Data Controller of personal data
The Data Controller of the personal data collected through the Site is: VULTUR BIKE di Giuseppe Sicuro & C. S.A.S., with registered office in Rionero in Vulture (PZ) Vico III Annunziata n. 37 (85028), VAT no. 01971600760 (hereinafter 'Data Controller' or just "Data Controller"), e-mail address: email@example.com
Methods of processing personal data
We take into utmost consideration the right to privacy and protection of personal data of our Users that will be processed lawfully.
The Personal Data provided or acquired will be processed based on principles of correctness, lawfulness, transparency and protection of confidentiality in accordance with current regulations, through the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data. Among the security measures adopted there are also the SSL certificate and the HTTPS protocol, to protect the Personal Data entered and prevent access by unauthorized third parties.
The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
Personal data processed
When the User visits the Site, contacts us (by email, by telephone, by mail, etc.), subscribes to the newsletter or sends an order, we process some of his Personal Data, independently or through third parties.
We list the categories of personal data processed:
1. Identification, contact and access data: name and surname, email address, shipping address, telephone number, and account access credentials, as well as any other Personal Data voluntarily communicated by the User.
2. Purchase data: data referring to purchases made;
3. Navigation data: relating to the connection, IP addresses, domain names and other parameters relating to the browser and operating system used;
4. Usage Data: information generated by visiting the Site or making purchases on it: log data, data relating to registrations made, interaction and transaction processes, performance indicators, data relating to navigation flows and use of features;
5. Billing information: if the User requests the issuance of the invoice;
6. Bank details: such as the current account number in case of payment by bank transfer.
Purpose of the Processing and Legal Basis
The Data Controller will process the Personal Data of Users, as listed above, for the performance of its economic and commercial activities, for the specific purposes indicated below.
1. Purposes related to the Contract and Legal Obligations
a. Navigation on the Site;
b. Registration and management of the account (credential recovery, cancellation, etc.) and use of related services;
c. Activities necessary for the conclusion of the contract for the purchase of products sold by the Site and its execution;
d. Order Processing;
e. Assistance and customer care activities as well as to respond to requests, complaints, reports and disputes from Users via email to the addresses of the Data Controller or through other communication channels;
f. Management of Users' requests through remote communication tools, such as e-mail, chat, telephone, SMS, chatbots, banners, notification systems and other remote communication tools on the Site;
g. Fulfillment of obligations deriving from current law, regulations or community legislation (e.g. tax and accounting obligations) or management and response to requests from the competent administrative, tax and judicial authorities;
h. Activities of an administrative, accounting and tax nature such as activities related to the contract concluded through the Site, such as, by way of example, the issuance of receipts and / or invoices, the keeping of accounting records;
i. Response to requests to exercise the rights granted to Users by the contract stipulated with the Owner, by the law in relation to this contract or by the GDPR, and consequent activities.
For these purposes, the legal basis is the need to execute the pre-contractual and contractual obligations of which the User is a party (art. 6.1.b) of the GDPR) or the fulfillment of legal obligations to which the Data Controller is subject (art. 6.1.c) of the GDPR).
Therefore, with the exception of account registration data which is optional, their processing is necessary to allow the conclusion and execution of the contract through the Site or to respond to pre-contractual requests made by the User in relation to the Site. Failure to communicate the data, therefore, will make it impossible for the User to conclude a contract through the Site and / or to receive a response to requests made.
2. Analysis and statistical purposes and other purposes not based on consent
j. Carry out statistical analysis with respect to the use of the Site, navigation, product search, to improve the site and the offer of products sold through it;
k. Ensure compliance with the contractual rights of the Data Controller or demonstrate that it has fulfilled the obligations arising from the contract with the interested party or imposed by law, to prevent and / or repress fraudulent or harmful actions;
l. Remind the User who has undertaken the purchase process that he has placed a product in his shopping cart.
The legal basis of this processing is the legitimate interest (art. 6.1.f) of the Regulation). Sometimes the Legal Basis consists in the legitimate interest (Article 6, paragraph 1, letter f) in conjunction with recital 47 of the Regulation), for sending transactional email communications (eg abandoned cart).
3. Direct marketing and profiling purposes
m. With the consent of the User, we will send commercial emails to show him updates, news, offers and promotions, market research, also through automated processing tools such as emails and newsletters;
n. With the consent of the User, we will process his Personal Data to attribute particular characteristics, preferences, and send him, also through automated processing tools such as "retargeting" or through clustering of subjects with common characteristics, personalized and diversified commercial communications, based on his profile.
For this purpose, the processing, including the final decision about the promotional communication to be sent or displayed to the user based on the cluster to which they belong, takes place automatically, without human intervention, based on algorithms whose parameters have been previously set.
