Privacy Policy

Privacy and Personal Data Protection Notice

This information is provided, in compliance with arts. 13 and 14 of EU Regulation 679/2016 (hereinafter "Regulation"), to users (hereinafter: "Users" or "User") of the desktop version of the site http://www.boneswimmer.it, (hereinafter: "Site") owned by Autori srl, Data Controller of personal data (hereinafter: "Controller") and aims to describe the methods of managing the Site with reference to the processing of personal data, as well as to allow Site Users to understand the purposes and methods of processing personal data by the Controller in case of their provision.
The services offered by the Data Controller are intended for persons over 18 years of age. Should the Data Controller become aware of the processing of data of minors under 18 years of age without valid consent from parents or a legal guardian, it reserves the right to unilaterally suspend the use of the offered service as well as to delete the acquired data.


Principles applicable to the Processing of Personal Data
The Data Controller, pursuant to and for the purposes of the Regulation, declares that the aforementioned legislation provides protection for natural persons regarding the processing of personal data, and that such processing will be based on principles of fairness, lawfulness, transparency, and protection of privacy and fundamental rights.


Type of Users
In relation to the use of the Site, Users can access some services (e.g. search for swimsuits, sizes, etc.) anonymously


Purpose, legal basis of the Processing and Optionality of Provision
Personal data provided by Users through the use of the Site will be processed with their consent, for the purposes described below:

  • A. This page describes the methods of managing the site with reference to the processing of personal data of users who browse it. The processing is always based on principles of lawfulness and fairness in compliance with all current regulations.
  • B. This privacy policy is also provided as Information pursuant to art. 13 of Legislative Decree 196/03 (Italian legislation on the processing of personal data in compliance with Directive 95-46-EC) and subsequent amendments, and in compliance with arts. 13 and 14 of EU Regulation 679/2016 to those who interact with the web services of this site, for the purpose of protecting personal data, accessible electronically from the address corresponding to the homepage of the official site http://www.boneswimmer.it. The Information is provided only for the above site and not for other websites that may be accessed by the user through links. They are independent Data Controllers and therefore reference is made to the respective sites.
  • C. The Privacy Policy is also inspired by Recommendation no. 2/2001 adopted on May 17, 2001, by the European data protection authorities gathered in the Group established by Article 29 of Directive no. 95/46/EC, to identify some minimum requirements for the collection of personal data online and, in particular, the methods, timing, and nature of the information that Data Controllers must provide to users when they connect to web pages, regardless of the purposes of the connection.
  • D. The processing of data you freely provide will be carried out in compliance with the applicable regulations. In particular, the processing will be based on the principles of fairness, lawfulness and transparency, relevance, completeness, and non-excessiveness. The data will be collected and recorded for the purposes indicated in the following point and retained for a period strictly necessary for those purposes.
  • E. Types of data processed, processing methods, processing purposes, optionality or otherwise.
  • F. Browsing data
  • G. The IT systems and software procedures responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
  • H. These are pieces of information that are not collected to be associated with identified data subjects, but which by their very nature could, through processing and associations with data held by third parties, allow the identification of users.
  • I. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters related to the user's operating system and computing environment.
  • J. This data is used solely to obtain anonymous statistical information on the use of the site and to monitor its correct functioning, and is deleted immediately after processing. The data may be used to ascertain liability in case of hypothetical cybercrimes against the site.
  • K. Data voluntarily provided by the user
  • L. The optional, explicit, and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender's address and the personal data necessary to respond to requests and/or provide the requested services, as well as any other personal data included in the message (and its attachments) or in the appropriate forms.
  • M. Received emails are stored indefinitely on a server protected by appropriate security measures. The data subject can exercise all rights provided by art. 7 of Legislative Decree 196/2003 and subsequent amendments and in compliance with articles 13 and 14 of EU Regulation 679/2016, Legislative Decree 101/2018; in particular, they can know which of their data is present in the archive and obtain its deletion by writing to the Data Controller at the email address privacy@boneswimmer.it
  • N. The data will therefore be processed electronically and telematically, to respond to requests and/or provide the requested service. Providing data is always optional, and failure to provide it only results in the inability to fulfill the requests.
  • O. Your data may be communicated by us (with this term meaning making it known to one or more specific subjects) to parties who can access the data by virtue of legal provisions, regulations, or EU legislation, within the limits set by such rules, as well as to parties who need to access your data for purposes auxiliary to the relationship between you and us, strictly within the limits necessary to perform auxiliary tasks.
  • P. Cookies
  • Q. No personal data of users is collected from the site. No cookies are used for the transmission of personal information, nor are any so-called persistent cookies used, i.e., systems for tracking users. The use of so-called session cookies (which are not stored persistently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site.
  • R. The so-called session cookies used on this site avoid the use of other IT techniques potentially harmful to the confidentiality of users' browsing and do not allow the acquisition of personally identifiable user data. For more information, please refer to the website's cookie page.
  • S. Place of data processing and scope of communication or dissemination.
  • T. Data related to the web services of this site are processed by the Provider, strictly within the limits necessary to provide the hosting service, and at the headquarters of our organization only by technical personnel responsible for processing, or by any personnel assigned to occasional maintenance operations. No data derived from the web service is communicated or disseminated. Personal data voluntarily provided by users via email or by filling out specific forms are used solely to perform the requested service or task and are communicated to third parties only if necessary for that purpose.
  • U To provide certain services such as receiving information on new ads or forwarding documentation, it is necessary that the User provides them directly via email or telephone. The required data are limited to the provision of:
  • Name
  • Surname
  • Email address
  • Phone number

