DATA PROTECTION NOTICE
WELCOME TO OUR WEBSITE!
1. Identity and contact details of the Controller, of the Controller’s data processors
2. General provisions
1. What is personal data?
2. Which data do we collect from you, and how or for what purposes do we process your data?
3. Handling personal data for websites for purely informational use
2. Google Services
1. Google Analytics and Universal Analytics
2. Google Ads (formerly Google Adwords)
3. Google Remarketing
4. Google Campaign Manager (formerly Google DoubleClick)
5. Google reCAPTCHA
6. Google Maps
7. Google Fonts
8. Google Tag Manager
3. YouTube videos
4. Facebook Pixel
5. Microsoft Advertising
6. AB Tasty
4. Operation of social media accounts
5. Handling personal data during proactive use by the user
1. Making contact
3. Purchase via online store
4. Comments and input
5. Processing of personal data based on our legitimate interests
7. Facebook/Instagram lead ads
8. Prize games and contests
6. Transmission of your personal data to third parties
7. Transmission of your personal data to third parties outside of the EU/EEA
8. Data security
9. Storage period
10. Your rights
1. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER, of the Controller’s DATA PROCESSORS
The Controller is Mares S.p.A., with registered office in Salita Bonsen 4, 16035, Rapallo (GE), Italy, Tax code and Genoa Chamber of Commerce Registration number 03112680107, VAT number 00204770994.
Tel.: +39 0185 201316
A list of the Controller’s data processors appointed by Mares, if any, can be obtained by sending a request to the contact details above.
2. GENERAL PROVISIONS
The EU General Data Protection Regulation (“GDPR”) and the corresponding national data protection laws protect the fundamental rights and freedoms of individuals and their rights to the protection of personal data.
2.1. WHAT IS PERSONAL DATA?
Personal data is information about data subjects, whose identity is determined or at least can be determined. Personal data includes, for example, names, addresses, telephone numbers, e-mail addresses, user IDs, credit card numbers, social media account IDs, user names, IP addresses etc.
2.2. WHICH DATA DO WE COLLECT FROM YOU, AND HOW OR FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
We collect user data (for example, information provided during registration, ordering, subscribing to newsletters or when contacting us) and technical data (log files; for example, IP addresses, dates, times) from you, provided that this is either required or permitted by law or required as part of contract performance or to preserve our legitimate interests, or you have provided your consent for this purpose. For further details please see sections below.
3. HANDLING PERSONAL DATA FOR WEBSITES FOR PURELY INFORMATIONAL USE
If you use our website purely for informational purposes, in other words if you do not register and if you do not transfer information to us otherwise, we only collect those personal data that are transferred by your browser to our server. If you would like to view our website, we collect the following data that are technically necessary for us in order to show you our website and guarantee stability and security:
- IP address
- date and time of the request
- time zone difference from Greenwich Mean Time (GMT)
- content of request (actual web page)
- access status/HTTP status code
- respectively transferred data amount
- website from which the request is received
- operating system and its interface
- language and version of the browser software
If you have questions or comments on this topic, please contact us using the contact information provided in section 1.
The legal basis for this processing is Art. 6 Para 1 (f) GDPR.
3.2. GOOGLE SERVICES
All services mentioned under sections 3.2 are provided by Google Ireland Gordon House, Barrow Street, Dublin 4, Irland and/or Google Inc. 1600 Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
You can prevent participation in various Google services in several ways: a) by adjusting your browser software accordingly, in particular, the suppression of third-party cookies results in you not receiving any third-party ads; b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domainhttps://support.google.com/ads although this setting will be deleted if you delete your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the ”About Ads” self-regulation campaign via the link https://www.aboutads.info/choices, although this setting will be deleted if you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly. We point out that, in this case, you may not be able to use all features of this offer in full.
For detailed information on how Google secures and handles your personal data please see https://policies.google.com/privacy?hl=it.
Please also visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org/ to find out more about responsible data collection and its use for digital advertising.
3.2.1 GOOGLE ANALYTICS AND UNIVERSAL ANALYTICS
This website uses Google Analytics, a web analytics service that uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics with the extension “_anonymizeIp ()”. We have activated IP anonymization on this website by using the extension “_anonymizeIp ()”, so your IP address will be shortened beforehand by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area. As a result of this IP anonymization, reference to particular individuals can be excluded. Therefore, as far as the data collected about you contains a personal reference, it is immediately excluded and the personal data deleted immediately. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to us Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.
You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all the functions of this website in full. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available at the following link and installing it: http://tools.google.com/dlpage/gaoptout. If you want to deactivate the tracking via Google Analytics for your mobile devices please follow the following link to activate the respective opt-out cookie.
We use Google Analytics to analyze and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user.
The legal basis for the use of Google Analytics is Art. 6 Para. 1 (f) GDPR.
Google Analytics Terms of Service: https://marketingplatform.google.com/about/analytics/terms/gb/, Overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en
This website also uses Google Analytics for a cross-device analysis of visitor traffic conducted via a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.
Universal Analytics enables cross-device tracking of users and leads to more refined information for those responsible (generally https://support.google.com/analytics/answer/2790010). The opinion of the supervisory authorities is not yet available. In any case, the data subject must be informed about the extended use and be shown the possibility to opt-out.
The legal basis for this processing is Art. 6 Para. 1 (a) or (f) GDPR.
3.2.2. GOOGLE ADS (FORMERLY GOOGLE ADWORDS)
We use the offer of Google Ads, in order to draw attention to our attractive offers with the help of advertising (so-called Google Ads) on external web pages. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
These advertising materials are supplied by Google via so-called “ad servers”. To do this, we use ad server cookies, from which certain performance metrics such as ads or user clicks can be measured. If you access our website through a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days and should not serve to personally identify you. As a rule, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be addressed) are usually stored as analysis values for this cookie.
These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may discover that the user clicked on the advertisement and was redirected to that page. Each Ads customer is assigned a different cookie. Thus cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Ads Conversion, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.
3.2.3 GOOGLE REMARKETING
In addition to Ads Conversion, we use the Google remarketing application, which enables you to see our ads after visiting our website as you continue to use the internet. This is done by means of cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. This is how Google determines your previous visit to our website. Consolidation of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur by Google according to its own statements. In particular, according to Google, pseudonymization is used in remarketing.
With the use of remarketing, information about your browsing behavior is collected for marketing purposes in anonymous form and stored on your computer using cookies (targeting / retargeting). Based on an algorithm, we can then show you targeted product recommendations as personalized banner ads on other websites (so-called publishers). If you do not want this to occur, you can disable it via the Ads Preferences Manager (https://support.google.com/ads/?HL=EN#topic=7049263).
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.
3.2.4 GOOGLE CAMPAIGN MANAGER (FORMERLY GOOGLE DOUBLECLICK)
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server when you visit our website. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Campaign Manager, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.
Furthermore Campaign Manager cookies (DoubleClick Floodlight) help us to understand whether you complete certain actions on our website after viewing any of our display/video ads on Google or other platforms through Campaign Manager or clicking through one of these ads (conversion tracking). Campaign Manager applies this cookie to understand the content with which you have interacted on our website to be able to send you targeted advertising later on.
If you want to prevent Google from collecting the data generated by the cookies please download and install the browser plugin available under “Display settings”, “Extension for Campaign Manager deactivation” at https://support.google.com/adsense/answer/142293?hl=it.
Further information on Campaign Manager is available at https://marketingplatform.google.com/about/enterprise/
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.
3.2.5 GOOGLE RECAPTCHA
This website uses Google reCAPTCHA to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program (“bots”).
reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website.
This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.
3.2.6 GOOGLE MAPS
This website uses Google Maps to display our location and to provide directions (e.g. via our store finder and event calendars). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. All user settings and data are processed to display a location and describe a certain route.
By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.
3.2.7. GOOGLE FONTS
This website uses Google Fonts to display external fonts. For this purpose, your browser loads the required web fonts into your browser cache to display texts and fonts correctly, which requires your browser to establish a direct connection to Google Servers. Google can identify the website from which your request has been sent and to which IP address the fonts are being transmitted for display.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.
3.2.8. GOOGLE TAG MANAGER
This website uses the Google Tag Manager that allows website tags to be managed using an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, it remains valid for all tracking tags implemented with Google Tag Manager.
The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.
3.3. YOUTUBE VIDEOS
We have also incorporated YouTube videos into our websites. The videos are stored at www.youtube.com and can be played directly from our websites. These videos are incorporated in such a way that no personal data related to you as the user is sent to YouTube if you do not play the videos.
If you do play the videos, YouTube cookies will be stored on your computer and data will be sent to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the YouTube operator. When playing videos stored with YouTube, the following personal data is sent to Google, Inc.: the IP address and cookie ID, the specific address of the page visited on our websites, language setting of the browser, system date and time of access and your browser’s identifier. The data is transmitted regardless of whether you are registered with or logged in to Google. If you are logged in, this data will be attributed directly to your account.
If you do not want this attribution to your profile, you must log out before activating the button. YouTube or Google, Inc., stores this data as use profiles and uses this data for the purposes of advertising, market research and/or designing its websites based on demand. Such use is meant in particular (not only for logged-in users) to provide advertising based on demand and to inform other users of your activities on our website. You have a right to oppose the creation of these user profiles, and to exercise this right, you must address yourself to Google Inc. as the operator of YouTube. Additional information on the purpose and scope of data collection and processing by Google, Inc., can be found at www.google.at/intl/policies/privacy/. We do not process the personal data collected when the YouTube video is accessed.
3.4. FACEBOOK PIXEL
For conversion measurement, our website uses the pixel visitor promotion of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook“).
Because we use the “Custom Audiences” remarketing feature, which you can disable at any time as described below, your behaviour can be tracked after you have been redirected to our website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures optimized.
The data collected is anonymous to us as operators of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable advertising to be displayed on Facebook sites and outside of Facebook. This use of the data cannot be influenced by us as a site operator.
See the data protection notice of Facebook for more information on how to protect your privacy: https://www.facebook.com/about/privacy/.
You can also disable the “Custom Audiences” remarketing feature in advertisement settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen#_. For this you have to be logged in to Facebook.
If you do not have a Facebook account, you can opt out of Facebook Commercial Advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/uk/your-ad-choices.
The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.
3.5 MICROSOFT ADVERTISING
On our website, we use Microsoft Advertising by Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft“).
Data processing serves marketing and promotional purposes as well as the purpose of measuring the success of advertising measures (Conversion Tracking). We find out the total number of users who clicked on one of our ads and were forwarded to a website provided with a conversion tracking tag. A personal identification of those users is not possible in this way, however. Microsoft Advertising uses technologies such as cookies and tracking pixels with which your use of the website can be analysed. When you click on an ad placed by Microsoft Advertising, a cookie for the conversion tracking will be saved on your computer. This cookie has limited validity and does not serve the purpose of personal identification. If you visit specific pages on our website and the cookie has not yet expired, we and Microsoft can see that you clicked on the ad and were forwarded to this page. The following information may be collected: IP address, identifiers (tags) allocated by Microsoft, information about your browser and your device, referrer URL (website from which you visited our website), URL of our website.
Furthermore, we use the so-called “Remarketing function” which enables Microsoft to track your consumption behaviour and therefore show you personalised advertising on Microsoft websites or in Microsoft apps.
If you do not want your information about your consumption behaviour to be used by Microsoft as described above, you can decline the placing of required cookies. The automatic placing of cookies can be deactivated via your browser settings. Furthermore, you can prevent the collection and processing of data generated by the cookie as well as data related to the use of the website by entering an objection using the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB
Further information on data protection and the cookies used by Microsoft can be found on Microsoft's website at: https://privacy.microsoft.com/en-us/privacystatement.
The legal basis for data processing is Art. 6 Para. 1 (a) GDPR.
3.6 AB TASTY
Opt Out: If you do not wish to participate in these tests, you can deactivate this function on the AB Tasty website (at https://www.abtasty.com/terms-of-use/) by following the instructions given there. If you delete your browser cookies, you will need to opt out again via this link. We would like to point out that with an opt-out, some functions of the website will not be available or will only be available to a limited extent.
The legal basis for this processing is Art. 6 Para. 1 (a) GDPR.
4. OPERATION OF SOCIAL MEDIA ACCOUNTS
We are operating several accounts on social media networks or platforms in order to communicate with our customers, interested parties and other users and to inform them about our brands, products and services.
We would like to point out that user data may be processed outside the European Union by the Social Media companies when visiting their websites which can result in risks for users (e.g. it could be difficult to enforce data subject rights of users).
