Statement on the Processing of Personal Data
(pursuant to Article 13 of Legislative Decree 196/2003)
As Data Controller of personal data, in accordance with Italian Legislative Decree no. 196 of 30 June 2003 “Code on the Protection of Personal Data” (hereinafter “Privacy Code”), Ober Alp S.p.A. confirms that your personal data will be processed in accordance with the Privacy Code, which contains certain requirements around the processing of personal data, including ensuring that any processing of personal data is accurate, lawful and transparent. Your data will be processed in accordance with the Privacy Code and any confidentiality obligations as well as in compliance with your rights as a data subject.
1. Data subjects
A “Data subject” is each person who provides their personal data in the following ways:
• by registering on the website www.dynafit.com;
• by purchasing goods through the website www.dynafit.com; • by contacting (via telephone, fax, e-mail, etc.) the Consumer Care office of Ober Alp S.p.A.;
• by subscribing to the brand newsletters of Ober Alp S.p.A. through the website www.dynafit.com; • by registering for the outdoor events periodically organized by Ober Alp S.p.A. for its brands;
• by participating in online and offline competitions;
• by participating in partnership operations with third-party firms; and
• by making purchases during the sample sales periodically organized by the company.
2. Purposes of processing
a) The personal data will be processed only for purposes strictly connected to the fulfillment of contractual or legal obligations, also pursuant to art. 24, para. 1 lett. b) of the Pricacy Code and hence for:
• customer management;
• after-sale assistance;
• settlement of disputes;
• customer billing history;
• tax or other legal requirements.
Providing Personal Data for the execution of said obligations is mandatory and necessary for a proper management of the customer relationship. The corresponding processing does not require consent from the data subject.
Failure to provide any of the required information, or providing incorrect or inaccurate information, may make it impossible for the Controller to guarantee the appropriateness of the processing.
b) Personal Data will be furthermore, with the consent of the data subject, processed for the following purposes:
• subscribing to the newsletter of the Dynafit brand;
• sending periodic commercial communications regarding company products and services;
• Promotional activities also related to the shipment of advertising and promotional material.
• market surveys and statistics;
• measurement of customer satisfaction;
The provision of data with regard to these marketing purposes is optional and a refusal to provide personal data for this purposes will not affect the data subject’s ability to purchase goods through the website or the appropriateness of the processing.
3. Method of processing
The personal data may be processed in the following ways:
• processing of data through completion of factsheets, coupons and questionnaires;
• processing by computer;
• manual processing through paper-based archives;
• processing of data collected by third parties;
• transfer to third parties for processing operations.
The data are always processed in compliance with the procedures set forth in articles 11, 31 and following of the Privacy Code and through adoption of the minimal measures of security prescribed by the relevant technical regulation (Annex B).
4. Duration of processing
Personal Data will be processed for the duration of the contractual relation established between the Processor and the data subject and thereafter where necessary in order to comply with legal requirements.
For the purpose indicated in article 2, letter b), Personal Data will be processed until withdrawal of the data subject’s consent.
The personal data provided shall be kept at the head offices of the Controller and shall be disclosed or transferred exclusively to parties competent to provide the services necessary for a proper management of the relationship, and in ways guaranteeing the protection of the rights of the data subject. The personal data provided will be processed only by personnel expressly authorized by the Controller and specifically by the following categories of processors:
• Group Administration,
• Group IT,
• Group Brand&Marketing,
• Group Business Development,
• Group Logistics,
• Group Retail BU,
• Group E Business BU,
• Group Distribution BU.
The personal data provided may be transferred to third parties solely for the purposes described above, and specifically to:
• forwarding agents, carriers, delivery services, mailing providers, logistics firms;
• consultants and professionals, in one-off disclosures or as part of a course of dealing;
• banks and credit institutions;
• providers of IT services;
• Italian and other group companies of the Ober Alp Group.
The personal data provided shall not be disseminated except in cases required by law.
The Controller for the processing of personal data, according to Italian law, is Ober Alp S.p.A. with offices at Via Waltraud Gebert Deeg, 39100 Bolzano (BZ), tel. 0471.242.900, e-mail: firstname.lastname@example.org in the person of Giovanni Lattisi.
A list of the processing officers nominated by the Controller, whom Personal Data will be communicated to, is available at the headquarters of the Controller.
8. Rights of the data subject
The data subject has the right to require the Controller to stop processing or to update and correct the personal data that concern him/her and can generally exercise all the rights set forth in Article 7 of the Privacy Code, as more fully explained below:
Right to access personal data and other rights (Article 7 of Legislative Decree no. 196 of 30 June 2003)
1. Data subjects have the right to obtain confirmation as to whether or not personal data concerning them exist and are being processed, even if the data have not yet been recorded. The data subject is entitled to receive details of such data in intelligible form.
2. Data subjects have the right to be told:
a) the source of the personal data;
b) the purposes and modes of processing;
c) the logic applied when the data is processed automatically by technical means;
d) the identity of the data controller, data processing officers and any official representatives;
e) the parties or categories of parties to whom the personal data may be transferred or which may gain knowledge of them as designated representatives of the State, processing officers, or processors.
3. Data subjects have the right to:
a) have their data updated, corrected, or if applicable, supplemented;
b) the deletion, anonymisation, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed;
c) confirmation that the parties to whom the data have been transferred or disclosed have been notified of the operations specified in points a) and b), and the details thereof, except in circumstances where notification proves impossible or would be disproportionate to the right being protected.
4. Data subjects have the right to oppose, wholly or in part:
a) for legitimate reasons the collection of their personal data;
b) the processing of their personal data for marketing purposes.
This policy statement was last updated on 06.2017 and applies of your use of the website today but may be updated from time to time, for organizational reasons or because the law changes: we suggest you visit our websites regularly to see the latest version.