(Article 13 of EU Regulation 679/2016)
We at Vittoria S.p.A take very seriously the confidentiality of our clients’ and users’ personal data, as well as the confidentiality of all other persons that enter into a relationship with us.
Therefore, this policy has the specific aim of supplying all the information necessary to allow you to understand immediately who manages your personal data and how this data will be processed, in total transparency.
Furthermore, this policy is subject to constant verifications and updates. It will be always consultable through our website web www.vittoria.com.
The Controller is Vittoria S.p.A, always reachable through the coordinates below, by registered letter, email or certified email:
Address: via Liguria, 8, 24041 Brembate (BG), Italy
tel.: + 39 035.49.93.911;
2. Purpose of data processing
A) personal data will be managed and processed in accordance with Articles 6.1 b) and e) of EU Regulation 679/16 for the purposes listed below, without needing to acquire your express consent:
- for the supply of our services or the services supplied by Companies connected to us and for the fulfillment of orders;
- to comply with contractual, pre-contractual and fiscal obligations that derive from our relationship with you;
- to comply with all obligations foreseen by any applicable laws, regulations, Community legislations, by orders emitted by a competent authority or by any other act that has the force of law.
B) Personal data are processed, in accordance with Article 7 of EU Regulation 679/16, only with your previous and specific consent, manifested through a distinct and specific authorization, for the following marketing purposes:
- to send by email, mail, social network or phone contacts (including through text messages and instant messaging platforms like “Whatsapp” or “Telegram”) newsletters, commercial communications, advertising materials on the products and services offered, surveys regarding customer satisfaction ratings, acquisition of data on consumer habits or market surveys.
The provision of the personal data mentioned in Point A is necessary for you to be able to enjoy our services. It is always possible to not supply any personal data by taking into consideration, however, that in such case our services cannot be provided.
The provision of data for the purposes mentioned in Point B) above is entirely optional. It is therefore possible to not supply any data or revoke successively the ability to process the data already supplied, without this prejudicing your ability to enjoy the services offered by us.
3. Categories of processed data
To achieve the purposes listed in the previous paragraph, we process:
1) common data: identifying data, such as name, last name, email, residential address, date of birth, interests, browsing data (for example, IP address or computer domain names used by the user of our website) and, more generally, any other information that does regard racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, genetic information, state of health, sexual activity or orientation.
4. Recipients of the data
The processed data may be communicated to external entities whose participation in the processing is necessary based on the services request or based on obligations of a contractual, fiscal or legal character (e.g., credit institutes for profiles that require the fulfillment of collections and payments, suppliers of customer services and similar).
The processed data may also be elaborated by our dependents and collaborators, appointed specifically for the purposes of processing the data, as well as by Companies within our group or by outsourcing Companies, which include website management and cloud computing services, external suppliers and consultants that are appointed as Collectors.
Personal data will not be diffused.
Finally, we will not transmit personal data to third parties for advertising or marketing purposes without your explicit consent.
5. Transfer abroad
Personal data are conserved on a server located next to our offices that are in turn located inside the European Union. It is nevertheless understood that the Owner, where necessary, has the right to transfer the servers outside European Union territory. In this case, the Owner will ensure that the transfer of the data outside the EU will take place in accordance with the provisions of all applicable laws, subject to the inclusion of the standard contractual clauses required by the European Commission or after verification of the existence of the appropriate adequacy decisions.
6. Retention period
The information provided will be used for the provision of the services requested, and therefore to contact the interested party regarding these services, and also to identify, prevent and counter fraudulent activities or activities against the law.
Personal data will be retained for the period that is necessary for the provision of services and in any case for no longer than 10 years after the termination of the relationship for provision of services and for no longer than two years after the collection of the data for marketing purposes.
Some personal data may be retained further to ensure compliance with national laws, to prevent fraud, redeem any outstanding charges, for any litigations, to solve problems and to offer assistance during investigations and to undertake other any other actions required by applicable national laws.
7. Rights of the data subject
The subject may, in accordance with Articles 15, 16, 17, 18, 19 and 20 of EU Regulation 679/16, request at any moment from the Owner, through the coordinates provided in Article 1, to:
1) access his own personal data and request confirmation of any existing processing of said data;
2) request the modification or update of his personal data;
3) request the cancellation of his personal data if:
- the data is no longer necessary for the purposes for which it was collected;
- the processing is based solely on consent and not on contractual or legal obligations;
- there has been an objection pursuant to Article 21 of EU Regulation 679/2016;
- the data was collected without prior consent or processed in violation of legal obligations;
- personal data has been collected for commercial offers geared towards minors regarding online services.
4) limit the processing of some data, when compatible with the purposes for which this data was collected;
5) transfer the data towards another owner (data portability).
Remains, in any case, the right to lodge a complaint with the supervisory authority (for Italy, www.garanteprivacy.it).
When the processing of your personal data is based exclusively on consent, it will be possible to withdraw it at any moment by simply writing to the coordinates indicated in Article 1, through email, certified email or registered letter.
8. Right to object to the processing
When it is possible to request the cancellation of the data, you can object to its processing on grounds relating to your own particular situation.
If your data are used for direct marketing purposes, including for profiling, you will have the right to object without needing to state any reasons.
9. Automated decision-making process
We do not use automated decision-making processes.