per la Protezione dei Dati Personali.

8. Data security

We adopt technical and organizational measures appropriate to protect personal data from loss, unauthorized access, disclosure, alteration or destruction.

9. Processing of minors' data

The services are not intended for minors under 14 years of age. We do not knowingly collect personal data from minors of this age.

10. Changes to this notice

Jupither Advisory S.r.l. reserves the right to modify this notice at any time. Changes will be published on this page with an updated date.

11. Contacts