Dear User, Piaggio & C. S.p.A. welcomes you to our web site ("the Website") and invites you to pay attention to the following Notice ("the Notice"), issued pursuant to article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data ("GDPR").
This document contains a description of all the processing carried out by the Data Controller, as defined below, through the Website.
Please note that the Notice only concerns the Website; therefore any web page to which you may be redirected from the Website is deemed to be excluded.
In addition, if you purchase products or use Piaggio services through official Piaggio channels rather than through the Website, at the time of such purchase or use you will be issued with a specific Notice pursuant to art. 13 of the GDPR relating to your personal data processed at that moment.
1. The Data Controller
The Data Controller is Piaggio & C. S.p.A., whose registered office is at Viale Rinaldo Piaggio 25, Pontedera (PI) ("the Data Controller").
The Data Controller has also appointed a Data Protection Officer ("DPO"), whom you may contact directly to exercise your rights and to receive any information concerning the processing of your personal data and/or concerning this Notice, by writing to:
Data Protection Officer – DPO
Viale Piaggio 25
56025 PONTEDERA (PI)
Fax: +39 0587272961
Tel: +39 0587272495
2. The personal data we process
2.1 Browsing data
During their normal operation, the computer systems and software procedures used to operate the Website acquire certain personal data, the transmission of which to the Data Controller is implicit in the use of internet communication protocols.
This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses of the requested resources in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.
This data is used only to obtain anonymous statistical information on the use of the site and to check that it is working correctly; it is deleted after processing. The data could be used to establish responsibility for potential cybercrime against the Website.
2.2 Data provided voluntarily by the user
The Data Controller processes the following personal data provided by you when you fill in the formats (masks) on the Website:
- personal details: such as first name, surname, address, e-mail address;
- company where you work and position.
3. The purposes for which your personal data is processed and the legal basis of processing
The personal data you provide by filling in the various masks on the Website is processed by the Data Controller for the following purposes.
3.1 Provision of services
The Data Controller wishes to process your personal data in order to respond to your requests to receive an e-mail alert each time information on the website are published informations related to:
- Financial calendar
- Financial reports
- Press releases
Nature of the data processing consent: Optional.
Consequences of refusal to allow data processing: Failure to give consent will make it impossible for the Data Controller to meet your requests as described in the first paragraph above.
Legal basis of the processing: Article 6 (1) (b) of the GDPR. It is therefore not necessary to obtain your prior consent to allow processing.
Personal data retention period: Your personal data obtained for these purposes will be processed for the time strictly necessary to comply with your request until you are registered on the website and will be subsequently retained in case of your unsubscription.
4. The methods used to process your personal data
Your personal data will be processed in compliance with the provisions of the GDPR using paper, computer and telematic means, using methods strictly related to the specified purposes and in all cases guaranteeing security and confidentiality in accordance with the provisions of article 32 of the GDPR.
5. Persons to whom your personal data may be communicated or who may become aware of it
To fulfil the purposes described in point 3 above, your personal data will be known by the Data Controller's dependent and quasi-dependent personnel and by its contractors, all acting in the capacity of persons authorised to process personal data.
In addition, your personal data will be communicated and processed by third parties belonging to the following categories:
a) Persons used by the Data Controller to manage the Website
b) Companies that manage the Data Controller's computer system
c) Companies and consultants providing legal and/or financial advice
d) Authorities and supervisory and control bodies, and in general public or private entities with functions relating to public law
e) Persons used by the Data Controller for various reasons to provide the requested service
You have the right to revoke the consent you may have provided at any time. This will make it impossible for the Data Controller to continue to use your personal data for the purpose in respect of which you have refused consent.
In some cases, the persons belonging to the foregoing categories operate in complete autonomy as separate Data Controllers; in others, they operate as Data Processors specifically appointed by the Data Controller in compliance with article 28 of the GDPR.
A complete and updated list of the persons to whom your personal data may be communicated can be requested from the registered office of the Data Controller or by contacting its DPO.
Your personal data will not be transferred to third parties outside the European Union and will not be disseminated.
6. Your rights as a data subject
In relation to the processing described in this Privacy Notice, as a data subject you can, under the conditions specified by the GDPR, exercise the rights enshrined in articles 15 to 21 of the GDPR and, in particular, the following rights:
• Right of access – article 15 of the GDPR: The right to obtain confirmation of whether personal data concerning you is being processed and, if it is, to obtain access to your personal data – including a copy thereof – and notification of the following information, inter alia:
o Purposes of the processing
o Categories of personal data processed
o Recipients to whom the data has been or will be communicated
o Data retention period or the criteria used
o Rights of the data subject (rectification or erasure of personal data, restriction of processing and the right to object to processing
o Right to complain
o Right to receive information on the origin of personal data if it has not been collected from the data subject
o The existence of an automated decision-making process, including profiling
• Right to rectification – article 16 of the GDPR: The right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data
• Right to erasure (right to be forgotten) – article 17 of the GDPR: The right to obtain, without undue delay, the erasure of personal data concerning you, when:
a) The data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
b) You have withdrawn your consent and there is no other legal basis for the processing
c) You have successfully objected to the processing of personal data
d) The data has been unlawfully processed
e) The data must be erased to fulfil a legal obligation
f) The personal data has been collected in relation to the offer of information society services referred to in article 8 (1) of the GDPR.
The right to erasure does not apply where the processing is necessary for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of rights in legal proceedings.
• Right to restriction of processing – article 18 of the GDPR: Right to obtain restriction of processing, when:
a) The data subject disputes the accuracy of the personal data
b) Processing is unlawful and the data subject objects to erasure of the personal data and requests restriction of its use instead
c) the controller no longer needs the personal data for the purposes of the processing, but the personal data is required by the data subject for the establishment, exercise or defence of rights in legal proceedings
d) The data subject has objected to processing as indicated above, pending the verification whether the legitimate grounds of the controller override those of the data subject.
• Right to data portability – article 20 of the GDPR: The right to receive, in a structured, commonly used, machine-readable format, the personal data concerning you which has been provided to the Data Controller, and the right to transmit it to another Data Controller without hindrance, providing that processing is based on consent and is carried out by automated means. Also, the right to arrange for your personal data to be transmitted directly from the Data Controller to another data controller if this is technically feasible.
• Right to object – article 21 of the GDPR: The right to object, at any time, to the processing of personal data concerning you, based on to the legitimacy of the legitimate interest, including profiling, unless there are legitimate grounds for the Data Controller to continue processing that override the interests, rights and freedoms of the data subject; or for the establishment, exercise or defence of a right in legal proceedings.
• Right to make a complaint to the Italian Data Protection Authority, Piazza di Montecitorio no. 121, 00186, Rome (RM).
The above-mentioned rights may be exercised against the Data Controller by writing to the contact addresses indicated in point 1. The Data Controller will take charge of your request and, without undue delay and, in any event, no later than one month after receipt of the request, notify you regarding the action taken in respect of your request.
Exercising your rights as a data subject shall be free of charge pursuant to article 12 of the GDPR. In the case of manifestly unfounded or excessive requests, however, in particular because of their repetitive character, the Data Controller may charge a reasonable fee, to reflect the administrative costs incurred in handling your request, or refuse to act on it.
Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the data subject.