Privacy Policy

PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

Data subjects: users who browse the websites www.marcmarquez.com and www.alexmarquez73.com of “Gruppo Pritelli srl” and “BAMBOLEO EVENTS, S.L” as Joint Controllers of the processing pursuant to Article 26 of Regulation (EU) 2016/679.

WHY THIS INFORMATION

Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation" or "GDPR"), this page describes the methods of processing personal data of users who browse the websites of “Gruppo Pritelli srl” and “BAMBOLEO EVENTS, S.L” as Joint Controllers accessible online at the following address: webmaster@gruppopritelli.com.

This information does not concern other websites, pages, or online services accessible via hyperlinks possibly published on this site but referring to resources external to the domains www.marcmarquez93.com and www.alexmarquez73.com.

JOINT DATA CONTROLLERS

Following the consultation of the site, data related to identified or identifiable natural persons may be processed.

The Joint Controllers of the processing are:

“Gruppo Pritelli srl” with its registered office at via Ottorino Respighi, 54 – 47841 Cattolica (RN), Italy - VAT and Company Registration Number 02600380402; email: info@gruppopritelli.it, Tel: +39 0541 830802.
“BAMBOLEO EVENTS, S.L”, a Spanish limited liability company (sociedad de responsabilidad limitada) with its office at Paseo de la Castellana 161 (28046 Madrid, Spain), registered with the Commercial Registry of Madrid at Volume 44624, Folio 190, sheet M-785973, and holding tax identification number B-44565257.

According to the agreement between the parties, the designated contact point for data subjects is: webmaster@gruppopritelli.it.

DISTRIBUTION OF PROCESSING PURPOSES BASED ON THE CONTRACTUAL AGREEMENTS BETWEEN THE JOINT CONTROLLERS (ARTICLE 26 OF THE GDPR)

Gruppo Pritelli srl is the licensee of the brands marcmarquez93 and alexmarquez73, as well as the provider of the e-commerce infrastructure and conducts product sales activities.

Gruppo Pritelli srl and BAMBOLEO EVENTS, S.L jointly process your personal data for direct marketing and profiling purposes, both regarding navigation data and as a result of marketing/social media marketing campaigns, as well as purchases made on the e-commerce site, subject to obtaining explicit consent, for the following purposes.

DATA PROTECTION OFFICER

The Data Protection Officer (DPO) for “BAMBOLEO EVENTS, S.L” is Jaime Martínez Recasens. Contact details: jmrecasens@verticalgroup.io.

TYPES OF DATA PROCESSED, PURPOSE OF PROCESSING, AND LEGAL BASIS

1. Browsing Data

Legal basis: "data processing necessary for website navigation" – contractual obligation – Article 6(1)(b) GDPR.

The IT systems and software procedures responsible for the functioning of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment.

Such data, necessary for browsing the website and utilizing the information contained within it, are also processed by the Controller for the purposes of:

Obtaining aggregated and anonymous statistical information regarding the use of the website (e.g., most visited pages, number of visitors by time or day, geographical origin of visitors, etc.);
Verifying the proper usability of the contents offered by the website;
Preventing or combating any possible cybercrime, the fraudulent use of the website's functionalities, including reconstructing security incidents and ensuring their traceability.

Retention period: Browsing data, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, will be retained for a period not exceeding the technical purposes described above for which they are collected and processed, subject to any necessity for detecting crimes by the Judicial Authority.

2. Data Provided by the User

Legal basis: "data processing necessary to respond to users' inquiries" – contractual obligation – Article 6(1)(b) GDPR.

The optional, explicit, and voluntary sending of messages to the Joint Controllers' contact addresses, private messages sent by users to institutional profiles/pages on social media, as well as the completion and submission of forms on the Controllers' websites, entail the acquisition of the sender's contact data, necessary to respond, as well as all personal data included in such communications.

Specific information is published on the pages of the website designed for the provision of certain services, where necessary, user consent is obtained, informing them on the purposes and optional nature of providing data.

Retention period: Data provided by the user is retained for the time necessary to manage individual requests. Any subsequent retention for statistical purposes includes the anonymization of such data (subject to any need for detecting crimes by the Judicial Authority).

3. Registration and Purchase Data

Legal basis: User registration and purchase – contractual obligation – Article 6(1)(b) GDPR.
Invoicing and fulfillment of tax and accounting obligations – legal obligation – Article 6(1)(c) GDPR.

Registration on the portal is necessary for proper identification in anticipation of or upon completing a purchase. Registration will allow you to create your user profile without having to re-enter your data for subsequent purchases. Your user profile will store your data related to your residence address, any shipping address (if different from the residence), tax code (if required by law), and your purchase history. You can request the deletion of your user profile at any time.

It is possible to make an online purchase without registering on the portal; in such a case, your data will be processed exclusively to properly identify you, facilitate the purchase and shipping in accordance with the general terms of sale, and enable invoicing as required by law.

Information regarding first-level data processing is available in the specific notices included in the registration and purchase forms.

4. Data Acquired via Cookies and Other Tracking Systems

The following are used:
a) Technical cookies: Necessary for user navigation, facilitating proper browsing of the website and usability of the content by the user.

Legal basis: "contractual necessity as they are functional and essential."

b) Analytical cookies: Used to produce aggregated statistical analyses on the website's use and user interaction.

Legal basis: Consent of the user.

c) Profiling cookies: Enable the collection of information about the preferences demonstrated by the user during navigation and generate reports to be used for targeted advertising and marketing campaigns.

Legal basis: Consent of the user.

For analytical and profiling cookies, consent for processing personal data, pursuant to Article 6(1)(a) GDPR, is expressed by the user clicking the button to accept all cookies or managing preferences by clicking the customization button, in compliance with the "Cookie and Other Tracking Tools Guidelines" attached to the GPDP (Italian Data Protection Authority) Provision No. 231 of 10.06.2021.

Details on data processing, purpose, duration, and complete cookie management, including consent and revocation, are available in the “Cookie Policy” document located in the website footer.

5. Direct Marketing

Legal basis: Consent of the data subject – Article 6(1)(a) GDPR.

By entering personal data (identifying and contact details) required in forms that include consent for direct marketing activities (e.g., subscription to the newsletter), the user declares having read this information notice and gives optional consent for the processing of personal data for marketing purposes.

In addition to the data provided by the user, the Controller also acquires the date and time of the form submission, the originating page, and the IP address of the device used to record consent.

The data provided and acquired by the Controller are used to send periodic email communications containing information about new products available on the e-commerce platform, events, and promotions (marketing purposes) from the Joint Controllers, either jointly or individually.

Regarding the sending of promotional material to your email, the interactions with the transmitted communications (e.g., email opening rate, any clicks on links/banners/buttons) may also be subject to processing.

6. Profiling

Legal basis: Consent of the data subject – Article 6(1)(a) GDPR.

By entering personal data (identifying and contact details) required in forms that include consent for profiling, the user declares having read this privacy policy, is over 16 years old, and gives optional consent for the processing of personal data for profiling purposes.

In addition to the data provided by the user, the Controller also acquires the date and time of the form submission, the originating page, and the IP address of the device used to record consent.

With specific consent for profiling activities, the Joint Controllers collect data and information that may reveal consumption habits and lifestyles based on the preferences demonstrated by the user when interacting with the website pages, purchased products, and the content of communications received from the Controller.

This data, associated together, contributes to defining the user's profile by clustering users into groups based on preferences and is used to send personalized communications tailored to the user's profile.

Regarding the sending of promotional material to your email, interactions with the communications sent (e.g., email opening rate, clicks on links/banners/buttons) may also be subject to processing.

7. Additional Data Acquired by the Controller

Subscription to the newsletter, requests to receive personalized commercial communications, and interactions with the website pages—possibly accessed through social media campaigns promoted by the Controller—may lead to acquiring additional data, such as the date and time of email openings containing newsletters or commercial communications, the contents of interest, and demonstrated preferences.

This data is used to establish a relationship with users aimed at strengthening connections with fans and sending news and/or information selected based on demonstrated preferences.

For the purposes described above, the legal basis for processing is the consent provided by the data subject under Article 6(1)(a) GDPR, expressed by clicking the relevant boxes in the subscription form for the newsletter and personalized communications.

8. Social Media Policy: Information on the Processing of Personal Data Carried Out Through Social Media Platforms

For information on the processing of personal data carried out by the managers of the Social Media platforms, please refer to the information provided by them through their respective privacy policies.

The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms as part of its promotional and corporate publicity activities, to manage interactions with users (comments, public posts, messages, shares, etc.) in compliance with the applicable data protection regulations and this privacy policy. Where necessary, user consent is collected, informing them of the purposes and the optional nature of providing data.

Personal or "sensitive" data included in comments or public posts on Social Media channels may be removed.

9. Customer Care

Legal basis: Contractual obligation – Article 6(1)(b) GDPR.

The management and responses to any reports, post-sale inquiries (including the status and tracking of orders), purchase assistance, returns, refunds, order cancellations, and complaints submitted by the customer are handled in compliance with the general sales terms.

OPTIONALITY OF DATA PROVISION AND REVOCABILITY OF CONSENT

With the exception of browsing data acquired automatically, the provision of personal data is always voluntary and optional, although any refusal to provide data may prevent sending messages, requests for information or assistance, and the submission of complaints, reports, and general assistance requests.

Consent to data processing, where required, is also optional but necessary if the data subject wishes to subscribe to the newsletter and/or receive personalized commercial communications. Full information on data processing is provided in the notices attached to the relevant forms.

The right to revoke consent to processing, whether for marketing or profiling activities, is granted at any time to the data subject. This right can be exercised using the unsubscribe functionality included at the bottom of commercial communications received and/or profiling or by sending an email to webmaster@gruppopritelli.it.

PERSONAL DATA OTHER THAN THOSE SPECIFIED IN CONTACT FORMS

Since the contact forms on the pages of the website contain free text fields or, in some cases, allow for the submission of files, the user is invited to verify the personal data they intend to share, avoiding the communication of so-called particular data, i.e., data revealing political opinions, religious or philosophical beliefs, health status, sexual life, or sexual orientation.

Regarding such data, if the Data Controller deems its communication occurred in error or is unnecessary to process the received request, it will disregard it and/or proceed with its immediate deletion.

10. Personal Data Related to Other Individuals (Other Than the Data Subject)

For the same reasons mentioned above, the contact forms and files attached may contain personal data related to other individuals (e.g., when the order is requested to be shipped to someone other than the purchaser). If the user decides to provide such data, they assume full responsibility, including obtaining consent from the relevant data subject.

RETENTION PERIOD OF PERSONAL DATA

In compliance with the principle of storage limitation under Article 5 GDPR, data is retained for the time strictly necessary to achieve the described purposes. Specifically:

For activities carried out under a contract or pre-contractual measures at the request of the data subject, pursuant to Article 6(1)(b) GDPR, the data is retained for the duration of the contract (e.g., membership in the member club) and for a maximum of 1 year unless further renewals occur. If a purchase has been made, the data may be retained for a period compliant with the obligations prescribed by current laws, such as, for example, under tax regulations, for at least 10 years.
For marketing activities carried out based on the data subject's consent, pursuant to Article 6(1)(a) GDPR, the data is retained until consent is revoked, which can be exercised using the methods provided in received communications.
For profiling activities, contact data is retained until consent is revoked, while data related to demonstrated interests is retained for 12 months, after which it is anonymized and used for aggregated statistical purposes.

The Data Controller reserves the right to retain data for a longer period than indicated above to ascertain and/or defend its rights in court (e.g., in the event of complaints). In such cases, the retention periods correspond to those linked to the aforementioned defensive needs and may align with the limitation and prescription periods prescribed by law.

RECIPIENTS OF DATA

The recipients of the data collected from some of the services listed above include:

Subjects designated by the Data Controller pursuant to Article 28 GDPR, such as data processors, and other service providers in web agencies, digital communication, systems assistance, social networks for data collection through marketing campaigns, and other digital service providers (a complete list is available upon request by writing to webmaster@gruppopritelli.it).

Some data and information may be transmitted or acquired by identified subjects acting as autonomous controllers. These data typically relate to cookies, usually anonymized before being sent for statistical purposes.

Personal data collected is also processed by personnel of Gruppo Pritelli and Bamboleo, who act based on specific instructions provided by the joint controllers regarding the purposes and methods of processing.

SECURITY OF PROCESSING

The personal data transmitted and stored for the necessary time to achieve the declared purposes are protected by specific technical and organizational security measures, pursuant to Article 32 of the Regulation. These measures ensure on a permanent basis the confidentiality, integrity, and availability of the data, as well as the ability to promptly restore access to and availability of personal data in case of a physical or technical incident, including risks of destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access to personal data transmitted, stored, or otherwise processed.

Communication of data via the web is protected by SSL encryption of the communication channel. The completion of contact forms on the website is protected by Google's “ReCaptcha” system, which helps distinguish between "human" and automated access, thereby preventing automated systems from simulating data entries not attributable to a person, potentially compromising the website’s functionality.

TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES

The Controller does not transfer personal data to non-EU countries. Should such a transfer become necessary, the data subjects will be informed in advance, and appropriate guarantees for the transfer will be adopted, which, depending on the circumstances, may include:

Verification of the existence of adequacy decisions for the recipient country by the European Commission (e.g., for transfers to the U.S., the adequacy decision of 10/07/2023, under Article 45 of the GDPR, "EU-US Data Privacy Framework");
Signing of standard contractual clauses;
Verification of the adoption of any additional measures in compliance with Recommendation 01/2020 by the European Data Protection Board (EDPB).

In derogation of these guarantees, for data processing under Article 49 of the GDPR, where applicable, the existence of a contract or pre-contractual measures benefiting the data subject or the consent to the transfer will be verified.

RIGHTS OF DATA SUBJECTS

Data subjects have the right to obtain from the Joint Controllers, where applicable, access to their personal data, the rectification or deletion of such data, the limitation of processing, the portability of data, or to object to its processing and to withdraw consent (where used as a legal basis), as specified in Articles 15 to 22 of the Regulation.

Requests can be made using the contact details of the Joint Controllers.

To exercise your rights, you may also use the form provided by the Data Protection Authority, available at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9038275.