Last update: February 2021
With this policy, Biciclette Dynatek SRL, with registered office at Via F. S. Orologio,6 35129 Padova, Italy, VAT number IT05248230285, Chamber of Commerce registration number PD-454496, telephone number +39 346 7663191, email email@example.com, PEC firstname.lastname@example.org as the data controller (hereinafter “Controller”) – would like to inform you about the processing of personal data that you provide when navigating the website https://www.dynatekbikes.com/ (hereinafter “Website”).
For any clarification, information or exercise of the rights listed in this policy, please contact us at: email: email@example.com address for registered mail: Via F. S. Orologio,6 35129 Padova, Italy.
Italian Legislative Decree 196/2003, as amended by Italian Legislative Decree 101/2018 and EU Regulation 2016/679 establish the rules for protecting and safeguarding individuals in relation to the processing of their personal data, and this policy is drafted in compliance with the new legislative provisions.
This policy may be subject to changes as a result of the introduction of new regulations, so we invite you to periodically visit this section for updates.
According to the law, the processing of personal data is based on the principles of correctness, lawfulness, transparency, accuracy, limitation of purposes and storage, minimization, data integrity, protection of user privacy and protection of their rights.
The Controller undertakes to observe these principles and, for this purpose, informs you that – except for those processing activities for which explicit consent is required by law – by browsing this Website, uploading or providing personal data, you accept and consent to be bound by the terms and conditions of this policy. The user’s consent to the processing of data may be revoked at any time by contacting the addresses listed above.
The Controller will process this data in compliance with the applicable regulations, assuming that it refers to the user or to third parties who have expressly authorized the user to provide such data based on a suitable legal basis that legitimizes the processing of the data in question. In relation to such cases, the user acts as an independent data controller, assuming all the obligations and legal responsibilities. In this regard, the user grants the Controller the widest indemnity with respect to any dispute, claim, request for compensation for damages arising from the processing, etc. that may be received by the Controller from third parties whose personal data have been processed through the use of the Website in violation of the applicable regulations.
If you are under 16 years of age, your consent is valid only if given or authorized by the person who holds parental responsibility for you, in accordance with Article 8 of EU Regulation 2016/679. For those concerned who are in Italy, consent is valid under the same conditions as above, also for the subject who has reached 14 years of age.
In any case, we would like to provide you with some information about the concept of personal data processing and the people who manage it.
PERSONAL DATA PROCESSED AND PROCESSING
PLACE OF PROCESSING AND CIRCULATION OF DATA
PURPOSE OF PROCESSING
LEGAL BASIS FOR DATA PROCESSING
DATA RETENTION PERIOD
RECIPIENTS OF PERSONAL DATA
DISCLOSURE OF DATA
TRANSFER OF DATA
PERSONAL DATA PROCESSED AND PROCESSING
1. PERSONAL DATA PROCESSED AND PROCESSING
“Personal data” refers to any information that could directly or indirectly identify users.
Such information may include, for example, name, address, username, email address, phone number, or even the IP address of the device used, browsing preferences, or information about the user’s lifestyle, hobbies, interests, and online purchasing preferences.
“Processing of personal data” means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or a set of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, erasure, or destruction.
2. DATA CONTROLLER
The data controller is the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data.
With respect to this Website, the data controller is: Biciclette Dynatek SRL as more specifically stated above, and for any clarification or exercise of the rights that concern you, you can contact them at the following email address: firstname.lastname@example.org.
3. DATA PROCESSOR
The data processor is the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
With respect to your personal data provided during navigation on this Website, the Data Controller has appointed Google Analytics as the data processor, in accordance with and for the purposes of Article 28 of EU Regulation 2016/679.
Further information is available at the following address: email@example.com
4. PROCESSING METHODS
On this Website, data is collected electronically and processed mainly using electronic tools, ensuring the use of appropriate measures for the security of the data processed and ensuring its confidentiality.
Your personal data will be processed by employees and/or collaborators of the Data Controller as data processors or persons in charge of processing, within the scope of their respective functions and in compliance with the instructions given by the Data Controller.
5. PLACE OF PROCESSING AND CIRCULATION OF DATA
Processing of personal data related to the services of the Website takes place at the above-mentioned Data Controller and is only carried out by authorized personnel.
Your personal data may be communicated to the Judicial Authority and Police Forces only in the cases provided for by law and used by the Data Controller for the purpose of defending its rights in court, if strictly necessary.
The data collected will not be disclosed. However, in order to effectively carry out the requested service, some data will be shared with external parties, appointed as data processors pursuant to Article 28 of EU Regulation 2016/679, called upon to perform specific tasks on behalf of our company (e.g. Web agency, professionals, etc.). The Data Controller is committed to protecting the security of personal data by adopting all necessary computer and physical measures to protect the personal data provided. No security system can guarantee absolute protection, therefore, except in cases of liability for negligence, the Data Controller is not responsible for acts committed by third parties who access the systems without proper authorization.
6. PURPOSES OF PROCESSING AND TYPES OF DATA PROCESSED
- Provide Services through the Website, allow you to contact the Data Controller for information on the services or related to their purchase; verify your identity and support you in case you lose or forget the login/password details of your personal account; allow you to make payment for purchased services, consult the history of your purchases, send you the newsletter if you have requested it as a Service by subscribing to it, and that contains only informative and non-commercial material; allow you to update your profile and provide you with any other Service you request (“Service Provision” Purpose). The processed data are common data; send you marketing communications, promotions and advertising, through the email address entered in the Newsletter form (if active) or in the filling fields (e.g. “Contact Us”/”Request a Free First Consultation”) (“Marketing” Purpose). The processed data are common data; send you marketing communications via email regarding products and services similar to those you have purchased through the Site, or for the management of technical and analytical cookies on the Site (“Soft Spam”). The processed data are common data; comply with legal obligations that require the Data Controllers to collect and/or further process certain types of personal data (“Compliance” Purpose). The processed data are common personal data; prevent or detect any abuse in the use of the Website or any fraudulent activity and thus allow the Data Controllers to protect themselves in court (“Abuse and Fraud Prevention” Purpose). The processed data are common personal data.
7. LEGAL BASIS FOR DATA PROCESSING
The legal basis for processing personal data provided by you through navigation is indicated below for each purpose:
Service Provision: this concerns the fulfilment of contractual or pre-contractual obligations pursuant to Art. 6(1)(b). The processing for this purpose is necessary to provide you with the service. It is not mandatory to provide the requested personal data, but failure to indicate them does not allow the Data Controller to provide the requested service. Regarding the email address entered in the contact form (with non-commercial content), it is not mandatory to provide your data (email address), but failure to indicate the email address does not allow you to subscribe to the newsletter. You can always – at any time – revoke your subscription by unsubscribing from the newsletter using the appropriate link at the bottom of the newsletter or by writing to firstname.lastname@example.org; Marketing: consent pursuant to Art. 6(1)(a). It is not mandatory to give your consent for the Marketing purpose, and you can always revoke it at any time without any consequence (other than not receiving any more marketing communication) by writing to email@example.com; Soft Spam: legitimate interest pursuant to Art. 6(1)(f) of the Data Controller in sending you commercial communications relating to services similar to those already purchased and therefore in line with your interests. You can object to such processing at any time by writing to firstname.lastname@example.org without any consequence (other than not receiving any more promotional communication); Compliance: compliance with a legal obligation pursuant to Art. 6(1)(c). The processing for this purpose is necessary for the Data Controller to comply with legal obligations prescribed by the legislation, also sector-specific, including tax, tax-related, or other obligations. Abuse and Fraud Prevention: legitimate interest pursuant to Art. 6(1)(f). The processing for this purpose is solely aimed at allowing the Data Controller to prevent and/or identify any fraudulent activity carried out through the Website and therefore protect themselves in court.
