WEBSITE PRIVACY NOTICE
made pursuant to Article 13 of EU Regulation No. 679/2016
The company Vittoria S.p.A., with registered office in Brembate (BG), Via Liguria 8, Tax code and VAT number 01989570161 ("Company") is committed to protecting the personal data of the user ("User") of the website vittoria.com/en ("Site") and, as data controller, is required, pursuant to Article 13 of the EU Regulation no. 679/2016 (General Data Protection Regulation, "GDPR"), to provide the User with certain information regarding the processing of personal data. This Privacy Notice does not apply to other websites owned by third parties, which may be accessed through links on the Site. Please read the privacy notices of such third party sites in relation to their processing of personal data. If you provide personal data on behalf of someone else, you must ensure, in advance, that they have read this Privacy Notice.
What personal data may be processed
Through the Site, the following types of User data (hereinafter also referred to jointly as 'personal data') may be processed.
- A) Browsing data and cookies
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified subjects, but by its very nature could, through processing and association with data held by third parties, make it possible to identify Users. This category of data includes the IP addresses of the computers used by Users who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system used. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct operation, and is deleted immediately after processing. The data could be used to ascertain liability in the event of any computer crimes against the Site.
- B) Personal data voluntarily provided by the User
The Company processes certain personal data that may be provided voluntarily by Users through specific forms on the Site:
for information requests via the 'Contact' section (information that can be provided: name, surname, email, message, any attachments);
for subscribing to the Company's newsletter with marketing content (information that can be provided: email address);
for the purchase of the Company's products via the appropriate section (information that may be provided: name, surname, shipping address, telephone, email);
to participate in personalised marketing operations (information that can be provided: name, surname, email, telephone, specific interests related to cycling);
or other personal data that may possibly be sent to the Company using the contact details given on the Site.
For what purposes personal data may be used
- A) Execution of a contract or pre-contractual measures in connection with orders for the Company's products or requests by the User.
The Company may process the User's personal data in order to execute a contract or pre-contractual measures: (i) to manage orders for the Company's products placed through the Site and to provide pre- and post-sales information and/or assistance; (ii) to respond to requests for information made through the "Contact" section.
Prerequisite for processing: fulfilment of a contractual obligation or execution of pre-contractual measures. The provision of personal data is compulsory; failing this, the Company will not be able to process the order received, provide information and/or pre- and post-sales assistance, or respond to the User's requests.
- B) Sending marketing communications via newsletters.
The Company may process the email address communicated by the User for marketing purposes in order to provide information on events and on commercial and promotional initiatives relating to the Company's products through automated contact methods (i.e. email).
Prerequisite for processing: the User's consent, which can be revoked at any time using the contact details below. Failure to provide consent has no consequences other than the impossibility for the User to receive promotional communications via newsletter.
- C) Sending personalised marketing communications.
The Company may process the User's personal data to enable participation in initiatives and competitions for personalised marketing purposes consisting in providing, via email, commercial and promotional information to Users on the basis of their preferences and interests, pertaining to the world of cycling, communicated to the Company by the latter through a specific section of the Website .
Prerequisite for processing: the User's consent, which can be revoked at any time using the contact details below. Failure to provide consent has no consequences other than the impossibility for the User to receive commercial and promotional communications personalised on the basis of his/her preferences and interests.
- D) Sending email communications for the promotion of products and services similar to those purchased.
The Company - pursuant to and within the limits permitted by Article 130, paragraph 4, of the Privacy Code (Legislative Decree no. 196/2003, as amended by Legislative Decree 101/2018) - may process the User's email address to promote its own products or services similar to those covered by the purchase made (so-called "soft spam").
Prerequisite for processing: the Company's legitimate interest in maintaining an effective contractual relationship with the User. The provision of the email address is optional and failure to provide it does not affect the contractual relationship.
- E) Purposes connected with obligations laid down in laws, regulations or EU legislation, provisions/requirements of authorities empowered to do so by law and/or supervisory and control bodies.
