Table of contents
- Data controller
- Type of data processed
- Processing purposes and mandatory or optional nature of providing data.
- Processing methods to which the data is subjected.
- Subjects or categories of subjects to which the personal data may be disclosed or which may come to acquire knowledge thereof, in their capacity as data processors or persons charged with data processing, scope of disclosure of the above-mentioned data and possible transfer of data outside the EU.
- Rights of the data subject. The personal details of the data controller and, if appointed, the person charged with processing the data. Indication of the methods by which the updated list of data processors can be readily accessed.
This Policy, issued pursuant to Art. 13 of Legislative Decree 196/2003, code regarding the protection of personal data (hereinafter: “Privacy Code”), contains an illustration of the legislation and directives adhered to by Technogym with regard to the processing of personal data of users of the website www.technogym.com (“Site”).
- Data controller
The data controller is Technogym S.p.A. (herein: “Technogym”), with registered office in Italy, Via Calcinaro 2861, 47521 - Cesena (FC).
2. Type of data processed
- Browsing data
The information systems and software procedures used to operate the Site acquire, during the course of normal operation, some personal data, the transmission of which is implicit in Internet communication protocols.
This concerns information that is not collected expressly to be associated with specific individuals, but which, by its very nature, could allow users to be identified, through the processing and association with data held by third parties.
This category of data includes IP addresses or domain names of computers used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in order to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the user’s operating system and virtual environment.
This data is exclusively used to obtain anonymous statistical information regarding Site use, and to check that the latter is functioning correctly. The data may also be used to ascertain responsibility in case of hypothetical computer crimes against the Site.
- Data provided voluntarily by the user
Data freely, explicitly and voluntarily provided by the user by sending emails to the addresses listed on the Site entails the subsequent acquisition of the sender's email address, which is necessary to answer any queries, as well as of any other personal information included in the message.
Using the Site could lead to the processing of personal data of third parties provided by the user to Technogym. With regard to such cases, the user represents the autonomous Data Controller, assuming all legal obligations and responsibilities. In this sense, the user provides the broadest indemnity on this point with regard to any dispute, claim, request for compensation for damages from processing, etc. which Technogym might receive from third parties whose personal data has been processed through the user's use of the Site, in violation of applicable legislation on the protection of personal data. In any case, should the user provide or otherwise process the personal data of third parties in using the Site, he/she hereby guarantees - assuming all consequent liability - that such processing of third parties personal data is based, where necessary, on prior acquisition - by the user of the Site - of consent from the third party for processing of his/her personal data.
Any specific summary information will be provided or displayed on the Site pages as and when appropriate at each stage with regard to specific services available on request.
Interaction with social networks
In the event that the user is given the opportunity, if in possession of a Facebook profile, to register on the Site by clicking the "Login with Facebook" button, Facebook will automatically send Technogym certain user data specified in the "pop-up" window that will appear at the time of the request, and there will be no need for the user to fill in other forms.
3. Processing purposes and mandatory or optional nature of providing data
Technogym informs site users that the data collected will be used exclusively for the purposes stipulated below, with specific consent where necessary:
a) in order to comply with legal, accounting and tax obligations;
Provision of user data for the purposes listed above in (a) is mandatory; failure to do so would not allow Technogym to meet the obligations provided for by law, regulations or EU legislation.
Please note that pursuant to Art. 24 paragraph 1(a) of the Privacy Code, consent to the processing of personal data for this purpose is not required.
b) in order to carry out contracts of sale for products or contracts of engagement for the provision of services (supply of goods and services);
Provision of data for the purposes listed above in (b) is optional, but failure to do so may make it impossible to fulfil the contract or provide of services requested.
Pursuant to Art. 24 paragraph 1(b) of the Privacy Code, we do not require the user's consent for processing personal data for such purposes since such data is necessary to perform the obligations deriving from a contract which the user is party to and/or to fulfil, before conclusion of the contract, specific requests of the same.
c) to send e-mail promotional messages concerning products or services similar to those concerning the purchases of the data subject.
Pursuant to Art. 130, par. 4 of the Privacy Code, it is not necessary for the Data Controller to acquire prior consent for the processing referred to in this point (c); Nevertheless, the data subject may object during registration or when sending any communication made for this purpose. (so-called “soft opt-in”).
d) to send promotional messages. In accordance with the provision of the Authority for the protection of personal data entitled "Guidelines concerning promotional activities and combating spam - 4 July 2013 ", Technogym will acquire a single consent for such purposes. Should the user decide to consent to receiving information on promotional activities, including Technogym market surveys, such activities may take place, as provided for by current legislation, by means of telephone contacts via operators ("traditional mode"), e-mail and possible use of social networks ("automated mode”). At any time, the user can decide to revoke consent previously provided for traditional or automated mode by notifying Technogym, without any formalities, writing to email@example.com;Provision of user data for the purposes listed above in (d) is optional and requires the prior consent of the user.
e) (i). Profiling processing may also be put in place (defined as "processing aimed at defining the profile or personality of the data subject, or analysing habits or consumption choices" see Art. 37 par. 1(d) of the Privacy Code) necessary for the provision of the Service and therefore exempt from consent.
e) (ii). Technogym also reserves the right to put in place profiling processing not necessary for provision of the Service - for example for promotional purposes - subject to the prior consent of the data subject.