Please note that your data is usually processed for market research and advertising purposes by the Social Media platforms when visiting their websites. For example, user profiles can be created on the basis of user behaviour and the documented interests of users. The user profiles can then be used to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are registered users of the respective platforms and are logged in).
The processing of your personal data when visiting our Social Media channels is carried out on the basis of our and the Social Media platform’s legitimate interests (effective information of and communication with customers, prospects and users) pursuant to Art. 6 Para.1 (f) GDPR. If you are requested by the respective providers of the Social Media platforms to consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para. 1 (a) GDPR.
With regard to the exercise of your data subject rights under the GDPR we point out that these can be asserted most effectively with the Social Media providers. Only the Social Media providers have access to your personal data and can directly take appropriate measures and provide information to you. Should you nevertheless need help, please let us know by contacting us at the contact details provided in section 1.
5. HANDLING PERSONAL DATA DURING PROACTIVE USE BY THE USER
In addition to the purely informational use of our website we offer you several services on our website that you may use if you are interested and which we have described in the following sections. For this purpose, as a rule you must provide further personal data that we will use to provide the respective service. You will receive more detailed information on this when you provide your personal data or in the service description below.
5.1. MAKING CONTACT
When the user actively makes contact with us (for example, via e-mail or via our contact form as part of a promotion), the data and information of the user will be stored for the purpose of processing the inquiry and in the event that follow-up questions arise, and forwarded to the responsible person (for example, the IT department, the legal department, logistics etc.).
We process your personal data according to Art. 6 Para. 1 (a) GDPR and because of our legitimate interest according to Art. 6 Para. 1 (f) GDPR.
You have the chance to send your documents either by e-mail or by ordinary mail. Based on the consent you provide, we process the following data:
If you apply by e-mail or ordinary mail, please send us a cover letter, your CV and any certificates that are relevant for the position advertised.
All the data provided by you, such as any personal data that is sent by e-mail or ordinary mail, uploaded in files or otherwise collected as part of the application process (“Information”) will be collected, stored and processed exclusively for the purpose of dealing with your application. Only the employees of the human resources department of the company with which you have applied for a job, the employees of the relevant department for which you apply, as well as the employees of the international human resources department of Mares, will have access to your Information. All people who are involved in the processing of your Information are obligated to maintain data secrecy.
If your application is successful, all Information relating to the employment relationship with you will be processed further; you will then receive more detailed information on this in our employee information leaflet on data protection. If your application is not successful, all your Information will be stored for the time strictly necessary to enable us to answer any questions connected with your application and/or rejection, and will subsequently be erased; any applications sent by ordinary mail will either be returned to you by post or destroyed.
We process your personal data according to Art. 6 Para 1 (b) GDPR and because of our legitimate interest according to Art. 6 Para 1 (f) GDPR.
5.3. PURCHASE VIA ONLINE STORE
If you make a purchase via this website, we collect, store and process personal data (your name, billing and delivery address, e-mail address, telephone number and the serial number assigned to the ordered items and information on the goods that you purchased) for the purposes of contract performance and the fulfilment of any post-contractual obligations (such as a warranty) or even for manufacturing purposes in the case of Mares custom-made orders. For this purpose, we forward your name and your delivery address to transport or courier services for the delivery of the goods that you purchased, and we also forward the payment and transaction data to credit or financial institutions for the handling of payment. It is necessary to provide personal data for the conclusion and fulfilment of the contract.
If you set up an account on our website (for details please see our Terms and Conditions), we collect the personal data described above together with your user name and password for the purpose of managing your online account.
We can also process the data provided by you to inform you about further interesting products from our portfolio (in case a specific consent is provided by you, or to send you e-mails connected with your orders or with technical information.
If you register through an existing account (such as Facebook, Google or WeChat), you agree that we will access the data that you store in this account (such as your name, e-mail address, address) and that they will be processed for the purposes described in this section 5.3. For this purpose, during registration, you must once again explicitly consent to data transmission from the respective existing account.
We process your personal data for the performance of the contract according to Art. 6 Para 1 (b) GDPR and because of our legitimate interest according to Art. 6 Para 1 (f) GDPR
5.4. COMMENTS AND INPUT
Users have the option to leave ratings on selected products on our online store by providing their nickname, the summary of the review and the product rating. In this case, we will store your nickname (which can be personal data under certain circumstances), your input and your IP address. In addition, you hereby grant us the non-exclusive, unremunerated, temporally unrestricted right, which may be revoked at any time, to use your nickname and to publish your rating on our product pages worldwide, but only as long as [sic: until] you delete the content or request that your rating be deleted. Content may be deleted at any time by notifying us at the contact information specified below.
5.5. PROCESSING OF PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS
To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an email to the provided email address, in which we ask you to confirm that you wish to receive the newsletter.
Please note that all newsletter subscribers have to be at least 16 years old. Based on your freely granted consent to receive the newsletter and after confirmation of the double opt-in e-mail, your first and last name, your e-mail address, your IP address, your shipping address and optionally your date of birth, your gender, the desired country the desired language and the fields that are of particular interest to you will be processed by us for the purposes of sending (i) personalised marketing and product information related to goods and services from the HEAD Group’s sport product range, (ii) personalised promotional information and news matching your interest categories and based on your website use (for example, frequent viewing of products within your selected interest categories and geolocalisation), (iii) satisfaction surveys regarding services, products and advice of the HEAD Group and demand analyses, (iv) contests, coupons, discount campaigns and prize games, (v) electronic greeting cards via e-mail.
You have the choice to register for newsletters from other companies of HEAD Group as mentioned in the respective checkboxes of the newsletter registration form under the above-mentioned terms. If you subscribe for a newsletter from another company, we will pass on your personal data to that company.
Personalised promotional material and news is sent based on your IP address and your usage behaviour on the website. Based on your IP address and with the aid of our “Browser Region Managers”, we can locate the region where you are located when you are using the website and send you regional offers to the extent to which you have consented. We do not determine your exact location while doing this. In the process, we also analyse the frequency of clicks solely for your selected areas of interest “scuba diving, technical diving, snorkelling, freediving, spearfishing” and, for example, in the case of frequent use of the “Freediving” section, send you information from this area of interest via e-mail based on the declaration of consent described above. For this reason, we use the cookie with the designation “VIEWED_PRODUCT_IDS”. The analysis is carried out based on the following assessment methods and sequence of preferences: The data regarding your usage behaviour on the website is compared anonymously with the empirical values for similar data sets in our database. Based on this, we calculate the probabilities of potential future contacts and purchases with us. We can therefore also make corresponding offers and send information that, based on our experience, was of interest to customers with similar behaviour. In the process, we can also create anonymised and pseudonymised user profiles.
We also store your IP address and the date of registration upon subscribing to the newsletter. This is only saved to serve as proof in the event that a third party misuses an e-mail address and subscribes to receive the newsletter without the knowledge of the rightful owner. Personal data collected when subscribing to the newsletter is not forwarded to third parties for marketing purposes.
You may revoke your consent to receive newsletters at any time with effect for the future without specifying the reasons (for example, via an unsubscribe link at the end of every newsletter).
If you forward our newsletter to third parties, you must comply with legal provisions and obtain the consent of the recipient in advance. If a third party lodges claims against us due to the forwarding of a newsletter by you, you shall indemnify and hold us harmless against all claims associated therewith, including penalties and costs of legal defence.
The legal basis for sending out newsletters is your freely granted consent according to Art. 6 Para. 1 (a) GDPR
5.7. FACEBOOK/INSTAGRAM LEAD ADS
We use Facebook lead ads/Instagram lead ads on our Facebook and Instagram websites, including for example:
Based on your freely granted consent to receive the newsletter and after confirmation of the double opt-in e-mail by clicking on the button contained there,your first and last name, your e-mail address, your IP address, your shipping address and optionally your date of birth, your gender, the desired country the desired language and the fields that are of particular interest to you will be processed by us for the purposes of sending (i) personalised marketing and product information related to goods and services from the HEAD Group’s sport product range, (ii) personalised promotional information and news matching your interest categories and based on your website use (for example, frequent viewing of products within your selected interest categories and geolocalisation), (iii) satisfaction surveys regarding services, products and advice and demand analyses, (iv) contests, coupons, discount campaigns and prize games, (v) electronic greeting cards via e-mail.
Subscription via the form is only effective if you activate the subscription by “clicking” on the confirmation link in the confirmation e-mail that you receive. At the time of subscription, only your personal data recorded with Facebook/Instagram or entered voluntarily by you, such as your e-mail address and name in all cases, are required in the form. We use the personal data provided exclusively to send to you via e-mail our newsletter as described above, provided that you have explicitly provided consent. You may revoke your consent to receive the newsletter at any time with effect for the future without specifying the reasons. For details on how we generally handle your personal data when you sign up for our newsletter please see section 5.6.
