Club del Sole Group deems the protection of personal data of outmost importance
All data will be processed by Club del Sole S.r.l., the operational holding company of the Club del Sole Group, and by the independent data controllers listed below, on the basis of the principles of adequacy, proportionality and transparency.
In this dedicated section you can find information and notes to find out more details on how your personal data are processed and what your rights are.
HOW WE PROCESS PERSONAL DATA
As of May 25, 2018, the new European Regulation on the Protection of Personal Data No. 679/2016, also known as GDPR (General Data Protection Regulation) has entered into effect together with Legislative Decree No. 101/2018, amending Legislative Decree No. 196/2003 (Privacy Code).
Below you will find our privacy policies on the processing of personal data:
HOW USERS CAN EXERCISE THEIR RIGHTS
To exercise the rights associated to the processing of personal data, and specified in the privacy policies, all users may submit a request to the following address: privacy@clubdelsole.com.
To cancel a newsletter subscription and/or unsubscribe from promotional communications, all users shall follow the instructions detailed in the last promotional e-mail received or send an e-mail from the e-mail address associated with the account from which they wish to stop receiving newsletters and/or promotional communications to privacy@clubdelsole.com specifying: First name, last name and including the word “STOP” in the subject line. After receiving the email, we will promptly stop sending newsletters and promotional communications to the sender’s email address.
PREMISES
This is our privacy policy concerning the so-called processing of personal data offline, meaning data not acquired via the digital systems offered by the Club del Sole Group.
The national and international regulations on the protection of personal data require that the data subjects are informed about the personal data being processed, the party that will process them and the rights that are granted to them to guarantee that the processing is proper and clear.
The privacy policy is provided taking into account the combined provisions of the following regulations:
The Data Controller is Club Del Sole S.r.l., with registered office in Via Biondini 27, 47121, Forlì (FC), tax code and VAT No. 04205530407, as well as the additional and independent data controllers listed on the list found at the bottom of the off-line privacy policy.
The DPO, Data Protection Officer, is the entity defined by the Regulation as having the task to support the data controller(s), data supervisors and persons in charge of the data processing to safeguard the data and manage risks according to the principles and instructions of the European Regulation as well as the Authority for the protection of personal data.
The Data Protection Officer, appointed by the Data Controller, can be contacted by e-mail at the following address: dpo@clubdelsole.com.
In order to apply the regulations listed above, the processing of personal data means any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other way of making available, comparison or interconnection, restriction, deletion or destruction of the data.
The personal data will be processed by the independent data controllers for the following purposes:
a. Answering requests received:
b. Purchasing products or services:
c. Participation in contests, commercial initiatives, prize shows, and loyalty systems (on the initiative of the data subject):
d. Sending of informative and promotional material (direct marketing), e.g. mailing lists, special offers, newsletters, etc:
e. Analysing of consumption habits and choices (profiling), carrying out market researches (surveys and analysis on customer satisfaction):
f. Administrative, managerial and for the fulfilment of legal obligations, regulations or orders of the Authorities (e.g. bookkeeping, tax requirements, administrative and accounting management, etc.) or by contract.
g. Preventing, ascertaining and pursuing illicit conducts:
h. Multimedia Products Creating and Using (ex. Photo and video):
Unless otherwise specified, the duration of the processing for each purpose will take place as long as it is necessary for the Data Controller to carry out the activities related to them. In case of revocation of consent or termination for any reason of the mandatory/contractual relationship shown below or termination of the legal obligations concerning the specific processing, the personal data will be stored by the Data Controller to prove fulfilment of its obligations, until the expiry of the rights arising from them occurs.
The personal data processed are as follows:
If the data subject provides the Data Controller with data that can be qualified, according to art. 9 of the Regulation, as “special categories of personal data”, such as data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sex life or sexual orientation, this category of data will be processed by the Data Controller in order to fulfil the request received. Any additional processing of the special categories of data by the Data Controller will be carried out only with prior and explicit consent or by virtue of a legal obligation, in any case in accordance with the principles of proportionality, adequacy and transparency.
The personal data may be shared, for the above purposes, with:
For further information on the entities operating as Data Protection Officers, it is possible to send a written request to the Data Controller.
