Politique sur les Cookies
Termes et Conditions
Politique de confidentialité
Conditions générales de garantie
Quality Policy
Accessibilité
Anti-Corruption Policy
Code D’éthique
Mentions légales et conditions d'utilisation
General Purchase Conditions

Politique de confidentialité

Welcome to www.dainese.com (the “Website”). Please read our Privacy Policy carefully. It applies both if you decide simply to visit and browse the Website and use its services, without purchasing any products, and if you purchase the products or services offered for sale on the Website.  

This Privacy Policy also applies when the data is collected through means other than the Website, unless otherwise specified. 

By using the Website, you accept the terms and conditions described in the Privacy Policy and in the information at the end of the Privacy Policy. If you do not agree with any of the terms and conditions and methods indicated in the Privacy Policy, please do not use the Website.  

The Personal Data of users and consumers (hereinafter, collectively, "Users") will be processed in compliance with applicable European regulations (GDPR – Regulation (EU) no. 679/2016 and the E-Privacy Regulation) and with the Italian Personal Data Protection Code (hereinafter, the “Privacy Code”: Legislative Decree no. 196 of 30 June 2003, as subsequently amended and supplemented), which governs i) the processing of personal data performed in the activities of a plant, by a controller or by a processor located in the European Union, regardless of whether or not the processing itself takes place in the Union; and ii) the processing of the personal data of data subjects who are located in the Union, performed by a controller or a processor who is not established in the Union, when the processing activities relate to: a) the offer of goods or the supply of services to data subjects in the Union, regardless of whether or not the data subject has a payment obligation; or b) monitoring of their behaviour, to the extent that said behaviour takes place within the Union.  

Processing is performed with respect for the fundamental rights and freedoms, and also the dignity, of the data subject, with particular reference to confidentiality, personal identity and the right to protection of personal data. 

In the processing of personal data that could identify you, directly or indirectly, DAINESE S.p.A. (“DAINESE”) complies with the general principles of said processing being strictly necessary and proportionate (by configuring the Website in a manner that use of Personal Data is reduced to a minimum and in a manner to exclude the processing of Personal Data when the purposes being pursued in individual cases can be achieved through the use of anonymous data or using other methods that allow the data subject to be identified only in the case of need or on request of the authorities and law enforcement, such as data related to traffic, time spent on the Website and your IP address), lawfulness, fairness and transparency, integrity and confidentiality, limitation of duration, as envisaged by Regulation (EU) no. 679/2016 (GDPR) for controllers.

We could process data in four general categories: i) the user’s browsing data on this website and/or on other websites of DAINESE ii) data actively provided by the data subject, iii) pertinent data collected from third parties, particularly data relating to the data subject’s interactions with on-line portals monitored by DAINESE through the cookies of the third-party software belonging to the supplier, Hubspot Inc. (see below), iv) data on telephone calls with customers, which are recorded through the Aircall cloud-based call centre service. 

 

i) Browsing data


The computer systems and software procedures used for functioning of the Website acquire certain personal data during their normal operation, the transmission of which is implicit in use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects but, due to its nature and as a result of processing and association with data held by third parties, could allow users to be identified. 

This data category includes IP addresses or domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the digital code indicating the status of the response given by the server (successful, error, etc.), the country of origin and other parameters relating to the user's operating system and computer environment (such as the characteristics of the browser and operating system used by the visitor, the type of device used to access the Internet, the various time aspects of the visit, such as the time spent on each page, and the relative details on the path taken on the pages of the Website, with particular reference to the sequence of pages consulted). This category also comprises the so-called system logs, which are the files that record interactions between the user and the Website.  

This data is used to manage access to the Website and the services it offers, to obtain anonymous statistical information on its use, to make functioning of the website technically possibly and to monitor correct functioning and guarantee maintenance of the relative database. In these cases, the browsing data cannot be used to identify the data subject and is erased immediately after being processed in anonymous form. The browsing data could also be used to ascertain liability in the event of crimes or other unlawful actions committed by the data subject that damage the Website itself and/or third parties through the Website. 

 

ii) Data provided by the user


DAINESE collects the Personal Data and other information directly from Users, as part of the processes that it manages on the Website (purchase of products on the Website, for conclusion of e-commerce transactions / compilation of User registration forms on the Website for the marketing purposes of DAINESE) or through other means (such as a) collection on paper or electronically at stores, b) events and exhibitions, c) trade fairs, chat services on the DAINESE website; d) on-line forms dedicated to specific DAINESE initiatives).  

The data provided voluntarily by the User and collected through the Website and with other means, for business purposes, is entered into two separate general databases of DAINESE:  

- “B2B” (relating to dealers, distributors and agents of the company);  

- “B2C” (relating to natural persons who are final users of the company’s products and services). 

This data is: 

  • the information sent by users, on an optional and voluntary basis, to the addresses indicated on the Website (such as e-mail address, subject of the e-mail, company name, first name and surname, etc., address of the office, residence or domicile (postcode, city, province), telephone number or mobile telephone number, country, contact language, company to which they belong and position held there, etc.); the personal data provided by users in order to use the services accessible on the Website (through the order form for the purchase of goods and services on the e-commerce website, such as personal details, e-mail address, e-mail content and attachments, postal address, credit card details, bank details, details of payment tools and codes used through mobile devices, telephone number, data on purchases made by the data subject, such as type of product, data and purchase price, product model and serial number, dealer from whom the purchase was made), or to participate in initiatives promoted through the Website or with other means  
  • the personal data provided by users who send on-line or off-line requests for sending of news, informational material or newsletters
  • the personal data provided by users who submit their candidacy (“curriculum vitae”, etc.) through the “Careers” on-line form; 
  • the personal data collected through the D-Air category of products, which include a GPS (necessary for functioning of the product) that records data on its geolocation, for a limited time and only on the product microchip. Dainese will only process the data in the event of delivery of the D-Air category product to Dainese itself or to an authorised dealer, for reactivation of the D-Air bag or repairs, or for product research and development purposes.  

 

iii) Data collected from third parties

DAINESE uses HUBSPOT software to automatically associate the personal details of the B2C data subject with further information on that data subject, which said software obtains independently on this website and on other websites of DAINESE, and also data on the data subject’s interaction with the on-line portals monitored through the cookies of the HUBSPOT software, in order to create a basic profile of the data subject, which DAINESE uses for analysis and direct marketing purposes. This is mainly, but not only, personal details and contact data. 

 

iv) Data collected from the Aircall service 

DAINESE makes audio recordings of telephone calls with customers and records the metadata associated with them (such as duration of the conversation, telephone number and name of the customer, notes of the operator), through the cloud-based call centre service provided by the third-party supplier Aircall, in order to provide its employees with training on the assistance service. 

 

v) Special categories of data

We will never ask you to provide “special” categories of data (data that could reveal racial or ethnic origin, religious or philosophical beliefs or other beliefs, political opinions, membership of political parties, trade unions or religious, philosophical, political or trade union associations or organisations, or personal data that could reveal state of health or sexual orientation) or “criminal” data (data on criminal records, or relating to the position as a defendant or suspect or person with a criminal conviction) through the forms available on the websites.

Authorised processors

The personal data will only be processed by processors who have been duly selected and authorised beforehand in writing by DAINESE and who are controlled by DAINESE, in order to prevent the risk of personal data security breaches. The authorised processors are mainly members of the administration, marketing, sales, after-sales and complaints, legal and ICT offices. 

The personal data is also shared with the supervisory body appointed by DAINESE in relation to the organisational model adopted pursuant to Legislative Decree no. 231/2001, in order to prevent the risk of certain crimes being committed. 

The e-mail boxes corresponding with the e-mail addresses indicated on our websites, and any other e-mail box of DAINESE, are not personal in nature, even when the first name and/or surname of a natural person is indicated on them. They belong to the corporate organisation and their primary purpose is to allow business activities at DAINESE Group companies to be performed efficiently. This means that messages sent to the e-mail boxes of the DAINESE Group could be disclosed not only to the recipient, but also to other members of the organisation. If you forward e-mails to the other e-mail addresses indicated on our websites, you declare that you have viewed and accepted the terms and conditions of processing contained in this policy. 

Purposes 

DAINESE is the sole and independent controller of the personal data of users (“Personal Data”), in relation both to the activities of management, entry into and performance of business transactions relating to the sale of products and services through the Website or through physical stores owned by Dainese, and after-sales services ("Business Purposes"), and in relation to direct marketing purposes (including the profiling functional to direct marketing activities) performed through the functions of the Website and/or through any other on-line channels (such as sending of newsletters relating to DAINESE and to its products and services, sending - via mobile messaging, text message, e-mail, telephone call with an operator, social networks - of general promotional and advertising messages and/or messages personalised to reflect the consumption habits and/or any other preferences and interests expressed by the User) (“Marketing Purposes”), depending on the consent given by the data subject, as indicated in further detail below, or any other legal basis for processing. 

As part of the Business Purposes, in particular, the personal data is processed in order to 1) satisfy requirements prior to entering into a contract (such as preparing offers or your orders, solvency checks, etc.); 2) fulfilment of contractual obligations (associated with the supply or purchase of goods and/or services) and legal obligations (such as keeping of accounts, tax formalities, administrative, accounting and treasury management); 3) management of customers and suppliers; 4) management of electronic payment instruments and monitoring of the associated risks (fraud, insolvency, etc.); 5) management of litigation; 6) insurance services instrumental to customer/supplier management.  

 

Processing methods 

The Personal Data is processed mainly in electronic format and, in certain cases, on paper.  

The organisational logics and forms of processing are strictly correlated to the individual purposes respectively indicated here above.  

In order to ensure that the Personal Data is always precise and up-to-date, and pertinent and complete in any case, please inform us of any intervening change, at the following e-mail address:?privacy@dainese.com

The data is processed in the Custom Relation Management (CRM cloud) computer system of DAINESE, which is dedicated to the management of customers, suppliers and other contacts, and also on the e-commerce platform of DAINESE and on the AX management software of DAINESE. 

The controller also uses a cloud service belonging to the company THRON S.p.A. (“THRON”), which supplies an integrated digital asset management (“DAM”) technical solution (for management of digital resources). THRON manages the digital assets of DAINESE in a centralised, and therefore more efficient, manner. These assets are available and/or published, simultaneously, on multiple web channels, and statistics are obtained on the use and consultation by users of the assets managed through it. THRON does not automatically collect personal data identifying the users who visit the digital assets managed through the software, but the following data is collected automatically: IP address, operating system and browser type of the computer or mobile device used, URL of the website visited before or after access to a service into which the THRON solution is integrated. For further information, consult the privacy policy of THRON, which is available at the following?link.  

 

Security measures 

DAINESE adopts suitable security measures to reduce to a minimum the risks of destruction or loss, even accidental, of the Personal Data, of unauthorised access to it or processing that is not permitted or does not comply with the purposes of collection.  

These measures include, but are not limited to, the use of authentication credentials (user-ID and password) by anyone who has access to the data, on behalf of DAINESE, the configuration of authorisation profiles that limit access solely to previously authorised legal entities and natural persons, the periodic review of said authorisation profiles, the use of back-up and recovery procedures, anti-virus software at server and client level, firewalls and intrusion detection software. The e-mail archive is protected by anti-virus and anti-spam software. Furthermore, the Website is based on HTTPS technology, which is a protocol for secure communication through a computer network used on the Internet. HTTPS consists of communication through the HTTP (HyperText Transfer Protocol) in a connection encrypted by Transport Layer Security (TLS) or by its predecessor, Secure Sockets Layer (SSL). The principle on which HTTPS is based is having: i) authentication of the website visited, ii) protection of privacy, iii) integrity of the data exchanged between the communicating parties. The newsletter sending system is also monitored by anti-spam and anti-virus software. The data is contained in archives that are backed up every day on mediums kept in protected locations.

The purposes of processing are; 

  • satisfying requirements prior to entering into a contract (such as preparing our offers or your orders, fulfilment of your requests, including sending of informational materials, price lists, etc.) and/or fulfilment of contractual obligations (supply or purchase of goods and/or services, including management of delivery obligations and the logistics and transport functional to them); the legal basis of processing is the need to execute a contract to which the Data Subject is a party or to perform steps prior to entering into the contract or manage it on their request (for the legitimate interest of DAINESE, overriding the interests or rights of the data subject, of concluding a contract of sale of products and services). Said legitimate interest also includes that of performing, on the User’s request, exchanges of information with the User for the purpose of entering into that contract (e.g., concerning the type and/or characteristics of the products).  
  • fulfilment of legal obligations (such as keeping accounts, tax formalities, administrative and accounting management, etc.); the legal basis for processing is therefore to need to satisfy said legal obligations; 
  • management of customers and suppliers for aspects other than those of points 1-2 (internal organisation of activities that are functional to the active and passive supplies of products and/or services, such as: solvency checks, management of credit facilities and monitoring of risks - fraud, insolvency, etc. -, management of disputes and assignment of credit, management of financial and insurance services instrumental to management of suppliers and management of electronic payment instruments, management of production, management of phone books, processing of statistics, training to customers/suppliers on products); the legal basis for processing is our legitimate interest in processing the data in order to manage the relationship with customers and/or suppliers efficiently and effectively and to manage the relative internal and external organisational processes; 

  • exclusively for products in the D-Air category:
  • provision of after-sales technical assistance services (restoration of the bag or repair by Dainese or authorised third parties, product firmware updates): within the scope of this activity, data may be downloaded and analysed (including geo-localisation data) and the same may be used - subject to anonymisation - also for research and development purposes; the legal basis of the processing is the performance of a contract to which the interested party is a party and, for research and development activities for product improvement, the legitimate interest of Dainese in carrying out research and development activities in relation to its products;
  • provision of services for the use of the specific D-Air APP: data is collected for the purposes of user registration and for the activation of the device; the legal basis of the processing is the performance of a contract to which the interested party is a party.

  • direct marketing, meaning the sending of sales and promotional communications and/or the direct offer of goods and services, via e-mails, text messages, telephone calls, social networks and/or market surveys; by law, it will not be necessary to obtain any consent to sending e-mails advertising similar products and services to those already purchased on the Website or in Dainese stores, so the legal basis for processing in this case is our legitimate interest in promoting our activities with anyone who already knows us; if the e-mails do not relate to similar products or services, the legal basis for processing is the data subject’s consent;  
  • profiling; for your profiling, we analyse the data you provide to us when you use our individual services (such as first name and surname, residence, country of origin, contact language, telephone number and mobile telephone number, e-mail addressentered to request the newsletter or to purchase our products and services, or when you register in the reserved area of our website), also associating it with the data on your browsing of the Dainese website and/or on use of the services provided by the website (such as cookies) or with data collected through other communication channels (such as social media with which you interact and with links to our website). 

We aggregate, compare and process the data to perform analysis, including predictive analysis, and/or to create groups of natural persons divided by market bracket, based on a minimum set of elements (such as age, gender, country and/or geographical area of origin, contact language, choices relating to purchase of our products and, in particular, articles, dates and aggregate and average sums of the purchases and any non-purchases of our products placed in the shopping cart on our Website, detected through one of its functions; NB. the type of products analysed is limited to the sector of motorcycle clothing and accessories); the responses of users to DEM or instant messaging campaigns (opening our e-mail and/or instant messaging, opening links contained in the e-mail and/or instant messaging, accepting the call to action proposed via e-mail and/or instant messaging used for e-mail and/or instant messaging campaigns addressed to subjects we have identified by name, and for Google and Facebook advertising campaigns addressed to people we have identified by name, preferences on our product categories; in these cases, we use the overall term of “Basic” profiling), up to more evolved profiles based on on-line behaviour, other than non-purchase of our products, such as pages visited or content clicked on our website and relating to the duration or frequency of the visits or clicks, websites or other on-line channels of provenance, types of devices and browsers used to access our website, products viewed on our website and relative duration and frequency of viewing, advertising cookies; in these cases, we use the term “Advanced” profiling). 

This activity has two purposes: understanding current and potential customers better, both as groups and as individuals, and analysing the efficacy of the channels and marketing content to develop and update the products, services and offers, in line with the preferences and behaviour of our targets, and to use the most appropriate promotion channels.  

The aim of profiling is therefore to align the goods and services we offer with current and potential demand, to measure the results of specific promotions, take corrective actions to improve company results (such as by reducing the risks of investing resources in areas that are marginal for the target) and the efficacy of the sales processes (such as by checking how many of the messages and how much of the promotional content we have sent to you by e-mail or instant messaging have been viewed or clicked on by you), to limit the sending of promotional communications that are not pertinent to your probable expectations and needs or their sending through unwelcome channels. This means that we do not send the same offers to all data subjects and we will be able to send you advertising communications that correspond as closely as possible with your tastes, interests or preferences, or through the contact methods you prefer, improving your purchasing experience, which is to your benefit as well.  

Furthermore, if you consent to Advanced profiling, or even without your consent in the case of Basic profiling, we use the data obtained from the relative analysis to prepare criteria for re-targeting of the advertising that we communicate to social media to advertise services and products there i) to other people who have a similar profile to yours and who could therefore be the most interested in what is being offered (we do not know the name of these people), or ii) to interested people whose names are known. 

Profiling does not exclude you from any specific benefits or from the possibility of freely exercising your rights in relation to the personal data we process. In particular, it does not prevent the data subject from using our ordinary services (such as pre-registration on-line, purchase of services).  

The legal basis for processing in the case of profiling is, for Basic profiling, our legitimate interest in obtaining a basic profile that allows us to limit the marketing actions to the topics of most interest to the user, as well as to re-propose the shopping cart to the user if no purchase is made, and, for Advanced profiling, the prior consent communicated to Dainese by the data subject (or by third parties if they obtain the data subject’s consent).  


Does the data subject’s consent to processing for profiling and marketing purposes also apply for disclosure of the data to third parties? 

The data disclosed by DAINESE to third parties for direct marketing purposes may, depending on the circumstances, be destined to other Group companies or to third parties who, as part of the same shared marketing activities and/or as part of the same processing for direct marketing purposes (such as co-branded marketing initiatives), collaborate with DAINESE or who are appointed by contract to transmit business communications to the data subject and/or to process the data received for marketing purposes on the Controller’s behalf. 

In these two cases, the third-party recipients of the data, as they are appointed in writing as “external processors” by DAINESE, may process the data on behalf of DAINESE, basing their activities on the same specific consent for marketing purposes (including disclosure to third parties for these purposes) already given to DAINESE itself. 

In contrast, consent to processing for marketing purposes given by the data subject to DAINESE does not automatically justify the disclosure or transfer of the data by DAINESE to third parties who process it as joint or independent controllers (i.e. in a different role to that of external processor), which normally only occurs with third-party partners who intend to use the data independently for profiling and/or direct marketing purposes: in order to proceed with this disclosure to third parties, DAINESE must first obtain further, separate, additional and documented express consent, and this is also optional.

The Personal Data will be stored in a form that allows identification of the User for the time strictly necessary to achieve the purposes for which the data has been collected and subsequently processed and, in any case, for the times required by law, as follows. 

The browsing data is processed for the time necessary to guarantee browsing and technical interaction between the user and the Website; this time coincides with the duration of the individual browsing session

  1. in the phaseprior to entering into the contract, for the time necessary to satisfy the requests of the data subject received by the Company (such as opening a technical intervention ticket under warranty) and to track and manage the successful outcome of the responses sent by the Company to the data subject; the duration is limited to24 months from the date of collection of the personal data;
  2. in relation to anycontractentered into with the data subject, for the entire duration thereof (in detail, as a minimum, for the 2 years of standard warranty according to the consumer code);
  3. after termination of the contractual relationshipstarted with the data subject, the personal data will be processed to satisfy all legal obligations associated with its termination and, in any case, up until the end of the statutory time limit for the data subject to file a claim for compensation of damages pursuant to Art. 2946 of the Italian Civil Code (10 years from termination of the contract).  

The personal data is processed for purposes of cyber security (such as logging, storage, analysis of logs relating to electronic and digital events activated by the User through interaction with the functions of the Website and/or by sending e-mails to DAINESE), and storage will last for a time sufficient to allow completion of the appropriate security checks and to assess their outcome (18 months from the moment of collection), or, if anomalies are found, for the time necessary to resolve them using appropriate solutions. 

In the event of disputes or litigation with the data subject and/or third parties, the data will be processed for the time strictly necessary to protect the Controller’s rights (i.e., until the in-court or out-of-court settlement is reached or a final court order is passed to settle the dispute). 

In the case of processing for Marketing Purposes, the duration is:

  1. in the case of basic profiling, processing is based on a legitimate interest of DAINESE to use the results to plan, perform and check the efficacy of direct marketing campaigns based on that profiling, so it will continue up until any objection is made by the data subject; 

in the case of advanced profiling, which is based on the specific consent of the data subject, processing will take place for a period of three years or up until the date of early withdrawal of consent by the data subject, whichever comes first;  

- for direct marketing purposes, the duration of processing will vary according to whether it is based on the legitimate interest of DAINESE (so-called soft spam to customers) or on the data subject’s consent; in the first case, it will continue up until any objection of the data subject, and until consent previously given is withdrawn in the second.  

If DAINESE collects and records the logs deriving from actions through which the user of the DAINESE website declares their intention on whether or not to consent to processing for direct marketing and advanced profiling purposes (e.g., by clicking on on-line fields, flagging boxes, continuing to browse after viewing a banner cookie, and similar), storage will last for the time necessary to prove the content of the relative declaration of intention to the supervisory authorities. 

After the duration periods respectively described above have passed, DAINESE undertakes to proceed with definitive erasure of the personal data from its electronic archives. As an alternative, it reserves the right to render the data anonymous, in which case the personal data protection regulations will no longer apply to it.

Each time you interact with DAINESE, we will inform you of whether or not it is obligatory to provide the Personal Data to us. Providing DAINESE with Personal Data for the respective Business Purposes (in particular, your personal details, e-mail or ordinary mail address, your credit/debit card details, bank details and telephone number) is necessary in order to pursue those purposes.  

A refusal to provide DAINESE with the Personal Data needed for these purposes could therefore make it impossible to respond to the requests for information on our products and services before entering into a contract, to enter into and/or execute the contract of purchase of products and services on the Website or correctly to satisfy the related legal and regulatory obligations. 

 Indicating further Personal Data, other than the obligatory data, is optional and does not place any obligation on the User nor cause any disadvantage or consequence to them in relation to the purchase of products or services on the Website. 

Providing Personal Data for Marketing Purposes or the relative consent of the data subject, in the cases where this is required by law for processing to be lawful, is always optional and – other than what is indicated separately in our Cookie Policy concerning the use of cookies and other, similar identifiers, such as pixels or tags, by DAINESE – is normally connected to the process of registration of the User on the Website. Failure to provide the data, and to give consent to processing for Marketing Purposes, will have no prejudicial consequences on the purchasing process, which will therefore take place normally, but will prevent registration and therefore the possibility of using DAINESE services, such as newsletters, general or personalised sales offers and/or access to reserved promotional areas, in which the direct marketing activity takes form each time.

The Personal Data may be disclosed to third companies who perform specific services on behalf of DAINESE, as processors, or disclosed to other third parties who process the data independently, solely in order to allow the entry into and/or execution of the contract of purchase of products on the Website or solely when said purpose is not incompatible with the purchases for which the Personal Data has been collected and subsequently processed, and, in any case, in accordance with the law. 

In particular, DAINESE uses suppliers who guarantee after-sales services, as described in further detail in the Terms and Conditions of Sale of the Website, which can be consulted at the following link. In the shipping phase, DAINESE also uses the services of carriers and couriers (UPS, DHL, etc.) or logistics service providers, who will process the personal data of Users for the sole purpose of completing the service assigned to them. 

The data may also be disclosed to: 1) banks, electronic money institutions or other entities authorised to perform remote electronic payment services, through credit/debit cards or through functions available on mobile devices), 2) insurance firms (for transport insurance); 3) other companies, entities and/or natural persons who perform activities that are instrumental, supporting or functional to performance of the contracts or services you have requested (such as companies appointed to manage the Website, companies providing maintenance and assistance services for the Controller’s databases).  

The Personal Data is disclosed to accountants, lawyers and legal firms, auditing firms and/or auditors of accounts, who perform, in various capacities and according to the prior instructions of DAINESE, the activities necessary to guarantee compliance with laws on the sale of goods and services through the Website.   

The Personal Data could be disclosed to law enforcement agencies or the judicial authorities, in accordance with the law, both when this is formally requested by them, as part of anti-fraud services, or even in the absence of a specific request, to fulfil tax obligations (e.g., the Revenue Agency). For Marketing Purposes, DAINESE also discloses the Personal Data to third companies that are external processors, such as: marketing and advertising agencies, hosting service companies, website development and management companies, web marketing companies, electronic communication and ICT service providers; third-party business partners - even if they operate in production sectors not included in the e-shop, such as the automotive sector - with whom DAINESE performs co-marketing or event management initiatives.  

In the event of incidents involving product liability of DAINESE, the personal data might be disclosed to third parties appointed to manage the relative claim (such as law firms, but also technical consultancy firms and the insurance firms that have provided the insurance policy activated in relation to the claim). 

If the company or a business unit forming part of the Website is transferred to third parties, the Personal Data of the user will be automatically transferred to the purchaser. If a controlling stake in DAINESE is transferred to third parties, the Personal Data could be disclosed to the purchaser(s). 

The Personal Data will not be distributed, meaning it will not be provided to an uncontrolled number of third parties.

Our website could use the functions of social networks, such as the “like” button of Facebook, the “Tweet” button and other share widgets (“Social Network Functions”). Social Network Functions could allow you to publish information on the activities of the user on the DAINESE website on external platforms and social networks. Social Network Functions could also allow you to enter “likes” or indicate information that we have published on the DAINESE website or on the official DAINESE pages on social networks.  

Social Network Functions are hosted by each, respective social platform or directly on our website. To the extent that Social Network Functions are hosted on the same platforms and you click on them from our website, the platform could receive information that shows you have visited our websites.  

If you have accessed your social network account, it is possible that the respective social network could link your visit to our website with your social network profile. In relation solely to collection operations on our website and automatic transmission to the social network platforms of the personal data of users of our website, whether or not registered on the same social network platform, DAINESE acts as the joint controller, in accordance with Art. 26 of the GDPR. 

For its Facebook pages?https://www.facebook.com/dainese and Instagram https://www.instgram.com/dainese, DAINESE is the joint controller of the statistical data with Facebook Ireland Limited (“Facebook Ireland”). 

DAINESE might also share certain data (first name, surname, e-mail) with third-party social media platforms (such as Facebook, Google), who use it for the sole purpose of identifying other people similar to the user who could be interested in the services and/or products of DAINESE, in order to advertise them through social media platforms. Further information on the re-marketing policies of DAINESE (so-called behavioural advertising) is provided in our Cookie Policy). 

Your interactions with the Social Network Functions are governed both by this policy (solely for processing as joint controller) and by the  

functions (for each aspect of personal data processing not included in said joint controller system).

The Personal Data will be processed mainly in Italy, and also in foreign countries in which other Dainese group companies are located. The processing could be performed in third countries, within or outside the EU, to the extent that the data is transferred by DAINESE to suppliers with a data centre or offices in those countries (such as for purposes of technical management of this website and the database, technical functioning of the website, or management of the direct marketing and profiling activities associated with it, in various capacities).  

In particular, the Personal Data will be transferred abroad, to companies in the Dainese Group (a list of which is available on the Website), and also, if necessary to pursue Business or Marketing Purposes, to non-EU countries that guarantee adequate levels of protection, in accordance with what has been recognised in the decisions on this by the European Commission or, in the absence of said specific decisions, only after specific contracts have been entered into between DAINESE and said parties, relating to Marketing Purposes and containing adequate clauses on the protection of the Personal Data by the foreign party receiving the personal data, in accordance with applicable regulations on this and, in particular, at least with the relative standard texts approved by the European Commission (the so-called Standard Contractual Clauses, or “SCC”).  

