Privacy Policy

Privacy notice

Purpose and principles of data processing.

In compliance with the applicable legal obligations, WILIER TRIESTINA S.P.A. (hereinafter “WILIER”) describes how it processes the personal data of users who browse and interact with web services accessible electronically from www.wilier.com and with the website’s electronic pages.

The site may contain links to other third-party websites having their own privacy policy with regard to personal data processing and for which WILIER cannot be held liable.

Consultation of the website may involve the processing of data relating to identified or identifiable natural persons. This data is divided into three general categories:

  1. browsing data,
  2. data provided voluntarily by the user,
  3. data linked to the password providing access to the B2B section of the website.
1. TYPES OF DATA

We process three general types of data: browsing data, data actively provided by the data subject and data collected from third parties.

1) Browsing data
During normal operation, the IT systems and software procedures used to operate this website collect personal data whose transmission is implicit in Internet communication protocols. This information is not collected to be linked to identified data subjects, although by its very nature, it could be used to identify users through processing and associations with data held by third parties. This data category includes the IP addresses or domain names of the computers used by users to connect to the website, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin and other parameters related to the user’s operating system and computer environment (e.g., characteristics of the browser and operating system used, the type of device used to access the Internet, temporal details of the visit (e.g., the time spent on each page, and details of the path followed within the site's pages, particularly with regard to the sequence of pages consulted.

This category also includes system logs, i.e., files that record interactions between the user and the website. This information is not collected to be directly linked with identified data subjects. However, by its very nature, it could theoretically be used to identify users through processing and association with data held by third parties (in particular, third-party providers of Internet connectivity services). However, we use this data only to collect statistical data on website use in aggregate and anonymous form to help us better understand the user's browsing behaviour so that we can improve the browsing experience, provide the website’s technical functions, control and optimise its operation, improve the quality of services offered by the website, record user actions giving consent to the use of cookies and maintain the database and support the IT infrastructure.
Browsing data can also be used to establish responsibility in the event of offences committed against the website or committed through the website (malware attacks, spamming, unauthorised access to computer systems, etc.). In this case, data is kept for as long as necessary to protect the rights of WILIER and/or third parties.

2) Data actively provided by the user
There are two types of data voluntarily provided by the user and collected via the site:
- “B2B” data (relating to dealers, distributors, Company agents, as well as individuals requesting an invoice for tax purposes for a product purchase); the master data is managed solely by WILIER
- “B2C” data (relating to individuals who are end users of company products and who do not require an invoice for tax purposes for a product purchase); WILIER manages the master data via HUBSPOT

These include:

  • voluntary and optional information sent by users to the addresses indicated on the website when they fill in online registration and/or data collection forms or on company blogs (e.g., company name, first and last name, e-mail address, address of the registered office, residence or domicile (post code, city, province), landline or mobile telephone number, country, contact language, etc.)
  • personal data provided by users to use services accessible via the website or to participate in initiatives promoted through the website (e.g., data relating to purchases made by the data subject, such as product type, date and price, product model and serial number, dealer from which the purchase was made)
  • personal data provided by users requesting clarifications, news, information or newsletters
  • in the sole case relating to the B2B support service provided by WILIER to dealers/distributors, the personal data referring to i) the dealer/distributor (WILIER, email, date of purchase by the end customer, name of the local agent, name of the reseller where the product was purchased if different from the reseller/distributor requesting B2B support, etc.), as well as ii) the name of the dealer/distributor’s end customer (linked to our B2B support ticket, in order to be able to link it with any separate complaint received from the same end customer through separate communication channels (e.g., the "contact us" form or info@wilier.it or by telephone received by the customer care service).

When the user uses some website services, we may process third-party personal data that the user sends to our Company. In these cases, the user becomes the autonomous data controller, and assumes all obligations and responsibilities under the law. This confers on our Company the broadest possible protection against any dispute, claim, claim for damages for processing, etc. by third parties whose personal data has been processed through use of the website functions in violation of personal data protection laws.

In any case, if the user provides or otherwise processes third-party personal data by using the website, the user warrants and assumes all related liability that in this case of processing is based on a legal basis pursuant to Article 6 of the Regulation legitimising the processing of the data in question.

3) Data relating to the password for access to the B2B section of the website.
Users can be authenticated on the site in two ways:
a) WILIER creates and sends an initial password to the user via email granting access to the reserved area of this website dedicated to dealers/distributors and consumers. The user is required to change the password at the first login. The user must keep the password confidential and may ask WILIER to reset it at any time.
b) Single sign-on: This form of authentication allows the user to access all WILIER websites with a single user ID and password, or via the authentication system of the most common social media networks (social login).

4) Data collected from third parties
Our Company does not collect the data subject’s personal data from third parties, except:

  • via HUBSPOT software (CRM) that automatically fills in the data subject's personal data that WILIER has entered in it, collecting other publicly available types of personal data from the Internet (e.g., data subject’s first and last name, e-mail address, etc.)
  • via third-party identity access providers
2. PURPOSE OF PROCESSING

The purpose of personal data processing is to:

  • process user support and contact requests, e.g., send information material or clarifications (bulletins, newsletters, answers to questions, notices, specifications, price lists, other documentation, etc.),
  • allow users to register on the website, access services and/or purchase products/services
  • perform the service or provide the product requested by the user and organise all management and production activities required to provide it (including relations with providers and management of payments by credit card, bank transfer or other forms)
  • comply with obligations under the law, regulations and/or EU legislation
  • fulfil all legal obligations connected with or deriving from the contractual relationship with the data subject and/or the organisation to which the data subject belongs (collectively, the "primary purposes"), even if the contract has been terminated

Only with the user’s prior specific consent (obtained through special online and/or paper forms) will the data collected also be used for direct marketing activities (market surveys, sending of commercial and promotional communications or newsletters, via any automated means of communication, email, telephone with operator, text message, chat, social media, etc., or non-automated means, e.g., ordinary post).
WILIER also processes data for profiling purposes.
Profiling can be analytical (relating to past or present aspects of the physical person), or predictive, i.e., relating to future personal aspects (e.g., to predict the most likely consumption choices).
Profiling can also be strictly functional for direct marketing purposes (to analyse or predict certain aspects of data subjects based on commercial actions).

In particular, profiling can be “basic” or advanced”, or “not relevant” as below:
- Basic profiling:
This may include the aggregation, comparison and analysis of the following types of data: customer/non-customer status, gender, residence/domicile/registered office (country, region, province), e-mail, contact language, types of product purchased from WILIER dealers (model, colour, size, cost), types of product or service viewed on the site, types of product left in the WILIER e-commerce shopping cart, dates and frequency of cart abandonment, propensity to purchase (high, medium, low) taken from the individual history of purchases from WILIER and/or its dealers, purchase dates and frequency; company to which the data subject belongs and data subject’s position; actions performed by the data subject when receiving information and commercial e-mail communications from WILIER (actual receipt, message opened, message read, reply to the call to action contained in the message e.g., click on the link or banner contained in the message or land on a landing page outside the message).
Some of this information is collected through contact forms for technical support (where personal data is required) or registration forms (e.g., to activate the WILIER warranty).

WILIER considers all such personal data for basic profiling to be not particularly invasive of the data subject’s privacy, and in particular of the fundamental rights and freedoms protected by the GDPR, since it: i) involves only data related to the contact between the data subject and the WILIER digital ecosystem consisting of the website, e-commerce service hosted in it and the CRM (HUBSPOT) that collects the data (including data on actions performed by data subjects having received direct marketing e-mails); ii) involves data relating to WILIER products and services only for the cycling sector; iii) involves data on actions of which the data subject is aware; iv) does not involve geolocation data; v) does not involve any specific data; vi) does not involve individuals other than the data subject (e.g., members of the household); and vii) involves data collected through a limited number of channels/sources that dialogue technically with each other. Furthermore, this processing is never fully automated, since any decision regarding the effective use of the results of the analysis for direct marketing purposes is taken by WILIER staff.

- Advanced profiling:
This type of analysis includes additional categories of personal data, as well as comparison with personal data taken from other, different contact channels with the user. We wish to clarify that WILIER does not currently perform any form of advanced profiling.
The legal basis provided for by the GDPR by which the processing may be regarded as lawful differs depending on whether profiling is basic or advanced (see the chapter LEGAL BASIS OF PROCESSING hereinafter, for more information).

- Non-relevant profiling
In accordance with the legislation in force, WILIER considers the processing of data for profiling purposes for subjects other than natural persons not to be relevant.

The purposes of direct marketing and advanced profiling are collectively referred to as “secondary purposes”.

The logic and organisation of forms of processing will be closely related to the individual purposes indicated above. Processing will be done using electronic, telematic and/or paper means. During processing, WILIER protects the data against unauthorised access or processing; it is accessible only via access to various software applications, with mandatory personal passwords, and only by personnel previously authorised by WILIER who are required to comply with pre-determined limitations of use.