The Company may process the User's personal data to fulfil its obligations.
Prerequisite for processing: fulfilment of a legal obligation. The provision of personal data for this purpose is obligatory, as failure to do so will make it impossible for the Company to fulfil specific legal obligations.
- F) Defence of rights in judicial, administrative or extrajudicial proceedings, and in disputes arising in connection with the services/activities offered.
The Company may process personal data to defend its rights or take action or even make claims against the User or third parties.
Prerequisite for processing: legitimate interest of the Company in the protection of its rights. In this case, a new and specific contribution is not required, since the Company will pursue this further purpose, where necessary, by processing the data collected for the above-mentioned purposes, which are deemed compatible with the present one (also by reason of the context in which the data were collected, the nature of the data themselves and the appropriate guarantees for their processing, as well as the link between the above-mentioned purposes and this further purpose).
How we keep personal data secure and where
The Company takes appropriate security measures to ensure the protection, security, integrity and accessibility of Users' personal data. The appropriate security measures are aimed at preventing unauthorised access, disclosure, modification or destruction of personal data.
All personal data are stored on the Company's secure computer systems (or appropriately stored hard copies) or on those of our suppliers, and are accessible and usable according to our standards and security policies (or equivalent standards for our suppliers).
The Company informs that personal data will be processed, for the purposes set out in this notice, exclusively within countries belonging to the European Union (EU) or the European Economic Area (EEA).
How long we keep personal data
We only retain personal data for as long as it is necessary for the purpose for which it was collected or for any other legitimate related purpose. Therefore, if personal data are processed for two different purposes, we will keep those data until the purpose with the longer retention period ends. In any case, we will no longer process personal data for that purpose whose retention period has expired.
Personal data that are no longer needed, or for which there is no longer a legal basis for their storage, are irreversibly anonymised (and thus can be stored) or securely destroyed.
Browsing data are not retained by the portal except in the event of the need for criminal investigations by the judicial authorities.
Data processed to fulfil any contractual obligation may be retained for the duration of the contract and in any case no longer than 10 years thereafter, subject to the statutory limitation periods.
Data processed for marketing purposes may be retained for 24 months from the date on which we last obtained your consent for that purpose.
If it is necessary to process data for judicial purposes, it will be kept for as long as any claims may be pursued by law.
Who has access to personal data
The personal data of the Users may be accessed by duly authorised employees of the Company, as well as by external suppliers (including consultants), who are appointed, if necessary, as data processors.
You may contact the Company using the contact details given in the 'Contact' section if you wish to request to see the list of data processors and other persons to whom data are disclosed.
Personal data protection rights
Every User has the right to obtain from the Company, subject to the existence of the legal prerequisite underlying the request:
access to and rectification of personal data concerning him/her;
deletion of personal data;
the rectification of personal data held by the Company concerning Users;
withdrawal of consent in cases where processing is based on consent
the restriction of the processing of personal data concerning Users;
the copying of personal data provided by Users to the Company, in a structured, commonly used and machine-readable format (portability) and the transmission of such personal data to another data controller.
Right of objection: Users have the right to object, in whole or in part, to the use of their personal data processed by the Company, provided that the conditions set out in the GDPR are met, for example in the case where personal data are processed for marketing purposes or where the legitimacy of the processing is based on the legitimate interest of the Company.
In the event that the User exercises any of the aforementioned rights, it shall be the duty of the Company to verify that he/she is entitled to exercise them, and feedback shall be given, as a rule, within one month.
If the User considers that the processing of his or her personal data is in breach of the applicable data protection legislation, he or she has the right to lodge a complaint with the Garante per la protezione dei dati personali, using the references available on the website https://www.garanteprivacy.it/, or to take legal action.
The Company's contact details for questions and for exercising rights concerning the processing of personal data are as follows:
Address: Vittoria S.p.A, Via Liguria 8, Brembate (BG), Italy
Telephone: +39 0354993911
For further information on our products and services, please write to the following email address firstname.lastname@example.org
Last updated: October 2023