The cloud providers used by DAINESE with headquarters or data centre outside the European Union are: 

  • SHOPIFY Inc., with headquarters at 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada, supplier of the e-commerce service for TCX-brand products and services. For the privacy policy of Salesforce Inc., see URL: https://www.salesforce.com/it/company/privacy/.
  • Shopify Inc. is a company registered with the competent US entity on the basis of the EU-USA convention called “Privacy Shield”. 
  • SALESFORCE Inc., with headquarters at The Landmark @ One Market Street, Suite 300, San Francisco, California 94105, U.S.A., supplier of the e-commerce service called SALESFORCE COMMERCE for DAINESE brand products and services. For the privacy policy of Salesforce Inc., see URL: https://it.shopify.com/legal/privacy.
  • Salesforce is a company registered with the competent US entity on the basis of the EU-USA convention called “Privacy Shield”. 
  • SugarCRM Inc., with headquarters at 10050 N Wolfe Road, SW2-130 Cupertino, 95014 CA – California (U.S.A.) supplier of the CRM (“customer relationship management”) service. For the privacy policy of SugarCRM Inc., see URL: https://www.sugarcrm.com/legal/privacy-policy
  • SugarCRM Inc. is a company registered with the competent US entity on the basis of the EU-USA convention called “Privacy Shield”. 
  • HubSpot Inc., with headquarters in Cambridge, Massachusetts, U.S.A., supplier of the CRM (“customer relationship management”) service, DEM (sending of promotional e-mails and newsletters), lead acquisition / web form, landing page. For the privacy and cookie policies of HubSpot Inc., see URL: https://legal.hubspot.com/product-privacy-policy e https://knowledge.hubspot.com/articles/kcs_article/account/hubspot-cookie-security-and-privacy. HubSpot Inc. is a company registered with the competent US entity on the basis of the EU-USA convention called “Privacy Shield”; 
  • Aircall SAS, with headquarters in at 11-15, rue Saint Georges, 75009 Paris, as the supplier of the VOIP telephone service used by the assistance services. Aircall transfers data to the U.S.A. For the privacy policy, see URL https://aircall.io/privacy/
  • YotPO, with headquarters at 400 Lafayette St, New York, NY, U.S.A., as the supplier of the reviews acquisition service. For the privacy policy, see URL https://www.yotpo.com/yotpo-privacy-guide/  

  • OneTrust, with headquarters (Co-Headquarters) at Dixon House, 1 Lloyd’s Avenue, London, EC3N 3DQ, United Kingdom, as the supplier of the reviews acquisition service. For the privacy policy, see URL https://www.onetrust.com/privacy/   

  • Facelift, with headquarters at Gerhofstr. 19, 20354 Hamburg, as the supplier of the service used to optimise social media management. Facelift transfers data to the U.S.A. For the privacy policy, see URL https://facelift-bbt.com/en/data-privacy-policy   

  • Microsoft Corporation, with headquarters at 1 Microsoft Way, Redmond, WA – Washington 98052, U.S.A., as the supplier of the cloud-based individual productivity application “Microsoft 365” and/or Microsoft TEAMS video conferencing, which are used in management of the pre-contractual and contractual relationship with the data subject. 

In particular, as indicated in Appendix 1 to the Terms and Conditions for Use of Online Services, with reference to the 365 Service, Microsoft undertakes to archive the inactive data processed by DAINESE as follows: “in the event that the Company performs provisioning of its tenant (…) in the European Union, Microsoft will archive the following inactive Data of the Company only within that Geographical Area: (1) the content of the Exchange Online mailbox (body of the e-mail, calendar items and content of the e-mail attachments), (2) the content of the SharePoint Online website and the files archived on that website, and (3) the files uploaded onto OneDrive for Business.” For this data, therefore, there is no transfer to the USA or, if there is, it is only occasional. See the Microsoft policy at URL: https://docs.microsoft.com/it-it/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide, and the Microsoft privacy policy at URL: https://privacy.microsoft.com/it-it/privacystatement

However, it is possible that other inactive data processed by DAINESE, particularly data different to the above, will be transferred from the EU to the USA for the service in question, and that the transfer will not be occasional. 

It cannot be excluded with absolute certainty a priori that, in certain exceptional situations, the US public authority, based on current regulations in the USA (such as Art. 702 of the FISA and Executive Order EO 12333), will access the personal data as transferred above by DAINESE to the USA, for national security purposes. Nonetheless, based on specific analysis of this issue by DAINESE, in accordance with the “Schrems II” judgement passed on 17 July 2020 by the CJEU and the relative Guidelines of the EDPB – European Data Protection Board, the actual possibility that there is an effective interest of said public authorities in access and further processing (of which the supplier, by law, could not notify DAINESE and/or the data subject) appears to be remote, considering: i) the specific core business of DAINESE ii) the limited types of personal data it processes, and iii) the limited categories of data subjects to which the data relates.  