3. LEGAL BASIS OF PROCESSING

In the case of primary purposes, processing is necessary to perform pre-contractual measures adopted at the data subject’s request (e.g., requests for clarification, information or commercial offers), for performance of a contract to which the data subject is a party, or to fulfil a legal obligation to which WILIER is subject (e.g., to allow verification of the proper fulfilment of legal and contractual obligations with respect to the data subject or third parties by the administrative and taxation authority, the board of statutory auditors or auditors, etc.) and/or based on the legitimate interest of:

a) WILIER (prevailing over the data subject’s interests or fundamental rights and freedoms) to process data in order to effectively and efficiently manage the relationship with its users, customers and/or providers and to organise production, organisational and management processes (including relations with its sub-providers and/or parent companies, subsidiaries and affiliates pursuant to Article 2359 of the Italian Civil Code or with companies under joint control) to meet this objective

b) third parties to whom the data is sent, to receive personal data from the Data Controller and to process it i) to verify the proper fulfilment of existing legal and contractual obligations towards the data subject or third parties (e.g., verification by Public Authorities of the fulfilment of fiscal obligations, or by the board of statutory auditors or auditors regarding the fulfilment of legal obligations, etc.) or ii) to manage activities connected with the Data Controller's request to receive support for managing activities towards data subjects

In the case of secondary purposes, the legal basis for processing is as follows:

  • direct marketing to customers: WILIER's legitimate interest to promote its products and/or services to its current customers both off line and on line (e.g., sending soft spam or commercial communications using telephone numbers available from public sources other than subscriber lists)
  • processing of direct marketing to non-customers (leads) following specific consent to processing by the data subject, that has not subsequently been withdrawn
  • basic profiling: WILIER's legitimate interest to use the analysis of personal data to create groups of customers who are natural persons sharing characteristics in order to better direct its marketing actions based on these characteristics
  • advanced profiling: following specific prior consent to processing by the data subject that is not subsequently withdrawn
4. DATA PROCESSING SUBJECTS

The collected data are processed by WILIER's internal delegates who need to have knowledge of them when carrying out their activities (e.g., sales office, marketing office, administrative office, call centre, technical staff for the maintenance of the company IT system, etc.).
WILIER has also appointed some third parties to whom the Company communicates data as data controllers.

5. MANDATORY OR OPTIONAL COMMUNICATION OF PERSONAL DATA AND CONSEQUENCES OF NON-DISCLOSUREO

WILIER has a legitimate interest in processing for the aforementioned primary purposes. Therefore, such processing will be possible even without the data subject’s consent. The provision of data to WILIER is mandatory if it is necessary for the fulfilment of legal obligations and failure to to do so would prevent the establishment of a contract with the data subject and/or the organisation to which the data subject belongs. In the other cases mentioned above, the data subject is not required to provide the data, although this will prevent continuation of pre-contractual relations, the data subject’s online registration on the website and/or the provision of services or sale of products for which WILIER requests registration and/or data.

Non-registered users may browse the website and view only the content and materials available without registration.

In relation to the secondary purposes of processing (direct marketing, profiling, as provided for in point 5 above) as well as for the communication of data by WILIER to third parties for these purposes:

  • your consent is always optional (free and deniable); the consent must be given or denied by you, separately for i) the processing carried out solely by WILIER and, respectively, for ii) the communication of data by WILIER to third parties for the same purposes;
  • failure to provide or consent to the processing of data in this case will prevent WILIER from processing and/or communicating to third parties the data for these secondary purposes, and will not in any way interfere with the pre-contractual or contractual relationship between WILIER and the person or organization to which it belongs.
6. ARE THERE CASES OF SIMPLIFIED CONSENT OR EXCEPTIONS TO THE CONSENT REQUIREMENT FOR DIRECT MARKETING PURPOSES?

As permitted by the current legislation and in order to fulfil WILIER’s privacy obligations in accordance with the principles of simplification (as per the Italian Data Protection Supervisor's General Order of 15 May 2013 "Consent to personal data processing for ‘direct marketing’ using traditional and automated contact tools"), the consent WILIER requests for secondary and direct marketing purposes is unique and comprehensive for all possible processing means for Marketing Purposes (electronic/telematic, paper), as well as for all possible direct marketing purposes (i.e., requiring consent for each separate marketing purpose pursued).