The legal basis is the express consent of the User to the processing of personal data for this purpose (art. 6.1.a) of the Regulation. The provision of data for this purpose is optional. In case of lack of consent, revocation of the same or exercise of the right of opposition, the possibility for the User to make purchases on the Site will not be affected in any way.
To send to the User's email address issued as part of the purchase of products through the Site, commercial communications to propose the direct sale of similar products. This activity does not require the acquisition of a prior express consent of the interested party as it is exercised on the legal basis referred to in art. 130, paragraph 4, of the Privacy Code (Legislative Decree 30 June 2003, n. 196) which expressly allows it, provided that the user does not refuse such use, initially or on the occasion of subsequent communications.
Changing choices and withdrawing consent
In case of release of consent, the User may at any time revoke the consent given and / or oppose the processing of personal data for general marketing and profiling purposes through the methods indicated in the 'Rights of the interested parties' section later in this statement.
In case of withdrawal of consent, the treatments carried out on the basis of the consent given before its revocation will still be considered legitimate. In case of revocation of consent and / or opposition to the processing of your data for the purpose of generic marketing, the user's data will no longer be processed for this purpose and will be kept by the Data Controller only in the circumstance in which there is another legal basis that legitimizes the processing (eg contractual execution; legal obligation; legitimate interest).
The Data Controller will process the personal data of Users for the time necessary to achieve the purposes for which such data were collected, as defined in this statement. However, for each of the purposes indicated, the personal data collected will be kept for the time specified below:
1. For the purposes related to the Contract, the Data Controller will process the User's data for the time strictly necessary to carry out the individual processing activities, it being understood that, after this term, the Data Controller may keep the data for the purposes and for the maximum retention periods referred to in the other sections of this statement, if relevant and/or, in any case, in the cases established by the GDPR and/or by law.
2. For tax, administrative, accounting and legal purposes, until the expiry of the legal terms required for the performance of each fulfillment and / or for the retention times required by law. In case of closure of the account on the initiative of the User, the data contained therein will be kept for administrative purposes for a period of 3 months from the request to close the account.
3. For purposes based on the legitimate interest of the Data Controller, the latter will process the User's data for the time strictly necessary to satisfy this interest, unless, in the face of disputes and / or complaints, the Data Controller needs to keep personal data to carry out defense activities (letter k) for the following 10 years (prescription) or, In the presence of litigation, further retention is determined by the duration of the litigation or by specific requests from the Authority. The User can obtain more information on the legitimate interest pursued by contacting the Data Controller.
4. For the purpose of direct marketing, as long as the consent is not revoked and in any case for a period of 12 months from when the consent was given or renewed by the User.
After these retention times, the Personal Data will be deleted and the User will no longer be able to exercise the rights of access, cancellation, rectification and portability of the Data.
Communication and dissemination of data
In addition to the Data Controller, in some cases, the following may have access to the Data:
1. subjects involved in the organization of the Website (for example: administrative, commercial, marketing staff);
2. third parties who perform ancillary and instrumental tasks with respect to the activity of the Data Controller and who process personal data on behalf of the Data Controller (for example: payment services, lawyers, accountants, system administrators, logistics companies, newsletter services, manufacturers for product repair);
3. public or private subjects that can access the Data in compliance with the law, regulations and provisions issued by the competent authorities;
4. potential purchasers of the Owner company and entities resulting from the merger or any other form of transformation.
These recipients, depending on the case, process the personal data of Users as persons in charge, data processors or independent data controllers. The User can request the updated list of Data Processors pursuant to art. 28 GDPR.
Place of processing and transfer of data abroad
The processing of Data takes place essentially in Italy and in the countries of the European Union. Some third-party tools may process the data of users of this website in countries outside the European Economic Area (the "Third Countries").
The transfer of data to third countries can also take place through the use of external tools that allow certain services (e.g. statistical analysis, newsletters, remarketing, advertising, use of social buttons).
Sometimes the use of these tools may involve the transfer of personal data of users who visit this website to a third country, such as the United States, for which there is no adequacy decision of the European Commission.
If there is a need to transfer data to third countries, the Data Controller undertakes to ensure that the country to which the data will be sent guarantees an adequate level of protection, as required by Article 45 GDPR; such transfer will be governed on the basis of the standard contractual data protection clauses approved by the European Commission for the transfer of personal information outside the EEA pursuant to Article 46.2 GDPR.
Personal Data Processing Tools
1. CONTACT FORM
By filling out the contact form, the User consents to the processing of personal data entered therein and their use to respond to requests for information. The personal data being processed are those requested by the form and all other personal data that may be entered by the user in the body of the message.
2. REGISTRATION TO THE SITE
By registering on the Site, the user consents to the processing of his personal data for the purpose of identifying him and allowing him access to services dedicated to registered users, such as storing the ways in which the user uses the services of the Site (eg delivery address, etc.) without having to enter them at each order.
