Domande frequenti sulla privacy dei dati raccoglie ed elabora i dati. Questa sezione di FAQ può esservi utile per capire meglio come trattiamo i dati personali e l’impegno che mettiamo nel mantenere i dati protetti e sicuri.

Owner of & relative services Srl
Via P. Togliatti, 5/C
42048 – Rubiera (RE)

Owner contact email:


The purpose of this FAQ is to set out for customers of KPI6 how our company approaches data privacy compliance. If you have any questions that are not answered by this FAQ, please get in touch with our team by writing to

Does KPI6 comply with the General Data Protection Regulation (“GDPR”)?


Does the GDPR apply to any of KPI6’s services?

The GDPR applies to the processing of personal data. Personal data means any information relating to an identified or identifiable natural person. KPI6 offers a variety of services, each of which require a different analysis under the GDPR.

Research Analytics

Research Analytics is personal data agnostic. These service is based on analyzing large sets of unstructured text data/images. This means that, while processing personal data is not the core point of Research Analytics, it is likely that there is personal data in data that forms part of Research Analytics. For example, some users on Twitter verify their account. Where a user’s account is verified, that user’s username and accompanying Tweets are personal data. Because of the difficulty in analyzing on a post-by-post basis whether information is personal data, KPI6 chooses to treat its entire database for its Research Analytics as if it contains all personal data.


The Audiences environment is entirely based on personal data, so every part of this service has been designed to be respectful of GDPR. While all the information displayed in Audiences refers to specific data points collected and/or inferred about authors, all of it has been previously:

  • aggregated, so that no person can be analyzed singularly, but only in defined groups of people that cannot be downsized to show few individuals; and
  • anonymized, which means no personal data can be linked to a specific person.

These measures allow KPI6 to be 100% GDPR compliant, since users that access KPI6’s services cannot, in any way possible, determine or even infer data about a certain specific author.

If KPI6 is a data controller for the Research Analytics service, what are customers?

For the Research Analytics service, KPI6’s customers are also data controllers in respect of the personal data which customers process through the use of Research Analytics. The reason is that, under the GDPR, a person must be a data processor or a data controller when personal data is involved. A data processor processes personal data on behalf of the data controller. Since KPI6’s customers do not process personal data on KPI6’s behalf, KPI6’s customers must be data controllers under the GDPR for the Research Analytics service.

What is the legal basis on which KPI6 processes personal data for its Research Analytics service?

The primary legal basis on which KPI6 processes personal data when performing the Research Analytics service is the legitimate interests of the data controller. This legal basis requires a balancing of the legitimate interests of the data controller with the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The data that KPI6 processes from the Research Analytics service is all publicly available – and made available – by the particular social media author him or herself. KPI6 therefore believes that the interests, fundamental rights, and freedoms of data subjects are not prejudiced or overridden in the context of its processing of social media data that is (1) publicly available and (2) can be made private at any time by the social media author him or herself. The social media authors have significant levels of control over the availability of their personal data on the underlying websites, including (e.g.) setting their Twitter account to private.

Where does KPI6 store the personal data that it processes?

Where personal data is stored depends on the services that KPI6 provides.

For both KPI6 Research Analytics and KPI6 Audiences, personal data (including any personal data that the customer uploads using our Content Upload API) is hosted by a third party cloud provider in Ireland.

The Audiences services are hosted by third party cloud providers, in Ireland as well.

Does KPI6 export any personal data outside of the European Economic Area?

None of KPI6’s services currently export any personal data outside of the European Economic Area. However, via the API or the export functionality of KPI6 Research Analytics and Audiences, customers can technically export data from KPI6’s servers to whatever country the customer is located in.

Are KPI6's systems that process personal data secure?

Yes. KPI6 has technical and organizational measures in place to protect against the unauthorized or unlawful processing of data and against accidental loss, destruction or damage of that data. Where KPI6 uses third party cloud providers, those providers are industry-leading, including AWS and Google Cloud. In addition, KPI6 applies its own security policies and processes to the management and provision of any third party systems and services.

How does KPI6 ensure its services comply with the GDPR and CCPA?

KPI6 has a chief data officer responsible for privacy in the company. KPI6 has also distributed privacy compliance throughout the company, appointing privacy champions on its engineering, product, and people teams. These individuals are tasked with incorporating data protection by design and by default when developing services for KPI6. KPI6 also implements Privacy Impact Assessments, where required, in accordance with the GDPR.

KPI6 è conforme anche al California Consumer Protection Act (CCPA)?

Sì, il KPI6 è conforme al CCPA. KPI6 ha sede in Italia e ha centralizzato la sua conformità globale alla privacy secondo il GDPR. Dato che il GDPR è un quadro normativo sulla privacy più completo rispetto al CCPA, KPI6 è già conforme a gran parte del CCPA grazie alla sua conformità al GDPR. Inoltre, qualsiasi nuovo requisito del CCPA non avrà un impatto diretto sull’utilizzo dei servizi da parte dei clienti di KPI6. Per facilitare la consultazione, in questa FAQ è stata mantenuta la terminologia del GDPR. Tuttavia, per chiarezza, ogni volta che nelle presenti FAQ si fa riferimento a “Titolare del trattamento dei dati”, ciò equivale a “Azienda” ai sensi del CCPA; e ogni volta che si fa riferimento a “Responsabile del trattamento dei dati”, ciò equivale a “Fornitore di servizi” ai sensi del CCPA.

Come si fa a fornire una notifica ai consumatori della CA come richiesto dal CCPA?

KPI6 non ha un rapporto diretto con gli autori dei contenuti pubblici online che compongono il nostro database. Per questo motivo, il CCPA richiede che i consumatori CA siano informati della vendita dei loro dati personali. Forniamo questo avviso direttamente ai consumatori di CA tramite la nostra Dichiarazione sulla privacy degli autori sul nostro sito web. Tutte le nostre informazioni di contatto e i dettagli rilevanti sono disponibili in quell’elenco.

Ultimo aggiornamento: 09 settembre 2020

Hai qualche domanda ?

Show us what you got!