Privacy policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS BROWSING THE SIDI SPORT SRL WEBSITEPURSUANT TO ARTICLE 13 OF EU REGULATION NO. 679 OF 2016
1 - WHY THIS INFORMATION IS PROVIDED
Pursuant to EU Regulation No. 679 of 2016 – GDPR, this page describes the methods employed for processing the personal data of Users (identified or identifiable natural persons and, therefore, “data subjects” under the GDPR) browsing the SIDI SPORT SRL website, accessible via the Internet at https://www.sidi.com
To prevent the risk of identity theft and adequately protect Users, the transmission of personal data via this website is protected by an encrypted and secure “https” protocol. This solution has been adopted by the Company to ensure compliance with key principles enshrined in the GDPR, such as the integrity and confidentiality of data processed, for which the data controller is required to implement adequate technical and organizational measures to ensure a level of security appropriate for the level of risk, and the principle of privacy by design, according to which adequate technical and organizational measures to protect the personal data of data subjects should be incorporated into data processing procedures from the engineering stage – a principle stressed by the Italian Data Protection Authority (see https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9817079 and https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9817058)
The information contained in this policy statement is provided only in relation to this website and therefore does not concern other websites, pages, or online services that may be accessible through hypertext links found on the website that redirect to resources outside the domain of SIDI SPORT SRL.
Without prejudice to other privacy policy statements provided by the Company (e.g. for customers, suppliers, and employees, Whistleblowers), this Privacy Policy also applies to personal data provided to the Company via its e-mail addresses (sidisport@sidisport.com or other company addresses) or via private messages sent by Users to the Company though its social media profiles/pages.
2 - DATA CONTROLLER
The data controller is SIDI SPORT SRL (Via dei Rizzi 2/A, 31010 Maser (TV), Italy; VAT Reg. 00317780260; email: contact@sidi.com, legal mail: sidisportsrl@legalmail.it, Tel. +39 0423 9241)
3 – TYPES OF DATA PROCESSED
• Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data of Users, the transmission of which is implicit in the use of Internet communication protocols. Each time a User accesses this website and each time content is recalled, the access data are stored in the form of a log file. Each log file records: the website from which our page was accessed; the User’s IP address; the date and time of access; the client request; http response code; the amount of data transmitted; the browser and operating system used. The personal data collected while Users browse this website therefore include the IP addresses or domain names of the computers and terminals utilized by the Users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the User’s operating system and IT environment.
• Data provided by the User – Only the personal data strictly necessary to provide the service requested by the User will be requested, such as, for example, the User’s given and family names, company name of reference, tax ID and VAT number, telephone number and e-mail address, and billing and shipping addresses.
a) Contacts – On the page https://sidisport.calicant.us/hc/it, the user of this website may provide their personal data to the Company by completing and sending the form found on this website. By sending the form, the Company will acquire the sender’s address, which is required to respond to requests, as well as the other personal data included in the message.
b) E-commerce - With regard to the online sales service, the personal and identification data provided by the User-Customer will be acquired by the Company for the provision of the requested service and, therefore for the purposes of processing the order. The creation of a user account (subject to, and only in the event of, providing one's own email address and password), but will facilitate the website browsing experience and enable additional information to be stored, such as, for example, order history and details.
c) Newsletters and other commercial initiatives – By providing your e-mail address, User may choose to sign up for the company’s newsletter and/or receive other information and advertising material relating to the Company's products and/or services (“e-mail marketing”). Users may also receive SMS and/or Whatsapp messages or print advertising mail if they provide a telephone number and/or postal address.
• Cookies and other tracking systems
This website uses technical cookies – i.e., small text files that are saved locally in the temporary memory of the User’s browser, and therefore on their personal computer – to improve the website browsing experience. As explained by the Italian Data Protection Authority (https://www.garanteprivacy.it/faq/cookie), technical cookies are cookies “required to enable browsing or to provide a service requested by the User. They are not used for other purposes and are installed directly by the owner of the website. Without the use of such cookies, some processes would not be possible or would be more complex and/or less secure... by allowing the User to be identified at the start and throughout the user session, technical cookies are therefore indispensable.”