We also inform you that without your express consent, we are authorised to use the e-mail address that you provided during previous product or service purchases to send you commercial communications and sales offers via e-mail, as long as they relate to products and services similar to ones you have already purchased. However, you may easily oppose processing at any time free of charge (by opting out via our online platform) (hereinafter, this rule is called “soft spam”).

7. DOES THE DATA SUBJECT'S CONSENT TO PROCESSING FOR DIRECT MARKETING PURPOSES ALSO APPLY TO COMMUNICATION OF DATA TO THIRD PARTIES?

No. WILIER communicates some data to other companies belonging to the WILIER Group or to third parties that by contract are delegated by us to process the data (e.g., transmit commercial communications) solely on behalf of WILIER based on the same specific marketing consent including that to communicate to third parties for these purposes.
Only with further, separate, additional*, documented, express and optional consent, will WILIER also communicate or transfer your data to third parties who process it as joint or autonomous Data Controllers (these are usually third-party partners for Event promotion), who use them for direct marketing purposes).

8. WITHDRAWAL OF CONSENT

Even after consenting to the processing of personal data for direct marketing and possible advanced profiling purposes, the data subject may notify WILIER of a different wish at any time, using one of the following alternative methods:

  • click on the "Unsubscribe" button provided at the bottom of promotional emails sent to the data subject:,an email will automatically be sent to WILIER and the data subject’s name will be recorded in a specific blacklist, preventing further future direct marketing actions by WILIER to the data subject
  • send WILIER a statement of withdrawal of consent by ordinary post or e-mail (which will be entered manually in the Company's CRM). This method of communication is always necessary if the data subject wishes to express a more analytical selective wish, either with regard to the use of certain individual means and not others (e.g. only paper, only electronic, refusing messages sent by automated systems, etc.) to receive WILIER marketing communications, subject to consent, or with regard to individual Marketing Purposes among those that are concretely possible (e.g., to receive only newsletters and not invitations to our Events) - inform WILIER of withdrawal of consent via telephone. Upon receiving this opt-out request, WILIER will remove and delete the data from the databases used for direct marketing and, where possible, will inform any third parties to whom the data has been communicated for the same purposes.
  • inviando senza formalità una chiara comunicazione telefonica di revoca del consenso a WILIER. Alla ricezione di tale richiesta di opt-out, WILIER procederà alla rimozione e cancellazione dei dati dai database utilizzati per il trattamento per finalità di marketing diretto e, ove possibile, informerà di tale cancellazione eventuali terzi cui i dati siano stati comunicati per le medesime finalità.
    Mere receipt of the deletion request will automatically be considered confirmation of deletion.
  • If the data subject wishes to withdraw consent to any advertising communications from social mediacanali social (e.g., Facebook, Twitter, etc.), the data subject must inform the individual social media platform directly, in the manner made available by it and/or by the browser used (since WILIER is not technically able to influence third-party social media platforms for this purpose). This opposition will have no consequences on the provision of any contract activities underway.
9. COMUNICATION OF DATA TO THIRD PARTIES

Collected data is processed by staff delegated by WILIER requiring knowledge of it to perform their activities (e.g., sales, marketing, administrative, technical staff for the maintenance of the company IT system, etc.).

WILIER communicates personal data to third-party recipients only when it is necessary and functional to fulfil the purpose of data processing for the service or product requested by the data subject, and in any case, it communicates it only after informing the data subject, and where necessary, obtaining the data subject's consent to do so. Disclosure to third parties will always be limited to data required for their purposes. The third-party recipients of the data - hereafter better identified - will process the data, according to the case, a) as “data processors" (i.e., on our behalf and on the basis of our written directives aimed at ensuring respect for privacy during processing and under our supervision), or b) as joint data controllers (i.e., on the basis of a written agreement that regulates their respective activities and responsibilities in relation to personal data), or as autonomous data controllers (in this case they will provide the data subject with all the necessary legal information on their respective processing, unless they are bound by professional confidentiality under the current regulations).

Within the scope of the primary purposes, and in particular where the data subject enters into a contract with our Company, the data may be communicated by WILIER to all subjects whose intervention in the processing is useful based on the services requested by the data subject and/or on legal obligations or deriving from regulations or other EU legislation, e.g.: parent companies, subsidiaries or affiliates of the WILIER group and/or third-party partners providing functional or complementary activities to the provision of products or services requested by the data subject (e.g., management of information requests, quotes, orders, contracts, after-sales), third parties performing activities related to and/or instrumental to processing (e.g., commercial agents, banks for deposits and payments, commercial information companies, credit collection companies, credit transfer companies, credit insurance companies, electronic payment service providers, couriers, carriers and freight forwarders, factoring companies, insurance companies, lawyers and law firms, chartered accountants, accountants, auditors and auditing companies, members of the supervisory body in accordance with Leg. Decree 231/2001 on organisational models to prevent of the commission of certain categories of offence, statutory auditors, third parties responsible for web hosting services and/or maintenance of this website and/or of the computer systems used by it and/or of the electronic archives connected to the site; carriers and freight forwarders; public safety authorities and computer forensics companies in the case of requests related to criminal and civil investigations and/or suspected offences or other violations or unlawful acts committed against WILIER and/or third parties.

In the case of processing for secondary purposes (advanced profiling, direct marketing), we will also communicate the data after obtaining specific consent (see below) to the following product or categories of commodity of third party recipients: other subsidiaries of the WILIER group, advertising agencies, marketing analysis companies, communication and/or public relations companies, companies responsible for designing, printing and maintaining advertising or promotional materials and/or their online management, website production companies, web marketing companies, direct e-mailing service companies (e.g., Mailchimp, HubSpot or similar), consultants and/or other entities entrusted by us with activities functional to these purposes; maintenance companies of the IT systems on which our databases are hosted or are processed; providers of electronic communication and ICT services; third-party commercial partners with which WILIER initiates co-marketing actions (e.g., influencers, dealers, agents). The data will not be disseminated.

10. AUTHENTICATION SYSTEMS

WILIER also communicates personal data to AMAZON WEB SERVICES Inc. (AWS), with registered office at 1200 12th Avenue South, Suite 1200, Seattle, WA 98144 (USA), which provides i) an infrastructure and back-end service hosting data and files that allow this site to function (AWS DynamoDB service), allowing distribution and providing a ready-to-use structure for specific website functionalities, and ii) user identity and access management services provided by AWS Cognito.

Services under ii) include social media login features that use identity services from third-party social media providers (e.g., Google, Facebook). These services authenticate users identity and provide the option to share some personal data from these services with us, such as name and e-mail address, to pre-complete our login form.

WILIER has contractually agreed with AWS that the servers used by AWS are located within the European Union. See AWS's privacy policy and the types of data collected by AWS at https://aws.amazon.com/it/privacy/?nc1=f_pr. For more information on the personal data protection measures guaranteed by the AWS Cognito service, go to: https://docs.aws.amazon.com/cognito/latest/developerguide/data-protectio.... For more information on the distribution of responsibilities between WILIER and AWS with regard to the AWS DynamoDB service, go to: https://aws.amazon.com/it/compliance/shared-responsibility-model/ For frequently asked questions about AWS’s privacy policy, go to: https://aws.amazon.com/it/compliance/data-privacy-faq/

11. DATA TRANSFER ABROAD

Personal data may be processed in part in foreign countries, whether inside or outside the EU, in so far as the Company uses providers having data centres or offices in those countries (e.g., for technical management of this site and/or the technical operation of the site’s database, or to manage direct marketing activities and profiling related to it in various ways).

In particular, personal data will be transferred abroad when necessary for commercial or Marketing Purposes, and only to non-EU countries guaranteeing adequate levels of protection in accordance with EU Commission decisions, or, in the absence of specific decisions, only following the conclusion of specific contracts between WILIER and these subjects with regard to the Marketing Purposes, containing appropriate safeguard clauses for the protection of personal data by the foreign entity receiving it, in accordance with applicable legislation and, as a minimum, the relevant standard texts approved by the EU Commission (Standard Contractual Clauses - SCC).

WILIER uses the following cloud providers with registered office or data centres located in the USA:

