Privacy Policy
How we handle your data.
Last updated: January 2025
This Privacy Policy explains how K65K ("we", "us", "our") collects, uses, and protects your personal data when you use our website k65k.com and related services.
We are committed to protecting your privacy and processing your data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
Data Controller
K65K
Email: info@k65k.com
For any questions regarding this policy or your personal data, please contact us at the email address above.
Data We Collect
Contact Form
When you submit our booking or contact form, we collect:
- Your name
- Your email address
- Your message content
Restricted Area Access
If you access our restricted areas (such as k65k.com/confidential for authorized project downloads), we collect:
- Your IP address
- Access timestamp
- Project code used
- Files downloaded
Security Logs
For security purposes, we automatically log:
- IP addresses of visitors to administrative pages
- Access attempts to restricted areas
Technical Data
Our server automatically collects standard log data including:
- IP address
- Browser type and version
- Pages visited and time spent
- Referring website
Purpose and Legal Basis
| Purpose | Legal Basis (GDPR) |
|---|---|
| Responding to your inquiries and booking requests | Your consent (Art. 6.1.a) |
| Providing access to restricted project materials | Performance of a contract (Art. 6.1.b) |
| Protecting our website and systems from unauthorized access | Legitimate interest (Art. 6.1.f) |
| Tracking downloads of confidential materials | Legitimate interest (Art. 6.1.f) |
| Improving our services | Legitimate interest (Art. 6.1.f) |
Data Retention
| Data Type | Retention Period |
|---|---|
| Contact form submissions | Until purpose is fulfilled or deletion requested |
| Project access logs | Duration of project relationship + 2 years |
| Security logs (IP addresses) | 12 months |
| Server logs | 90 days |
Data Sharing
We do not sell, trade, or rent your personal data to third parties.
Your data may be shared with:
- Hosting providers — for website operation (servers located in EU)
- Email service providers — for communication delivery
- Legal authorities — if required by law
All third-party processors are bound by data processing agreements compliant with GDPR requirements.
Cookies and Third-Party Content
Our Cookies
We use only essential technical cookies necessary for website functionality. These do not require consent under GDPR.
Embedded Content
Our website embeds videos from Vimeo. When you view pages with embedded videos, Vimeo may set cookies and collect data according to their own privacy policy.
We use the "Do Not Track" parameter (dnt=1) on Vimeo embeds to minimize tracking. However, we recommend reviewing Vimeo's Privacy Policy for complete information.
No Analytics or Advertising Trackers
We do not use Google Analytics, Facebook Pixel, or any other advertising or analytics tracking tools on this website.
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access — Request a copy of your personal data
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your data ("right to be forgotten")
- Right to restrict processing — Request limitation of how we use your data
- Right to data portability — Receive your data in a portable format
- Right to object — Object to processing based on legitimate interest
- Right to withdraw consent — Withdraw consent at any time (where applicable)
To exercise any of these rights, please contact us at info@k65k.com. We will respond within 30 days.
Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).
Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- HTTPS encryption for all data transmission
- Secure server infrastructure
- Access controls and authentication for restricted areas
- Regular security reviews
International Data Transfers
Your data is primarily processed within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure appropriate safeguards are in place in compliance with GDPR.
Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
Contact Us
For any questions about this Privacy Policy or to exercise your data protection rights: