INFORMATION AND DECLARATION OF AUTHORIZATION TO PROCESS SENSITIVE PERSONAL AND IDENTIFICATION DATA
Legislative Decree No. 196/2003 (Personal Data Protection Code) and EU Regulation No. 2016/679 (GDPR)
The companies:
- Sport Nation MI s.r.l., in persona del suo legale rappresentante pro tempore, con sede a Buccinasco (MI) in Via Lazio 95 – P. IVA 01328260326 quale titolare del trattamento dei dati personali (below Data Controller)
- Sport Nation BO s.r.l., in persona del suo legale rappresentante pro tempore, con sede a San Lazzaro di Savena (BO) in Via Caselle 127 – P.IVA 04107541205 quale titolare del trattamento dei dati personali (below Data Controller)
- Sport Nation VR s.r.l., n persona del suo legale rappresentante pro tempore, con sede a San Giovanni Lupatoto (VR) in Via Monte Carega 10 – P.IVA 04961720234 quale titolare del trattamento dei dati personali (below Data Controller)
inform the S.V. pursuant to Legislative Decree 30.06.2013 No. 196 (hereinafter "Privacy Code") and Articles 13 and 14 of EU Regulation No. 2016/679 (hereinafter "DGPR") that for the establishment and execution of contractual relations with you in progress, is in possession of personal data acquired even verbally directly or through third parties, data qualified as personal by law. The aforementioned data will be used only for the purpose of carrying out the Holder's own activity. With reference to these data, we inform you that they will be processed in the following manner and for the following purposes:
1. PURPOSES OF THE PROCESSING
The Data Controller processes the data (e.g., first name, last name, place and date of birth, tax code, complete private address, contact telephone and email, details of identity document, bank and payment references, etc.) from the S.V. communicated or otherwise used for the activity of the Data Controller aimed solely at the correct and complete execution of the contract and the consequent fulfillment of legal and contractual obligations arising therefrom, as well as to achieve an effective management of business relations, including the sending of promotional, commercial and research newsletters. It is expressly permitted for the Holder to use photography, video filming and camera devices, therefore, allows the images or collected to be used for security purposes or for promotional and commercial purposes. The provision of data for the purposes of sending newsletters for promotional, informative commercial or research purposes is optional, and refusal to give consent to the relevant Processing will result in the impossibility of being updated about commercial initiatives and/or promotional campaigns, receiving offers or other promotional material.
2. DATA COLLECTED.
The personal data processed are collected as provided directly by the data subject or collected automatically.
Data provided directly by the data subject are all personal data that are provided to the Data Controller by any means. Automatically collected data are navigation data (on our website www.hyperspaceparks.com). This data, although not collected for the purpose of being associated with the identity of the user, could indirectly, through processing and associations with data collected by the Controller, allow the user to be identified. Following the sending of newsletters, the platform used allows for the detection of the opening of a message and the clicks made within the newsletter itself, together with details regarding the IP and browser/device used. The collection of this data is critical to the operation of the implicit renewal processing systems and integral to the operation of the sending platform.
3. MODALITIES OF THE PROCESSING OF PERSONAL DATA
The processing of your personal data is carried out by means of the operations indicated in Article 4 of the Privacy Code and Article 4 of the GDPR and thus, collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your data are subject to both paper and electronic and/or automated and/or telematic processing. The processing of personal and sensitive data is carried out by the Controller. The Controller will retain personal and sensitive data for no longer than is necessary for the purposes for which the data were collected and processed, without prejudice to further legal obligations. Subscription and related processing - with reference to the newsletter - are considered valid until the user unsubscribes, present in each email.
4. PROVISION OF DATA AND REFUSAL
The provision of personal, common and/or sensitive data is necessary and obligatory for all that is required by legal and contractual obligations and, therefore, any refusal to provide them or the subsequent processing may result in:
the inability of the writer to give course to the same contractual relationships;
the impossibility of carrying out certain operations that presuppose the communication of data to subjects functionally connected to the execution of the same;
Failure to provide, on the other hand, all data that are not related to legal or contractual obligations will be evaluated from time to time by the writer and will determine the consequent decisions related to the importance of the data requested with respect to the management of the contractual relationship.
5. PARTIES AUTHORIZED TO PROCESS THE DATA
Your personal data will be made accessible to employees and/or collaborators of the Data Controller in their capacity as persons in charge and/or internal data processors.
6. COMMUNICATION OF DATA
Your personal data may be disclosed only by the persons in charge of the processing and may be communicated for the purposes mentioned in point no. 1 to external collaborators. Personal data are not subject to dissemination.
7. TRANSFER OF DATA ABROAD
Your personal data may be transferred abroad to countries of the European Union or to countries outside the European Union or to an international organization, within the scope of the purposes mentioned in point no. 1 and, in any case, for technical operational purposes and to ensure a high continuity of service. It will be communicated to the data subject whether or not there is an adequacy decision of the EU Commission, in order to ensure that the level of protection of natural persons, guaranteed by the legislation in force and in particular by the EU Regulation 2016/679, is not affected.
8. DATA RETENTION
Your personal data will be retained for the period necessary for the performance of the activity or for the entire duration of the contractual relationships established, including thereafter for the performance of all legal obligations, and in any case for a period not exceeding ten years.
9. SECURITY MEASURES
Your personal and sensitive data are known to the Controller's employees and/or collaborators for work purposes. In addition, your personal data may also be managed through cloud services such as Google Drive, Dropbox and similar, both for the purposes of saving and archiving, as well as for their management and sharing with the customer or third parties mentioned in this information. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
10. RIGHTS OF THE DATA SUBJECT
In your capacity as a data subject, you have the rights provided for in Article 7 of the Privacy Code and Article 15 of the GDPR, in particular, you have the right to request access to your personal and sensitive data and the rectification or erasure of the same or the limitation and opposition to their processing and specifically the right to:
obtain confirmation of the existence or non-existence of data concerning your person, even if not yet registered, and their communication in intelligible form;
obtain an indication of:
(a) the origin of your data processed by the Company itself;
(b) of the purposes and methods of processing;
c) of the rules of processing of your data with the aid of electronic instruments;
(d) of the identification details of the Data Controller and the Persons in charge of the processing of your data;
e) of the subjects or categories of subjects to whom your data are communicated or from whom they are received;
obtain
a) the updating, rectification or integration of your data;
b) the cancellation, transformation or blocking of your data processed in violation of the law;
c) certification that the operations referred to in letters a) and b) have been brought to the attention of those to whom your data have been communicated, except where this is impossible or involves the use of means manifestly disproportionate to the protected right;
object in whole or in part:
(a) for legitimate reasons, to the processing of data concerning the person of the S.V. even if pertinent to the purpose of collection;
b) to the processing of data concerning the person of the S.V. for any type of communication not justified by the institutional purposes of the law.
The S.V. has the right to exercise the rights set forth in Article 16-21 of the GDPR (right to rectification, right to be forgotten, right to limit data processing, right to data portability, right to object, right to complain to the Privacy Authority), in the manner permitted by law.
11. METHODS OF EXERCISING RIGHTS
You may exercise your rights at any time by sending:
an email to contact@hyperspaceparks.com