  • ZENDESK Inc.,with registered office at 1019 Market St., San Francisco, CA 94103 (USA), which manages the service of the same name through which the Data Controller manages technical support requests for dealers and contacts with end consumers received by email or other means, such as the contact form or chat on the website. For more information on the ZENDESK service, see the privacy policy at https://www.zendesk.it/company/customers-partners/privacy-policy/. For information on the ZENDESK cookie policy, go to: https://www.zendesk.it/company/customers-partners/cookie-policy/.
  • MAILCHIMP (The Rocket Science Group, LLC., with registered office at The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 (USA) which manages on behalf of the Data Controller the address management and email sending service, which uses a database of email, telephone or other contacts for mass emailing (e.g., newsletters, offers and other commercial communications). This service may also collect data on the date and time when the user viewed messages, as well as the user’s interaction with them, such as information on clicks on links in messages. See MAILCHIMP's privacy policy at www.mailchimp.com/privacy/.
  • GOOGLE LLC, with registered office at 1600 Amphitheater Parkway, Mountain View, CA 94043 (USA), which manages the Google Sheet service through which the Data Controller imports users' purchase data for sales statistics. See GOOGLE's privacy policy at https://policies.google.com/privacy?hl=en-US.
  • PAYPAL S.à.r.l. (France, EU) for online payments on WILIER’s e-shop site. See PayPal's privacy policy at https://www.paypal.com/it/webapps/mpp/ua/privacy-full). In order to complete the purchase, as autonomous Data Controller, the third-party payment service provider collects the requested data (e.g., personal data, contact data, credit card or other payment tool) directly from the user and processes it. The provider processes this data without it ever passing through WILIER’s server or being processed by WILIER, since it receives only the order code issued and notification of payment (date, time, successful or failed completion of the transaction). These third-party services may also allow the scheduled sending of emails to users, such as emails containing invoices or payment notifications.
  • HUBSPOT IRELAND LTD with registered office at Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Co. Ireland, which manages Wilier user records. See HubSpot Ireland Ltd’s privacy policy at https://legal.hubspot.com/privacy-policy.
  • THRON with registered office at Via dei Contarini 5/A, Piazzola sul Brenta (PD, Italy), which manages corporate multimedia content to which some users and providers have access for consultation, following registration with email and password. See THRON’s privacy policy at https://www.thron.com/it/thron-legal-privacy. MICROSOFT CORPORATION, with registered office at 1 Microsoft Way, Redmond, WA 98052 (USA), as a provider of the “Microsoft 365” individual productivity cloud application service, Azure, OneDrive, SharePoint services and the “Microsoft TEAMS” video conferencing service used to manage pre-contractual or contractual relationships with data subjects.
  • MICROSOFT CORPORATION with registered office at 1 Microsoft Way, Redmond, WA 98052 (USA), as a provider of the “Microsoft 365” individual productivity cloud application service, Azure, OneDrive, SharePoint services and the “Microsoft TEAMS” video conferencing service used to manage pre-contractual or contractual relationships with data subjects.
  • In particular, as per Appendix 1 of the Terms and Conditions of Use of the Online Services, with reference to Service 365, Microsoft undertakes to store inactive Company data processed by WILIER as follows: “If the Company provisions its tenant (…) in the European Union, Microsoft will store the following Inactive Company Data only within that Geographic Area: (1) contents of your Exchange Online mailbox (email body, calendar entries and email attachment content), (2) contents of your SharePoint Online site and the files stored on that site, and (3) files uploaded to OneDrive for Business.” Such data is not transferred to the USA or only on an occasional basis. See Microsoft's policy at https://docs.microsoft.com/it-it/microsoft-365/enterprise/o365-data-loca..., and Microsoft's privacy policy at https://privacy.microsoft.com/it-it/privacystatement. https://support.apple.com/it-it/HT201265

However, other inactive data processed by WILIER, and in particular data other than that mentioned above, may be transferred from the EU to the USA for the service on a non-occasional basis.

It is possible that, in certain exceptional situations, under the legislation in force in the USA (e.g., Article 702 of FISA and Executive order EO 12333) and exclusively for national security purposes, the American public authorities may access personal data transferred by WILIER to the USA. However, on the basis of a specific analysis performed by the Company in accordance with the ECJ “Schrems II ruling” of 17 July 2020 and the guidelines of the European Data Protection Board (EDPB), the possibility that the aforementioned public authorities would have an interest in accessing and processing data (of which the provider is not required by law to notify WILIER and/or the data subject) appears entirely remote, given: (i) WILIER's core business (ii) the limited types of personal data processed by WILIER and (iii) the limited categories of data subjects to which the data relates.

Therefore, the Company considers that the aforementioned SCC guarantee a level of protection of data subjects’ rights substantially equivalent to that provided for under the GDPR. Data subjects will be informed of the adoption of any additional measures.

WILIER also performs constant monitoring in order to identify providers with registered office or data centres in the USA and verifies that data transfer to them is based on appropriate legal bases required by the GDPR.

