Under Article 13 of the Regulation (UE) of April 27th, 2016, n. 679/2016 “related to the protection of natural persons with regard to personal data processing, as well as the free circulation of such data, repealing Regulation 95/46/CE” (hereinafter, “Regulation” and/or “GDPR”), YKK Italia S.r.l. (hereinafter also “Company“, and/or “YKK“), based in Pero (MI), Via Pitagora 1, as Data Controller informs you that the personal data collected, even with reference to existing and/or future contractual relationship, are processed in compliance with the aforementioned legislation. With regard to the aforementioned processing, the Controller provides inter alia the following information.

Source of personal data and legal basis of processing

Personal data possessed by the Company are collected directly from the interested parties who accede to the website or want to register to it. In any event, the collected data will be processed according to the Privacy Regulation, and confidentiality principles, inherited to the activities to which the Company inspired itself. Your personal data processing is based on existing pre-contractual and contractual relationship among Parties.

Purpose of the processing

User personal data will be processed for the following purposes:

  1. purposes connected and / or instrumental to the provision of services offered by the Company, including the processing of user requests and the presentation of products, also through a catalogue, as well as for the execution of contractual and pre-contractual activities;
  2. purposes related to the fulfillment of specific legal obligations;

The provision of the necessary data by the data subject for pursuing the purposes set out in points a) e b) above, although it is not compulsory, is essential and indispensable for the management, total or partial, of client relationships, and the fulfillment of legal requirements. Therefore, an eventual denial to provide such data would determine the impossibility for the Company to execute the aforementioned activities.

Should the Company want to use the collected personal data for any other purpose incompatible with the purposes for which they were originally collected or authorized, the Company shall inform you in advance and you will be able to deny or revoke your consent.


Data processing procedures

Regarding the above-mentioned purposes, the data processing is performed through IT procedures, or electronic and paper-based media, designed to record, manage and transmit those data, exclusively in order to pursue the purposes for which they have been collected, and, nonetheless, to guarantee their safety and confidentiality. By performing the processing activities, the Company agrees to:

  1. guarantee the accuracy and the update of the data, and to promptly acquire eventual corrections and/or additions requested by the data subject;
  2. notify to the data subject any violation of personal data, in the times and in the cases provided for by the binding legislation;
  3. guarantee the compliance of processing operations with the applicable provisions of the law;

The Company, moreover, processes the collected data in full respect of the principles of correctness, lawfulness and transparency. In accordance with the Privacy Regulation, the Company configures, or agrees to configure IT systems and programs, reducing to the minimum the utilization of personal data, in order to avoid their processing if the objectives pursued can be achieved through, respectively, anonymous data or appropriate methods that allow the identification of the data subject only in case of need.

Exclusively to allow the user to log in the reserved area of the website, automatic collection methods and data storage are used. For further information, please refer to the relative cookie policy  on this website.


Categories of subjects to whom data can be communicated

For the pursuit of the aforementioned purposes, the Company may disclose your personal data to legal / professional firms or companies in the context of assistance and advice, as well as to judicial authorities, if legitimately requested by them.

Moreover, within YKK, personal data may only be disclosed to persons expressly designated by the Data Controller as Managers and persons in charge of the processing of personal data, who may carry out consultation, utilization, processing, comparison and any other appropriate operation, even automated, in compliance with the law protecting the confidentiality and the security of data, as well as the relevance of data with respect to the stated purposes. The updated list of data processors, who can be contacted in order to exercise your rights, may be consulted at the headquarters of the Data Controller.

Further information concerning the communication of data to the aforementioned parties, as well as how to obtain copies of said data, may be requested at the address

Policy regarding personal data storage

YKK storages in its systems the personal data collected in a way that allows the identification of the data subjects, for a period not exceeding the achievement of the purposes for which they are processed, or to comply with specific regulatory or contractual obligations.

Specifically, with reference to the purposes strictly connected to the execution of the contractual relationship, as well as the fulfillment of legal obligations, the Company shall handle the data acquired for the time necessary to fulfill the existing contractual relationship and for ten years following the date of termination of the same relationship.


The rights of data subject

We inform you that, pursuant to Articles 15-22 of the GDPR, the data subject may exercise specific rights by contacting the Data Controller, including:

  1. a) right of access: the right to obtain from the Data Controller a confirmation that personal data are being processed and in this case, to obtain access to personal data and to further information about the source, purpose, category of data processed, recipients of communication and / or data transfer, etc.
  2. b) right of rectification: right to obtain from the Controller the correction of incorrect personal data without unjustified delay, as well as the integration of incomplete personal data, also by providing an additional declaration.
  3. c) right of erasure: the right to obtain from the Controller the cancellation of personal data without unjustified delay, in case:

▪       personal data are no longer necessary with respect to the purposes of the processing;

▪       the consent, on which the processing is based, is revoked and there is no other legal basis for the processing;

▪       personal data have been unlawfully processed;

▪       personal data must be deleted to fulfill a legal obligation.

  1. d) right to object to the processing: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Controller.
  2. e) right to restrict the processing: the right to obtain from the Controller the limitation of the processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is illegal and / or the data subject opposed to the processing.
  3. f) right to data portability: the right to receive personal data in a structured, commonly used and automatically readable form, and to transmit such data to another Data Controller, only for cases where the processing is based on consent, and for data only processed through electronic tools.
  4. g) Right to complain to a supervisory authority: without prejudice to any other administrative or judicial appeal, the data subject who considers that the processing that concerns him/her violates the Privacy Regulation has the right to lodge a complaint with the supervisory authority of the Member State where he/she lives or works habitually, or the State in which the alleged violation has occurred.

In the event that the processing is based on consent, the data subject can revoke at any time the consent given, without prejudice to the lawfulness of the processing carried out before the revocation.

Should the data subject want any further information about the processing of his/her personal data, or exercise the rights mentioned before, he/she may send a registered letter to: YKK Italia S.r.l., Pero (MI), Via Pitagora 1. Further information may be requested to the following e-mail address: