FAST INTERNATIONAL SHIPPING, WITH FREE SHIPPING OVER €150

FAST INTERNATIONAL SHIPPING, WITH FREE SHIPPING OVER €150

 

Policy Privacy

Data Protection Information Notice to Users

Triboo Digitale S.r.l., with registered office in Viale Sarca 336, Edificio 10, 25124 Milan, VAT no. / Tax Code and Milan Business Register Enrolment No. IT02387250307 (hereinafter also “Triboo”) and Good Goods Merch, LLC, 5000 N. Pkwy Calabasas, #200, Calabasas, CA 91302 hereinafter the “Partner” and, together with Triboo the “Data Controllers”), in their capacity as joint Data Controllers of the processing of the personal data of users, (hereinafter the “Users”) who browse and exploit the services available on https://belairathletics.com/ ((hereinafter the “Website” and the “Services”) hereby provide the Information Notice under art. 13 of Regulation (EU) 679/2016 of  27 April 2016 (hereinafter, “Regulation”, or also the Data Protection Law”).

This privacy policy (“Privacy Policy”) sets out the types of personal data the Data Controllers collect when Users access and visit the Website and how the Data Controllers may manage and use that data.

The Joint Data Controllers have entered into an arrangement which governs their processing of User Personal under this Privacy Policy. The essence of this arrangement between the Data Controllers is as follows:

This Website and Services are reserved to individuals who are eighteen years of age and over. The Data Controllers do not collect personal data relating to persons under 18 years of age. At the request of the Users, the Data Controllers shall promptly erase all personal data involuntarily collected and related to persons under 18 years of age.

The Data Controllers are committed to ensuring the right to privacy and protection of personal data of its Users. For any further information related to this privacy notice, Users may contact the Data Controller at any time, using the following methods:

For Triboo:

For the Partner:

Users can also contact the Data Protection Officer (DPO) designated by Triboo, at the address provided below: lapo.curinigalletti@triboo.it

The Partner has not identified a Data Protection Officer (DPO), as it is not subject to the obligation of designation provided for by Article 37 of the Regulation.

The Data Controllers reserve the right to revise or amend this Privacy Policy at any time to reflect changes to their business or changes in the law.  Where these changes are significant, the Data Controllers will endeavour to let Users know. However, it is each User’s responsibility to check this Privacy Policy before each use of the Website.

  1. Purpose of the Processing

The personal data of Users shall be processed lawfully by Triboo pursuant to art. 6 of the Regulation for the following processing purpose:

  1. contractual obligations and provision of the Services, to allow browsing of the Website or to implement the Conditions of Use of the Website, which are duly accepted by the User during the Website registration process and/or during the use of the Services and to fulfil specific User requests. The User data collected by Triboo for the aforementioned purposes include: their name, surname, email address and any personal information of the User that may be voluntarily published. User's personal data shall be used by Triboo for the purpose of ascertaining the identity of the User (also by validation of the email address), hence avoiding possible scams or abusive conduct, and for contacting the User for service reasons only (e.g. sending notifications concerning the Services) and other purposes necessary for Triboo to perform its contract with the User. Except for what is declared elsewhere in this privacy notice, under no circumstances shall Triboo allow access to the personal data of the Users by other Users and/or third parties.
  2. administrative-accounting purposes, or to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and functional activities required to fulfil contractual and pre-contractual obligations;
  3. legal obligations,e. to comply with obligations imposed by a law, authority, regulation or Community legislation;

The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide them will make it impossible for the User to browse the Website, register with the Website and use its Services.

The personal data that are necessary to pursue the processing purposes described in paragraph 1 herein are indicated with an asterisk on the Website registration form.

  1. Other purposes of processing: marketing (sending of advertising material, direct sales and commercial communication)

Where permitted by law (such as where the User provides an optional consent), some personal data of the User (i.e. name, surname, address, email, telephone number) may be processed by the Partner also for marketing purposes (sending advertising material, direct sales and commercial communication), i.e. so that the Partner can contact the User by email, telephone (fixed and/or mobile, with automated calls or call communication systems with and/or without the intervention of an operator) and/or SMS and/or MMS to propose to the User the purchase of products and/or services offered by the Partner and/or by third parties, to present offers, promotions and sales opportunities.

Failure to grant consent shall not in any way compromise the possibility to register with the Website.

 

In case of consent, the User may at any time withdraw the same, submitting a request to the Partner as indicated in paragraph 6 below.

The User can also easily object to receiving further promotional communications by email by clicking on the appropriate link for the withdrawal of consent, which is provided in each email containing the communications. After withdrawing consent, the User shall receive an email from the Partner confirming the withdrawal of consent. If the User intends to withdraw his consent to the sending of promotional communications by telephone, but however continues to receive promotional communications via email, or vice versa, please send a request to the Data Controller in the manner indicated in paragraph 6 below.

The Partner hereby declares that, after exercising the right to withdraw consent pursuant to the sending of promotional communications via email, it is possible that, for technical and operational reasons (e.g. formation of contact lists already completed shortly before receipt by the Partner of the opposition request) the User will continue to receive some further promotional messages for up to 24 hours. Should the User continue to receive promotional messages after 24 hours have elapsed from the moment the consent was withdrawn, please report the problem to the Partner, using the contacts indicated in paragraph 6 below.