In addition to these cookies, the website also uses analytical/statistical cookies, which help the owner of the website understand how visitors interact with the website, by collecting and transmitting information anonymously. In this regard, the Italian Data Protection Authority (https://www.garanteprivacy.it/faq/cookie), in its “Guidelines for Cookies and Other Tracking Tools of 10 June 2021”, specifies that analytical/statistical cookies “can be likened to technical cookies if they are used for the purposes of optimizing the website directly by the owner of the website itself, who may collect statistical information in aggregate form on the number of users and how they browse the website. If, on the other hand, the processing of such statistical analyses is tasked to third parties, users’ data must be minimized in advance and may not be combined with other processing procedures or transmitted to other third parties. Under these conditions, the same information and consent rules for technical cookies apply to analytics cookies. By way of exception, for both first party operators and third parties acting on their behalf, it is always permitted to produce statistics from data relating to multiple domains, websites or apps attributable to the same owner or business group.”
With regard to profiling activities, the User's consent is required for their implementation: to activate mechanisms for controlling the behavior of data subjects (i.e., the website users) through their tracking on the internet and subsequent use of profiling techniques to analyze or predict their preferences and behaviors, it is necessary to first obtain the data subjects' consent. The GDPR defines profiling as an automated decision-making process or 'a form of automated processing of personal data that evaluates personal aspects concerning a natural person, in particular to analyze or predict aspects related to... the preferences or personal interests of that person,' and the principles of fair and transparent processing under the GDPR imply that the data subject must be informed of the existence of the processing and its purposes before the processing takes place, and when the processing consists of profiling, the consequences of such processing.
For this reason, any profiling activities regarding the User are reported in this Privacy Policy, reminding that, for such activities, the User’s (optional) consent is requested.
The information that will be examined by SIDI SPORT SRL in order to trace the User's profile – and thereby offer them marketing advertisements as closely aligned with their tastes and interests as possible – includes the following:
- Product and category interests (interest in motorcycles, bicycles, road bikes, MTB, specific products, etc.)
- Language preferences
- Personal information (size, age, gender)
- Purchase funnel information (number of site visits, products viewed, spending per order, historical spending, number of orders, time between orders, etc.)
Finally, it is reminded that when personal data is processed for direct marketing purposes, the data subject has the right – at any time and free of charge – to object to both such processing and further profiling to the extent that it is related to direct marketing. This right is, therefore, explicitly brought to the attention of the data subject here.
Finally, with regard to “third-party” cookies, the Italian Data Protection Authority clarifies that “The entity required to provide the policy statement and to request consent for the use of cookies is the owner of the website that installs the cookies. Nevertheless, for third-party cookies installed through the website, the disclosure and consent obligations are binding on the third parties, but the website owner, as a technical intermediary between them and users, is required to include in its “extended” policy statement up-to-date links to the policy statements and consent forms of the third parties.” Accordingly, the Cookie Policy of the SIDI SPORT SRL website links to the privacy policies of the third parties, which Users are invited to read for more information.
4 – PURPOSES OF PROCESSING AND LEGAL BASIS
• Browsing Data: The log files and the data contained therein are processed by us to:
a) enable Users to make use of the web services
(legal basis in Article 6(1b) of EU Reg. 679/2016)
b) obtain statistical information on the use of the services (most visited pages, number of visitors per time period or day, geographical areas of origin, etc.), as well as to check the proper functioning of the website and protect our systems, for example by identifying any attacks
(legal basis in Article 6(1f) of EU Reg. 679/2016)
• Data provided by Users: Personal data provided voluntarily and expressly by Users of this website may be processed in order to:
c) process and respond to the User's requests
In this case, the legal basis of processing is given by the intention to respond to a request from the User (Article 6(1b) of EU Reg. 679/2016).
d) perform all the tasks relating to and arising from an online sale, in particular the fulfilment of the order placed by the User-Customer and invoicing (including the prior creation of a user account, where requested). In this case, the legal basis of processing is given by the performance of a contract to which the data subject, as the User-Customer, is a party (Article 6(1b) of EU Reg. 679/2016)
e) where Users give their consent to receive our newsletter and/or for other marketing activities (e.g. by SMS, Whatsapp messages or print mail), the User’s data will be used to send the Company’s newsletter and/or other marketing-informative material containing information on the Company’s products and/or services, advertising campaigns, and latest news. In this case, the legal basis of processing is the consent given by the User (Article 6(1a) of EU Reg. 679/2016).
As concerns e-mail marketing, we report that Article 130(4) of the Italian Data Protection Code states that “if the Data Controller uses, for the purpose of the direct sale of its products or services, the e-mail address provided by the Data Subject in the context of the sale of a product or service, it need not request the consent of the Data Subject, providing that the services are similar to those sold and the Data Subject is adequately informed and does not object to such use, initially or when subsequent notices are sent. The Data Subject, at the time the data is collected and when any notice is sent for marketing purposes, is to be informed of the option of objecting to processing at any time, conveniently and at no charge.” As such, in accordance with the provisions of Article 130(4) of the Italian Data Protection Code, our Company will make use of the Customer’s personal data (specifically, the e-mail address provided in the context of the sale of a product/service) to send advertising and informative material by e-mail providing information on the products and/or services offered by the Company that are similar to those subject to the sale/supply, unless the User objects to the use of their e-mail address for the aforementioned purposes (for example, by exercising the right to opt-out by contacting the Company using its contact details or, more conveniently, by clicking on the unsubscribe link found at the bottom of advertising e-mails).
With reference instead to “followers” of the company’s social media profiles/pages, the provisions of the Guidelines on Promotional Activities issued by the Italian Data Protection Authority in July 2013 state that if a User has become a fan/follower of the social media page of a certain company or a certain brand/product/service, thus choosing to “follow” its news and developments, the sending of promotional notices by the company operating the relative page can be considered lawful as it may be inferred that the data subject, by choosing to become a fan/follower, has expressed their intention to consent to receiving promotional messages from that particular company. However, if the data subject subsequently stops “following” the brand or product or otherwise opposes receiving any further promotional notices, any subsequent sending of promotional messages will be unlawful.
f) if the User has created a user account, the data provided by the User will be used for the purposes of facilitating their future website browsing experience (in particular on e-commerce platforms, for example by storing their order history).
In this case, the legal basis for processing is the performance of an action taken at the request of the User (Article 6(1b) of EU Reg. 679/2016)
• Cookies As stated above, the data controller has installed technical cookies on its website which, as they are essential for the proper functioning of the website, do not require the User’s consent, as the legal basis of processing is the legitimate interest of the data controller (Article 6(1f) of EU Reg 679/2016). The legal basis of processing in relation to analytical-statistical cookies similarly lies in the legitimate interest of the Data Controller. For marketing and/or profiling cookies, their installation is left to the User's free choice (legal basis pursuant to letter A, paragraph 1 of Article 6 of EU Regulation 679/2016). More information can be found in our Cookie Policy.
5 – OPTIONAL NATURE OF THE PROVISION OF DATA
Data voluntarily and expressly provided by Users for one or more of the purposes set out in point 4, subparagraphs c, d, e, and f, are provided by Users on a purely optional basis. Failure to provide the aforementioned data will only result in the impossibility of pursuing the specific purpose for which the data was requested (the Company’s ability to respond to Users' requests; online sales; the sending of company newsletters and/or other informative-advertising material; creation of user accounts).
6 – DATA RETENTION
• Browsing data: Browsing data are stored for no more than seven days and are erased immediately after their aggregation (except where needed for criminal investigations by the judicial authorities).
• Data provided by Users: In relation to personal data provided voluntarily and expressly by Users of this website:
To process and provide a response to the User's requests, in this case, the data will be kept only for the time necessary to provide the requested service.
a) where processed to respond to and take steps to fulfil requests made by Users, the data will only be stored for the time necessary to provide the requested service; the data will instead be stored for an additional ten years commencing from any subsequent order placed, without prejudice to the continued storage of the data where necessary to comply with a legal obligation or to establish, exercise or defend a right in court;
b) where processed to perform all the steps involved in online sales, the data will be stored for a period of ten years commencing from receipt of payment of the last order placed, without prejudice to the continued storage of the data where necessary to comply with a legal obligation or to establish, exercise or defend a right in court;
c) The data provided for marketing purposes will be used until the withdrawal of consent/exercise of the right to object, which can be done at any time, without affecting the lawfulness of the processing carried out up to that point.
As instead concerns marketing activities involving SMS/Whatsapp messages and/or print mail, the data (in particular the telephone number and/or postal address) will be used as long as the data subject has given their consent, which may be withdrawn at any time, without, however, affecting the lawfulness of processing based on the consent given before its withdrawal.
d) where processed to create a user account, the data provided will be stored for as long as the user account is active; registered Users may shut down their accounts at any time, however data in any case will be stored for a period of ten years commencing from receipt of payment of the last order placed (if made), without prejudice to the continued storage of the data where necessary to comply with a legal obligation or to establish, exercise or defend a right in court;
- Cookies: session cookies are stored in computers or in Internet browsers on the basis of the User’s own preferences; at the end of an HTTP session, information relating to cookies is recorded on servers in service logs and stored for no more than seven days, as for other browsing data. For more information see our Cookie Policy.
