Privacy policy

Introduction
Welcome to  www.dainese.com  (the " Site "). Please read our Privacy Policy carefully, which applies whether you simply access and browse the Site and use its services without purchasing any products, or whether you purchase the products or services offered for sale on the Site.  
The same Privacy Policy also applies if data is collected using tools other than the Site, unless otherwise specified. 
By using the Site, you accept the terms described in the Privacy Policy and the information at the bottom of the Privacy Policy.  If you do not agree with any of the terms and conditions set forth in the Privacy Policy, we invite you not to use the Site .
The processing of Personal Data of users and consumers (hereinafter collectively " Users ") will be conducted in compliance with the applicable European legislation (GDPR - EU Privacy Regulation 679/2016 and E-Privacy Regulation) and the Personal Data Protection Code (hereinafter " Privacy Code ": Legislative Decree 30 June 2003, no. 196 and subsequent amendments), which regulates the processing of personal data carried out i) in the context of the activities of an establishment by a data controller or a data processor in the Union, regardless of whether the processing is carried out in the Union or not; and (ii) the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services to such data subjects in the Union, irrespective of whether a payment by the data subject is required; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.  
The processing is carried out in compliance with the fundamental rights and freedoms, as well as the dignity of the interested party, with particular reference to confidentiality, personal identity, and the right to personal data protection.
1. The policy
DAINESE SpA ( “ DAINESE ”), in the processing of personal data, which can directly or indirectly identify you, respects the general principles of strict necessity and proportionality (by configuring the Site in such a way that the use of Personal Data is reduced to a minimum and in such a way as to exclude the processing of Personal Data when the purposes pursued in individual cases can be achieved through the use of anonymous data or through other methods, which allow the identification of the interested party only in case of necessity or at the request of the authorities and the police forces, such as, for example, for data relating to traffic and time spent on the Site or your IP address), lawfulness, correctness, transparency, integrity and confidentiality, limitation of duration, provided for by EU Regulation 679/2016 (GDPR) for the data controllers.
2. Types of data
The data we process may fall into four general categories: i)  user browsing data on this website and/or other DAINESE websites;  ii)  data actively provided by the interested party ; iii)  data collected from third parties  , in particular data relating to the interested party's interactions with online portals monitored by DAINESE via cookies from the third-party software provider Hubspot Inc. (see below); iv) data relating to telephone calls with customers, recorded via the Aircall cloud call center service. 
 
i) Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. 
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), the country of origin, and other parameters relating to the operating system and the user's IT environment (e.g., the characteristics of the browser and operating system used by the visitor, the type of device used to access the Internet, the various temporal connotations of the visit (e.g., the time spent on each page, and the details relating to the path followed within the pages of the Site, with particular reference to the sequence of pages visited). This category also includes so-called system logs, which are files that record interactions between the user and the Site.  
This data is used to manage access to the Site and its services, obtain anonymous statistical information on site usage, enable the site's functionality, monitor its proper functioning, and ensure database maintenance. In these cases, the browsing data does not allow us to identify the users involved and is deleted immediately after processing in anonymous form. Browsing data may also be used to ascertain liability in the event of crimes or other unlawful acts committed by the interested party against the Site and/or third parties through the Site. 
 
ii) Data provided by the user
DAINESE collects Personal Data and other information directly from Users as part of the processes it manages on the Site (purchasing products on the Site for the conclusion of e-commerce transactions / completing User registration forms on the Site for DAINESE's marketing purposes) or through other means (e.g. a) paper-based or IT-based collection in stores, b) events and demonstrations, c) trade fairs, chat services active on the DAINESE website; d) online forms dedicated to specific DAINESE initiatives).  
The data provided voluntarily by the user and collected through the Site and by other means, in pursuit of the Commercial Purposes, are stored in two separate general DAINESE databases:  
- “B2B” (concerning the Company's retailers, distributors, agents);  
- “B2C” (concerning natural persons who are end users of company products and services). 
These are understood to mean:
information  sent by users on an optional and voluntary basis  to the addresses indicated on the Site (e.g., email address, email subject, company name, first and last name, etc., address of the registered office, residence or domicile (postcode, city, province), landline or mobile telephone number, country, contact language, company affiliation, company role, etc.); personal data provided by users to  use services accessible on the Site  (via the order form for the purchase of products and services on the e-commerce Site, e.g., personal data, email address, content of the email and its attachments, postal address, credit card details, bank details, details of payment instruments and codes via mobile devices, telephone number, data relating to purchases made by the interested party, such as type of product, date and price of purchase, model and serial number of the product, retailer from which the purchase was made))  or to participate in initiatives  promoted through the Site or by other means  
personal data provided by users who submit online or offline  requests for news, informational material or newsletters ; 
the personal data provided by users who send  job applications  (“curriculum vitae”, etc.) via the online “Careers” form; 
Personal data  collected through D-Air products , which include a GPS system, necessary for the product's operation, which records, for a limited time and only on the product's microchip, data relating to the product's geographic location. The data will be processed by Dainese only if the D-Air product is delivered to Dainese or an authorized dealer, for the restoration of the D-Air bladder or for repairs, or for product research and development purposes. 
 
iii) Data collected from third parties
DAINESE uses HUBSPOT software, which automatically associates the data subject's B2C personal information with additional information that the software independently retrieves from this website and other DAINESE websites, as well as data relating to the data subject's interactions with online portals monitored via HUBSPOT software cookies. This data is used to build a basic profile of the data subject, which DAINESE uses for analysis and direct marketing purposes. This data primarily, but not exclusively, includes personal data such as personal details and contact information. 
 
iv) Data collected by the Aircall service
DAINESE records the audio of telephone calls with customers and the associated metadata (e.g. duration of the conversation, telephone number and name of the customer, operator notes) via the cloud call center service provided by the third-party provider Aircall, in order to provide its employees with training regarding the assistance service. 
 
v) Special data
Through the web forms available on the sites, we never ask you for "sensitive" personal data (personal data revealing racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership in parties, trade unions, associations, or organizations of a religious, philosophical, political, or trade union nature, as well as personal data revealing health or sexual orientation) or "criminal" data (i.e., data relating to a criminal record, or data relating to the status of a defendant or suspect, convicted in a criminal case).
3. Who processes your personal data, how and for what purposes
Authorized
Personal data will be processed only by data processors who have been previously selected and authorized in writing by DAINESE and supervised by DAINESE, in order to prevent personal data security risks. Authorized individuals primarily belong to the administration, marketing, sales, after-sales and complaints, legal, and ICT departments. 
Personal Data is also shared with the supervisory body designated by DAINESE in relation to the organizational model adopted pursuant to Legislative Decree 231/2001 for the purpose of preventing the risk of committing certain crimes. 
The email addresses listed on our websites, and any other DAINESE email addresses, are not personal, even when they contain the name and/or surname of a natural person. They belong to the company organization and have the primary purpose of enabling the effective performance of work activities within the DAINESE Group companies. This means that messages forwarded to DAINESE Group email addresses may be seen not only by the recipient but also by other individuals within the organization. By forwarding emails to the other email addresses listed on our websites, you declare that you have read and accepted the processing conditions contained in this policy. 
 
Purpose
DAINESE is the sole and independent data controller of the Users' Personal Data (the "Personal Data "), both in relation to the management, conclusion and execution of commercial transactions concerning the sale of products and services through the Site or through physical stores owned by Dainese, as well as after-sales services (the " Commercial Purposes "), and in relation to direct marketing purposes (including profiling purposes, functional to direct marketing activities) carried out through the functions of the Site and/or through any other online channels (e.g. sending newsletters relating to the world of DAINESE, its products and services, sending - via mobile messaging, SMS, email, telephone with operator, social networks - generalized and/or personalized promotional and advertising messages with respect to consumer habits and/or any other preferences and interests expressed by the User) (the " Marketing Purposes ") depending on the consent given by the interested party as better indicated below or on any different legal basis for the processing. 
Within the scope of Commercial Purposes, in particular, personal data is processed to: 1) satisfy pre-contractual requirements (e.g., processing offers or your orders, credit checks); 2) fulfill contractual obligations (related to the supply or purchase of goods and/or services) and legal obligations (e.g., bookkeeping, tax formalities, administrative, accounting, and treasury management); 3) manage customers and suppliers; 4) manage electronic payment instruments and monitor related risks (fraud, insolvency, etc.); 5) manage disputes; 6) provide insurance services instrumental to customer/supplier management.  
 
Treatment methods
Personal Data is processed mainly in electronic format and in some cases also in paper format.  
The logic and forms of processing organization are strictly related to the individual purposes indicated above.  
To ensure that your Personal Data is always accurate and up-to-date, relevant and complete, please notify us of any changes at the following email address:  privacy@dainese.com . 
The data is processed within the DAINESE Custom Relation Management (CRM cloud) IT system dedicated to managing customers, suppliers and other contacts, as well as on the DAINESE e-commerce platform and the DAINESE AX management software. 
The Data Controller also uses a cloud service provided by THRON SpA (“THRON”), which provides an integrated digital asset management (“DAM”) solution. THRON centrally and, therefore, more efficiently manages DAINESE's digital assets, which are available and/or published simultaneously on multiple web channels, and obtains statistics regarding user use and consultation of the resources managed through it. THRON does not automatically collect personal data identifying users who visit the digital assets managed through the software. However, it does automatically collect the following data: the IP address, operating system, and browser type of the computer or mobile device used, and the URL of the site visited before or after accessing a service integrating the THRON solution. For more information, please consult THRON's privacy policy, available at the following link .

Security measures
DAINESE adopts appropriate security measures  to minimize the risks of destruction or loss, even accidental, of Personal Data, unauthorized access, or processing that is not permitted or does not comply with the purposes of collection.  
Such measures include, for example, the use of authentication credentials (username, password) by those accessing data on behalf of DAINESE, the configuration of authorization profiles aimed at limiting access to only previously authorized legal entities and individuals, periodic review of such authorization profiles, the use of backup and restore procedures, server- and client-level antivirus software updated daily, firewalls, and intrusion prevention software. The email archive is protected by antivirus and anti-spam software. Furthermore, the Site is based on HTTPS technology, which is a protocol for secure communication across a computer network used on the Internet. HTTPS consists of communication via the HTTP (HyperText Transfer Protocol) protocol within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The underlying principle of HTTPS is to achieve: i) authentication of the website visited, ii) protection of privacy, iii) integrity of data exchanged between the communicating parties. The newsletter delivery system is also protected by anti-spam and antivirus software. The data is stored in archives that are backed up daily on media stored in secure locations.
4. Purpose and legal basis of the processing
The  purposes  of the processing are:
  • Satisfying  pre-contractual needs  (e.g., processing our offers or your orders, fulfilling your requests, including sending informational materials, price lists, etc.)  and/or fulfilling contractual obligations  (supply or purchase of goods and/or services, including managing delivery obligations and related logistics and transportation);  the legal basis  for the processing is the need to perform a contract to which the Data Subject is a party or to implement pre-contractual measures at the Data Subject's request (for DAINESE's legitimate interest, which prevails over the Data Subject's interests or rights, in finalizing the contract for the sale of products and services). This legitimate interest also includes the interest in exchanging information with the User, at the User's request, for the purpose of entering into such a contract (e.g., regarding the type and/or characteristics of the products);  
  • fulfillment of legal obligations  (e.g., bookkeeping; tax formalities, administrative and accounting management, etc.);  the legal basis  for the processing is therefore the need to fulfill the aforementioned legal obligations; 
  • Customer and supplier management  for aspects other than those under 1-2 (internal organization of activities related to the active and passive supply of products and/or services, e.g., solvency checks, credit management and risk control (fraud, insolvency, etc.), litigation management and credit assignment, management of financial and insurance services instrumental to supplier management and management of electronic payment instruments, production management, telephone directory management, statistical processing, customer/supplier training regarding products); the legal basis for the processing is our legitimate interest in processing the Data in order to effectively and efficiently manage the relationship with our customers and/or suppliers and to manage the related internal and external organizational processes; 
  • exclusively in relation to products in the D-Air category :
  • Provision of after-sales technical assistance  services  (bag restoration or repair by Dainese or authorized third parties, product firmware updates): as part of this activity, data (including geolocation) may be downloaded and analyzed, and the data may be used—after anonymization—for  research and development purposes .  The legal basis  for processing is  the performance of a contract  to which the Data Subject is a party and, for research and development activities,  Dainese's legitimate interest  in conducting research and development to improve its products.
  • Provision of services for the use of the dedicated  D-Air APP  : data is collected for the purposes of user registration and device activation;  the legal basis  for the processing is  the performance of a contract  to which the Data Subject is a party.
  • Direct marketing ,   i.e., sending commercial and promotional communications and/or direct offers of goods and services via email, text messages, telephone calls, social networks, and/or market research; By law, it will not be necessary to obtain consent to send advertising emails about products and services similar to those already purchased on the Website or in Dainese stores, since in this case the legal basis for processing is our legitimate interest in promoting our business to those who already know us; if the emails do not concern similar products or services,  the legal basis  for processing is the data subject's consent;
  • Profiling  ; for your profiling, we analyze the data you provide us when you use individual services of ours ( for example, name and surname, residence, country of origin, contact language, landline and mobile telephone number, email address ,  entered to request the newsletter or to make purchases of our products and services, or when you register in the reserved area of ​​our website ), also associating them with data from your browsing on the Dainese website and/or on the use of the services provided by the site (e.g., cookies) or data collected through other communication channels (e.g., social media with which you interact, linked from our site). 
  • We aggregate, compare and process data to analyse, including predictively, and/or create groups of individuals divided into market segments based on a minimum set of elements ( e.g. age, gender, country and/or geographical area of ​​origin, contact language, choices relating to the purchase of our products and, in particular, items, dates and aggregate and average amounts of purchases and any failed purchases of our products added to the cart of our Sites detected through the functionality of the same; n.b. the type of products analysed concerns the limited product sector of clothing and accessories for motorcyclists ; user response actions to DEM  or instant messaging  campaigns (opening our email and/or instant messaging message, opening links contained in email and/or instant messaging message, adhering to the call to action proposed via email and/or instant messaging used for email and/or instant messaging campaigns addressed to subjects identified by name by us, and for Google and Facebook advertising campaigns addressed to persons not identified by name by us  , preferences on our product categories;  in such cases we refer to the “ Basic ” profiling as a whole, up to more advanced profiles based on online behavior (other than failure to purchase our products, e.g. pages visited or content clicked on our site and related duration or frequency of visits or clicks, websites or other online channels of origin, types of devices and browsers used to access our website, products viewed on our site and related duration and frequency of viewing, advertising cookies; in such cases we refer to the “ Advanced ” profiling). 
  • This activity has a dual purpose: to better understand current and potential customers, both as groups and as individuals, and to analyze the effectiveness of marketing channels and content to develop and update products, services and offers in line with the preferences and behaviors of our targets and use the most suitable promotional channels.  
  • Profiling therefore aims to align the services and goods we offer with current and potential demand, measure the results of specific promotions, take corrective actions aimed at improving business results (e.g., reducing the risk of investing resources in thematic areas that are marginal to the target audience) and the effectiveness of commercial processes  (e.g., determining how many promotional messages and content we've sent you via email or instant messaging have been viewed and clicked by you ), and limit the sending of promotional communications that are irrelevant to your likely expectations and needs or through unwanted channels. This means that we don't send the same offers to all interested parties and will be able to send you advertising communications that are as relevant as possible to your tastes, interests, or preferences, or through your preferred contact methods, thus improving your shopping experience, even to your own advantage.  
  • Furthermore, if you consent to Advanced profiling, or even without your consent in the case of Basic profiling, we use the data obtained from the relevant analysis to develop advertising re-targeting criteria that we communicate to social media to advertise services and products on social media i) to other people who have a profile similar to yours and who therefore may be most interested in what is offered (we do not know the names of these people), or ii) to named interested parties. 
  • Profiling does not exclude you from specific benefits or from the ability to freely exercise your rights regarding the personal data we process; in particular, it does not affect the data subject's ability to use our standard services (e.g., online pre-registration, purchasing services).  
  • The legal basis  for profiling processing, for BASIC profiling, is our legitimate interest in maintaining a basic profile to limit marketing efforts to the topics of greatest interest to the user, as well as to re-send the user's shopping cart if they fail to make a purchase. For Advanced profiling, the legal basis is the prior consent given to Dainese by the data subject (or by third parties if they are the ones obtaining the data subject's consent).
Does the data subject's consent to processing for profiling and direct marketing purposes also apply to the disclosure of data to third parties? 
The communication of data by DAINESE to third parties for direct marketing purposes may be intended, depending on the case, to other companies within the Group or to third parties who, within the scope of  the same shared marketing activities  and/or within the scope of the same processing for direct marketing purposes (e.g. in relation to co-branded marketing initiatives), collaborate with DAINESE, or are  contractually delegated to transmit commercial communications to the interested party  and/or  to process the data received  for marketing purposes  on behalf of the Data Controller .
In the aforementioned two cases, the third-party recipients of the data, since they are designated in writing as "external data processors" by DAINESE, may process the data on behalf of DAINESE based on the same specific marketing consent (including the consent to communication to third parties for such purposes) already granted to DAINESE. 
Conversely, consent to data processing for marketing purposes provided by the data subject to DAINESE does not automatically legitimize the  communication or transfer of data by DAINESE to third parties who process them as joint controllers or independent controllers  (i.e., other than as an external data processor)  (as a rule, this only occurs with third-party partners who intend to use the data independently for profiling and/or direct marketing purposes). Therefore, to proceed with such communication to third parties, DAINESE must obtain further  , separate, additional , documented, express, and also optional consent from the data subject.
5. Duration of treatment
Personal Data will be retained in a form that permits the identification of the User for the time strictly necessary for the purpose for which the data was collected and subsequently processed and, in any case, within the limits of the law, as follows. 
Personal browsing data is processed for the time necessary to ensure navigation and technical interaction between the user and the Site; this period coincides with the duration of a  single  browsing session. 
a) in the  pre-contractual phase , for the time necessary to process the interested party's requests received by the Company (e.g., opening a warranty service ticket) and to track and manage the success of the responses sent by the Company to the interested party; this duration is limited to  24 months  from the date of collection of personal data; 
b) in relation to any  contract  stipulated with the interested party, for the entire duration of the same (in particular, as a minimum, for the  2 years  of ordinary guarantee pursuant to the Consumer Code); 
c)  After the termination of the contractual relationship  established with the interested party, personal data will be processed to fulfill all legal obligations related to the terminated contractual relationship and in any case until the expiration of the civil term for the action for compensation for damages to which the interested party is entitled pursuant to art. 2946 of the Italian Civil Code (for  10 years  from the termination of the contract).  
Personal data will be processed for  IT security purposes  (e.g., recording, storing, and analyzing logs of electronic and telematic events triggered by the User through interaction with the Site's features and/or sending emails to DAINESE). Data will be retained for a period of time sufficient to complete appropriate security checks and evaluate their results (18 months from the date of collection), or, in the event of any anomalies detected, for the time necessary to resolve them using appropriate solutions. 
In the event of a  judicial or extrajudicial dispute  with the interested party and/or third parties, the data will be processed for the time strictly necessary to exercise the full protection of the Data Controller's rights (i.e., until a judicial or extrajudicial settlement or a final judgment has exhausted the dispute). 
In the case of processing for  Marketing Purposes , the duration is as follows: 
a) in the case of basic profiling, the processing, being based on DAINESE's legitimate interest in using the results to plan, implement and verify the effectiveness of direct marketing campaigns based on the same, will last until the interested party objects; 
in the case of advanced profiling, based on the prior specific consent of the interested party, the processing will take place for the shorter of 3 years and the date of any early revocation of consent by the interested party;  
- for direct marketing purposes  , processing will last for different periods depending on whether it is based on DAINESE's legitimate interest (so-called soft spam towards customers) or on the data subject's consent; in the former case, it will last until the data subject objects, while in the latter case, it will last until the previous consent is revoked.  
In the event that DAINESE collects and records logs derived from actions through which the user of the DAINESE website expresses his or her consent or refusal to the processing of data for direct marketing purposes and any advanced profiling (e.g., clicking on online fields, filling in flags, continuing browsing after viewing a cookie banner, and the like), the relevant retention will continue for the time necessary to demonstrate to the supervisory authorities the content of the relevant declaration of intent. 
After the aforementioned period, DAINESE undertakes to permanently delete the Personal Data from its electronic archives. Alternatively, they reserve the right to anonymize the data at any time, in which case the privacy regulations will no longer apply.
6. What happens if you do not provide DAINESE with your personal data?
From time to time, during your interaction with DAINESE, we will inform you whether providing Personal Data to DAINESE is mandatory or optional. Providing Personal Data to DAINESE for the respective Commercial Purposes (in particular, your personal details, your email or postal address, your credit/debit card and bank details, and your telephone number) is necessary for the pursuit of the same.
Any refusal to provide DAINESE with certain Personal Data necessary for these purposes may therefore make it impossible to respond to pre-contractual requests for information on our products and services, enter into and/or execute the purchase contract for products and services on the Site, or correctly fulfill the related legal and regulatory obligations. 
 Providing additional Personal Data, other than the mandatory ones, is optional and does not entail any obligation, disadvantage, or consequence for the User relating to the purchase of products or services on the Site. 
Providing Personal Data for Marketing Purposes, or the data subject's consent where required by law for the lawfulness of processing, is always optional and—except as otherwise specifically indicated in our  Cookie Policy  regarding DANIESE's use of cookies and other similar identifiers such as pixels or tags—is generally connected to the User's registration process on the Site. Failure to provide such data, or failure to consent to processing for Marketing Purposes, will not have any detrimental consequences on the purchasing process, which will therefore continue as normal. It will merely make it impossible to complete the respective registration and therefore benefit from DAINESE services such as newsletters, general or personalized commercial offers, and/or access to reserved promotional areas, where direct marketing activities take place from time to time.
7. To whom we disclose Personal Data
Personal Data may be made available to third-party companies that perform specific services on behalf of DAINESE, acting as Data Processors, or disclosed to other third parties who process the data independently, solely to allow the conclusion and/or execution of the purchase contract for products on the Site and only when such purpose is not incompatible with the purposes for which the Personal Data was collected and subsequently processed and, in any case, in compliance with the law. 
Specifically, DAINESE uses suppliers who provide after-sales service, as further described in the Site's Terms of Sale, which can be found at the following  link . DAINESE also uses carriers and couriers (UPS, DHL, etc.) or logistics service providers to carry out shipping, who will process Users' personal data solely for the purpose of completing the service entrusted to them. 
The data may also be communicated to: 1) banks, electronic money institutions, or other entities authorized to perform remote electronic payment services, via credit/debit card or through features made available via mobile devices; 2) insurance companies (for transportation insurance coverage; 3) other companies, entities, and/or individuals who perform activities that are instrumental, supportive, or functional to the execution of the contracts or services requested by you (e.g., companies responsible for managing the Website, companies that provide maintenance and assistance in relation to the Data Controllers' databases).  
Personal Data is communicated to accountants, lawyers and law firms, auditing firms and/or auditors, who carry out, in various capacities, based on the directives previously issued by DAINESE, the activities necessary to ensure compliance with legal obligations relating to the sale of goods and services through the Site.  
Personal Data may be disclosed to the police or judicial authorities, in accordance with the law and upon formal request by such entities, for example, in the context of anti-fraud services, or even in the absence of a specific request, for compliance with tax obligations (e.g., the Italian Revenue Agency). For Marketing Purposes, DAINESE also discloses Personal Data to third-party companies that are external data processors: marketing and advertising agencies, hosting service providers, website development and management companies, web marketing companies, electronic communications and ICT service providers; and third-party commercial partners—even those operating in production sectors not included in the e-shop, such as those in the automotive sector—with whom DAINESE engages in co-marketing or event management activities.  
In the event of accidents involving DAINESE's product liability, personal data may be disclosed to third parties responsible for managing the related claim (e.g., law firms, but also technicians, insurance companies that provide the relevant insurance policy activated in relation to the claim itself). 
In the event of a sale to a third party of the company or business unit to which the Site belongs, the user's personal data will automatically be transferred to the buyer. In the event of a sale to a third party of a controlling interest in DAINESE's share capital, the personal data may be disclosed to the buyer(s). 
Personal Data  will not be disseminated, i.e. made available to an uncontrolled number of third parties.
8. Social network features and joint data controllership
Our website may use social media features, such as the Facebook "Like" button, the "Tweet" button, and other sharing widgets ("Social Media Features"). Social Media Features may allow you to post information about your activities on the DAINESE website on external platforms and social media. Social Media Features may also allow you to "like" or highlight information we've posted on the DAINESE website or on DAINESE's official social media pages.  
Social Network Features are hosted by each respective social media platform or directly on our website. To the extent that Social Network Features are hosted by the platforms themselves and you click on them from our website, the platform may receive information indicating that you have visited our sites.  
If you are logged in to your social media account, the respective social network may be able to link your visit to our website to your social media profile. DAINESE acts as joint data controller pursuant to Art. 26 of the GDPR, solely with respect to the collection on our website and the automatic transmission to social media platforms of personal data of users of our website, whether registered with those social media platforms or not. 
 With regard to its Facebook pages https://www.facebook.com/dainese and Instagram https://www.instgram.com/dainese, DAINESE is joint controller of the statistical data together with Facebook Ireland Limited (“Facebook Ireland”). 
 DAINESE may also share certain data (name, surname, email) with third-party social media platforms (e.g., Facebook, Google), which use it for the sole purpose of identifying other people similar to the user who may be interested in DAINESE services and/or products, in order to advertise them through social media platforms. Further information on DAINESE's remarketing policies (so-called behavioral advertising) can be found in our Cookie Policy. 
Your interactions with the Social Network Features are governed both by this information notice (limited to the processing as above in joint ownership) and by the functionality (for any aspect of the processing of personal data not included in the aforementioned joint ownership regime).

9. Data transfer abroad
Personal data will be processed primarily in Italy and in foreign countries where other Dainese group companies are based. Part of the processing may take place in foreign countries, within or outside the EU, to the extent that DAINESE transfers data to suppliers with data centers or offices therein (for example, for the technical management of this website and its database, the technical operation of the website, or for the management of direct marketing and profiling activities related to it in various ways).  
In particular, Personal Data will be transferred abroad to companies belonging to the Dainese Group (the list of which is available on the Website), as well as, if this is necessary for the pursuit of Commercial or Marketing Purposes, only to non-EU countries that ensure adequate levels of protection in accordance with the relevant decisions of the EU Commission, or, in the absence of such specific decisions, only after DAINESE and said entities have entered into specific contracts for Marketing Purposes, containing adequate safeguard clauses for the protection of Personal Data by the foreign entity receiving the personal data, in accordance with applicable legislation and in particular, at a minimum, with the relevant standard texts approved by the EU Commission (so-called Standard Contractual Clauses or “SCCs”). 
The cloud providers based or based in data centers outside the EU used by DAINESE are the following:
  • SHOPIFY Inc. , located at 151 O'Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada, provides e-commerce services for TCX branded products and services. For Salesforce Inc.'s privacy policy, see  https://shopify.com/legal/privacy .
  • Shopify Inc. is a company registered with the competent American body under the EU-US “Privacy Shield” convention. 
  • SALESFORCE Inc. , located at The Landmark @ One Market Street, Suite 300, San Francisco, California 94105, USA, provider of the e-commerce service called SALSERFORCE COMMERCE relating to DAINESE branded products and services. For Salesforce Inc.'s privacy policy, see the URL:  https://www.salesforce.com/it/company/privacy/ .
  • Salesforce is a company registered with the competent American body under the EU-US convention called “Privacy Shield”. 
  • SugarCRM Inc. , located at  10050 N Wolfe Road, SW2-130 Cupertino, 95014 CA – California (USA), is a CRM (“customer relationship management”) service provider. For SugarCRM Inc.'s privacy policy, see the URL:  https://www.sugarcrm.com/legal/privacy-policy . 
  • SugarCRM Inc. is a company registered with the competent American body under the EU-US convention called “Privacy Shield”.
  • HubSpot Inc. , headquartered in Cambridge, Massachusetts, USA, provides CRM (customer relationship management), DEM (sending promotional emails and newsletters), lead acquisition/web forms, and landing pages. For HubSpot Inc.'s privacy and cookie policy, see https://legal.hubspot.com/product-privacy-policy  and  https://knowledge.hubspot.com/articles/kcs_article/account/hubspot-cookie-security-and-privacy  . HubSpot Inc. is registered with the competent American body under the EU-US Privacy Shield agreement; 
  • Aircall SAS , located at 11-15, rue Saint Georges, 75009 Paris, provides the VoIP telephony service used by customer services. Aircall transfers data to the USA. For the privacy policy, see the URL  https://aircall.io/privacy/  
  • YotPO  , located at 400 Lafayette St, New York, NY, USA, is the provider of the review collection service. For the privacy policy, see the URL  https://www.yotpo.com/yotpo-privacy-guide/  
  • OneTrust,  headquartered in London (co-headquarters) at Dixon House, 1 Lloyd's Avenue, London, EC3N 3DQ, United Kingdom, provides the review collection service. For the privacy policy, see  https://www.onetrust.com/privacy/  
  • Facelift,  located at Gerhofstr. 19, 20354 Hamburg, serves as a service provider for optimizing social media management. Facelift transfers data to the USA. For the privacy policy, see the URL  https://facelift-bbt.com/en/data-privacy-policy  
  • Microsoft Corporation  with headquarters at 1 Microsoft Way, Redmond, WA – Washington 98052, USA, as provider of the individual productivity cloud application service “Microsoft 365” and/or Microsoft TEAMS video conferencing used in the management of the pre-contractual or contractual relationship with the interested party.
  • In particular, as indicated in Annex 1 to the Online Services Terms of Use, with reference to the 365 Service, Microsoft undertakes to store the inactive Company Data processed by DAINESE as follows: “ if the Company provisions its tenant (…) in the European Union, Microsoft will store the following Inactive Company Data only within that Geographic Area: (1) the content of the Exchange Online mailbox (email body, calendar entries and content of email attachments), (2) the content of the SharePoint Online site and the files stored on that site and (3) the files uploaded to OneDrive for Business .” Therefore, for such data, no transfer to the USA takes place or the transfer is purely occasional. See Microsoft’s policy at URL:  https://docs.microsoft.com/en-us/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide , and Microsoft’s privacy policy at URL:  https://privacy.microsoft.com/en-us/privacystatement .
  • However, it is possible that other inactive data processed by DAINESE, in particular different from that indicated above, may be transferred from the EU to the USA for the service in question and that their transfer may be non-occasional.
The risk that, in certain exceptional situations, US public authorities, pursuant to applicable US legislation (e.g., Article 702 of the FISA and Executive Order EO 12333), may access personal data transferred by DAINESE to the US for the sole purpose of national security, cannot be absolutely ruled out. However, based on a specific analysis of the matter conducted by DAINESE in accordance with the "Schrems II" ruling of July 17, 2020, by the ECJ and the relevant Guidelines of the European Data Protection Board (EDPB), the possibility that the aforementioned public authorities have a genuine interest in carrying out such access and further processing (of which the provider may by law not notify DANIESE and/or the data subject) appears entirely remote, given: i) DAINESE's specific core business; ii) the limited types of personal data it processes; and iii) the limited categories of data subjects to whom the data refers.  
Therefore, the Company believes that the aforementioned CCS guarantee protection of data subjects' rights substantially equivalent to that provided by the GDPR. DAINESE will communicate any additional measures adopted to data subjects. 
DAINESE also carries out constant monitoring in order to identify its suppliers with headquarters or data centers in the USA and to verify that the transfer of data to them is based on adequate legal bases provided for by the GDPR.
When data is transferred outside the EU for reasons other than Marketing Purposes, the legal basis for the transfer is also DAINESE's legitimate interest in executing the contract with the data subject or a contract stipulated by DAINESE with third parties on behalf of the data subject or in fulfilling the relevant legal obligations.
10. Minors
This Site and the Data Controller's Services are not intended for minors under the age of 16, and the Data Controller does not intentionally collect personal information from minors. If information about minors is inadvertently recorded, the Data Controller will promptly delete it upon request.
11. The rights of the interested parties
Please be informed that the interested party will have the right to: 
  • ask the Data Controller to confirm whether or not personal data concerning him or her is being processed, and, where that is the case, to obtain access to  the personal data;
  • Obtain  clear and concise information  regarding the following: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. 
  • where personal data are  transferred  to a third country or to an international organisation, the data subject shall have the right to be informed of the existence of  appropriate safeguards  relating to the transfer; 
  • request, and obtain without undue delay, the  rectification  of inaccurate data; taking into account the purposes of the processing, the integration  of incomplete personal data, including by providing a supplementary statement; 
  • Request the  erasure  of your data if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and there is no other legal basis for the processing; c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to processing for direct marketing purposes (including profiling for such direct marketing); d) the personal data have been unlawfully processed; e) the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; f) the personal data were collected in relation to the offer of information society services. Deletion from the DAINESE database
  • Request  restriction  of processing concerning the data subject where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires the personal data for the establishment, exercise or defense of legal claims; d) the data subject has objected to processing for direct marketing purposes, pending the verification whether the legitimate grounds of the controller override those of the data subject. 
  • obtain from the data controller, upon request,  communication of the third-party recipients  to whom the personal data have been transmitted;
  • Revoke your consent at any time  to the processing of your personal data, if previously provided, for one or more specific purposes. It is understood that this will not affect the lawfulness of processing based on consent given before its revocation.
  • In particular,  to revoke the consent previously given to DAINESE, the interested party can send a specific request in one of the following ways: i) by following the cancellation instructions indicated at the bottom of each email message, or ii) by sending an email to privacy@dainese.com containing the request.
  • receive the personal data concerning the data subject, which he or she has provided to the Data Controller, in a structured, commonly used, and machine-readable format and, if technically feasible, to have that data transmitted directly to another data controller without hindrance from the Data Controller to whom the personal data were provided, if the following (cumulative) condition applies: a) the processing is based on the data subject's consent for one or more specific purposes, or on a contract to which the data subject is party and for whose performance the processing is necessary; and b) the processing is carried out by automated means (software) (collective right to " portability "). The exercise of the right to portability is without prejudice to the right to erasure provided above;
  • The data subject has the right  not to be subject to a decision based solely on automated processing , including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Automated decision-making does not currently occur on our websites or services.
  • The interested party may also lodge a complaint at any time   with the competent supervisory authority under the GDPR (that of his or her place of residence or domicile). 
How to exercise your rights

You can exercise the aforementioned rights, as well as obtain a list of the data controllers and independent third-party data controllers to whom DAINESE has disclosed your data, or receive further information on how DAINESE processes Personal Data, by sending an email to  privacy@dainese.com  or by writing to the postal address of DAINESE SpA, Via Louvigny n. 35 – 36064 – Colceresa (VI) - Italy. 
We aim to respond to all legitimate requests within one month, unless otherwise required by law, and will contact you if we need more information to process your request or verify your identity. In some cases, it may take longer than a month, given the complexity and number of requests we receive. 
Some registered users can update their user settings and profiles, organization settings, and event registrations by logging into their accounts and editing their settings or profiles.
12. Data Controller, Data Protection Officer. Contact details
The data controller of Users' personal data is  DAINESE SpA,  with registered office in Via Louvigny n. 35 – 36064 – Colceresa (VI) - Italy, Tax Code and VAT number 03924090248.  
In order to monitor Dainese's compliance with the GDPR and applicable laws regarding the processing of personal data, Dainese has appointed an independent third party as Data Protection Officer:  Luca De Muri,  an attorney based at the company's headquarters and reachable at privacy@dainese.com.
13. Changes and updates to the privacy policy
DAINESE may modify or simply update this Privacy Policy, in whole or in part, at any time, also in light of changes to laws or regulations protecting your rights. The latest version of the Privacy Policy is listed at the bottom of this document, which applies to the processing of Personal Data from the date indicated therein. Changes and updates to the Site's Privacy Policy will be effective as soon as they are published on the Site, in this section. Users will receive email notification of any changes to this Privacy Policy. In any case, you are required to regularly access this section to verify the publication of the most recent and updated Site's Privacy Policy. 
Version 3 of November 15, 2021