Some of the personal data are shared with recipients who may be located outside the European Economic Area (EEA). The Data Controller ensures that the processing of personal data by these recipients takes place in compliance with the Regulation. In fact, transfers may be based on an adequacy decision or Standard Contractual Clauses approved by the European Commission. More information is available at the Data Controller.
The Data Controller may adopt an automated decision-making process for the processing of personal data, including profiling, referred to in Article 22 of the Regulation. In this case, specific information will be provided to the data subject, given that more information may be requested at the Data Controller.
The purposes of the processing mentioned above are generally addressed to adult data subjects.
The Data Controller will not be in any case liable for any collection of personal data, as well as false statements, provided by persons under 18 years of age, and in any case if the use of such data is detected, the Data Controller will facilitate the right of access and deletion forwarded by the guardian, custodian or those exercising parental authority.
Without prejudice to the fulfilment of the legal obligations, the processing of personal data belonging to minors for fulfilling contractual obligations will take place on the basis of the necessary authorizations of those who exercise parental authority and/or legal guardianship.
By introducing a minor to an adequately reported public event, guardian, custodian or those exercising parental authority is aware that images or videos of the minor may also be collected.
According to the applicable legislation, specific rights are granted to the data subjects, such as:
In addition to the rights listed above, as a data subject and within the limits of what is established by the Regulation, it will also be possible to exercise the rights of limitation of the processing, opposition to it and the right to portability according to art. 20 of the Regulation.
On the basis of the Privacy Code and Regulation, the data subjects will be able to file actions to protect their rights before the Privacy Authority or any jurisdictional Authority (the so-called complaint, according to art. 77 and 79 of the Regulation). Finally, we inform you that to the extent that it will be considered applicable to the processing of data, the data subjects may exercise the right to withdraw their consent to the processing of data by notifying the Data Controller.
In order to request to be unsubscribed from newsletters and/or promotional communications, the data subjects can follow the instructions contained in the last promotional e-mail received or send an e-mail from the e-mail address on which they wish to stop receiving newsletters and/or promotional communications to privacy@clubdelsole.com specifying: First name, last name and including the word “STOP” in the subject line. After receiving the email, the Data Controller will promptly stop sending newsletters and promotional communications to the sender’s email address.
In order to exercise the above rights, the data subjects may contact the entities listed below:
The Data Controller reserves the right to amend and/or supplement this Privacy Policy at any time and undertakes to publish the amendments on its websites and application systems online in the Privacy section and/or to inform Clients according to the methods deemed most appropriate.
LIST OF INDEPENDENT DATA CONTROLLERS
The following list contains the identification data of the additional independent data controllers of Club del Sole S.r.l..
PREMISES
This is our privacy policy concerning the so-called processing of personal data online, meaning data acquired via the digital systems offered by the Club del Sole Group (e.g. websites, apps, wi-fi, software applications, etc.).
The national and international regulations on the protection of personal data require that the data subjects are informed about the personal data being processed, the party that will process them and the rights that are granted to them to guarantee that the processing is proper and clear.
The privacy policy is provided taking into account the combined provisions of the following regulations:
The Data Controller is Club Del Sole S.r.l., with registered office in Via Biondini 27, 47121, Forlì (FC), tax code and VAT No. 04205530407, as well as the additional and independent data controllers listed on the list found at the bottom of the on-line privacy policy.
The DPO, Data Protection Officer, is the entity defined by the Regulation as having the task to support the data controller(s), data supervisors and persons in charge of the data processing to safeguard the data and manage risks according to the principles and instructions of the European Regulation as well as the Authority for the protection of personal data.
The Data Protection Officer, appointed by the Data Controller, can be contacted by e-mail at the following address: dpo@clubdelsole.com.
In order to apply the regulations listed above, the processing of personal data means any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other way of making available, comparison or interconnection, restriction, deletion or destruction of the data.
