Personal data processing
In compliance with the provisions of EU Regulation no. 679/2016 (hereinafter the "Regulation") in Article 13 - Information to be provided when personal data are collected from the data subject -, PEPA ITALIA srl, with registered office at Via Grotta delle Fate 41, 57128-Livorno (LI), provides the following information on the processing of personal data of its customers, suppliers, employees and collaborators (hereinafter the "Data") carried out by the Company, in its capacity as Data Controller.
1. Identity of the Data Controller and contact details
Pursuant to Article 4 of the Regulation, the Company is the Data Controller of the Data relating to its customers, suppliers, employees and collaborators.
For communications or requests, the Company can be reached by e-mail at: info@xpbikes.it.
2. Categories and types of Data collected and processed
The Data processed by the Company may include personal data, not belonging to special categories (art. 9 of the Regulation) collected for the purpose of the conclusion of the contract and in the context of its execution and/or stipulation.
It is also possible that personal data of third parties communicated by customers, suppliers, employees and collaborators to the Company may be processed. With respect to this hypothesis, the customers, suppliers, employees and collaborators act as autonomous data controllers and assume the consequent legal obligations and responsibilities, holding the Company harmless with respect to any dispute, claim and/or request for compensation for damage caused by the processing that may be received by the Company from third parties.
Specifically, we collect the following informations:
- Information that you provide to us when you use our Services, including your contact information, logins and passwords used to access the Services, activity and performance information, information about steps you took at a retailer so that we can recommend the best product for you, and credit card information.
- Information about the computers and devices you use to access our Services, including their location.
- Information related to your use of our Services, including your purchases, the frequency of your bike rides, the start and end locations of your rides, and information about your bike. We use cookies, beacons and other tracking technologies to collect this information.
- With your prior consent, we may also collect or allow authorised service providers to collect information about the exact location of your mobile device.
3. Purposes and legal basis of the processing and nature of the conferment of the Data
In compliance with current legislation on the protection of personal data and without the need for specific consent from the Data Subject, the Data shall be stored, collected and processed by the Company for the following purposes
a. fulfilment of contractual obligations, execution and/or stipulation of the contract and/or management of any pre-contractual measures;
b. fulfilment of any regulatory obligations, tax and fiscal provisions arising from the performance of business activities and obligations related to administrative-accounting activities
c. sending, directly or through third party providers of marketing and communication services, newsletters and communications for direct marketing purposes through email, sms, mms, push notifications, fax, paper mail, telephone with operator, in relation to products supplied
d. communication of Data to third party companies for sending newsletters and communications with marketing purposes through email, sms, mms, push notifications, fax, paper mail, telephone with operator.
The legal bases of the processing for the purposes a) and b) above are Articles 6.1.b) and 6.1.c) of the Regulation.
The provision of Data for the aforementioned purposes is optional, but failure to provide such Data and refusal to provide them would make it impossible for the Company to execute and/or enter into the contract and provide the services requested by the same.
The legal basis for the processing of Personal Data for the purposes c) and d) is art. 6.1.a) of the Regulation as the processing is based on consent; it should be noted that the Data Controller may collect a single consent for the marketing purposes described herein, pursuant to the General Provision of the Guarantor for the protection of personal data "Guidelines on promotional activities and the fight against spam" of 4 July 2013. The provision of consent to the use of data for marketing purposes is optional and should the data subject wish to object to the processing of the Data for marketing purposes carried out by the means indicated herein, as well as to withdraw the consent given; he/she may do so at any time without any consequences (except for the fact that he/she will no longer receive marketing communications) by following the instructions in the "Rights of the Data Subject" section of this Policy.
Data processing methods
In relation to the aforementioned purposes, the processing of Data is carried out by means of manual, computerised and telematic tools with logics strictly correlated to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the Data, in addition to compliance with the specific obligations laid down by law. The Data will be processed in compliance with the principle of lawfulness, correctness, pertinence and non excess, in accordance with the provisions of the legislation on the protection of personal data. Processing will be carried out by formally appointed and adequately trained personnel
4. Scope of communication and dissemination of Data, recipients and transfer of Data and data processors
For the aforementioned purposes, the Data may be communicated to other companies of the Group and to third parties appointed as data processors pursuant to article 28 of the Regulation and, in particular, to banking institutions, insurance companies, suppliers of services strictly necessary for the performance of business activities, or consultants of the company, where this proves necessary for fiscal, administrative or contractual reasons or for requirements protected by current regulations.
Moreover, the other companies of the Group may access the Data for administrative and/or accounting purposes, pursuant to recitals 47 and 48 and article 6 of the Regulation.
Finally, the Data may be shared with authorities, entities and/or subjects to whom the Data must be communicated by virtue of legal provisions or orders from authorities. These authorities, entities and/or subjects will act as autonomous data controllers.
The Data will not be disseminated.
A periodically updated and complete list of the persons in charge of processing the Data can be requested by sending an e-mail to the Data Controller at the above-mentioned addresses.
5. Transfer of Data to international organisations and/or countries not belonging to the EEA (European Economic Area)
Any transfer of Data to international organisations and/or countries not belonging to the EEA will take place in one of the ways permitted by current legislation, such as, for example, the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programmes for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
Upon request, further information can be obtained from the Company at the contacts listed above.
6. Data Retention
We retain your information for as long as you have an account with us or are otherwise an active customer of the Company. Once you delete your account or no longer use our Products and Services, the Data will be retained on paper and/or computer for only as long as necessary for the purposes for which it was collected, in accordance with the principles of retention limitation and minimisation set out in Article 5(1)(c) and (e) of the Regulation.
