Privacy Policy

Privacy Policy

According to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter “GDPR”), KOTLER IMPACT INC. in the person of the legal representative (hereinafter “Data Controller”) based in Canada, 1341 Beauty Bush Crt. Mississauga, L5V 1K4, VAT No. 82907 9003, in its capacity as “Data Controller”, informs you that your personal data collected to conclude the contract and/or in the context of the execution and/or use of the requested service will be processed in compliance with the legislation mentioned above to guarantee the rights, fundamental freedoms, as well as the dignity of natural persons, with particular reference to confidentiality and personal identity. We inform you that, if the activities performed on your behalf should require the processing of third-party personal data of which you are the controller, you are responsible for ensuring that you have fulfilled the legal requirements regarding the Data Subjects to render its processing by us legitimate.

Origin, purpose, legal basis and nature of the data processed

The processing of your personal data, directly provided by you, is carried out in a country of the European Union (Italy) by Kotler Impact Inc. in the person of its legal representative, based in Canada, 1341 Beauty Bush Crt. Mississauga, L5V 1K4, VAT no. 82907 9003, through the Data Processor Mr. Ahmad Kibria, to conclude the contract and/or in the context of the execution and/or stipulation of the same and / or in the use of the service requested by the User/Customer/Data Subject.Furthermore, third-party personal data communicated to the Company by the Customer/User/Data Subject may also be processed. In this case, the Customer/User/Data Subject automatically becomes the data controller. It assumes the consequent legal obligations and responsibilities, thus holding the Company harmless against any complaints, claims or applications for damage compensation that the Company should receive from third-party Data Subjects.In compliance with current legislation on the protection of personal data and without the need for specific consent from the data subject, the data will be stored, collected and processed by the Company through its appointed Data Processor under Article 28 GDPR and with the means and tools of the latter for the following purposes:
  1. fulfilment of contractual obligations, execution and/or conclusion of the contract with the data subject and/or management of any pre-contractual measures;
  2. compliance with any legal requirements, tax regulations arising from performance of company business, and obligations related to administrative and accounting activities;
  3. sending, directly or through third-party suppliers based in the European Union, to which the data subject gives specific and free consent, of marketing and communication services, newsletters and communications for direct marketing purposes via email, SMS, telephone with operator concerning products supplied by third-party companies based in one of the countries of the European Union;
  4. communication and/or transfer of Data to third-party companies operating in the marketing sector or event organizers, based in the European Union or based abroad (provided that the requirements of the GDPR regarding data transfer are met); the Data Subject/User/Customer declares to give specific and free consent to any such transfers and also gives consent to the sending of newsletters and communications for marketing purposes by the companies mentioned above through email, SMS, telephone with operator;
  5. communication and/or transfer of data to the Web Seeders based in Mississauga, Canada
The legal basis for processing for purposes a) and b), above, are Articles 6.1 b) and 6.1 c) of the GDPR.Provision of the Data for purposes a), b), c), d), e) is optional. However, failure or refusal to provide such Data would make it impossible for the Company’s representative to execute and/or conclude the contract and provide the services requested of it.The legal basis for personal data processing for purposes c), d) and e) is Article 6.1 a) of the GDPR, since processing is based on consent; it should be noted that the Data Controller may obtain a single consent for the marketing purposes indicated above, under the General Provision of the Italian Data Protection Authority, “Guidelines on Promotional Activities and Combating Spam” of 4 July 2013. Provision of consent to use of the Data for marketing purposes is optional, and if the Data Subject wishes to oppose processing of the Data for marketing purposes using the methods indicated above, as well as revoking the consent provided, s/he may do so at any time with no consequences (aside from no longer receiving marketing communications) by following the instructions found in the “Rights of the Data Subject” section of this Policy.