Provision of (possible) consent to processing of data for the profiling purposes referred to in point e) (ii) above is optional. In the absence of such consent, there will be no consequences for the user with regard to use of the services.
f) during promotional and exhibition events, to disseminate on Technogym communication channels the images of participants collected there through photographs or videos.
4. Processing methods to which the data is subjected
The user's personal data is processed by Technogym - or by reputable third parties carefully selected for their reliability and competence, as well as duly appointed data processors - solely for achievement by the same of the purposes specified above, mainly with automated tools, but also on paper, for the time strictly necessary to achieve the purposes for which it was acquired.
Specific security measures are observed to prevent the loss of data, illegal or incorrect use and unauthorised access, in full compliance with the requirements of Art. 31 et seq of the Privacy Code and of the Technical Regulations - Annex B to the Privacy Code - regarding minimum security measures.
5. Subjects or categories of subjects to which the personal data may be disclosed or which may come to acquire knowledge thereof, in their capacity as data processors or persons charged with data processing, scope of disclosure of the above-mentioned data and possible transfer of data outside the EU
The personal information provided by the user will be disclosed to and used by employees of Technogym and/or its overseas subsidiaries for the sole purpose of carrying out the activities that constitute the reason for which this information was originally collected (for example, to carry out contracts of sale or provision of services or to send out newsletters). The data may be disclosed to the exclusive Technogym distributors and/or other parent companies which are controlled by and/or connected to the Technogym Group in Italy, the EU or countries outside the EU, who will act as autonomous data controllers in compliance with legal provisions concerning the transfer of data to third countries. The data processing activities referred to above are established as necessary in order to properly deliver the service in question to Technogym customers, if located in foreign countries in which Technogym operates, and are therefore permitted under Art. 24 par. 1(b) and 43 par. 1(b) of the Privacy Code
The data may be processed by Technogym suppliers duly appointed data processors pursuant to Art. 29 of the Privacy Code and should the processing involve transfer of the data to countries that have not received the adequacy decision from the European Commission, such transfer will be put in place according to the rules (standard contractual clauses pursuant to the annex to the European Commission decision of 5 February 2010, no. 2010/87/EU (published in the Official Journal of the European Communities L39/5 of 12 February 2010).
Data may also be communicated to suppliers of electronic communication services, banks, financial intermediaries, credit institutions, other financial bodies, managers of centralized IT systems (risk and anti-fraud centres etc.), insurance companies, consultants and freelance professionals who assist Technogym in the recovery of debts and the resolution of disputes, as well as to companies charged with packing, shipping and delivering the purchases or with providing postal and marketing services, duly appointed as data handlers under Article 29 of the Privacy Code. Data may also be disclosed to regulators, research companies or non-profit associations; in this case, information will only be communicated in anonymous form. Without the prior express consent of the data subject for the purposes specified in point 3(f), the data will not be disclosed.
6. Rights of the data subject. The personal details of the data controller and, if appointed, the person charged with processing the data. Indication of the methods by which the updated list of data processors can be readily accessed.
Pursuant to Article 7 of the Privacy Code,
1 The data subject has the right to obtain confirmation of the existence or (lack thereof) of personal data concerning him/her, even if this information has not yet been recorded, and is entitled to receive details of this data in intelligible form.
2 The data subject has the right to obtain information in relation to:
a) the origin of this personal data;
b) the purposes and methods of processing;
c) the logic applied in case of processing with the aid of electronic tools;
d) the identity of the data controller, of the person(s) charged with processing the data, and the representatives appointed under article 5, comma 2;
e) Subjects or categories of subjects to which the personal data may be disclosed or who may come to acquire knowledge thereof, in their capacity as designated representatives, data processing controllers or persons charged with data processing within Italian state territory.
3 The data subject has the right to obtain:
a) updates, corrections or where relevant, additions to the data collected;
b) the deletion, anonymisation or blocking of data processed in violation of the law, including information that does not need to be kept for the purposes for which it was collected or subsequently processed;
c) confirmation that the operations mentioned above in points a) and b), have been made known to those to whom the data was communicated or disclosed, except where this proves impossible or involves the use of means that are clearly disproportionate to the rights being protected. This also applies to the content thereof.
4 The data subject has the right to object, in whole or in part:
a) to the processing of personal data concerning him/her, even if this information is still relevant to the scope of the collection, for legitimate reasons;
b) to the processing of personal data for the purpose of sending advertising material, for direct sales or for the conduction of market research or commercial communications activities.
The updated list of data processors can be obtained by sending a request to Technogym at firstname.lastname@example.org.
To exercise the above rights, data subjects may contact the data controller at the postal address provided, or alternatively by sending an email to email@example.com