8. DATA RETENTION PERIOD
Data processed to comply with legal obligations will be kept until compliance is achieved, and in any case for the period of time necessary to demonstrate compliance. Data processed to fulfill contractual purposes will be kept until compliance is achieved and, if a contract is concluded or there have been pre-contractual negotiations, for ten years from the date of conclusion to allow for possible judicial or extrajudicial protection as well as for demonstrating the correct fulfillment of the contractually assumed obligations.
As for the commercial communications activity of soft spam via email and for the management of technical and analytical cookies, the data will be kept until any opposition by the data subject, to be exercised in the manner indicated below, or for treatments based on consent, until revocation of the same. The data processed for Compliance purposes for the period of time indicated by specific legislation.
The data processed for Abuse and Fraud Prevention purposes for the time strictly necessary to allow the Owner to defend himself in court.
9. RECIPIENTS OF PERSONAL DATA
The personal data provided by you may come to the knowledge of the Owner and/or the appointed data processors.
Any additional categories of recipients who may become aware of your personal data during or after the execution of the contract are:
- persons who process data in execution of specific legal obligations;
- consultants and external professionals who provide functional services, deriving from or connected to the above-mentioned purposes, identified in writing and to whom specific written instructions have been given with reference to the processing of personal data;
- subjects with whom it is necessary to interact in order to provide the requested services (e.g. hosting provider, credit institutions);
- subjects necessary for the provision of the services offered by the Site, including, by way of example, the sending of emails and the analysis of the Site’s operation, who typically act as data processors on behalf of the Owner;
- persons authorized by the Owner to process personal data necessary to perform activities strictly related to the provision of the Services, who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees and collaborators of the Owner);
- in general, all those public and private subjects for whom communication is necessary for the correct and complete fulfillment of the indicated purposes;
- subjects or entities to whom it is mandatory to communicate data for Compliance, Abuse and Fraud Prevention purposes, or by order of the authority.
10. DATA DISSEMINATION
Unless specifically requested by you in writing or by a precise order from the A.G./legal obligation, the personal data provided by you are not subject to dissemination.
11. DATA TRANSFER
To provide some services, personal data may be transferred to third-party organizations or countries where hosting or service providers’ servers are located.
In the event that this occurs, the Owner ensures that the processing of your personal data by these recipients takes place in compliance with applicable regulations. More information is available at email@example.com.
USER RIGHTS ACCORDING TO REGULATION EU 2016/679
Chapter III of Regulation EU 2016/679 lists the rights of the user.
Therefore, the Data Controller wishes to inform you about specific rights, including the right to obtain confirmation from the Data Controller of the existence of your personal data (or access to them), their provision in an intelligible form, as well as their rectification, erasure, or restriction, in whole or in part, or to object for legitimate reasons to their processing or to revoke consent to their processing at any time (without prejudice to the consequences of the previous point 5), or to request the portability of your data with respect to data subject to specific consent, or to update them. As an “interested party,” you also have the right to request that your data be transformed into anonymous form, to limit or block data processed in violation of the law; you can also file a complaint regarding unauthorized processing of your data with the Garante per la Protezione dei Dati Personali using the methods published on the website of the aforementioned authority (see http://www.garanteprivacy.it/). You have the right to know the origin of the data, the purposes and methods of processing, the logic applied to processing, the identifying details of the Data Controller and the subjects to whom the data may be communicated.
Requests related to the exercise of the aforementioned rights can be addressed to the Data Controller, using the contact details indicated above, without formalities or, alternatively, using the form provided by the Garante per la Protezione dei Dati Personali available on the website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
Likewise, in case of violation of the regulations, you have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali, which is the supervisory authority for processing in the Italian State. The form for filing a privacy complaint with the Garante is available at the following address: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
To exercise one or more of the aforementioned rights, you can contact us at the following email address: firstname.lastname@example.org.