  1. Other purposes of processing: newsletter

With the free and optional consent of the User, certain personal data of the User (i.e. name, surname, address, email address) may be processed by the Partner for the purpose of sending newsletters. Therefore, the User will receive a periodic newsletter from the Partner that will contain information in relation to news and promotions on the Website and / or initiatives organised by the Partner.

Failure to grant consent shall not in any way compromise the possibility to register with the Website.

In case of consent, the User may at any time withdraw the same, submitting a request to the Data Controller as indicated in paragraph 6 below.

The User can also easily object to receiving further promotional material by clicking on the withdrawal of consent link, which is provided in each email containing the newsletter. After withdrawing consent, the User shall receive an email from the Partner confirming the withdrawal of consent.

  1. Data processing procedures and retention times

The Data Controllers shall process the personal data of Users using manual and electronic instruments, with logics which are strictly related to the aforementioned purposes, in a way which guarantees the security and confidentiality of such data. 

The personal data of the Users shall be retained for the time strictly necessary to carry out the primary purposes described in paragraph 1 above, or however as necessary for the protection in civil law of the interests of both the Users and Triboo. 

In the cases referred to in paragraphs 2 and 3 above, the personal data of Users shall be retained for the time strictly necessary to carry out the purposes described therein and, in any case, for no more than twenty-four (24) months[1].

  1. Disclosure and dissemination of data

The personal data of the Users may be disclosed to the employees and / or collaborators of the Data Controllers in charge of managing the Website and all aspects of the delivery of Services. Such subjects, who have been duly informed by the Data Controllers under art. 29 of the Regulation, will process the User's data exclusively for the purposes indicated in this privacy notice and in compliance with the provisions of the Data Protection Law. 

The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Data Controllers as "External Data Processors". The Data Controllers takes these relationships seriously and obliges all of their External Data Processors to sign contracts with the applicable Data Controller that clearly set out their commitment to respecting individual rights and complying with Data Protection Law. The Data Controllers use the following categories of External Data Processors: IT and logistic service providers functional to the operations of the Website and/or the Services, outsourcing or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data processors appointed respectively by each Data Controller, submitting a request to the relative Data Controller as indicated in paragraph 6 below.

Furthermore, the personal data of the Users may be disclosed by Triboo, to the extent where the same is necessary and essential in order to execute the contractual obligations, to third parties who are independent data controllers, such as providers of payment services and logistics services necessary for delivery of the goods sold through the Website. These autonomous Data Controllers shall process the User's data exclusively for the purpose of fulfilling the processing of the orders relating to the Services in a correct manner.

The Data Controllers may also disclose Users’ personal data to third parties in the following events:

The Data Controllers may share, just for administrative purposes, as provided for by the Regulation, User personal data with any member of our company group, which means their subsidiaries, ultimate holding company and its subsidiaries provided that it enters into written agreements with these parties to ensure compliance with Data Protection Law.

  1. International Data Transfers

Whenever the Data Controller transfers your personal data out of the European Economic Area (EEA) (together known as the EEA), they ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

If following the UK’s exit from the European Union (“Brexit”), additional protections are required in respect of transfers of personal data from the EEA to the UK and vice versa, then the Data Controllers shall implement them.

Please notice that, in the absence of an adequacy decision or of appropriate, including binding corporate rules, Controllers may transfer your personal data to a third country on one of the following conditions:

(a) you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;

(b) the transfer is necessary for the performance of a contract between the you and the Data Controllers or the implementation of pre-contractual measures taken at the your request;

(c) the transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Data Controllers and another natural or legal person;

(d) the transfer is necessary for the establishment, exercise or defence of legal claims.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

  1. Rights of Data Subjects

Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controllers in the following ways,

for Triboo:

for the Partner:

Triboo shall proceed to comply with the requests of Users relating to the processing referred to in paragraph 1, while the Partner shall proceed to comply with the requests of Users relating to the processing referred to in paragraph 2.

In accordance with the Data Protection Law, the Data Controller hereby declares that Users are entitled to obtain information (i) on the origin of the personal data; (ii) the purpose and processing methods; (iii) the logic used in the case where the data is processed using electronic equipment; (iv) the personal data of the Data Controller and data processors; (v) the persons in charge and the subjects or categories of subjects to whom the personal data may be disclosed or who may become aware of such data. 

Users are always entitled to request:

  1. a) access, updating, rectification or, where interested therein, integration of the data;
  2. b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
  3. c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

Furthermore, Users have:

  1. a) the right to withdraw consent at any time, if the processing is based on their consent;
  2. b) (where applicable) the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic devices), the right to request restriction of processing of personal data and the right to be forgotten);
  3. c) the right to object:
  4. i) partially or completely, for legitimate reasons, to the processing of personal data, despite them being relevant to the purpose of the collection;
  5. ii) partially or completely oppose the processing of your personal data for the distribution of advertising materials or direct sales or for market research or business communication;

iii) where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

  1. d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Supervisor, with headquarters in Piazza Venezia n. 11 - 00187 Roma - Rome (http:www.garanteprivacy.it/).

 

[1]As required by the General Provisions of the Data  Protection Supervisor called the “Fidelity card' and guarantees for consumers. The Data Protection Supervisor’s regulations for the loyalty programmes dated 24 February 2005.