The personal data will be processed by the independent data controllers for the following purposes:
a. Respond to requests received via Club Del Sole Group’s digital systems:
b. Purchasing products or services:
c. Registration to reserved areas of the digital systems
d. Participation in contests, commercial initiatives, prize shows, and loyalty systems(on the initiative of the data subject):
e. Sending of informative and promotional material (direct marketing), e.g. mailing lists, special offers, newsletters, etc:
f. Analysing of consumption habits and choices (profiling), carrying out market researches (surveys and analysis on customer satisfaction):
g. Administrative, managerial and for the fulfilment of legal obligations, regulations or orders of the Authorities (e.g. bookkeeping, tax requirements, administrative and accounting management, etc.) or by contract.
h. Preventing, ascertaining and pursuing illicit conducts:
Unless otherwise specified, the duration of the processing for each purpose will take place as long as it is necessary for the Data Controller to carry out the activities related to them. In case of revocation of consent or termination for any reason of the mandatory/contractual relationship shown below or termination of the legal obligations concerning the specific processing, the personal data will be stored by the Data Controller to prove fulfilment of its obligations, until the expiry of the rights arising from them occurs.
The personal data processed are as follows:
The data subject may also send to the Data Controller data that can may qualified, pursuant to art. 9 of the Regulation, as “special categories of personal data”, meaning data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or sex life or sexual orientation. This category of data will be processed by the Data Controller in order to process the request received. Any additional processing of the special categories of data by the Data Controller will be carried out only with prior and explicit consent or by virtue of a legal obligation, in any case in accordance with the principles of proportionality, adequacy and transparency.
Additional types of data processed are the following:
The personal data may be shared, for the above purposes, with:
For further information on the entities operating as Data Protection Officers, it is possible to send a written request to the Data Controller.
Some of the personal data are shared with recipients who may be located outside the European Economic Area (EEA). The Data Controller ensures that the processing of personal data by these recipients takes place in compliance with the Regulation. In fact, transfers may be based on an adequacy decision or Standard Contractual Clauses approved by the European Commission. More information is available at the Data Controller’s office.
The Data Controller may adopt an automated decision-making process for the processing of personal data, including profiling, referred to in Article 22 of the Regulation.
In this case, specific information will be provided to the data subject, given that more information may be requested at the Data Controller.
The purposes of the processing mentioned above are generally addressed to adult data subjects.
According to the legislation in force, IT services such as newsletter subscription (direct marketing), profiling and online chat can only be used by those who are at least 16 (sixteen) years old.
The Data Controller will not be in any case liable for any collection of personal data, as well as false statements, provided by persons under 18 years of age, and in any case if the use of such data is detected, the Data Controller will facilitate the right of access and deletion forwarded by the guardian, custodian or those exercising parental authority.
Without prejudice to the fulfilment of the legal obligations, the processing of personal data belonging to minors for fulfilling contractual obligations will take place on the basis of the necessary authorizations of those who exercise parental authority and/or legal guardianship.
According to the applicable legislation, specific rights are granted to the data subjects, such as:
In addition to the rights listed above, as a data subject and within the limits of what is established by the Regulation, it will also be possible to exercise the rights of limitation of the processing, opposition to it and the right to portability according to art. 20 of the Regulation.
On the basis of the Privacy Code and Regulation, the data subjects will be able to file actions to protect their rights before the Privacy Authority or any jurisdictional Authority (the so-called complaint, according to art. 77 and 79 of the Regulation). Finally, we inform you that to the extent that it will be considered applicable to the processing of data, the data subjects may exercise the right to withdraw their consent to the processing of data by notifying the Data Controller.
In order to exercise the above rights, the data subjects may contact the entities listed below:
In order to request to be unsubscribed from newsletters and/or promotional communications, the data subjects can follow the instructions contained in the last promotional e-mail received or send an e-mail from the e-mail address on which they wish to stop receiving newsletters and/or promotional communications to privacy@clubdelsole.com specifying: First name, last name and including the word “STOP” in the subject line. After receiving the email, the Data Controller will promptly stop sending newsletters and promotional communications to the sender’s email address.
The Data Controller reserves the right to amend and/or supplement this Privacy Policy at any time and undertakes to publish the amendments on its websites and application systems online in the Privacy section and/or to inform Clients according to the methods deemed most appropriate.
LIST OF INDEPENDENT DATA CONTROLLERS
The following list contains the identification data of the additional independent data controllers of Club del Sole S.r.l..