7 – DATA RECIPIENTS
a) Data Processors
The recipient of the browsing data collected from the website https://www.sidi.com is the data processor, as designated by the Company pursuant to Article 28 of the GDPR, i.e., the provider of the web platform development and maintenance services.
With regard to the online shop, where purchase is made of our Company’s products, the User-Customer’s data may also be learned by other parties, such as the company engaged to manage the e-commerce platform and shipping companies.
With regard to the Company’s newsletters and/or other marketing messages, these may be sent using providers of automated e-mail marketing systems; the provision of this service involves the processing of personal data on behalf of the data controller and, as such, the owner of the platform is required to be designated an e-mail marketing provider.
An up-to-date list of any other entities involved, whether as data processors or in another capacity, may be requested from the Company. The chosen data processors have agreed to implement adequate technical and organizational measures to ensure that data processing fulfils the requirements of EU Regulation 679/2016 and guarantees the protection of Users’ personal data; the data processors have also agreed, in writing by signing a specific engagement letter, to fulfil all the specific obligations set out in Article 28 of EU Regulation 679/2016 and to act, pursuant to Article 29 thereof, under the authority of the data controller and in accordance with its instructions, and to notify the data controller (pursuant to Article 33(2) of EU Regulation 679/2016) of any breach of Users’ personal data.
b) Authorized Persons
Personal data collected are also processed by Company personnel who act on the basis of specific instructions provided regarding the purposes and methods for processing the data (“persons authorized to process personal data”).
8 – TRANSFER OF DATA ABROAD
If, in order to provide the service, the data controller deems it necessary to transfer the personal data for processing outside the EU (“transfer outside the territory of the European Union” includes transfers for purposes such as, by way of example, hosting, cloud and storage services based on the storage of data in systems located in non-EU countries), the data controller will adopt safeguards to ensure the security of transfer and that data processing complies with the requirements of the GDPR, despite being carried out outside the EU (adequacy decisions, contractual clauses, consent...).
9 – RIGHTS OF DATA SUBJECTS
Data subjects have the right to obtain from the Company, in the cases contemplated, access to their personal data and the rectification or erasure of the data, or the limitation of any processing that concerns them, or to object to processing (Articles 15 et seq. of the GDPR).
Data subjects can exercise their rights by contacting the Company at one of its addresses provided above.
In addition, data subjects who believe that personal data referring to them is being processed through this website in violation of the provisions of the GDPR have the right to lodge a complaint with the Data Protection Authority, as provided for by Article 77 of the GDPR, or to take legal action (Article 79 of GDPR).
10 – DISCLOSURE OF SENSITIVE DATA (SPECIAL CATEGORIES)
The Company invites Users not to disclose any information that may fall under the “special categories of personal data” contemplated by Article 9 of the GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation, and biometric or medical data).
11 – DISCLOSURE OF DATA RELATING TO THIRD PARTIES
In the event of any disclosure to the Company of personal data relating to third parties and not to oneself, the User will be acting as an independent data controller, thereby assuming all relevant legal obligations and liability and agreeing to hold harmless and indemnify the Company against any dispute, claim or request for damages raised by third parties whose personal data have been processed in breach of applicable data protection regulations. In any case, where third-party personal data should be disclosed, the User hereby represents and warrants that the third party concerned is aware of our Privacy Policy and consents to the processing of their personal data before any disclosure is made.
In this regard and more specifically as concerns online sales, if the User-Customer opts for shipping to an address belonging to a third party and not to their own, it is recommended they obtain the prior consent of the third party for the use of their personal data for the purposes of delivering the products ordered by the User-Customer to the address.
12 - UPDATES TO THIS PRIVACY POLICY
The Company reserves the right to amend and/or update the contents of this Privacy Policy, in whole or in part, for example to comply with changes in applicable regulations.
Any amendment made to this Privacy Policy will be binding as soon as it is published on the website. As such, the Company invites Users to regularly visit this section to view the most recent and updated version of our Privacy Policy and remain up-to-date on the processing of their personal data.
This Privacy Policy is updated as of: October 28, 2024