Privacy Policy

In accordance with Legislative Decree 139/2021 and Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Sportit keeps a register of the processing activities carried out, containing the following information:

• Name and user data
• Purpose of processing
• Description of categories of data subjects and categories of personal data
• Categories of recipients whose personal data are or will be disclosed

The following privacy policy informs users about the use and protection of Personal Data. It is important for us to provide clear and transparent information on how Data is collected and used. For the collection and storage of data, we follow the following principles:

• Lawfulness, fairness and transparency: personal data are processed lawfully, fairly and transparently towards the data subject;

• Data minimisation: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes
• Accuracy: personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to delete or rectify inaccurate data in a timely manner
• Limitation of storage: personal data must be kept in a form which permits identification of data subjects for a period of time not exceeding the purposes for which they are processed
• Integrity and confidentiality: personal data must be processed in a manner that ensures adequate security of personal data, including protection against accidental destruction or damage.

This policy details in particular

1. What are Personal Data?
2. Who is responsible for the processing of Personal Data?
3. What data are collected and at what time?
4. Minors and third parties
5. Is it compulsory to provide Personal Data?
6. Why is Data collected?
7. Who will have access to my Data?
8. Is personal data transferred abroad?
9. How long is the Data stored?
10. What are my rights and how can I exercise them?
11. What security for my Data?
12. What are cookies and trackers?
13. Modalities of data processing
14. Information updates

1. What is Personal Data?

In the context of this policy, the term “”Personal Data” or ” Data”” means any information that directly or indirectly identifies you, such as your name, address, telephone number, email address, IP address, and other Data communicated directly on the Tribala website or generated by your browsing or customer service contacts.

2. Who is responsible for the processing of Personal Data?

The Data Controller is the person or body who determines the purposes and methods of processing of such Data.

The company Sportit S.r.l. with registered office in Milan, Piazza Santa Francesca Romana 3, cap 20129, enrolled in the Milan companies register under no. MI – 2098729, tax code and VAT no. 09545330962, online travel agency authorised by the Municipality of Milan Prot. MI-SUPRO/0146812 dated 08/08/2018 under policy number 1505002199/Z of Nobis Compagnia di Assicurazioni S.p.A., which can be contacted at [email protected] is responsible for the processing of Personal Data under the conditions described in this policy.

3. What data are collected and at what time?

The Data we collect and process vary depending on the products, services or functionalities that are used. We collect the Data provided when you make use of our services and in particular when:

• You navigate and consult the Tribala website through cookies and trackers;
• An account is created to access the services offered;
• Products are added to the shopping cart;
• An order is placed;
• One subscribes to newsletters and special offers;
• You contact customer service by phone, email or chat;
• You take part in a survey or satisfaction questionnaire;
• It is written on our social media;
• One responds to a job offer on our site.

Within the scope of activities, the Data collected are:

• Automatic data: IP addresses and the domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters concerning the operating system, the browser and the computer environment used by the user.

• Site navigation data collected by cookies and trackers;
• Identification data such as name, surname, telephone number, e-mail and home address for delivery;
• Details of orders, payments and deliveries;
• Telephone recordings of conversations with customer service (possibility to refuse recording);
• Educational and professional background data for job applicants.

4. Minors and third parties

If you enter the Personal Data of a third person, you undertake to do so with that person’s consent after informing him or her of the conditions under which his or her Personal Data are collected, used, stored and disclosed.

5. Is it compulsory to provide Personal Data?

Certain information required in the forms is mandatory and is indicated by an asterisk or a specific note. Their collection is essential to the processing of the application. Consequently, in the absence of a reply, no further action can be taken on your request.

6. Why is Personal Data collected?

The processing of Personal Data has its legal basis in your consent and is carried out for the following purposes:

Purpose	Legal basis (legitimacy)	Greater precision in use
Executing and following up product orders	Execution of the purchase contract	Issue invoices, manage product payment, deliveries and returns after purchase.
Executing and following up product orders	Consent	The storage of payment card data for future purchases is only done at your request.
Executing and following up product orders	Legitimate interest	At the end of a purchase we can carry out checks to prevent fraud, especially with the help of automatic data processing.
Executing and following up product orders	Legitimate interest	After a purchase, we can carry out surveys and questionnaires to analyse customer satisfaction in order to improve the quality of our products and services.
Allow and manage Tribala membership	Contract Execution	By creating an account as a Tribala user, you enter personal data necessary to identify you for access to the various services.
Allow and manage Tribala membership	Contract Execution	By creating an account as a Tribala user, you enter personal data necessary to identify you for access to the various services.
Commercial prospecting and marketing actions	Consent	By subscribing to the newsletter, you gain access to exclusive daily event sales and receive e-mails informing you about the start of sales and news.If you agree to the applicable terms and conditions (in particular social networks), we may disseminate on our Site or our official social network pages any photographs or stories you share publicly or with us.
Managing Communication with Customer Service	Contract Execution	If the question is related to the order, the processing of Data is necessary for the execution of the contract and the proper management of the after-sales service.
Managing Communication with Customer Service	Legitimate interest	Handle queries and complaints and answer your questions.
Managing Communication with Customer Service	Legitimate interest	When contacting our Customer Service, telephone conversations may be recorded for quality control and training purposes.
Managing Communication with Customer Service	Legal Obligations	If the question concerns the exercise of the rights set out in paragraph 10 ”What are my rights and how can I exercise them? ” we shall have to process your Data in order to comply with our legal obligations.
Improving the Site and Your Customer Experience	Legitimate interest	To ensure the functioning of the Site and enable you to take full advantage of its functionalities.
Improving the Site and Your Customer Experience	Legitimate interest	Ensuring the security of the Site.
Improving the Site and Your Customer Experience	Legitimate interest	Measuring site attendance and carrying out anonymous statistics on visits on the basis of legitimate interest.
Recruitment Management	Contract performance (pre-contractual measures)	We review and respond to all applications we receive for jobs or internships.
Recruitment Management	Legitimate interest	Creation of a CV collection.
Pre-litigation or litigation management	Legitimate interest	To sanction violations of the general conditions of the Site or any other identified violation, to handle disputes or litigation.

Furthermore, Data will be processed in anonymised and/or aggregate form to improve the web browsing experience and to monitor the proper functioning of the portal, as well as for its protection. Finally, your Data will be processed for the fulfilment of obligations laid down by laws, regulations and/or EU legislation, or ordered by supervisory and control authorities; in this case, the legal basis for processing is the fulfilment of legal obligations to which the Data Controller is subject. This site processes your data lawfully and correctly, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of your data.

7. Who will have access to my Data?

Your personal data are processed by authorised Sportit personnel. We may be required to disclose your Personal Data to:

• Business partners providing the service ordered by the customer (e.g. equipment rental centres, ski schools, hotels).
• Sub suppliers such as:
  • IT providers;
  • payment service providers and combating fraud;
  • logistics providers;
  • borrowers for transport;
  • the providers of marketing solutions ;
  • commercial prospecting and communication management providers;
  • customer service providers;
  • providers of competitive games;
  • research providers on customer satisfaction;
  • service providers.
• Lawyers, judicial auxiliaries or bailiffs, the administrative or judicial authorities involved in any litigation, in compliance with Sportit’s legal obligations or to enable Sportit to ensure the defence of its rights and interests;

8. Will my Data be transferred abroad?

Data collected is not transferred abroad.

9. How long is my Data stored?

The Data collected will be kept for a period of time not exceeding the fulfilment of the purposes for which they are processed (‘principle of limitation of storage’, Art. 5, GDPR) or in accordance with the deadlines stipulated by legal regulations. A check on the obsolescence of the Data stored in relation to the purposes for which they were collected is carried out periodically.

10.What are my rights and how can I exercise them?

10.1 The content of your rights

You may benefit from the following rights in connection with your Data.

• Right of access: this right enables you to obtain access to the Data processed by us and to information concerning their processing.
• Right of rectification: possibility of requesting to update or amend Data.
• Right of deletion: this is the right to be forgotten which allows you to obtain the deletion of Data, unless it is necessary for the performance of services or for Sportit to comply with its legal obligations or to establish and exercise its rights;
• Right to define directives concerning the fate of the Data after one’s own death by designating a trusted third party, certified and in charge of enforcing the deceased’s will.

You also have:

• the right to obtain restriction of processing: this right enables you to have Data blocked in certain cases provided for by the regulation in force.
• the right to portability of the Data provided: this right allows you to retrieve the Data or have them transferred to another body in the event that they are processed based on your consent or a contractual relationship.
• a right to object: this consists in the right not to appear in the processing of Data or to no longer appear in it.

10.2 Exercising your rights

You can exercise your rights by e-mail to [email protected], specifying the information that will enable us to verify your identity.

11. What security for my Data?

Technical and organisational measures have been put in place in order to protect Personal Data, in particular against possible breaches that could lead to the accidental or unlawful destruction, loss, alteration, access or unauthorised disclosure of Data.

These measures ensure an appropriate level of security and take into account the state of knowledge, the costs of implementation in relation to the risks and the nature of the Data to be protected.

12. What are cookies and trackers?

When using our site, navigation-related information is recorded in the form of cookies and trackers. You can change your preferences concerning the recording of this Data at any time by accepting or blocking cookies or trackers.

13. Methods of data processing

The personal data provided by you will be processed in accordance with the aforementioned legislation and the confidentiality obligations that govern the Controller’s activities. The Data will be processed both by computer and on paper as well as on any other suitable medium, in compliance with the appropriate security measures pursuant to Article 5(1)(F) of the GDPR.

The information does not apply to other websites that may be consulted via links on the Owner’s domain websites, which is not liable in any way for the websites of third parties.

14. Information updates

Please note that this Information Notice, given pursuant to Art. 13 of the Privacy Code will be subject to periodic updates.

Date of last change: This notice was updated on 21/06/2023.