PRIVACY POLICY

Privacy Notice and Consent to the Processing of Data on the Website runandbike.it

Dear user, we inform you that, in order to manage its relationships with users, the company Enjoy Sport s.a.s. di Bernasconi Fermo collects data relating to them, which may also be obtained through the website. runandbike.it— directly or through third parties — which are classified as personal data under Legislative Decree No. 196/2003 and EU Regulation 2016/679. The legislation on personal data protection requires that anyone who processes such data must provide the data subject/user with complete information regarding the key elements of the processing.

Therefore, in accordance with EU Regulation 2016/679, we provide you with the following information:

Data Controller

The Data Controller is Enjoy Sport s.a.s. di Bernasconi Fermo, with its registered office at Viale Felice Cavallotti 2, 22100 Como (CO), tax code and VAT number 03099260139. 

Partner websites that independently participate in data processing activities may act as independent Data Controllers.

Subject of the Processing

Browsing Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data that are implicitly transmitted through the use of Internet communication protocols.

These are pieces of information which, by their very nature, could—through association and processing with data held by third parties—allow the identification of users/visitors (e.g. IP address, email address, domain names of the computers used by users/visitors connecting to the website, etc.).

This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

These data are used solely for statistical purposes and to verify the proper functioning of the website.

Web contact data are not retained for more than seven days, except in the event of investigations related to computer crimes against the website.

No data derived from the web service will be communicated or disclosed.

Data Provided Voluntarily by the User

Apart from the provisions stated above, the submission of personal data by users is free and optional, although necessary for the provision of certain services. In such cases, failure to provide personal data may compromise or make it impossible to register on the website and/or deliver the requested service. Personal data voluntarily provided by users who interact with the website—such as for the purpose of registering for events, subscribing to newsletters, requesting information, sending emails, or providing addresses for clothing selection—are used solely to perform the requested service or activity and are disclosed to third parties only when strictly necessary for the execution of that service.

The personal data that the User may voluntarily provide are as follows:

Personal Data collected: first name, last name, email address, phone number, and address.

Providing data for direct marketing purposes is voluntary, and the user is free to give specific and separate consent for such processing. This consent may be revoked at any time by modifying the data associated with their profile upon each new login to their account on the website. For the processing of personal data consisting of sending newsletters and informational material about the services offered by the Data Controller via email, consent can always be withdrawn by clicking the “Unsubscribe” link at the bottom of each email or by sending an email to the address. info@runandbike.it with the subject line “data deletion.”

Specific summary notices are provided or displayed on the pages of the website designed for on-demand services, in order to draw the user’s attention to the processing of their personal data. Furthermore, depending on the circumstances, the mandatory or optional nature of providing personal data will be indicated by marking mandatory information with an asterisk (*). 

Cookies

In addition to the data expressly provided to the Data Controller, other data resulting from the user’s browsing activity on the website may also be collected. When the user accesses the website, a “cookie” may be sent to their computer. A “cookie” is a small text file that the website can automatically send to the user’s device when viewing our pages. Cookies are used to make navigation more convenient, to obtain information about the user’s browsing behavior within the site, and to enable the operation of certain services that require tracking the user’s path through various pages of the website. For each access to the site, regardless of the presence of a cookie, the website records the type of browser (e.g. Microsoft Edge, Safari, Chrome, Firefox), the operating system (e.g. Windows OS, macOS), and the host and originating URL of the user, as well as data regarding the requested page. This information may be used in aggregated and anonymous form for statistical analysis on website usage.

Links to Social Network Services

Through the website, certain services provided by third parties are made available to users, particularly links to social network services (Facebook, Twitter, Instagram, LinkedIn, etc.). These links set a cookie. The collection and use of information by such third parties are governed by their respective privacy policies, which users are encouraged to review.

Methods of Processing

Processing is carried out using automated tools (e.g., electronic systems and procedures) and/or manually (e.g., on paper) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the applicable legal provisions.

Specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access, allowing access only to those appointed or authorized in accordance with current legal provisions. The list of Data Processors appointed pursuant to Article 29 of Legislative Decree 196/2003 and Article 28 of EU Regulation 679/2016 is available at the Data Controller’s registered office.

The personal data collected, including those obtained through paper forms, will be stored electronically, kept, and archived on servers owned and/or used by the Data Controller and located at its registered office, managed in a secure environment with controlled access.

Purpose of Processing

The purposes of the processing carried out by the Data Controller shall be understood as follows:

  • management and maintenance of the website;
  • participation through the website in initiatives organized by the Data Controller (for example, events);
  • prevention of fraudulent activities or actions harmful to the website;
  • collection, storage, and processing of data for the purpose of establishing and managing the operational and administrative aspects of the contractual relationship related to the provision of the service offered on the website;
  • use of the user’s personal data (in particular the email address) to send communications related to the performance of the established contractual relationship;
  • processing of the personal data provided and those derived from website navigation in order to deliver a service consistent with the information provided during the use of the service;
  • – collection, storage and processing of data to carry out statistical analyses in anonymous and/or aggregated form.
  • to send the newsletter via email;
  • subject to the User’s explicit consent, to carry out direct marketing and/or profiling activities using automated tools (in particular via email) and non-automated tools (operator-assisted phone calls or postal mail);
  • compliance with legal obligations and orders issued by competent authorities;
  • and the exercise of the Controller’s rights, for example the right to initiate action in court.
  • communication of commercial information about future initiatives and announcements of new products or services;
  • market research, statistical and economic analyses;
  • sending of advertising or promotional material, and for promotional initiatives in general.

