pursuant to Art. 13 of the GDPR relating to the processing of personal data
Types of collected data
Through the Site, the following types of User’s data (hereinafter jointly also “Personal Data”) can be processed.
A) Navigation Data and Cookies
The computer systems and software procedures, aimed at the functionality of the Site, acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects, but by their own nature could, through processing and association with data held by third parties, allow the identification of Users. This category of data includes the IP addresses of the computers used by the Users, who connect to the Site, the URI addresses (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system used. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and they are deleted immediately after processing. The data could be used to ascertain responsibility in case of any computer crimes against the Site.
B) Personal data provided intentionally by the User
The Company processes certain Personal Data that may be provided voluntarily by Users through specific form on the Site:
- for the request of information through the “Contacts” section (information that can be provided: name, surname, email, message, possible attachments);
- for subscription to the Company’s newsletter with marketing content (information that can be provided: email address);
- for the purchase of Company’s products through the appropriate section (information that can be provided: name, surname, shipping address, telephone, email);
- to participate in personalised marketing operations (information that can be provided: name, surname, email, telephone, specific interests relating to cycling);
or other Personal Data that may be sent to the Company using the contact details on the Site.
Purposes and legal basis of the processing
A) Performance of a contract or of pre-contractual measures in relation to orders for the Company’s products or related to User’s requests.
The Company may process the User's Personal Data in order to execute a contract or pre-contractual measures: (i) to manage orders for the Company’s products placed through the Site and to provide information and/or pre- and post-sales assistance; (ii) to respond to requests for information forwarded through the “Contacts” section.
Legal Basis: fulfilment of a contractual obligation or execution of pre-contractual measures. The provision of Personal Data is necessary; otherwise, the Company shall not be able to process the order received, provide information and/or pre and post-sales assistance or respond to the User’s requests.
B) Sending marketing communications through Newsletter.
The Company may process the email address communicated by the User for marketing purposes in order to provide information on events and on commercial and promotional initiatives relating to the Company’s products through automated contact methods (i.e. email).
Legal Basis: the User’s consent, which can be revoked at any time, using the contact details below. Refusal to provide consent has no consequences other than the impossibility for the User to receive promotional communications through newsletter.
C) Sending personalised marketing communications.
The Company may process the User’s Personal Data, communicated to the Company through a specific section of the Site, in order to allow participation in initiatives and competitions with the purpose of personalised marketing, consisting of providing, through email , commercial and promotional information to Users on the basis of their preferences and interests, relating to the world of cycling.
Legal Basis: the User’s consent, which can be revoked at any time using the contact details below. Refusal to provide consent has no consequences other than the impossibility for the User to receive commercial and promotional communications customised according to his/her preferences and interests.
D) Sending email communications promoting products and services similar to those purchased.
The Company – pursuant to and within the limits allowed by Article 130, paragraph 4, of the Privacy Code (Legislative Decree no. 196/2003, as amended by Legislative Decree 101/2018) – may process the User’s email address to promote its own products or services similar to those covered by the purchase made (so-called “soft spam”).
Legal Basis: legitimate interest of the Company to maintain an effective contractual relationship with the User.[FF IT 6] The provision of the email address is optional [FF IT 7] and refusal to provide it does not have any consequences on contractual relations.
E) Purposes related to obligations provided for by laws, regulations or EU legislation, by provisions/requests of authorities legitimized by law and/or by supervisory and control bodies.
The Company may process the User’s Personal Data in order to fulfil its obligations to which it is bound.
Legal Basis: compliance with a legal obligation. The provision of Personal Data for this purpose is necessary, otherwise, the Company will not be able to comply with specific obligations.
F) Defence of rights during judicial, administrative or extra-judicial proceedings, and in the context of dispute arising in relation to the services/activities offered.
The Company may process Personal Data in order to defend its rights or to act or even make claims against the User or against third parties.
Legal Basis: legitimate interest of the Company in protecting its rights. In this case, a new and specific provision of data is not required, because the Company will pursue this further purpose, if necessary, by processing the data collected the other above-mentioned purposes, which are considered compatible with this one (also because of the context in which the data were collected, the nature of the data themselves and the appropriate guarantees for their processing, as well as the link between the other above-mentioned purposes and this further purpose).
How we keep personal data secure and where
The Company takes appropriate security measures to ensure the protection, security, integrity and accessibility of Users’ Personal Data. The appropriate security measures are designed to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
All Personal Data is held on the Company’s secure computer systems (or appropriately stored hard copies) or those of our suppliers, and may be accessible and usable in accordance with our standards and security policies (or equivalent standards for our suppliers).
The Company informs you that Personal Data will be processed, for the purposes set out in this policy, exclusively within countries belonging to the European Union (EU) or the European Economic Area (EEA).
How long we store personal data
We only retain Personal Data for as long as itis necessary for the purposes for which it was collected or for any other legitimate related purposes. Therefore, if Personal Data is processed for two different purposes, we will keep those data until the purpose with the longer retention period ends. In any event, we will no longer process Personal Data for that purpose whose retention period has expired.
Personal Data that is no longer needed, or for which there is no longer a legal basis for its retention, will be irreversibly anonymised (being in this case strored) or safely destroyed.
Navigation data is not stored, unless the judicial authorities need to ascertain whether a crime has been committed.
Data processed in order to fulfil any contractual obligation may be stored for the entire duration of the contract and, in any case, for no longer than the following 10 years, in compliance with the legal statute of limitations.
Data processed for marketing purposes may be stored for 24 months from the date we last obtained your consent for this purpose.
Data processed for judicial purposes will be kept for the term in which possible claim may be pursued according to applicable law.
Who can access personal data
The Personal Data of the Users may be accessed by duly authorised employees of the Company, as well as by external suppliers (including consultants), appointed, if necessary, as data processors. You may contact the Company using the contact details provided in the “Contacts” section if you wish to request to see the list of data processors and other entities to whom the data is disclosed.
Personal data protection rights
Each User, subject to the existence of the legal basis for the request, has the right to obtain from the Company:
- the access to and the rectification of Personal Data concerning him/her;
- the cancellation of Personal Data;
- the rectification of Personal Data held by the Company concerning him/her;
- the revocation of consent in cases where processing is based on it;
- the limitation of the processing of Personal Data concerning the him/her;
- the copy of Personal Data provided by the Users to the Company, in a structured, commonly used and machine-readable format (portability) and the transmission of such Personal Data to another data controller.
Right to object: Users have the right to object, in whole or in part, to the use of their Personal Data processed by the Company, if the conditions set out in the GDPR are met, for example if the Personal Data is processed for marketing purposes or if the legal basis for the processing is the Company’s legitimate interest.
In the event that the User exercises any of the above-mentioned rights, it will be the responsibility of the Company to verify that the User is entitled to exercise such rights, and the feedback shall normally be given within one month.
If the User considers that the processing of his/her Personal Data is in breach of the provisions of the applicable legislation on the protection of Personal Data, he/she has the right to lodge a claim before the Personal Data Protection Authority, using the available references on the website https://www.garanteprivacy.it/, or to take appropriate legal action.
The Company’s contact details, for questions and for exercising the rights inherent in the processing of Personal Data, are as follows:
For further information about our products and services, please write to the following email address firstname.lastname@example.org