Registration on the Site can also take place through the use of the following social networks:
The newsletter service allows the Data Controller to send users via email commercial communications, promotions, updates on new products and the like. The management of email addresses takes place through a database containing the user's email address, which is added to the list of users subscribed to the newsletter, when he subscribes to the newsletter by consenting to the sending of commercial communications, or makes a purchase (in the case of soft-spam). In both cases, the user can unsubscribe from the Newsletter service using the relevant button in the emails. After your request for cancellation, the user's data will be deleted from the database of the software used by the Site for sending the newsletter. The Personal Data processed by this service are: name, surname, email address. However, the software used by the Site to send the newsletter may also process Data relating to the date and time of display of the message or clicks on the links included in the body of the same. This Site uses the following email sending service:
Sendinblue (Sendinblue, SAS)
Sendinblue is an email address management and sending service provided by Sendinblue, SAS.
Personal Data processed: surname; email; name, other data such as email open rates.
SendBlaster (eDisplay Ltd.)
4. SOCIAL NETWORK KEYS
The User can use the social buttons to visit the social pages of the Site, through the following social tools that still collect personal data of users as traffic data on the pages visited and on which they are installed. The Site provides the following social buttons:
Statistical services allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior. This Site uses the following third-party services:
Google Analytics (Google Ireland Limited)
Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize the ads of its advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. The IP anonymization function is active on this site. The IP address transmitted by your browser for the purposes of Google Analytics will not be incorporated into other data already held by Google.
The use of Google Analytics may in some cases involve the transfer of personal data of users who visit this website to a third country, such as the United States, for which there is no adequacy decision of the European Commission.
Pixel di Facebook (Meta Platforms Ireland Limited)
5. PAYMENT MANAGEMENT
For the management of order payments, this Site uses the following third-party tools:
PayPal (Paypal Europe S.à.r.l. et Cie, S.C.A Inc.)
Stripe (Stripe Payment Europe Limited)
6. SECURITY MEASURES
This Site uses security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Among the security measures adopted there are also the SSL certificate and the HTTPS protocol, to protect the Personal Data entered and prevent access by unauthorized third parties.
Google reCAPTCHA (Google Ireland Limited)
Rights of the interested parties
The interested parties have the right to exercise the faculties provided for in Articles. 7, 15-22 of the Regulation.
In particular, Users have the right to obtain: access, updating, rectification or, when interested, integration of data; the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; the attestation that the above operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.
Furthermore, Users have the right to withdraw consent at any time, if the processing is based on their consent, to request data portability, i.e. to receive all personal data concerning them in a structured, commonly used and machine-readable format), to request the limitation of the processing of personal data and / or cancellation ("right to be forgotten"), as well as the right to object to the processing of personal data concerning him and to the processing for the purpose of sending advertising material, direct selling and for carrying out market research.
Pursuant to the Applicable Regulations, the Data Controllers inform that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of treatment carried out with the aid of electronic instruments; (iv) the identification details of the Data Controllers and Data Processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as managers or agents.
The interested parties may exercise their rights by sending a specific communication to the Data Controller via email to: firstname.lastname@example.org
The interested parties, if they believe that the processing that concerns them violates the Regulation, also have the right to lodge a complaint with the Privacy Guarantor as a supervisory authority regarding the protection of personal data (Guarantor for the protection of personal data, based in Piazza Venezia n. 11 - 00187 - Rome (http://www.garanteprivacy.it/).
Information for California Residents - California privacy rights
Personal information we collect: You can find a list of the categories of personal information we collect in the "Personal data processed" section above.
Use of personal information: You can find a list of the purposes for which we use such personal information in the "Purposes of Processing and Legal Basis" section above.
Categories of personal information disclosed and its recipients: You can find a list of the purposes for which we use such personal information in the "Communication and dissemination of data" section above.
Sources of information collected: We collect your personal data directly from you (including through the device you use to visit our website) and from our service providers.
Your rights: Except as provided by applicable law, you may have certain choices regarding the use and disclosure of your personal information, as described below:
1. Access: You have the right to request, twice within a period of 12 months, a communication from us regarding your personal data collected in the last 12 months and details of our collection, use and disclosure of such information.
2. Erasure: You have the right to request erasure of your collected personal data.
3. Opt-Out: You have the right to refuse the communication and processing of your personal data.
4. Non-discrimination: You have the right not to receive discriminatory treatment from us for exercising your rights under the CCPA.
The rights mentioned above can be exercised by sending a request to the contacts indicated above.
Authorized Agent: As a California resident, you have the right to designate an authorized agent to act on your behalf to make a request under the CCPA through the same channels as those provided for exercising your rights, as described above. If you appoint an authorized agent, we may require you to provide us with authorization issued to your authorized agent and verify your identity.
Shine the Light Act: As a California resident, you may request information regarding the categories of personal information (if any) we share with third parties or affiliates for direct marketing purposes. If you would like more information, please send a written request to the contacts listed above.