Privacy PolicyBlendX S.r.l.

Last updated: 2026-05-13 · Version: 1.0

Information on the processing of personal data pursuant to Articles 13-14 of EU Regulation 2016/679 (GDPR).

1. Data Controller

BLENDX S.R.L.
Registered office: Via della Balduina 96, 00136 Rome (RM), Italy
VAT / Tax code: 15299231009
Certified email (PEC): blendxsrl@pec.it
Email: marketing@rmkble.studio

To exercise your rights or for any request relating to data processing, you can contact us at: marketing@rmkble.studio.

2. Categories of data collected

Depending on the type of interaction with the site, app or service, we may collect the following categories of personal data:

2.1 Data voluntarily provided

Through contact forms, information requests, subscriptions and — where the platform provides it — user account creation or purchase activities, we collect:

  • First and last name
  • Email address
  • Phone number (optional, unless required for contractual purposes)
  • Company name and role (for B2B requests)
  • Postal address (where required for billing or shipping)
  • Payment data (where the platform handles transactions; managed by PCI-DSS compliant providers)
  • Access credentials (where a user account is provided)
  • Content of the message or request
  • Any additional data the user chooses to share

2.2 Browsing data

The IT systems and software procedures used to operate our services acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols (IP addresses, browser type, operating system, pages visited, date and time of access, referrer).

2.3 Cookies and tracking technologies

We use technical cookies and, with consent, possible third-party cookies. Consent management is handled by Cookiebot. For web tracking we use Plausible Analytics, a privacy-friendly service that does not use cookies and does not collect identifying personal data. You can modify or revoke consent at any time via the cookie banner. For detailed information see the Cookie Policy.

3. Purposes and legal bases of processing

Personal data is processed exclusively for the purposes listed below. Each purpose applies only to projects that actually involve it.

  • Response to contact and information requests to process and respond to requests sent via forms. Legal basis: performance of pre-contractual measures at the request of the data subject (art. 6.1.b GDPR).
  • Service delivery and management of the contractual relationship to provide the requested services, manage user accounts where applicable, manage orders and payments. Legal basis: performance of the contract (art. 6.1.b GDPR).
  • CRM management and commercial follow-up registration and management of commercial relationships in the CRM system. Legal basis: legitimate interest of the Controller (art. 6.1.f GDPR).
  • Direct marketing / Newsletter / Lead nurturing sending informative and commercial communications, also profiled on the content consulted, with explicit consent. Legal basis: consent (art. 6.1.a GDPR), revocable at any time.
  • Statistical analysis and service improvement aggregated and anonymized analyses on the use of our services. Legal basis: legitimate interest (art. 6.1.f GDPR).
  • Legal, accounting and tax obligations compliance with obligations imposed by law, regulations, European legislation and authority measures. Legal basis: legal obligation (art. 6.1.c GDPR).
  • Protection of the Controller's rights establishment, exercise or defence of a right in court. Legal basis: legitimate interest (art. 6.1.f GDPR).

4. Processing methods and retention

Data is processed using electronic tools and stored in a way that guarantees security and confidentiality, through technical and organizational measures appropriate to the risk (encryption, access controls, backups).

The retention periods applied are as follows:

  • Contact data and information requests: for the time necessary to manage the request and up to 24 months from collection.
  • Data relating to contractual relationships and user accounts: for the entire duration of the relationship and up to 10 years from its conclusion, for the tax and accounting obligations provided by Italian law.
  • Data collected for marketing purposes: until the consent is withdrawn or the right to object is exercised.
  • Browsing data: not exceeding 13 months.

5. Data processors (Sub-Processors)

Personal data may be communicated, within the limits strictly necessary for the indicated purposes, to the following data processors (the actual list of sub-processors used for a specific project is available on request):

  • CloudPepper hosting provider for the Odoo ERP system used for CRM management and data collected via forms. European data centres.
  • Plausible Analytics privacy-friendly web analytics service, without cookies and without identifying personal data.
  • Cookiebot (Cybot A/S / Usercentrics) cookie consent management platform.
  • Mailgun (Sinch Email) transactional and marketing email delivery service (where used).
  • Payment providers (Stripe, PayPal, ...) — handling of economic transactions where the platform supports purchases, in PCI-DSS compliant environment.
  • Infrastructure hosting providers IaaS/PaaS providers for the technical delivery of services.

The providers listed above act as Data Processors and are bound by contractual agreements compliant with GDPR (art. 28). Data is not transferred to third parties for third-party marketing purposes.

6. Transfer of data outside the EU

In cases where service providers may transfer data to non-EU countries (e.g. United States), such transfers take place in compliance with the guarantees provided by the GDPR (artt. 44-49), in particular through standard contractual clauses approved by the European Commission or in the presence of adequacy decisions (e.g. EU-U.S. Data Privacy Framework).

7. Rights of the data subject

Pursuant to Articles 15-22 of the GDPR, you have the right to:

  • Access (art. 15) — obtain confirmation of processing and a copy of your data
  • Rectification (art. 16) — correct inaccurate or incomplete data
  • Erasure (art. 17) — request the deletion of your data ("right to be forgotten")
  • Restriction (art. 18) — restrict processing in certain cases
  • Portability (art. 20) — receive your data in a structured and readable format
  • Object (art. 21) — object to processing based on legitimate interest
  • Not be subject to automated decisions (art. 22) — including profiling, where applicable
  • Withdraw consent at any time, without prejudice to the lawfulness of processing based on consent before the withdrawal

To exercise your rights, write to us at marketing@rmkble.studio.

You also have the right to lodge a complaint with the competent supervisory authority. In Italy: Garante per la Protezione dei Dati Personali, garanteprivacy.it.

8. Data security

We adopt technical and organizational measures appropriate to protect personal data from accidental loss, unauthorized access, disclosure, alteration or destruction. These measures are periodically reviewed and updated according to technological evolution and emerging risks.

9. Processing of minors' data

The services are not intended for minors under 14 years of age (art. 2-quinquies of Legislative Decree 196/2003 as amended by Legislative Decree 101/2018). We do not knowingly collect personal data from minors of this age. Should we become aware of such processing, we will immediately proceed with deletion.

10. Changes to this notice

BlendX S.r.l. reserves the right to modify this notice at any time. Changes will be published on this page with an updated date at the top of the document. In the event of substantial changes, we may notify you via email if you have an active relationship with us.

11. Contacts

BLENDX S.R.L.
Via della Balduina 96, 00136 Rome (RM), Italy
PEC: blendxsrl@pec.it
Email: marketing@rmkble.studio

©2026 BLENDX S.r.l.Via della Balduina 96, 00136 Rome (RM), ItalyVAT / Tax code 15299231009 — REA RM-1581087All rights reserved