Welcome to the Campagnolo S.r.l website (“Website”).
This page provides the privacy policy pursuant to art. 13 of Regulation EU 2016/679 (“GDPR”) on the processing of your personal data collected when browsing the Website and interacting with the related services.
The Privacy Policy is issued only for this Website and any potential sub-domains and not for any other websites the user may consult via any hypertext links or links.
We invite you to carefully read this privacy policy before providing us with your personal data.
- CONTROLLER
Campagnolo S.r.l, with registered office in Via della Chimica 4, 36100 Vicenza – Italy, e-mail: privacy@campagnolo.com (“Campagnolo S.r.l”) and DIANA E-COMMERCE CORPORATION SRL, with registered office in Torreglia (PD) via San Daniele n. 137/139, 35038, VAT Reg. no. 05097740285, e-mail: privacy@dianacorp.com (“Diana”) are co-controllers of the processing of personal data for all activities linked to the sale of the products offered on the Website, including the processing of the order and after-sales services (e.g., for returns and complaints). You can find out the essential contents of the agreement pursuant to art. 26 of the GDPR between Diana and Campagnolo S.r.l by sending an e-mail to privacy@campagnolo.com.
Campagnolo S.r.l is also the independent controller of the processing for the purpose of managing the Website and your registration on the Website (personal account) and for marketing.
Hereinafter, the term “Co-controllers” refers jointly to Campagnolo S.r.l and Diana. Vice versa, reference is made to Diana or to Campagnolo S.r.l if the information refers to only one of the two controllers of the processing.
- DATA PROTECTION OFFICE (DPO)
Diana has appointed a Data Protection Officer (DPO), whom you may contact by writing to dpo@dianacorp.com.
Campagnolo has appointed a Data Protection Officer (DPO), whom you may contact by writing to dpo@campagnolo.com.
- CATEGORIES OF PERSONAL DATA COLLECTED
- Navigation data
Navigation of the Website and access to the related services implies the acquisition of some personal data relating to your navigation, including IP addresses or domain names of computers used by you to connect to the website, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding your operating system and computer environment. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow data subjects to be identified.
- Personal data you provide voluntarily
Campagnolo S.r.l and Diana process the personal data that you provide voluntarily when registering on the Website, accessing the related services, purchasing a product or interacting with the customer services, including personal details, contact data, data on your purchases and banking data.
The Website uses so-called cookies. For more information on cookies and their use in the Website, consult the Cookie Policy page.
- PURPOSE, LEGAL BASIS AND RETENTION PERIOD
- Your personal data will be processed by Campagnolo S.r.l per:
# |
PURPOSE |
LEGAL BASIS |
RETENTION PERIOD |
A |
Navigation of the Website: navigation data are processed to allow you to browse the Website and access the related services, and particularly, to obtain anonymous statistical information on the use of the Website and the services offered, to check the correct operation and for security reasons |
Legitimate interests of the Controller |
For the period required for the related processing |
B |
Registration on the Website (personal account): to allow you to create your personal account on the Website and access and use the related services |
Performance of the contract or pre-contractual measures requested by you |
Until the User requests the deletion of their account or, otherwise, for 24 months following the last access |
C |
Updates on new product availability: to meet your request to be updated on the availability of the requested product on the Website |
Performance of the contract or pre-contractual measures requested by you |
For the period of 3 months following the reply to your request |
D |
Marketing: to send promotional messages (including the newsletter) relating to products, services and events of the Controller and/or market surveys by e-mail, text message, social networks and other instant messaging apps |
Your consent |
Until the consent is withdrawn or, otherwise, for 24 months following the date of the last interaction with the Controller. |
E |
Profiling: we will process your personal characteristics (gender, date of birth, etc.) and your purchase history to assess your satisfaction and send customised promotional and commercial messages. |
Your consent |
Until the consent is withdrawn or, otherwise, for 12 months following the date of the last interaction with the Controller. |
- Your personal data will be processed by Campagnolo S.r.l and Diana for:
# |
PURPOSE |
LEGAL BASIS |
RETENTION PERIOD |
F |
Product sales: to conclude and process the sales contract for the products offered on the Website, including the management and processing of purchase orders, product deliveries, the notification of any circumstances relating to the order, management of payments and anti-fraud checks |
Performance of the contract or pre-contractual measures requested by you |
For as long as is required to process the order (without prejudice to any further retention required for the purposes indicated below) |
G |
After-sales service: for the management and response to requests sent to us by you in relation to the products purchased on the Website, for example relating to returns, complaints or refunds |
Performance of the contract or pre-contractual measures requested by you |
For as long as is required to process your request (without prejudice to any further retention required for the purposes indicated below) |
H |
Fulfilment of statutory obligations: to fulfil statutory obligations (civil, fiscal and public security matters, banking procedures and the protection of personal data) |
To meet legal obligations |
For the period set forth in the regulations. Invoicing data are stored for 10 years following the date of issue of the invoice |
I |
Disputes and crime prevention: to defend or assert a claim of Diana and/or Campagnolo S.r.l and/or to ascertain and prevent fraud and other crimes or offences |
Legitimate interests of the Controller |
For the period required for the purpose for which the data were collected in compliance with the applicable law (e.g., in relation to the limitation period) |
- NATURE OF THE PROVISION OF DATA
The data in the fields marked by an asterisk (*) for the purposes indicated in art. 4, I), letters A), B) and C) and II) above, are necessary for browsing and registering on the Website, using the related services and purchasing products on the Website; failure to provide these data will make it impossible to obtain the requested products and services. On the other hand, the data indicated in the fields not marked by an asterisk, although useful for facilitating relations with Diana and Campagnolo S.r.l, are optional and failure to provide them will not prejudice the provision of the requested products and services.
