Privacy Policy

In compliance with the current legislation on the processing of personal data, defined in accordance with the provisions contained in the EU Regulation 2016/679 (Regulation) and the additional provisions in force regarding the protection of personal data, this Privacy Policy is made available to all users (for example the "data subjects") who access the website www.outletmoto.eu

This Privacy Policy does not refer to other Internet sites to which users can access through hypertext links that may be conteined on the website, which will be subject to the discipline provided for by the respective privacy policies.

 

  1.  Data Controller - Contacts

The Data Controller of personal data ("Data") is OutletMoto.eu SRL with registered office in Calenzano (FI), Via delle Cantine, n. 77, Tax Code and VAT no. 06136050488, email info@outletmoto.eu ("Owner"). The Data Controller has designated its own Data Protection Officer ("DPO"), who can be contacted at the e-mail address alessandro@nwkcloud.com for all matters relating to the processing of data and the exercise of rights, which may be exercised pursuant to the Regulation and in the manner described in § 10 of this Privacy Policy.

 

  1.  Categories of Personal Data processed

It is possible to access the website without the user being asked to provide any personal data.

However, the computer systems and software used to operate the website acquire, for the purposes of normal operation, some common data whose transmission is implicit in the use of Internet communication protocols, such as the IP addresses of the computers used by the users who connect to the platform, the URL of the requested resources, the time of the request, etc.

These data are used only to obtain anonymous statistical information about the use of the platform and to check its correct functioning and are deleted immediately after their processing. The foregoing does not involve the processing of information directly identifying users.

 

The Data collected when placing purchase orders through the e-commerce functions, the forwarding of the request in the "Subscribe to the Newsletter" section and the request for information on the "Contacts" web page, are common Personal Data: personal identifying data, contact details, shipping address and bank details. 

 

  1.  Source of Personal Data processed

Data is collected directly from users or from third parties (cookies). In relation to the Data collected from third parties, users are invited to consult the Cookie Policy of the Data Controller. 

 

  1.  Purpose of the treatment

The Data Processing is carried out by the Data Controller for the pursuit of the purposes mentioned below:

  1. purchase order management and therefore: (a) order management, (b) supply of products and services, (c) payment processing;
  2. modification of your profile and login to services provided in the reserved area of the website (Registration, viewing of orders, modification of profile);
  3. processing of requests from users forwarded through the "Contacts" web page;
  4. direct marketing: registration in the appropriate section "Subscribe to the Newsletter" to send information and promotional material relating to the activities, products and services of Outletmoto. Such communications may be made via automatic messages, via e-mail, via snail mail and/or the use of the telephone with operator; it is specified that the Data Controller collects a single consent for the marketing purposes described here, pursuant to the General Provision of the Guarantor for the Protection of Personal Data "Guidelines on promotional activities and the fight against spam" of 4 July 2013;
  5. fulfillment of all legal obligations, Regulation or other national or community legislative provisions, or provisions issued by Authorities legitimated for this and/or in compliance with requests from the Supervisory and Control Authority;
  6. for users registered on the website or in the Newsletter, in the presence of items left in the "cart" and not processed, up to 3 reminder messages are sent via e-mail with a frequency of 4/24/72 hours, from the time the items are added to the cart;
  7. ascertain, exercise or defend the rights of the Data Controller in extrajudicial, judicial or administrative settings.

 

  1.  Lawfulness criteria of the treatment

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point i. and ii. under the following lawfulness criteria:

  • ⮚ execution of pre-contractual measures expressly requested by the data subject or execution of a contract of which the data subject is a party pursuant to Art. 6, par. 1, lett. b) of the Regulation.

 

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point iii. and iv., under the following lawfulness criteria:

  • ⮚ consent expressed by the data subject pursuant to and for the purposes of Art. 6, par. 1, lett. a) of the Regulation.

 

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point v., by virtue of the following lawfulness criteria:

  • ⮚ fulfillment of legal obligations pursuant to and for the purposes of Art. 6, par. 1, lett. c) of the Regulation.

 

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point vi. and vii., under the following lawfulness criteria:

  • ⮚ pursuit of the legitimate interest of the Data Controller pursuant to Art. 6, par. 1, lett. f) of the Regulation. The Data Controller may carry out the processing activities related to the pursuit of these purposes on the basis of its own legitimate interest.

 

  1.  Nature of the provision of Data and any consequences of refusal

The provision of Data is optional but the refusal to provide the data will not allow the Data Controller to process the user's requests.

 

  1.  Methods of processing and data retention period

Data processing is carried out, in compliance with the principles of lawfulness, correctness, transparency, necessity, relevance, non-excess, accuracy, integrity and confidentiality provided for by the Regulation, also with the aid of electronic means. The Data Controller does not adopt any automated decision-making process, including profiling.

The processing is carried out by expressly authorized data handler and/or by subjects external to this organization, but in any case bound to it by virtue, if necessary, of a specific act of appointment as Data Processor (for example, IT and systems security companies; managers of the software infrastructures used by the Data Controller as platforms for sending e-mails; companies in charge of debt collection). The complete list of data processors is kept at the headquarters of the Data Controller and can be consulted upon request to be sent to the addresses indicated in the previous § 1.

 

The Data will be processed by the Data Controller for the time strictly necessary to pursue the purposes referred to in § 4 of this Privacy Policy. In particular, in order to determine the appropriate retention period, the Data Controller will consider elements such as: legal, tax and regulatory obligations connected to such personal information; the type of relationship with the user.

Specifically for the purposes referred to in § 4, point vii. the Data will be kept for the entire duration of the out-of-court and/or judicial proceedings, until the deadlines for judicial protections and/or appeals are exhausted.

Once the retention terms mentioned above have elapsed, the Data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures.

 

  1.  Place of Treatment and transfer of Personal Data

The Data are processed within the operational headquarters of the Data Controller and in all the offices of the subjects involved in the processing, as indicated in the previous § 7 and exclusively for the purposes referred to in § 4 of this Privacy Policy.

The Data will not be transferred to countries outside the European Union and to third countries, in accordance with the provisions of the Regulation.

 

  1.  Communication and diffusion of personal data

Without the need for express consent (pursuant to Art. 6 lett. b) and c) of the Regulation), the Data Controller may communicate the Data, for the purposes referred to in § 4., to those subjects to whom the communication is mandatory, by law, for the accomplishment of the aforementioned purposes. These subjects will process the Data in their capacity as independent data controllers. The collected data will not be diffused.

 

  1.  Rights of Data Subject

The Regulation gives the data subject the right to:

  • - obtain confirmation as to whether or not a processing of personal data is in progress and, in this case, obtain access to personal data and information relating to the treatment (right of access – Art. 15 of the Regulation);
  • - obtain the correction of inaccurate personal data, as well as the integration of incomplete personal data (right of rectification – Art. 16 of the Regulation);
  • - obtain the cancellation of personal data processed in the cases provided for by the Regulation, including that in which storage is not necessary in relation to the purposes for which the personal data were collected or subsequently processed (right to be forgotten – Art. 17 of Regulation). The request for deletion of personal data cannot be granted in the cases provided for by the Regulation, including the case in which it is necessary for the Data Controller to process personal data to fulfill a legal obligation or for the assessment, exercise or defense a right in court;
  • - obtain the limitation of the processing of personal data in the event that its accuracy has been contested, limited to the period necessary for the Data Controller to verify the accuracy of such personal data, or in the case of unlawful processing, or in the event that the personal data although no longer necessary for the purposes of the processing, they are still necessary for the data subject to ascertain, exercise or defend a right in court, or in the event that the data subject has exercised the right to object to the processing of personal data limited to the period necessary for the verification of the prevalence of the legitimate reasons of the Data Controller with respect to those of the data subject (right of limitation – Art. 18 of the Regulation);
  • - receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him and transmit such personal data to another data controller (right to portability – Art. 20 of the Regulation);
  • - oppose, for reasons related to the particular situation of the data subject, the processing of personal data necessary for the performance of a task of public interest or for the pursuit of the legitimate interest of the Data Controller or third parties. The Data Controller may continue with the processing of personal data if he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the rights, interests and freedoms of the data subject or for the assessment, exercise or defense of a right in court. The data subject may also object to the processing of personal data for direct marketing purposes including profiling to the extent that it is connected to such direct marketing (right to object – Art. 21 of the Regulation);
  • - request not to be subjected to a decision based only on automated processing, including profiling, which produces legal effects concerning the data subject, except in cases where profiling is necessary for the conclusion or execution of a contract, is authorized by the law of the Union or of the Member State to which the data controller is subject, is based on the explicit consent of the data subject (Art. 22 of the Regulation);
  • - withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal, if the processing is based on Art. 6, par. 1, lett. a), or on Art. 9, par. 2, lett. a) referred to in the Regulation;
  • - propose a complaint to the Supervisory Authority (Art. 77 of the Regulation).

 

All requests from data subjects may be addressed to the Data Controller, in writing and accompanied by a copy of a valid identity document, to the contact details provided in this Privacy Policy in § 1. The Data Controller facilitates the requests of the data subject and undertakes to provide feedback within one month from the receive of the communication.

 

Furthermore, the Data Controller, pursuant to Art. 19 of the Regulation, will communicate to each of the recipients to whom the Data has been transmitted any corrections or cancellations or limitations of the processing carried out in accordance with Art. 16, Art. 17, par. 1, and Art. 18 of the Regulation, unless this proves impossible or involves a disproportionate effort and will communicate these recipients to the data subject if he requests it.

 

  1.  Changes

The Data Controller reserves the right to update this Privacy Policy at any time and make users aware of it through the use of the most appropriate facilities.

Privacy Policy

In compliance with the current legislation on the processing of personal data, defined in accordance with the provisions contained in the EU Regulation 2016/679 (Regulation) and the additional provisions in force regarding the protection of personal data, this Privacy Policy is made available to all users (for example the "data subjects") who access the website www.outletmoto.eu

This Privacy Policy does not refer to other Internet sites to which users can access through hypertext links that may be conteined on the website, which will be subject to the discipline provided for by the respective privacy policies.

 

  1.  Data Controller - Contacts

The Data Controller of personal data ("Data") is OutletMoto.eu SRL with registered office in Calenzano (FI), Via delle Cantine, n. 77, Tax Code and VAT no. 06136050488, email info@outletmoto.eu ("Owner"). The Data Controller has designated its own Data Protection Officer ("DPO"), who can be contacted at the e-mail address alessandro@nwkcloud.com for all matters relating to the processing of data and the exercise of rights, which may be exercised pursuant to the Regulation and in the manner described in § 10 of this Privacy Policy.

 

  1.  Categories of Personal Data processed

It is possible to access the website without the user being asked to provide any personal data.

However, the computer systems and software used to operate the website acquire, for the purposes of normal operation, some common data whose transmission is implicit in the use of Internet communication protocols, such as the IP addresses of the computers used by the users who connect to the platform, the URL of the requested resources, the time of the request, etc.

These data are used only to obtain anonymous statistical information about the use of the platform and to check its correct functioning and are deleted immediately after their processing. The foregoing does not involve the processing of information directly identifying users.

 

The Data collected when placing purchase orders through the e-commerce functions, the forwarding of the request in the "Subscribe to the Newsletter" section and the request for information on the "Contacts" web page, are common Personal Data: personal identifying data, contact details, shipping address and bank details. 

 

  1.  Source of Personal Data processed

Data is collected directly from users or from third parties (cookies). In relation to the Data collected from third parties, users are invited to consult the Cookie Policy of the Data Controller. 

 

  1.  Purpose of the treatment

The Data Processing is carried out by the Data Controller for the pursuit of the purposes mentioned below:

  1. purchase order management and therefore: (a) order management, (b) supply of products and services, (c) payment processing;
  2. modification of your profile and login to services provided in the reserved area of the website (Registration, viewing of orders, modification of profile);
  • processing of requests from users forwarded through the "Contacts" web page;
  1. direct marketing: registration in the appropriate section "Subscribe to the Newsletter" to send information and promotional material relating to the activities, products and services of Outletmoto. Such communications may be made via automatic messages, via e-mail, via snail mail and/or the use of the telephone with operator; it is specified that the Data Controller collects a single consent for the marketing purposes described here, pursuant to the General Provision of the Guarantor for the Protection of Personal Data "Guidelines on promotional activities and the fight against spam" of 4 July 2013;
  2. fulfillment of all legal obligations, Regulation or other national or community legislative provisions, or provisions issued by Authorities legitimated for this and/or in compliance with requests from the Supervisory and Control Authority;
  3. for users registered on the website or in the Newsletter, in the presence of items left in the "cart" and not processed, up to 3 reminder messages are sent via e-mail with a frequency of 4/24/72 hours, from the time the items are added to the cart;
  4. ascertain, exercise or defend the rights of the Data Controller in extrajudicial, judicial or administrative settings.
  5. Queryo Business Automation service - Inside the site there is a tracking script linked to the Queryo Business Automation service, which allows the collection of pseudonymized data regarding purchases made on e-commerce. The data collected will be used in an aggregate manner to evaluate the effectiveness of the data controller's promotional campaigns

 

  1.  Lawfulness criteria of the treatment

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point i. and ii. under the following lawfulness criteria:

  • ⮚ execution of pre-contractual measures expressly requested by the data subject or execution of a contract of which the data subject is a party pursuant to Art. 6, par. 1, lett. b) of the Regulation.

 

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point iii. and iv., under the following lawfulness criteria:

  • ⮚ consent expressed by the data subject pursuant to and for the purposes of Art. 6, par. 1, lett. a) of the Regulation.

 

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point v., by virtue of the following lawfulness criteria:

  • ⮚ fulfillment of legal obligations pursuant to and for the purposes of Art. 6, par. 1, lett. c) of the Regulation.

 

The Data Controller carries out the Data Processing, aimed at pursuing the purposes referred to in the previous § 4 point vi. and vii., under the following lawfulness criteria:

  • ⮚ pursuit of the legitimate interest of the Data Controller pursuant to Art. 6, par. 1, lett. f) of the Regulation. The Data Controller may carry out the processing activities related to the pursuit of these purposes on the basis of its own legitimate interest.

 

  1.  Nature of the provision of Data and any consequences of refusal

The provision of Data is optional but the refusal to provide the data will not allow the Data Controller to process the user's requests.

 

  1.  Methods of processing and data retention period

Data processing is carried out, in compliance with the principles of lawfulness, correctness, transparency, necessity, relevance, non-excess, accuracy, integrity and confidentiality provided for by the Regulation, also with the aid of electronic means. The Data Controller does not adopt any automated decision-making process, including profiling.

The processing is carried out by expressly authorized data handler and/or by subjects external to this organization, but in any case bound to it by virtue, if necessary, of a specific act of appointment as Data Processor (for example, IT and systems security companies; managers of the software infrastructures used by the Data Controller as platforms for sending e-mails; companies in charge of debt collection). The complete list of data processors is kept at the headquarters of the Data Controller and can be consulted upon request to be sent to the addresses indicated in the previous § 1.

 

The Data will be processed by the Data Controller for the time strictly necessary to pursue the purposes referred to in § 4 of this Privacy Policy. In particular, in order to determine the appropriate retention period, the Data Controller will consider elements such as: legal, tax and regulatory obligations connected to such personal information; the type of relationship with the user.

Specifically for the purposes referred to in § 4, point vii. the Data will be kept for the entire duration of the out-of-court and/or judicial proceedings, until the deadlines for judicial protections and/or appeals are exhausted.

Once the retention terms mentioned above have elapsed, the Data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures.

 

  1.  Place of Treatment and transfer of Personal Data

The Data are processed within the operational headquarters of the Data Controller and in all the offices of the subjects involved in the processing, as indicated in the previous § 7 and exclusively for the purposes referred to in § 4 of this Privacy Policy.

The Data will not be transferred to countries outside the European Union and to third countries, in accordance with the provisions of the Regulation.

 

  1.  Communication and diffusion of personal data

Without the need for express consent (pursuant to Art. 6 lett. b) and c) of the Regulation), the Data Controller may communicate the Data, for the purposes referred to in § 4., to those subjects to whom the communication is mandatory, by law, for the accomplishment of the aforementioned purposes. These subjects will process the Data in their capacity as independent data controllers. The collected data will not be diffused.

 

  1.  Rights of Data Subject

The Regulation gives the data subject the right to:

  • - obtain confirmation as to whether or not a processing of personal data is in progress and, in this case, obtain access to personal data and information relating to the treatment (right of access – Art. 15 of the Regulation);
  • - obtain the correction of inaccurate personal data, as well as the integration of incomplete personal data (right of rectification – Art. 16 of the Regulation);
  • - obtain the cancellation of personal data processed in the cases provided for by the Regulation, including that in which storage is not necessary in relation to the purposes for which the personal data were collected or subsequently processed (right to be forgotten – Art. 17 of Regulation). The request for deletion of personal data cannot be granted in the cases provided for by the Regulation, including the case in which it is necessary for the Data Controller to process personal data to fulfill a legal obligation or for the assessment, exercise or defense a right in court;
  • - obtain the limitation of the processing of personal data in the event that its accuracy has been contested, limited to the period necessary for the Data Controller to verify the accuracy of such personal data, or in the case of unlawful processing, or in the event that the personal data although no longer necessary for the purposes of the processing, they are still necessary for the data subject to ascertain, exercise or defend a right in court, or in the event that the data subject has exercised the right to object to the processing of personal data limited to the period necessary for the verification of the prevalence of the legitimate reasons of the Data Controller with respect to those of the data subject (right of limitation – Art. 18 of the Regulation);
  • - receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him and transmit such personal data to another data controller (right to portability – Art. 20 of the Regulation);
  • - oppose, for reasons related to the particular situation of the data subject, the processing of personal data necessary for the performance of a task of public interest or for the pursuit of the legitimate interest of the Data Controller or third parties. The Data Controller may continue with the processing of personal data if he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the rights, interests and freedoms of the data subject or for the assessment, exercise or defense of a right in court. The data subject may also object to the processing of personal data for direct marketing purposes including profiling to the extent that it is connected to such direct marketing (right to object – Art. 21 of the Regulation);
  • - request not to be subjected to a decision based only on automated processing, including profiling, which produces legal effects concerning the data subject, except in cases where profiling is necessary for the conclusion or execution of a contract, is authorized by the law of the Union or of the Member State to which the data controller is subject, is based on the explicit consent of the data subject (Art. 22 of the Regulation);
  • - withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal, if the processing is based on Art. 6, par. 1, lett. a), or on Art. 9, par. 2, lett. a) referred to in the Regulation;
  • - propose a complaint to the Supervisory Authority (Art. 77 of the Regulation).

 

All requests from data subjects may be addressed to the Data Controller, in writing and accompanied by a copy of a valid identity document, to the contact details provided in this Privacy Policy in § 1. The Data Controller facilitates the requests of the data subject and undertakes to provide feedback within one month from the receive of the communication.

 

Furthermore, the Data Controller, pursuant to Art. 19 of the Regulation, will communicate to each of the recipients to whom the Data has been transmitted any corrections or cancellations or limitations of the processing carried out in accordance with Art. 16, Art. 17, par. 1, and Art. 18 of the Regulation, unless this proves impossible or involves a disproportionate effort and will communicate these recipients to the data subject if he requests it.

 

  1.  Changes

The Data Controller reserves the right to update this Privacy Policy at any time and make users aware of it through the use of the most appropriate facilities.