Legal Basis for Processing

The legal basis for the processing of customer data carried out by the Data Controller through the website lies in the contractual relationship established or in the pre-contractual arrangements with the data subject. In the absence of such a relationship, the legal basis is found in the Data Controller’s legitimate interest in exercising free economic initiative pursuant to Article 41 of the Italian Constitution. With regard to marketing purposes, the legal basis is the freely given and explicit consent of the data subject, as well as the Data Controller’s legitimate interest.

Recipients

In addition to the Data Controller, certain categories of personnel involved in the website’s organizational structure may have access to the data (such as administrative, commercial, marketing, legal staff, and system administrators). Furthermore, the Data Controller may engage external parties (such as third-party technical service providers, couriers, hosting providers, cloud services, IT companies, and communication agencies) who may be appointed as External Data Processors. The updated list of Data Processors can always be requested from the Data Controller at the address indicated above.

Transfer to a Third Country

For the services provided through the website, the Data Controller uses servers located in the following countries: Switzerland, which, pursuant to Regulation (EU) 2016/679, is considered adequate as it falls within the scope of the EU adequacy framework. The data processed by the Data Controller are not subject to disclosure.

The place of processing of the data is at the registered office of the Data Controller.

The processing operations related to the web services of this website take place at the aforementioned registered office of the Data Controller and are carried out solely by personnel authorized to process the data. Personal data provided by users who submit requests for services, assistance, or information are used solely for the purpose of performing the requested service or providing the requested information. Such data are disclosed to third parties only when strictly necessary for these purposes and, therefore, limited to the services and activities requested, may be transmitted to the company’s internal staff, collaborators, correspondents, and authorized personnel; to the company’s consultants in accounting, administrative, commercial, tax, and IT matters; to banking and financial institutions; as well as to parties entrusted with safeguarding the company’s interests in judicial, administrative, or extrajudicial proceedings and debt collection, to couriers for document delivery, and to those responsible for internal company audits.

Data retention period and location

The processing operations related to the web services of this website take place at the aforementioned company headquarters and are carried out exclusively by the company’s staff or by external personnel appointed for maintenance and updating operations. No data are subject to disclosure. The data are processed for the time necessary to perform the service requested by the user and are then destroyed using secure destruction methods, such as shredders for paper documents and wiping procedures for data stored on electronic media.

Optional or Mandatory Nature of Data Provision

Except as specified for browsing data, which are acquired automatically, users/visitors are free to provide or withhold their personal data. Failure to provide such data may only result in the inability to obtain the requested service or information. The optional, explicit, and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender’s address—necessary to respond to service and/or information requests—as well as any other personal data included in the message.

Rights of Data Subjects

Data subjects have the right at any time, under the GDPR, to obtain confirmation as to whether their personal data exist and to learn their content and origin, verify their accuracy, or request their completion, updating, or rectification. Requests should be addressed to Enjoy Sport s.a.s. di Bernasconi Fermo by post at Viale Felice Cavallotti 2, 22100 Como (CO), or directly by email at. info@runandbike.it

In relation to the processing of the aforementioned data, the User has the right to obtain from the Data Controller:

  • confirmation as to whether or not their personal data exist, communication of such data in an intelligible form, and information regarding their origin as well as the logic on which the processing is based;
  • the deletion of their data within a reasonable time, their transformation into anonymous form, or the blocking of data processed in violation of the law;
  • the updating of their data, their rectification or, when they have an interest, their integration;
  • confirmation that the actions referred to in the preceding points have been brought to the attention of those to whom the data were communicated, unless this proves impossible or requires the use of means that are disproportionate to the right being protected;
  • the rectification or erasure of their data, or the restriction of their processing;
  • information regarding the existence of an automated decision-making process and, in such cases, meaningful details about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
  • The User also has the right: a) to withdraw consent related to optional processing not connected to the performance of the contract entered into with the Data Controller; b) to obtain human intervention from the Data Controller, to express their opinion, and to contest decisions made through automated decision-making processes;
  • The User also has the right to object, on legitimate grounds, to the processing of their personal data, even if relevant to the purpose of collection; to request data portability; to exercise the right to be forgotten; and to contact the competent data protection authority for any violation they believe has occurred — in Italy, this is the **Garante per la Protezione dei Dati Personali**, via email at the address: garante@gpdp.itvia fax: +39 06 696773785, or by post to the **Garante per la Protezione dei Dati Personali**, located in Rome (Italy), Piazza di Monte Citorio No. 121, ZIP code 00186.

Minors

This website and the Data Controller’s services are not intended for individuals under the age of 18, and the Data Controller does not knowingly collect personal information relating to minors. In the event that information about minors is inadvertently recorded, the Data Controller will promptly delete it upon the users’ request.

This document constitutes the privacy policy of this website and may be subject to updates.

Last Updated Date

December 2023