When data is transferred outside the EU for reasons other than Marketing Purposes, the legal basis of the transfer is also constituted by WILIER's legitimate interest in performing the contract with the data subject or a contract concluded by WILIER with third parties in favour of the data subject or to fulfil relevant legal obligations.

12. DURATION OF PROCESSING

Personal browsing data is processed for the time required to allow browsing and technical interaction between the user and the website. This time coincides with the duration of the individual browsing session.

In the case of processing for primary purposes, personal data is normally processed for the entire duration of the pre-contractual and/or contractual relations established with the data subject, in particular:
a) for the time necessary to meet the data subject’s pre-contractual requests (e.g., open tickets for warranty technical interventions, track and manage successful sending of replies by the Company to the data subject): 24 months from the date of personal data collection
b) in the case of a contract concluded with the data subject: for the duration of the contract
c) after termination of the above contractual relationship: 10 years in order to fulfil all legal obligations (e.g., tax and civil) connected with the terminated contractual relationship and to respect the limitation period for any civil claims by the data subject against WILIER.

Personal data processed for IT security purposes (e.g., logs) are kept for the time required to perform the security checks and assess the results: 24 months from the time of collection.

In the event of out-of-court or court litigation with the data subject and/or third parties, the data will be processed for the entire time strictly necessary to fully protect the Data Controller’s rights.

Processing for secondary purposes has the following duration (unless the data subject’s consent is renewed at the end of the period):

  • direct marketing: until opposition by the data subject for soft spam sent to our customers, until withdrawal of consent in the case of marketing to non-customers using means other than e-mail, text message and instant messaging, and up to 10 years from the date of data collection in the case of direct marketing to the lead.
  • profiling: if basic: until any opposition expressed by the data subject
13. DATA CONTROLLER

The Data Controller of the personal data is WILIER TRIESTINA S.p.A., Via Fratel Venzo 11, Rossano Veneto (VI), Italy, in the person of its Chief Executive Officer, Andrea Gastaldello, email: privacy@wilier.it
A complete and up-to-date list of external data processors is available for viewing at the Company upon written request of the data subject.

JOINT STATISTICAL DATA PROCESSING WITH FACEBOOK
For Pages, Facebook offers Page Insights, a feature that provides aggregated data to help understand how people interact with Facebook Pages.
With respect to the Facebook page https://www.facebook.com/wiliertriestina, WILIER is Joint Data Controller for statistical data with Facebook Ireland Limited (“Facebook Ireland”). This link provides the appendix on the data controller for Facebook Page Insights, which indicates the division of responsibilities between Facebook Ireland and WILIER as administrator of the page: https://www.facebook.com/wiliertriestina
The page https://www.facebook.com/privacy/explanation provides information on Facebook’s data policy as well as the following information:
• The types of information Facebook collects
• How Facebook uses this information
• How this information is shared
• Legal basis for data processing
• How to exercise rights under the GDPR
• Facebook Ireland contact data for personal data protection questions
• Contact details of Facebook Ireland’s data protection officer
• Facebook visitors’ rights under the GDPR
• The data retention period
Facebook’s cookie policy is available on this page.

MORE ABOUT WILIER’S SOCIAL MEDIA CHANNELS

LinkedIn
WILIER manages the LinkedIn page at https://www.linkedin.com/company/wilier-triestina-spa/
LinkedIn's privacy policy is available at https://it.linkedin.com/legal/privacy-policy? and at https://privacy.linkedin.com/it-it/gdpr.
LinkedIn's cookie policy is available at https://it.linkedin.com/legal/cookie-policy?

YouTube
WILIER manages the YouTube channel at https://www.youtube.com/user/WilierChannel
The privacy policy of Google, YouTube's owner, is available at https://policies.google.com/privacy
The cookie policy of Google, YouTube's owner, is available at https://policies.google.com/technologies/cookies?hl=it

Twitter
WILIER manages the Twitter account at https://twitter.com/WilierTriestina
Twitter’s privacy policy is available at https://twitter.com/it/privacy
Twitter's cookie policy is available at https://help.twitter.com/it/rules-and-policies/twitter-cookies

Pinterest
WILIER manages the Pinterest account at https://www.pinterest.it/wiliertriestina/
Pinterest's privacy policy is available at https://policy.pinterest.com/it/privacy-policy
Pinterest's cookie policy is available at https://policy.pinterest.com/it/cookies

Instagram
WILIER manages the Instagram account at https://www.instagram.com/wiliertriestina/
Instagram’s privacy policy is available at https://help.instagram.com/519522125107875
Instagram’s cookie policy is available at https://help.instagram.com/1896641480634370?ref=ig.