The Company therefore believes that the aforementioned SCC guarantee protection of the rights of data subjects that is substantially equivalent to the protection provided by the GDPR. DAINESE will inform the data subjects if any additional measures are adopted. 

Furthermore, DAINESE performs constant monitoring to identify its suppliers with offices or data centres in the USA and to check that transfer of data there is based on the appropriate legal basis provided by the GDPR. 

When the data is transferred outside the EU for reasons other than Marketing Purposes, the legal basis for transfer also comprises the legitimate interest of DAINESE in executing the contract with the data subject or a contract it has entered into with third parties in favour of the data subject, or in satisfying the related legal obligations.

This website and the Controller's services are not intended for minors under 16 years of age and the Controller does not intentionally collect personal information on minors. If information on minors is unintentionally registered, the Controller will erase it promptly, on users' request.

The data subject will have the right to: 

obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, to access to the personal data; 

  • obtain clear and concise information on the following aspects: a) the purposes of processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data is not collected from the data subject, any available information as to its source; h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.  

  • where personal data is transferred to a third country or to an international organisation, the data subject has the right to be informed of the existence of appropriate safeguards relating to the transfer;

  • request, and obtain from the controller without undue delay, the rectification of inaccurate personal data; taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement; 

  • request erasure of the data if a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; b) the data subject withdraws the consent on which the processing is based and where there is no other legal ground for the processing; c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or objects to processing for direct marketing purposes (including the profiling functional to said direct marketing); d) the personal data has been unlawfully processed; e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; f) the personal data has been collected in relation to the offer of information society services. Erasure from the DAINESE database

  • request restriction of processing relating to the data subject where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; c) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing for direct marketing purposes, pending the verification on whether the legitimate grounds of the controller override those of the data subject; 

  • obtain from the controller, on request, communication of the recipients to whom the personal data has been disclosed;

  • withdraw consent to processing of their personal data at any time, where previously given for one or more specific purposes, without affecting the lawfulness of processing based on consent before its withdrawal. 

In particular, in order to withdraw consent previously given to DAINESE, the data subject can send a specific request using one of the following methods: i) by following the erasure instructions indicated at the bottom of each e-mail, or ii) by sending an e-mail containing the request to privacy@dainese.com. 

  • receive the personal data relating to the data subject in a structured, commonly used and machine-readable format and, if technically feasible, the right to transmit that data to another controller without hindrance from the controller, when the following conditions (cumulative) are met: a) the processing is based on consent of the data subject for one or more specific purposes, or on a contract to which the data subject is a party and for the execution of which processing is necessary; and b) processing is performed with automated means (software) (overall, the so-called “portability”). The right to data portability does not affect the right to erasure as envisaged above; 

  • the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. There is currently no automated decision-making process on our websites or in our services. 

  • the data subject also has the right to lodge a complaint with the competent supervisory authority according to the GDPR (the one in his/her place of residence or domicile). 

 

How to exercise the rights 

You can exercise the above rights, and also obtain a list of the processors and independent controllers to whom the data has been disclosed by DAINESE, or receive further information on how DAINESE processes the Personal Data, by sending an e-mail to?privacy@dainese.com?or by writing to the postal address of DAINESE S.p.A., Via Louvigny no. 35 – 36064 – Colceresa (VI) - Italy. 

We try to reply to all legitimate requests within one month, unless otherwise required by law, and we will contact you if we need any further information in order to satisfy your request or check your identity. This could take more than a month in certain cases, considering the complexity and the number of requests we receive. 

Certain registered users can update their settings and user profile, organisation settings and registration for events, by accessing their account and changing the settings or profiles.

The Controller of Users’ personal data is DAINESE S.p.A., with headquarters at Via Louvigny no. 35 – 36064 – Colceresa (VI) - Italy, tax code and VAT number 03924090248.  

In order to monitor compliance with the GDPR and laws on processing by Dainese of the personal data of the data subject, Dainese has appointed an independent third party as the Data Protection Officer: this is?Mr. Luca De Muri, who is domiciled for this office at the head office and can be reached at the e-mail privacy@dainese.com.

DAINESE may change or update the Privacy Policy at any time, in full or in part, also in consideration of any changes in the laws or regulations that protect your rights. The most recent version of the Privacy Policy is indicated at the end of this document and this is the one that is applied to processing of Personal Data from the date indicated. The changes and updates to the Privacy Policy of the Website will come into effect as soon as they are published on the Website, in this section. Users will receive an e-mail informing them of any change to this Privacy Policy. You are kindly asked, in any case, to access this section regularly to check whether a more recent and up-to-date version of the Privacy Policy of the Website has been published.