Methods of Processing and Storage of Personal Data
The Data Controller ensures that personal data are processed in full compliance with the Regulation, using manual, IT, or telematic systems. Processing may also be carried out through automated tools designed to store, manage, and transmit the data themselves.
The collected data subject to processing will be protected with physical and logical methods to minimize the risks of unauthorized access, dissemination, loss, and destruction of data, pursuant to arts. 25 and 32 of the Regulation.
The data processing will last no longer than necessary to fulfill the purposes for which the data were collected, such as storing search criteria, notification, posting ads, and contacting professional operators.
Pursuant to art. 7 paragraph 3 of the Regulation, the data subject has the right to withdraw consent to processing at any time.
If no deletion request is received by the Data Controller, personal data will be retained for a period not exceeding 10 (ten) years, starting from the date of the User's last access to the Site.


Recipients of Personal Data
The personal data collected may be processed by subjects or categories of subjects acting as Data Processors pursuant to Article 28 of the Regulation or authorized to process data pursuant to Article 29 of the Regulation.
Furthermore, for some services, data may be communicated to companies that collaborate with or use the Controller's services solely to provide the services requested by the User. In these cases, the companies are independent controllers; therefore, the Controller is not responsible for the processing of data by
part of the same. Furthermore, the Controller is not responsible for the content and compliance with data protection regulations by sites not managed by the Controller.
Outside the aforementioned cases, personal data will not be disclosed except to subjects, entities, and Authorities to whom disclosure is mandatory by law or regulation.

Transfer of Data to a Third Country or to an International Organization
The personal data collected may be transferred outside the national territory, only and exclusively for the execution of the requested services and in compliance with the specific provisions set forth by the Regulation.
Some personal data may be shared with recipients located outside the European Economic Area. The Controller ensures that the processing of personal data by these recipients complies with the Regulation.

Rights of the Data Subject
Pursuant to Articles 15 to 22 of the Regulation, the User, as the data subject, has the right to exercise specific rights concerning their Personal Data. In particular, the Data Subject has the right to obtain:

  • 1. the confirmation of the existence or not of personal data concerning them, even if not yet recorded, in a concise, transparent, intelligible and easily accessible form, using simple and clear language;
  • 2. the indication:

a. of the origin of the personal data;
b. of the purposes and methods of processing;
c. of the legitimate interests pursued by the Controller or by third parties;
d. of the possible recipients or categories of recipients of the personal data;
e. of the possible intention of the data controller to transfer personal data to a third country or to an international organization;
f. of the retention period of personal data;
g. the logic applied, as well as the significance and expected consequences of such processing for the data subject, in case of processing carried out with the aid of electronic tools within an automatic collection and/or profiling process;
h. the identification details of the Controller, Processors, any designated Representative, and the Data Protection Officer (so-called DPO);
i. the subjects and categories of subjects to whom personal data may be communicated or who may become aware of them as designated representatives within the State territory, processors, or persons in charge;

  • 3. the possibility to lodge a complaint with a Supervisory Authority;
  • 4. the updating, rectification, or, when interested, the integration of data;
  • 5. the deletion, anonymization, or blocking of data processed unlawfully, including data that do not need to be retained in relation to the purposes for which they were collected or subsequently processed;
  • 6. the restriction of processing;
  • 7. the portability of personal data concerning them to another Data Controller;
  • 8. the withdrawal of consent to processing;
  • 9. the certification that the operations referred to in letters a) and b) have been made known, including their content, to those to whom the data have been communicated or disseminated, except where such compliance proves impossible or involves the use of means manifestly disproportionate to the protected right;
  • 10. the opposition, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection.

Data Controller and Data Protection Officer

To exercise the rights mentioned above, the data subject may contact the Controller and/or the Data Protection Officer at any time for any communications regarding the processing of their Personal Data, or to know the updated list of any Data Processors
Processing appointed by the Company, by sending communication to the contacts listed below:
The Data Controller:
Autori S.r.l. - 18, Via Cappellini Alfredo - Gallarate – VA
info@boneswimmer.it


The Data Protection Officer:

Autori S.r.l. - 18, Via Cappellini Alfredo - Gallarate – VA
info@boneswimmer.it


Changes
This privacy notice may be subject to changes. Should substantial changes be made to the use of User data by Autori srl, the User will be notified by prominently publishing them on its pages.