14. RIGHTS OF THE DATA SUBJECT

With regard to the processing of personal data, the data subject may exercise the following rights, contacting our Company without any particular formality: Company.

  1. request confirmation of whether the data subject's personal data is being processed and, if so, obtain access to the personal data and the following information:
    • the purposes of processing;
    • the categories of personal data being processed;
    • the recipients or categories of recipient to whom the personal data has been or will be communicated, in particular if they are recipients in third countries or international organisations;
    • where possible, the expected personal data storage period or, if not possible, the criteria used to determine that period;
    • the existence of the data subject's right to ask our Company to correct or delete personal data or to limit the processing of personal data concerning him/her or to oppose processing;
    • the right to complain to a supervisory authority;
    • if data is not collected from the data subject, all available information on their origin;
    • the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for the data subject.
  2. where personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of the existence of appropriate safeguards relating to the transfer
  3. request, and obtain without undue delay, the correction of inaccurate data; taking into account the purposes of processing, the integration of incomplete personal data, including by providing a supplementary statement
  4. request deletion of the data if:
    • personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
    • the data subject withdraws the consent on which processing is based and there is no other legal basis for processing;
    • the data subject objects to processing, if there is no overriding legitimate reason to perform the processing, or objects to processing done for direct marketing purposes (including profiling for the purpose of direct marketing);
    • the personal data has been processed unlawfully;
    • the personal data must be deleted to fulfil a legal obligation under EU law or the law of the Member State to which our Company is subject;
    • personal data has been collected in relation to the provision of the services of the information society from the database of our Company.
  5. request the limitation of processing concerning the data subject, when one of the following applies:
    • the data subject disputes the accuracy of the personal data; in this case processing can be limited (i.e., suspended) for the period necessary for our Company to verify the accuracy of such personal data;
    • processing is unlawful (e.g., because prior legal information was not provided to the data subject) and the data subject opposes deletion of the personal data (i.e., prefers that it be kept by us in our paper records and/or computer files) and asks instead that its use be limited;
    • although our Company no longer needs it for the purposes of processing, personal data is necessary for the data subject to establish, exercise or defend a right in court;
    • the data subject opposed processing for direct marketing purposes, pending verification of the possible prevalence of our Company’s legitimate reasons with respect to those invoked by the data subject
  6. obtain from our Company, upon request, communication of the third parties to whom the personal data was transmitted;
  7. withdraw consent to the processing of personal data at any time if previously given for one or more specific purposes, it being understood that this will not affect the lawfulness of processing based on the consent given prior to withdrawal.
  8. receive the personal data concerning the data subject provided by him/her to our Company in a structured format that is commonly used and readable by automatic devices, and, if technically feasible, to have such data transmitted directly to another Data Controller without hindrance from us, under the following (cumulative) conditions:
    • processing is based on the consent of the data subject for one or more specific purposes, or on a contract to which the data subject is a party and for the performance of which processing is necessary; and
    • processing is carried out by automated means (software) (overall right to "portability”);
    the exercise of the right to portability is without prejudice to the right of erasure provided for above;
  9. not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar manner. NB: Our Company makes no automated decisions of the type above.
  10. lodge a complaint with the competent supervisory authority on the basis of the GDPR (that of the user's place of residence or domicile). In Italy: Garante per la protezione dei dati personali, Piazza Venezia 11, 00186 ROME (garante@gpdp.it, tel. +39 06 69677.1, fax +39 06 69677.3786).
15. POLICY MODIFICATION

As of the date of publication, this privacy policy replaces any previous version. Unless otherwise specified, the previous cookie policy will continue to apply to personal data collected until that time. The Data Controller reserves the right to modify this privacy policy at any time, notifying users on this page. Please consult this page frequently, taking the date of the last modification indicated at the bottom as a reference. Should the data subject not accept future changes, he/she must cease using the website or the features to which the privacy change refers. Otherwise, the changes will be deemed as accepted (except for those modifying the conditions for obtaining consent to processing, where mandatory).

Rev 3.0 - 09/06/2021

Customer care

Contact Us to get information about your order and our products.

Shipping and returns

Express delivery within 3-5 working days. Free return within 14 days. Terms & Conditions

Free Shipping

For purchases over €80. Terms & Conditions

Secure Payment

On wilier.com your online payments are always protected.