Data will be retained in order to fulfil regulatory obligations and pursue the aforementioned purposes, in accordance with the principles of indispensability, non-excessiveness and relevance.
We will retain information from deleted accounts to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, process warranty claims, distribute important product information (such as recalls), enforce our agreements, and take other actions permitted by law; subsequently, when the aforementioned reasons for processing no longer apply, the Data will be deleted, destroyed, or simply kept anonymous.
Upon request, further information can be obtained from the Company at the above-mentioned contacts.
7. Rights of the Data Subject
In relation to the aforementioned processing operations, each Data Subject may exercise the rights set out in Articles 15 to 22 of the Regulation.
In particular, the Interested Party has the right to ask the Company for access to his/her Data, their rectification or cancellation, has the right to object to the processing or request the limitation of the processing in the cases provided for by article 18 of the Regulation and to obtain in a structured, commonly used and machine-readable format his/her Data, in the cases provided for by article 20 of the Regulation.
The Data Subject may also revoke at any time the consents given pursuant to Article 7 of the Regulation, as well as lodge a complaint with the Data Protection Authority pursuant to Article 77 of the Regulation, should he or she consider that the processing of his or her Data is contrary to the legislation in force.
In cases of opposition to the processing of Data pursuant to Article 21 of the Regulation, the Company reserves the right to assess the request, which will not be accepted if there are compelling legitimate reasons to proceed with the processing that override the interests, rights and freedoms of the Data Subject. Requests should be made in writing to the Company at the addresses indicated above.
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, ...) and other parameters relating to the user's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site.
Faculty to confer your data:
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the message.
Communication and dissemination
Your data may be communicated by us, by which term is meant the disclosure to one or more specific persons, in the following terms
- to subjects, both public and private, who can access the data by virtue of provisions of the law, regulations or Community legislation, within the limits provided for by these rules (for example, social security and welfare institutions and bodies, associations of local authorities, administrations and public bodies, associations, foundations, associations and/or insurance bodies)
- to subjects who need access to the data for purposes auxiliary to the relationship that exists between the parties, to the extent strictly necessary to carry out the auxiliary tasks (for example, banks and credit institutions, service supply companies, carriers and shipping companies)
- to our consultants, to the extent necessary to carry out their duties in our organisation, subject to our letter of appointment imposing a duty of confidentiality and security.
Your data will not be disclosed by us, by which term is meant the disclosure of such data to unspecified parties in any way, including by making them available or consulting them, unless you have given your specific, free and informed consent for each type of processing.
Changes to our Privacy Policy
We may change our Privacy Policy and when we do we will update this page, so be sure to check it periodically.
We may update this Privacy Policy to reflect changes to our privacy policy. If we make material changes, we will provide you with a prominent notice before the change becomes effective. We encourage you to periodically check this page for the latest information on our privacy policy.
Managing Cookies by Configuring Your Browser
You can configure your browser to automatically accept or reject all cookies or to receive an on-screen notification of the transmission of each cookie and decide whether or not to install it on your hard disk. For details on how to do this, please consult the "Help" section of the browser used. Without prejudice to the foregoing, it is necessary to bear in mind that deactivating cookies may affect the correct functioning of certain sections of the Site. Below we provide indications on how to configure these settings for the most popular browsers:
Chrome
1. Run the Chrome Browser
2. Click on the menu on the browser toolbar next to the url entry window for browsing
3. Select Settings
4. Click on Show Advanced Settings
5. In the "Privacy" section, click on the "Content Settings" button
6. In the "Cookies" section, you can change the following cookie settings:
◦ Allow data to be saved locally
◦ Change local data only until the browser is closed
◦ Prevent sites from setting cookies
◦ Block third-party cookies and site data
◦ Manage exceptions for certain sites
◦ Delete one or all cookies
For more information, please refer to the website of the software distributor.
Mozilla Firefox
1. Run the Mozilla Firefox Browser
2. Click on the menu on the browser toolbar next to the url entry window for browsing
3. Select Options
4. Select the Privacy panel
5. Click Show Advanced Settings
6. In the "Privacy" section click on the "Content Settings" button
7. In the "Tracking" section you can change the following cookie settings:
◦ Require sites not to perform any tracking
◦ Notify sites of your willingness to be tracked
◦ Do not communicate any tracking preferences
8. From the 'History' section, it is possible
◦ Enable "Use personalised settings" by selecting to accept third-party cookies (always, from the most visited sites or never) and to keep them for a specified period (until they expire, when Firefox is closed or to ask each time)
◦ Remove individual stored cookies
For further information, please refer to the website of the software distributor.
Internet Explorer
1. Run the Internet Explorer browser
2. Click on the Tools button and choose Internet Options
◦ Click on the Privacy tab and in the Settings section change the slider to the desired cookie action: Block all cookies
◦ Allow all cookies
◦ Selection of sites from which to obtain cookies: move the slider to an intermediate position so as not to block or allow all cookies, then click on Sites, in the Website Address box enter a website and then click on Block or Allow
For more information please refer to the websites of the software distributors
Safari
1. Run the Safari Browser
2. Click on Safari, select Preferences and click on Privacy
3. In the Block Cookies section specify how Safari should accept cookies from websites.
4. To view which sites have stored cookies click on Details
For more information please refer to the websites of the software distributors.
This page is visible by means of a link at the bottom of all the pages of the Site in accordance with Article 122 second paragraph of Legislative Decree 196/2003 and following the simplified procedures for information and the acquisition of consent for the use of cookies published in the Official Gazette no. 126 of 3 June 2014 and its register of provisions no. 229 of 8 May 2014.
