DISCLOSURE ON THE PROCESSING OF PERSONAL DATA

This disclosure is provided, pursuant to art. 13 of EU Regulation 2016/679 (GDPR) for users who interact with the Cicli Esperia Spa website, which is accessible by electronic means from the address: https://www.cicliesperia.com/, corresponding to the start page of the website.

This disclosure describes the methods of management of only the company’s official website but not of other external websites which may be accessed by the user through links within the website.

Additional information may be provided within the different access channels, divided according to the topics that are covered. Other information may be provided within the website in relation to specific services.

Data controller: CICLI ESPERIA SPA

VIALE ENZO FERRARI 8/10/12  –  30014 CAVARZERE (VE)

contact details: privacy@cicliesperia.com

Purpose of the data processingLawfulness of the data processingDuration of data retention
Administrative-accounting activities in general and for the fulfilment of legal obligations, regulations and applicable national and supranational legislationNecessity of complying with legal obligations 
If necessary, in order to ascertain, exercise or defend the rights of the Data Controller in a judicial contextLegitimate interest 
Any request for contact, via the sending of information upon your request;Execution of a contract to which the interested party is involved or for the execution of pre-contractual measures adopted at the request of the same (art. 6(1)(b) of the Regulation)Contract term and, after termination, for the ordinary period of limitation of 10 years. In the event of litigation, for the entire duration of the dispute, until the time limits for the admissibility of the appeal are expired.

Direct marketing

Sending – with automated contact modes (such as sms, mms and email) and traditional (such as telephone calls with operator) – of promotional and commercial communications related to services/products offered or announcing company events or participation in webinars, as well as market studies and statistical analyses.

Consent (optional and revocable at any time).


It should be noted that the Data Controller collects a single consent for the purposes of Marketing described herein in accordance with the General provision of the Authority for the Protection of Personal Data “Guidelines on Promotional activities and combating Spam” of 4 July 2013. If you wish to object to the processing of your data for the purposes of Marketing carried out by the means indicated herein, as well as to withdraw your consent; you may do so at any time by contacting the data controller with the contact details indicated in this disclosure, without prejudice to the lawfulness of the processing based on the consent given before the revocation.

Until your consent is revoked.
After the above retention terms have expired, the Data will be destroyed, deleted or anonymised, consistent with the technical procedures of cancellation and backup.

Type of Data Processed and Collection Modes

Browsing data – log files

It is possible to access the Site without requiring the user to provide personal data of any kind. The computer systems and the applications dedicated to the operation of this website detect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) not associated to directly identifiable users. The collected data includes the IP addresses of the users who connect to the website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request and the numerical code indicating the status of the response given by the server (good, error, etc.).

This is information that does not provide personal data of the user and is not collected to be associated with identified interested parties, but it is technical/IT data collected and used in an aggregated and anonymous way for the purpose of verifying the correct functioning and monitoring the security of the Site; improving the quality of the service and providing statistics regarding the use of the Site; establishing liability in the event of hypothetical computer crimes against the Site.

Data provided voluntarily by the user

The voluntary and explicit sending of email/s to the addresses indicated in the different access channels of this site involves the subsequent acquisition of the address and of the data of the sender/user, necessary in order to respond to the requests made and/or to provide the requested service. It is however ensured that such processing will be based on the principles of fairness, lawfulness and transparency and the protection of privacy indicated in the GDPR. In any case, before proceeding to the activation of a specific service, suitable information will be provided and, where necessary, acquisition of the related consent to the processing of the personal data. This consent may be revoked at any time thereafter, thus prohibiting the possibility of using the service in question.

Failure to provide consent or to withdraw the same does not entail any consequence, except for the impossibility of using the Site and/or providing the requested service or obtaining more detailed information on the Company’s activities.

In any case, the processing of personal data may be carried out, if necessary, for the pursuit of a legitimate interest of the Data Controller or on the basis of a legal obligation. In particular, obtaining consent to the processing referred to in the previous paragraph on browsing and log data is not necessary since the data are treated as responding to a legitimate interest (Recital 47 of the GDPR)

Provision of the Data

Apart from what is specified for the browsing data, the provision of personal data by the interested party, for specific purposes described in the preceding paragraph, is to be considered optional. Failure to provide the data may result in the impossibility of using specific services provided by the site.

Data Processing Methods

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they are collected in compliance with the principles of lawfulness, limitation of the purposes and minimisation of the data, according to art. 5 of the GDPR and in compliance with the mandatory time limits prescribed by law. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorised access.

Communication and/or Dissemination of the Data

Your data, subject of the processing, will not be disseminated but may be communicated to companies contractually linked to the company, in compliance with and within the limits of the GDPR. The personal data is stored on servers located within the European Union. It is understood, in any case, that the Data Controller, where necessary, will have the right to move the server location also to non-EU countries. In such a case, the Data Controller as of now assures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, upon the conclusion of the standard contractual clauses provided for by the European Commission and the user will be informed of the same.

 The data can be communicated to third parties belonging to the following categories:
– subjects providing services for the management of the company’s IT system and telecommunications networks (including email);
– studios or companies in the context of assistance and consultancy relationships;
– competent authorities for the fulfilment of obligations under laws and/or provisions of public bodies, upon request.

The subjects belonging to the aforesaid categories perform the function of Data Processing Officer, or they operate in total autonomy as distinct Data Controllers. The list of data processing officers is constantly updated and available at the company’s headquarters. Any further communication or dissemination of your data will take place only with your explicit consent.

Existence of an Automated Decision-making Process

The Data Controller informs the interested party that there are no automated decision-making processes on this site, therefore, in particular there is no profiling system.

Minors

This Site and the Data Controller’s Services are not intended for children under the age of 16 and the Data Controller does not knowingly collect personal information about minors. In the event that information relating to minors is unintentionally recorded, the Data Controller shall promptly delete it at the user’s request.

Rights of the interested party

The interested parties have the right to receive from the Company information about the processing of personal information by sending an email to: privacy@cicliesperia.it

  • Right of access: we are transparent about the data we collect and the use we make of it. You can contact us at any time by sending an email to access the information in our possession.
  • Right of correction: you have the right to obtain the correction of any inaccurate or incomplete information and to request its updating and/or modification.
  • Right to cancellation:  send a request for cancellation of all the data concerning you and within 30 days we will take charge of your request.
  • Right of limitation: you have the right to ask the data holder to limit the processing of your data.
  • Right to portability: if you request it, we will export your data so that it can be transferred to third parties in a structured, commonly used, machine-readable format.
  • Right of opposition: you can unsubscribe at any time from all the specific uses we make of your data (newsletters, automatic emails, etc.).
  • Right to lodge a complaint: if you believe that your rights have not been respected, you can lodge a complaint to the competent authority according to the instructions published on the website www.garanteprivacy.it or by mail to urp@gpdp.it