Privacy Policy

Notice pursuant to article 13 of Regulation (EU) 2016/679 ("GDPR")

Dear User, Aprilia Racing S.r.l. (hereinafter referred to also as “Aprilia Racing”) welcomes you to our web site ("the Website") and invites you to pay attention to the following Notice ("the Notice"), issued pursuant to article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data ("GDPR").

This document contains a description of all the processing carried out by the Data Controller, as defined below, through the Website.

Please note that the Notice only concerns the Website; therefore any web page to which you may be redirected from the Website is deemed to be excluded.

In addition, if you purchase products or use Aprilia Racing services through official Aprilia Racing channels rather than through the Website, at the time of such purchase or use you will be issued with a specific Notice pursuant to art. 13 of the GDPR relating to your personal data processed at that moment.

1. The Data Controller

The Data Controller is Aprilia Racing, whose registered office is at Viale Rinaldo Piaggio 25, Pontedera (PI) ("the Data Controller").
 
The Data Controller has also appointed a Data Protection Officer ("DPO"), whom you may contact directly to exercise your rights and to receive any information concerning the processing of your personal data and/or concerning this Notice, by writing to:

Data Protection Officer – DPO
Viale Piaggio 25
56025 PONTEDERA (PI)
email: dpo@piaggio.com
Fax: +39 0587272961
Tel: +39 0587272495

 

2. The personal data we process

2.1 Browsing data

During their normal operation, the computer systems and software procedures used to operate the Website acquire certain personal data, the transmission of which to the Data Controller is implicit in the use of internet communication protocols.
 
This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
 
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses of the requested resources in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.
 
This data is used only to obtain anonymous statistical information on the use of the site and to check that it is working correctly; it is deleted after processing. The data could be used to establish responsibility for potential cybercrime against the Website.

2.2 Data provided voluntarily by the user

The Data Controller processes the following personal data provided by you when you fill in the formats (masks) on the Website:

  • personal details: such as first name, surname, address, telephone number, e-mail address and other contact details, plus your pictures and/or your audiovisual recordings
  • Data relating to the contract concluded
  • Bank details (i.e. your IBAN)

3. The purposes for which your personal data is processed and the legal basis of processing

The personal data you provide by filling in the various masks on the Website is processed by the Data Controller for the following purposes.

3.1 Provision of services and sale of products

The Data Controller wishes to process your personal data in order to give you access to the Website, for purposes strictly related to the online sale of products and the provision of online services offered from time to time by the site- in particular, to respond to your requests to receive information on products and services offered by the Data Controller, for the management of "test ride" requests, to allow you to access promotions and offers on the Website, to accept your possible request to participate in our Community, and to provide you with any assistance you might request from our Customer care.

Nature of the data processing consent: Optional.
Consequences of refusal to allow data processing: Failure to give consent will make it impossible for the Data Controller to meet your requests as described in the first paragraph above.
Legal basis of the processing: Article 6 (1) (b) of the GDPR. It is therefore not necessary to obtain your prior consent to allow processing.
Personal data retention period: Your personal data obtained for these purposes will be processed for the time strictly necessary to comply with your request and will be subsequently retained for the time required by the applicable regulations after such compliance.

3.2 Marketing activities on products and services similar to those already requested by the User

The Data Controller wishes to process your personal data in order to send you commercial communications relating to products and services similar to those requested by you and offered by the Data Controller and through the Data Processors duly appointed pursuant to art. 28 of the GDPR.

Purposes of the processing: Sending advertising material, promotion and sale of products, market surveys and research and/or commercial communications. 
Nature of the data processing consent: Optional.
Consequences of refusal to allow data processing: Failure to give consent will make it impossible for the Data Controller to send you promotional and marketing communications.
Legal basis of the processing: Legitimate interest.
Personal data retention period: Your personal data obtained for this purpose will be processed until you decide to object to the processing and/or to obtain termination of the processing at any time.

3.3 Marketing activities

The Data Controller wishes to process your personal data in order to send you commercial communications relating to all products and services offered by the Data Controller and through the Data Processors duly appointed pursuant to art. 28 of the GDPR.

Purposes of the processing: Sending advertising material, promotion and sale of products, market surveys and research and/or commercial communications. 
Nature of the data processing consent: Optional.
Consequences of refusal to allow data processing: Failure to give consent will make it impossible for the Data Controller to send you promotional and marketing communications.
Legal basis of the processing: Consent
Personal data retention period: Your personal data obtained for this purpose will be processed until you decide to object to the processing and/or to obtain termination of the processing at any time.

4. The methods used to process your personal data

Your personal data will be processed in compliance with the provisions of the GDPR using paper, computer and telematic means, using methods strictly related to the specified purposes and in all cases guaranteeing security and confidentiality in accordance with the provisions of article 32 of the GDPR.

5. Persons to whom your personal data may be communicated or who may become aware of it

To fulfil the purposes described in point 3 above, your personal data will be known by the Data Controller's dependent and quasi-dependent personnel and by its contractors, all acting in the capacity of persons authorised to process personal data.