The Data may be disclosed to third parties appointed as Data Processors under Article 28 of the GDPR and, in particular, to professionals with VAT numbers, banking institutions, to suppliers of services strictly necessary for the performance of the business, or to consultants of the company, where this proves necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations.Your personal data, or personal data of third parties of which you are the controller, may also be communicated to external companies, identified on a case-to-case basis, to which Kotler Impact Inc. , through the external data processor, entrusts fulfilment of obligations arising from the assignment received, and to which only data necessary for the activities requested will be disclosed. All employees, consultants, temporary workers and/or any other “natural person” who carry out their business based on instructions received from Kotler Impact. Inc., through its Representative, under Article 29 of the GDPR, are appointed “people appointed to process data” (hereinafter also “Appointees”). Kotler Impact Inc. gives adequate operating instructions, with particular reference to the adoption and compliance with security measures to the Appointees or Data Processors to ensure the confidentiality and security of data. Concerning the personal data protection aspects, the Customer/User/Data Subject is invited, under Article 33 of the GDPR, to inform Kotler Impact Inc., through its Representative, any circumstances or events from which a potential “breach of personal data (data breach)” may arise by sending a communication to Kotler Impact Inc. at the addresses indicated below so that these circumstances or events can be immediately assessed, and actions aimed at counter them may be adopted to allow an immediate evaluation and the adoption of any measures aimed at countering this event.Kotler Impact Inc is obliged to communicate data to Public Authorities upon specific request.

Transfer abroad

Your personal data may be transferred abroad where necessary for management of the assignment received. For processing of any information and data communicated, such parties shall be required to adopt equivalent levels of protection for personal data processing by their employees. In any event, only data necessary for the established purposes shall be communicated, and the regulatory tools provided for in Chapter V of the GDPR shall be applied.

Methods, processing logic and retention period

Your Data shall be collected and recorded in a lawful and correct manner for the above-mentioned purposes, in accordance with the principles and requirements set out in Article 5, paragraph 1 of the GDPR.Personal data processing shall be performed using manual, computerised and telematic tools with logics strictly correlated to the said purposes and, in any event, in such a way as to guarantee its security and confidentiality.Personal Data will be processed by Kotler Impact Inc. for the entire duration of the assignment and also subsequently to assert or protect its rights or for administrative purposes and/or to fulfil obligations deriving from the applicable pro tempore regulatory and regulatory framework and in compliance with the specific legal obligations on the retention of data.

Rights of the Data Subject

In accordance with and subject to the limits and conditions provided for by the legislation on personal data protection with regard to exercise of Data Subjects’ rights1 concerning data processing under this Privacy Policy, you, as Data Subject, are entitled to request confirmation as to whether or not your personal data is being processed, access personal data concerning you and request to have it amended or cancelled, and to receive notification of such amendment and cancellation by those to whom the Data may have been transmitted by our Organisation. You also have the right to request restriction of processing in the cases provided for by the regulations, to portability of personal data – provided by you – in the cases indicated by the regulations, to oppose processing of your personal data and, specifically, to oppose decisions regarding it if based solely on automated processing of your personal data, including profiling. If you deem the processing of your personal data to be in breach of the GDPR standards, you have the right to lodge a complaint with the Italian Data Protection Authority under Article 77 of the GDPR. If you intend to request further information on the processing of your personal data or for the possible exercise of your rights, you can contact the external data processor at Web Seeders – Mississauga, Canada

Data Controller and Data Processor

Under Article 4 of the GDPR, the Data Controller is Kotler Impact Inc., based in Canada The external data processor is Web Seeders – based in Mississauga, Canada The complete list of Data Processors can be requested at the addresses indicated above.Best regards Data Controller


Expression of consent

The user/customer/data subject acknowledges the privacy policy provided under Articles 13 and 14 of EU Regulation 2016/679 in its entirety, including points a), b), c), d) and e) of the paragraph “Origin, purpose, legal basis and nature of the data processed” and freely and voluntarily gives, where required, consent for the purposes indicated, and the personal data can be processed and communicated to the subjects for the obligations connected to the purposes of the processing as well as for the activities listed in the body of the privacy policy.