Castelli respects the privacy of its users. Personal data sent by users to Castelli will be treated with the utmost care and with all the appropriate tools to ensure their security, fully respecting the European standard for the protection of privacy.
“Personal data” is taken to mean all personal data and any information concerning a natural person who is identified or identifiable, including indirectly, or information concerning an individual whose identity can be ascertained by means of additional information (Art. 4 GDPR).
“Processing” of personal data means all operations performed concerning the collection, recording, organisation, structuring, storage, consultation, compiling, adaptation or alteration, selection, extraction, comparison, use, interconnection, blocking, communication, distribution, erasure and destruction of the personal data, as well as its storage in a database (Art. 4 GDPR).
As provided by the applicable legislation, the processing of personal data carried out by the data controller will always and without exception be based on the principles of correctness, lawfulness, and transparency, and on the protection of confidentiality.
The data controller for personal data is Manifattura Valcismon S.p.A., whose head office is located at Via G. Marconi 81/83, 32030 Fonzaso (BL), Italy (the “Data controller”).
Categories of personal data that are processed
Access to, and navigation on the Site entails the collection and processing of various categories of users’ and/or of other interested parties’ personal data.
Firstly, the Site collects and processes information concerning the interaction with the user’s device that accesses it for example, IP address, information on the browser, operating system, and type of device used, the pages visited and the searches performed on the Site and concerning other information.
In this context, the personal data involved are those which are strictly necessary to enable navigation on the Site or to make navigation more functional.
The Site expressly requires the User to communicate personal data when they activate the procedure for registration on the Site, and/or in order to implement a purchase order on the Site. In these contexts, this involves data that is necessary or useful in order to provide services to the User.
In other situations, the Site asks about users and their personal data in order to send them communications of a commercial nature: for example, for subscription to the newsletter, and for participation in prize events, or to send commercial offers, either on its own behalf or for third parties.
The Site will always ask for the express and separate consent of users when it intends to carry out profiling activities for marketing purposes. Profiling means any form of automated processing of personal data involving the use of such data for the evaluation of certain personal aspects relating to a natural persona, in particular for the analysis or anticipation of aspects concerning professional performance, economic circumstances, health, personal preferences, reliability, behaviours, location or movements of the natural person (Art. 4 GDPR).
From time to time, the Site will indicate where the communication of personal data by the user is mandatory or optional.
It is also possible that the Site will perform checks, either directly, or indirectly, concerning payment methods and instruments used, in order to prevent insolvency, fraudulent activity or concerning anti-money laundering legislation.
The withholding of consent to the processing of personal data for purposes unconnected with the functioning of the Site and/or placement of orders on the Site will not have any significant consequences.
Personal data are used only when necessary for the specific purpose for which they were gathered and subsequently processed.
The purpose of the processing of personal data
The Data controller gathers and processes users’ personal data for the purposes of interacting with them, providing assistance and the services requested by users, before and after completion of orders on the Site. In this context, the processing of personal data is legitimately based on the requirement of the Data controller to provide the services requested by users and/or the fulfilment of its own contractual obligations.
In addition, subject to the express consent by the user in question, the Data controller gathers and processes users’ data in order to implement promotional and commercial information activities, for sending out advertising material, direct sales, as well as for market research and other advertising activities directed at the same user. In such situations, processing of the personal data is legitimately based on the valid consent expressed by the interested party.
Where this type of marketing activity is specifically based on tastes, shopping experiences, and the interests of the user (referred to as profiling), a separate user consent is obtained as an essential prior condition to carrying out this kind of profiling activity.
On the basis of the legitimate interest of improving services and products offered to its clients, the Data controller sends commercial emails containing communications, promotions, discounts, requests for feedback, or updates to such clients. Clients always have the option of refusing to receive such commercial communications (for example, by clicking on the link placed in these emails).
Communication of personal data
The Data controller communicates some of the personal data collected to entities, including to third parties that are involved in the fulfilment of purchase orders, in the sales and also in the after-sales stages, which also act as data controllers in respect of personal data. This would, for example, involve couriers who carry out deliveries for products ordered on the Site, and other kinds of operator.
In this type of context, the communication of personal data to suppliers is necessary in order to fulfil the contractual obligations that arise from the conclusion of orders on the Site.
This is without prejudice to the communication or disclosure of personal data where required by a judicial authority, or by other public bodies for security purposes of the State, or for the prevention, detection or suppression of administrative or criminal offences, and in cases where the communication or disclosure of personal data is required by law.
In all other cases, the communication or distribution of personal data is subject to the prior, express, and unequivocal consent of the interested party.
Users can ask the Data controller for an updated list of those responsible for processing personal data, via email, at the following address: [•]
The Data controller will not transfer personal data to locations and territories outside the European Economic Area (EEA) without an adequate level of protection for the personal data, without the prior, unequivocal consent of users and of the interested parties.
Retention period for personal data
The Data controller will delete or anonymise personal data in a timely manner, once personal data is no longer required.
