UPDATED TO GDPR – EU REGULATION 2016/679
This section contains information relating to the way Bike-Lift Europe S.r.l. manages the processing of user data of www.bikelifteurope.it. The information and data you provide will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the activity of Bike-Lift Europe S.r.l. The purpose of this document is to provide information about the methods, timing and nature of the information that data controllers must provide to users when they browse the www.bikelifteurope.it. web pages
The information is provided only for this Website and not for other websites that may be consulted by the user via links.
DATA PROCESSING HOLDER & CONTROLLER
The data controller processes users’ personal data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. Data processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated. However, Bike-Lift Europe S.r.l. cannot guarantee its users that the measures taken for the security of the site and the transmission of data and information on the Website may limit or exclude any risk of unauthorized access or dispersion of data by devices pertaining to the user. For this reason, we advise Website users to ensure that their computer is equipped with adequate software to protect the transmission of data on the network (for example, updated antivirus software) and that their Internet Provider has taken appropriate measures for data transmission security on the Web.
1 – Purpose of data processing
The processing we intend to carry out, with your specific consent where necessary, has the following purposes:
2 – Optional provision of data and legal basis for data processing
The provision of data is optional, however any refusal to grant them may result in the impossibility for Bike-Lift Europe S.r.l. to provide the requested service.
Any failure to consent to the processing of data for marketing purposes will not bear any consequence.
In any case, the consent given may be revoked by users at any time.
3 – Data provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this Website entails the subsequent acquisition of the sender’s address, necessary to respond to enquiries, as well as any other personal data included in the message. Specific summary information will be reported or displayed on the website pages set up for particular on-demand services.
Furthermore, upon the release of specific consent – which will be required in specific sections of the Website, where present – data may be processed to send promotional communications by e-mail, SMS, telephone. At the end of each e-mail/newsletter there is a clear reference to the possibility of canceling the service and a corresponding link.
We specify as well that the purposes of data processing also concern the collection, storage and processing of users ‘data to perform statistical analysis in anonymous and/or aggregate form, without the possibility of identifying the user, aimed at verifying the quality of the services provided.
4 – Processing modalities
Personal data are processed with automated and non-automated tools and for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
5 – Communication of personal data
Personal Data may be shared, for the purposes referred to in point 1with: a. subjects that typically act as data controllers and/or processors, namely:
iii) subjects duly appointed to perform technical maintenance activities (including maintenance of network equipment and electronic communication networks).
In case of payment by credit card, the fundamental information for the execution of the transaction (credit/debit card number, expiration date, security code) is processed directly by the relevant banking institution of the electronic payment service used, by means of encrypted protocol, without third parties having access to it in any way. However, this information will never be viewed or stored by Bike-Lift Europe S.r.l.
6 – Disclosure of personal data
Personal data will not be disclosed.
Data will not be transferred to a third country or an international organization.
In the event that some personal data is transferred to a European Union country, a third country or an international organization, Bike-Lift Europe S.r.l. urges users to check for the processing of personal data by these recipients on the relevant sites.
7 – Types of processed data
IT systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This piece of information is not collected to be associated with identified stakeholders, but by its very nature, through processing and association with data held by third parties, it could allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. Data could be used to ascertain responsibility ̀ in the case of hypothetical computer crimes against the Website or to third parties: except for this possibility, at present data on web contacts are not permanently stored.
Other personal data
Other personal data – like, for example, e-mail address, name, surname – are processed for the provision of the service and possibly for sending newsletters or promotional communications, where applicable.
8 – Data storage
Personal data will be stored for the time strictly necessary to achieve the company’s purposes. In any case, as data processing is carried out for the provision of Services, Bike-Lift Europe S.r.l. will process personal data up to the time allowed by the Italian law for the protection of its interests (From Art. 2946 of the Civil Code onwards). More information about the data retention period and the criteria used to determine this period can be requested in writing to the Controller.
9 – Stakeholders’ Rights
We remind users that they can exercise their rights at any time and ask the Controller to get access to their personal data and ask for the correction or cancellation of their data of for the limitation of the processing that concerns them or to oppose the processing, in addition to the right to portability of the data, the right to be forgotten or the right to the total cancellation of one’s data from our systems, without prejudice to data relating to contractual and legal obligations (e.g.: invoicing, security obligations).
To exercise their rights, users can send requests to the Controller, Bike-Lift Europe S.r.l. by e-mail to: email@example.com or by post to the following address: Via Don Lorenzo Milani-Est, n ° 40/42 43012 Sanguinaro di Fontanellato (PR) phone: +39 0521 827091.
Users have the right to receive their personal data in a structured format, commonly used and readable by an automatic device, and they have the right to transmit such data to another data controller without hindrance.
Without prejudice to any other administrative or jurisdictional appeal, if users believe that the processing that concerns them violates the regulation, they have the right to file a complaint with the Guarantor for the Protection of Personal Data.
10 – Security of provided data
Data security is guaranteed during the use of the platform according to the procedures adopted by Bike-Lift Europe S.r.l. following the directives identified in articles 32 and 33 of Regulation (EU) 2016/679 (GDPR). In case of violation of personal data, the data controller notifies the competent control authority according to article 55 without undue delay and, where possible, within 72 hours of becoming aware of it, unless the breach of personal data is unlikely to present a risk to the rights and freedoms of individuals. Any notification of infringement should:
11 – Changes to this document
This document was updated on 20/05/2018 to comply with the relevant regulatory provisions.
12 – European regulation on personal data protection – Information page
The page contains links to legislation and interpretative documents, information sheets and thematic pages, and is constantly updated: http://www.garanteprivacy.it/web/guest/regolamentoue