With reference to marketing and profiling purposes as listed in art. 4, I), letters D) and E), the provision of data is optional and any refusal will make it impossible for Campagnolo S.r.l to process the data provided by you for marketing and profiling purposes, but will not prevent you from browsing and registering on the Website, purchasing products and using the related services in accordance with the provisions of art. 4, I), letters A), B) and C) and II).
- METHOD OF PROCESSING
Your data will be processed by the Co-Controllers mainly using IT and telematic means.
Specific security measures are observed to prevent loss of data, illicit or incorrect use and unauthorized access. The Co-Controllers have adopted all appropriate safety measures required by law.
- CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA AND DATA DISCLOSURE
To pursue the purposes for which the data were collected, the Co-Controllers can make use of the following categories of data subjects to whom the data may be disclosed or who may come into contact with them in their capacity as data processors:
- providers of IT services, for example, internet services and cloud computing;
- parties performing logistics services, storage, promotion and delivery of the products and services of the Co-Controllers;
- parties providing customer support services;
- firms and other parties providing assistance, consulting and services (e.g., legal, fiscal, accounting, economic and financial, technical and organisational, data processing, communication);
- parties providing banking, financial, insurance and debt collection services;
- parties providing anti-fraud control services on payments;
- subsidiaries, parent companies, investee and associate companies;
- public authorities and supervisory and control authorities.
The updated list of data processors is available on specific request to the Co-Controllers in the methods indicated in paragraph 12.
Exclusively for the above-specified purposes, your personal data may also be available to persons working for the Co-Controllers authorised to process data due to their respective tasks.
No data collected on the Website will be disclosed.
- TRANSFER OF DATA TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS
Your personal data may be transferred, for the purposes for which they were collected, to the United States of America, which is not a member state of the European Union. The personal data will be transferred pursuant to the standard contractual clauses adopted or approved by the European Commission (art. 46, paragraph II, letters c and d of the Regulation) or binding rules of the company (art. 47 of the Regulation). To obtain a copy of these data please contact the Controller, as indicated in paragraph 12.
- SOCIAL BUTTONS AND WIDGETS
The Website also has social buttons/widgets. These are in particular icons for social networks, including Facebook, Twitter, Pinterest, Google+, Youtube, LinkedIn and Instagram, which allow you to click on the icon to reach the related social network. Using these instruments, you can for example share contents or recommend products from the Website on the social network.
After clicking on the social buttons/widgets, the social network could gather data relating to your visit to the Website. As explained in the introduction, this privacy policy does not relate to the processing of your data by the social network, for which you must refer exclusively to the privacy policy provided by the social network.
Beyond the cases in which you spontaneously share your data with the social networks chosen by clicking on the social button/widgets, the Co-Controllers do not disclose or share any personal data with the social network.
- FACEBOOK PAGE
For its own Facebook page, Campagnolo S.r.l uses the “Page Insights” function that offers aggregated data on the user’s interaction with the Facebook page.
In relation to this processing, Campagnolo S.r.l in its capacity as Co-controller of the processing jointly with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can retrieve the co-controller agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.You can consult the Facebook Privacy Policy at the following link: https://www.facebook.com/privacy/explanation.
- MINORS
The Website and the services are intended for the sale of products and services to persons aged 18 or over. Therefore, the Co-controllers do not intentionally gather the personal data of persons aged less than 18. By accessing the services provided by the Co-Controllers, you declare that you are aged 18 or over.
- RIGHTS OF DATA SUBJECTS
In relation to the personal data provided by you, you have the right, at any time, to:
- obtain confirmation from the Controller as to whether or not personal data concerning you are being processed and, in this case, obtain access to the personal data and the information provided in art. 15 of the GDPR and copies thereof (right of access);
- request the rectification of incorrect personal data concerning you as well as the integration of any incomplete data, again in relation to the purposes of the processing (art. 16 of the GDPR);
- request the erasure of personal data in the cases referred to in art. 17 of the GDPR, including the lack of need of the personal data for the purposes for which they were collected or processed, the withdrawal of consent (where no other legal bases exist) or to object to processing (if there are no other legitimate reasons for processing), the unlawful processing of data, erasure imposed by statutory obligations or in the case of information society services addressed to minors;
- request the restriction of processing in the cases referred to in art. 18 of the GDPR, including the disputing of the accuracy of the data or the lawfulness of the processing if the controller no longer needs to for the purposes of the processing or in the event of the objection to processing; the restriction of processing shall mean that your personal data shall, with the exception of storage, only be processed with your consent or the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;
- object to the processing of personal data in the cases referred to in art. 21 of the GDPR, including processing based on the legitimate interests of the controller or third parties or for marketing purposes; in the event of your objection, the Controller shall no longer process the personal data unless the controller has compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;
- request the portability of data if the processing is based on your consent or on the contract with the Controller and is done using automated means; portability includes the right to receive your personal data or transmit them to another controller in a structured, commonly used and machine-readable format (art. 20 of the GDPR);
- if you have provided your consent, you have the right to withdraw your consent without prejudice to the lawfulness of processing based on the consent provided prior to withdrawal.
To exercise these rights, write to: privacy@campagnolo.com.
You may in any case exercise your rights towards each Co-controller by writing to the respective addresses indicated in paragraph 1.
You may also withdraw your consent in the personal section of your account and the link contained in each marketing communication received from the Controller.
Finally, you are reminded that, where the assumptions exist, you also have the right to lodge a complaint with the Data Protection Agency, which is the control authority indicated in the related procedures.