In particular, the Data controller shall retain the personal data for a sufficient period in order to provide the services requested by users, and to fulfil their legal or tax obligations.
In order to determine the appropriate retention period for personal data, the Data Controller will take into account multiple factors to ensure that personal data is not stored for longer than is necessary or appropriate. These factors also include the purposes for which the Data Controller collects and processes personal data and the type of relationship established with the user (how often they connect to the Site, if they continue to receive commercial communications, how often they make purchases on the Site, etc.)
Rights of users
Concerning the processing of personal data referred to above, all interested parties in relation to the processing of personal data may exercise the rights provided by the GDPR.
In particular, the interested party is entitled to obtain confirmation of the existence or otherwise of personal data concerning them, even if not yet recorded, and of their communication in intelligible form.
The interested party also has the right to know:
the origin of the personal data processed;
the purpose, and legal basis for the processing;
the legitimate interests that may be pursued by the Data controller, where these constitute the legal basis for the processing itself;
the existence of an automatic decision-making process, including profiling;
the identification details of the entity processing the data;
the retention period for the personal data.
The interested party also has the right to request of the Data controller that their personal data are:
updated, corrected or (where data are incomplete) supplemented;
the data are no longer necessary for the purposes for which they were gathered or processed;
the interested party revokes their consent to, or opposes their processing;
the data are processed unlawfully, or must be deleted in order to comply with a legal obligation;
limited in respect of the related processing applied to them, if:
the data are inaccurate and are being processed unlawfully, or the interested party has opposed their processing;
even if the Data controller no longer needs the data for the purposes of processing, they are necessary to enable the interested party to assert a right in legal proceedings;
they are transferred to another Data controller (referred to as the portability right), if the processing is based on consent and is performed using automated means.
The interested party has the right to oppose, entirely or in part:
for legitimate reasons, the processing of the personal data concerning them, even though relevant to the purpose of the data gathering;
the processing of the personal data concerning them, for the purpose of sending advertising material or for direct sales, or for conducting market research, or commercial communications.
The interested part has the right to lodge a complaint with the Data Protection Authority or with any other competent supervisory authority.
For all communications to the Data controller concerning questions of privacy or in order to exercise their individual rights, users can contact the Data controller by telephone on 0439-5711, by fax on 0439-56436 or by email at: firstname.lastname@example.org.
What is a cookie?
A cookie is a small file that a site sends to the browser and which is saved on the device of the user visiting a web site. Cookies are used to make the site function or to enhance performance, or to provide information to site owners.
What kind of cookies does castelli-cycling.com use, and for what purpose?
The Site uses various kinds of cookies and similar tools, each of which has a specific function, as indicated in the table below:
TYPES OF COOKIES AND FUNCTIONS
Navigation Cookies: this type of cookie enables the Site to function correctly and enables users to view content in their own language and tailored for their market from the first access. They also enable an account to be created, and allow users to log in and manage purchase orders on the Site. The cookies mean that the Site can recognise each registered user as such when accessing the services that are offered. In general terms, navigation cookies are necessary for the functioning of the Site.
Functional Cookies: these cookies enable the Site to recognise a user based on their request (which may, for example, be expressed by clicking on "Stay connected") whenever they access the Site, so that they do not have to re-enter their data each time they visit the Site. If a user has added items to their “Shopping basket” and closed their session without completing the purchase, this type of cookie enables the user to continue shopping when re-accessing the Site within a given period, and to find the Shopping basket as they had left it the last time. These kinds of cookie are not essential for the functioning of the Site, but enhance the quality of the browsing experience.
Analytical cookies: these cookies are used by third parties, such as Google Analytics, to create statistical analyses of users’ browsing practices on the site, via computers or mobile applications, of the number of pages visited or the number of clicks made on a page during browsing on a site. The Data controller treats the results of such analyses anonymously and solely for statistical purposes and only when the service provider users cookies in connection with the browser installed on the computer or on other devices used by the user to navigate on the Site.
Third party cookies for marketing/re-targeting: this kind of cookie is used by trusted third party companies enabling banner advertisements on other affiliated sites, for example showing the user the latest products that that they saw on the Site. While the user is browsing on the Site, these cookies are also used to display products that might be of interest to such a user, or products similar to those that they had previously viewed, based on the user’s browsing history. The use of such cookies does not normally entail the processing of personal data; however, it may enable the connection of the computer to other devices used by the user and the tracing of saved data (this kind of cookie connects to the browser installed on the computer or on other devices used by the user during navigation on the Site).
A detailed list of the main types of cookie used by the Site or by third parties in connection with access and browsing on the Site:
dwsid (replaces sid)
https session cookie
Links are provided below to web pages containing information and forms for the acquisition of consent to third-party cookies:
Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en-GB
How to disable cookies
The main browsers on the market (Internet Explorer, Firefox, etc.) are configured to accept cookies. Nonetheless, the majority of browsers also allow you to control and disable cookies via the browser settings. Disabling navigation or functional cookies may cause the Site to malfunction and/or restrict the services offered there. These are the links to the main browsers: