INFORMATION NOTICE ON DATA PROCESSING
The Controller has appointed a Data Protection Officer (DPO), which the Data Subject may contact by writing to the following address: firstname.lastname@example.org.
CATEGORIES OF DATA THAT MAY BE PROCESSED
The computer systems and software procedures in charge of the website's operation acquire, during their normal operation, some personal data the transmission of which is implicit in the use of internet communication protocols. This information is not collected in order to be associated to identified data subjects, but due to its nature it may, by means of processing and integration with data held by third parties, allow users’ identification. This category includes the IP addresses or domain names of the computers used by the users to connect to the website, URI (Uniform Resource Identifier) form addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (done, error, etc.) and other parameters concerning the user's operating system and computer environment. This data is used with the sole purpose of obtaining anonymous statistical information concerning the use of the site and to check its correct operation and it is deleted immediately after processing.
Data voluntarily supplied by the User
Users may provide contact information such as name, address, telephone number, email address, and payment card information necessary to place orders on the Website , i.e. the order management and processing, the communication of any circumstances related to the order, the product delivery, the payments management and any return, and the post-sale assistance, as well as the performance of obligations provided by civil, tax and accounting legislation. The optional, explicit and voluntary dispatching of electronic mail to the addresses indicated in the Website entails the subsequent acquisition of the sender's address, necessary in order to reply to the requests, and also any other personal data contained in the message. The Website contains fillable forms which provide specific information on the processing of personal data and, where necessary, requests for consent: we therefore invite you to read it before filling in the form.
PURPOSES AND LEGAL BASIS OF THE PROCESSING, MANDATORY OR OPTIONAL DISCLOSURE OF DATA AND CONSEQUENCES OF THE REFUSAL OF CONSENT
The Controller will process your data to facilitate navigation and to provide the services you may have requested through the forms specifically provided on the Website. This includes processing of orders and shipping, including confirmation emails. When you provide your consent if required by law, it includes communications to you regarding Controller’s products and services. Except as specified for navigation data and technical cookies, within the sections of the site concerning specific services provided upon request, you may supply your personal data for the purposes set out in the relevant policies, but failure to supply it may make it impossible to obtain the requested service.
DATA STORAGE PERIOD
The Data Controller will process the personal data collected through the use of the Website for the time strictly necessary to achieve the purposes for which it was collected and, once completed, for any term provided for by the applicable regulations. For more details, please refer to the information notices provided in relation to specific services.
SCOPE OF DATA DISCLOSURE AND CATEGORIES OF RECIPIENTS
The Controller shall not disseminate the data; however, it will disclose it its personnel authorised to carry out the processing as part of their respective duties, as well as to third parties, to the extent that this may be necessary. In order to be tasked with processing the data on behalf of the Controller, those recipients will be appointed as data processors under a specific agreement or other legal document. The following external persons may receive Personal Data collected by the Controller:
- IT service providers, such as direct marketing, internet service and cloud computing;
- persons who perform logistics, inventory, promotion, supply, sale and delivery of products and services of the Controller;
- persons who perform customer service activities;
- professional firms and other persons who provide assistance, consultancy and services regarding, for example legal, tax, accounting, financial, technical-organisation, data processing, disclosure;
- persons who provide bank, financial, insurance and credit collection services;
- subsidiaries, parent companies, investee companies or affiliates;
- public authorities and control and supervisory bodies; and
- third-party companies with respect to mergers, acquisition, business or business unit transfer.
MINORS AND CHILDREN UNDER AGE 18
The Website and related services are not direct to minor or children under the age of 18 and, therefore, Diadora does not knowingly collect personal data from persons under age 18. If you become aware that minors have provided their personal data to Diadora, please contact us as described below.
TRANSFER OF DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION
Your data may be transferred, for the purposes for which it was collected, to the United States of America (USA), which is a state not belonging to the European Union. The transfer of personal data to persons located in the USA will take place solely by virtue of the execution by Diadora and the non-EU recipient of the standard contractual clauses adopted or approved by the European Union Commission (Article 46(2)(c) and (d) of the Regulation). You may obtain a copy of such data by sending a request to Diadora as specified in the paragraph “Data Subjects’ rights” below.
DATA SUBJECTS’ RIGHTS—INCLUDING CALIFORNIA RESIDENTS
The Data Subjects may request from the Controller access to the categories or specific personal data collected by the Controller. The Data Subjects may also request rectification, where inaccurate, or erasure of their personal data, and restriction of the data processing, where the relevant conditions are met; Data Subject may also object to the processing for legitimate interests pursued by the Controller and obtain the portability of personally provided data only if this is subject to automated processing based on consent or contract. Moreover, the Data Subject may withdraw their consent when this is necessary to pursue the processing purposes. In this case, however, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Diadora does not “sell” personal data within the meaning of the California Consumer Privacy Act, nor does it intend to do so.
You may exercise your rights by sending the form available here to the Controller at the following e-mail address: email@example.com.
We also remind you that you may lodge a complaint with the competent authorities, i.e., the Garante per la protezione dei dati personali [Italian Data Protection Authority] (www.garanteprivacy.it) or with the United States Federal Trade Commission: https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc.
If you are a California resident, when you exercise these rights and submit a request to us, we will verify your identity by asking you for information such as your email address, telephone number, order number, or the last four digits of a credit or debit card used at the Website. We also may use a third-party verification provider to verify your identity. Your exercise of these rights will have no adverse effect on the price and quality of our goods or services.
Last update: September 2021
This information notice may be subject to change: we recommend that you regularly check this web page and take into account the date of the last update. Any change will be effective from the date of publication on the Website.