In addition, your personal data will be communicated and processed by third parties belonging to the following categories:

  1. Persons used by the Data Controller to manage the Website
  2. Companies that manage the Data Controller's computer system
  3. Companies and consultants providing legal and/or financial advice
  4. Authorities and supervisory and control bodies, and in general public or private entities with functions relating to public law
  5. Persons used by the Data Controller for various reasons to provide the requested service
  6. other Piaggio Group companies, for the purposes of marketing, direct sales, market surveys and for statistical processing such as monitoring the degree of customer satisfaction in relation to the services and products offered by Aprilia Racing and/or other Piaggio Group companies, as well as for communication to third parties (e.g. suppliers) if this is necessary to enable you to benefit from our services.

You have the right to revoke the consent you may have provided at any time. This will make it impossible for the Data Controller to continue to use your personal data for the purpose in respect of which you have refused consent.

In some cases, the persons belonging to the foregoing categories operate in complete autonomy as separate Data Controllers; in others, they operate as Data Processors specifically appointed by the Data Controller in compliance with article 28 of the GDPR.

A complete and updated list of the persons to whom your personal data may be communicated can be requested from the registered office of the Data Controller or by contacting its DPO.

Your personal data will not be transferred to third parties outside the European Union and will not be disseminated.

6. Data of minors

The Data Controller does not process the personal data of persons under the age of 16 for the purposes referred to in sections 3.1 and 3.2 above.

If the User says that he/she is less than 16 years old, the field relating to the giving of consent will be pre-completed with a negative response.

7. Geolocation data

The site may collect and process geolocation data for the provision of services requested by the User, subject to the specific consent of the data subject, which can be withdrawn at any time. In this case, consent will be requested through a pop-up.

8. Your rights as a data subject

In relation to the processing described in this Privacy Notice, as a data subject you can, under the conditions specified by the GDPR, exercise the rights enshrined in articles 15 to 21 of the GDPR and, in particular, the following rights:

  • Right of access – article 15 of the GDPR: The right to obtain confirmation of whether personal data concerning you is being processed and, if it is, to obtain access to your personal data – including a copy thereof – and notification of the following information, inter alia:
    • Purposes of the processing
    • Categories of personal data processed
    • Recipients to whom the data has been or will be communicated
    • Data retention period or the criteria used
    • Rights of the data subject (rectification or erasure of personal data, restriction of processing and the right to object to processing
    • Right to complain
    • Right to receive information on the origin of personal data if it has not been collected from the data subject
    • The existence of an automated decision-making process, including profiling
  • Right to rectification – article 16 of the GDPR: The right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data
  • Right to erasure (right to be forgotten) – article 17 of the GDPR: The right to obtain, without undue delay, the erasure of personal data concerning you, when:
    1. The data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
    2. You have withdrawn your consent and there is no other legal basis for the processing
    3. You have successfully objected to the processing of personal data
    4. The data has been unlawfully processed
    5. The data must be erased to fulfil a legal obligation
    6. The personal data has been collected in relation to the offer of information society services referred to in article 8 (1) of the GDPR.
    The right to erasure does not apply where the processing is necessary for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of rights in legal proceedings.
  • Right to restriction of processing – article 18 of the GDPR: Right to obtain restriction of processing, when:
    1. The data subject disputes the accuracy of the personal data
    2. Processing is unlawful and the data subject objects to erasure of the personal data and requests restriction of its use instead
    3. the controller no longer needs the personal data for the purposes of the processing, but the personal data is required by the data subject for the establishment, exercise or defence of rights in legal proceedings
    4. The data subject has objected to processing as indicated above, pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Right to data portability – article 20 of the GDPR: The right to receive, in a structured, commonly used, machine-readable format, the personal data concerning you which has been provided to the Data Controller, and the right to transmit it to another Data Controller without hindrance, providing that processing is based on consent and is carried out by automated means. Also, the right to arrange for your personal data to be transmitted directly from the Data Controller to another data controller if this is technically feasible.
  • Right to object – article 21 of the GDPR: The right to object, at any time, to the processing of personal data concerning you, based on to the legitimacy of the legitimate interest, including profiling, unless there are legitimate grounds for the Data Controller to continue processing that override the interests, rights and freedoms of the data subject; or for the establishment, exercise or defence of a right in legal proceedings.
  • Right to make a complaint to the Italian Data Protection Authority, Piazza di Montecitorio no. 121, 00186, Rome (RM).

The above-mentioned rights may be exercised against the Data Controller by writing to the contact addresses indicated in point 1. The Data Controller will take charge of your request and, without undue delay and, in any event, no later than one month after receipt of the request, notify you regarding the action taken in respect of your request.

Exercising your rights as a data subject shall be free of charge pursuant to article 12 of the GDPR. In the case of manifestly unfounded or excessive requests, however, in particular because of their repetitive character, the Data Controller may charge a reasonable fee, to reflect the administrative costs incurred in handling your request, or refuse to act on it.

Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the data subject.