5.8. PRIZE GAMES AND CONTESTS
In connection with the prize games, contests or promotional activities that we offer, we will use your personal data solely for holding the prize game, contest or promotional activity (for example, to contact winners, to send the prize), unless you have granted us your explicit consent for use in other ways.
6. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES
We also transmit your personal data to the necessary extent to external performance agents or service providers (including our other companies of the HEAD Group):
- to IT service providers and/or providers of data hosting or data processing or similar services;
- to other service providers, providers of tools and software solutions who also support us in providing our services and work on our behalf (incl. providers of marketing tools, marketing agencies, communication service providers and call centres and providers of after sale services);
- to other Group companies of the HEAD Group (a list of our Group companies to which personal data is transmitted can be found here for contract performance, based on an existing legitimate interest and fulfilment of legal obligations;
- to any third parties who are involved in fulfilling our obligations to you (for example, parcel service providers for the shipment of your online store order to you, payment service providers for payment processing in the online store, banks for payment processing, providers of mailing and postal services);
- to other external third parties to the necessary extent (for example, auditors, insurance companies if an insured event occurs, legal representatives, legal consultants, tax consultants and other consultants, should the situation arise etc.);
- to officials and other public offices to the extent required by law (for example, tax authorities etc.).
The above-mentioned third parties may operate completely independently as distinct data controllers or as controller's data processors appointed by Mares (the list of the controller's data processors, if any, is available at the Mares’ registered office and can be requested by contacting Mares at the contact details under section 1).
Your personal data may also be known (in whole or in part, in relation to their respective operational areas), in their capacity of authorised persons under Art. 29 GDPR, by, inter alia, Mares’ employees and collaborators.
7. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES OUTSIDE OF THE EU/EEA
8. DATA SECURITY
We take appropriate technical and organisational security measures to protect your personal data from unintentional or unauthorised deletion or modification, and from loss, theft and unauthorised viewing, forwarding, reproduction, use, alteration or access. We and our employees are also bound to data secrecy and confidentiality. Likewise, performance agents and authorised agents of the HEAD Group who must have access to your personal data to fulfil their professional duties will receive access and will be subject to the same obligations to observe data secrecy and confidentiality.
9. STORAGE PERIOD
We will save the personal data processed via our website as long as they are required for the fulfilment of our contractual obligations. If processing depends upon your consent, we will store this data as long as you do not withdraw your consent. We will also store your data only as long as we are obligated by law to store them and as long as claims can be asserted against us. For further details please see the above sections.
10. YOUR RIGHTS
You have the right to receive information in a clear, transparent and intelligible manner regarding how we process personal data and regarding your rights as a data subject (Art. 13 et seqq. GDPR):
- You therefore have the right to information and to receive a copy of the personal data about you that is processed (Art. 15 GDPR);
- If the personal data is incorrect or no longer current, you have the right to rectification (Art. 16 GDPR);
- You also have the right to erasure of your data (“right to be forgotten”) (Art. 17 GDPR)
- You also have the right to unsubscribe from marketing campaigns and to opt out in this regard at any time (Art. 21 Para. 2 GDPR);
- You may also revoke your consent to the processing of personal data at any time with effect for the future if processing is based on your consent (Art 7 GDPR)
- You also have the right to data portability (Art. 20 GDPR) in a commonly used and machine-readable format. This applies exclusively to
data that you have provided, with which processing is based on a contract or consent and with which processing takes place automatically;
- Finally, you have the right to request that the processing of data by us be restricted (Art. 18 GDPR), so that we may only continue to store them and no longer use or process them. However, this applies only in the following situations:
- (i) The accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data;
- (ii) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- (iii) We no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;
- (iv) You have objected to processing based on our legitimate interests and the verification of whether legitimate grounds on our side override those on your side is not yet certain.
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).
- You also have the right to lodge a complaint with the competent data protection authorities if you are of the opinion that the processing of the personal data about you violates the applicable data protection laws (Art. 77 GDPR).
Before you lodge a complaint with the data protection authorities, or if you have questions, you may also contact us:
S.p.A Salita Bonsen 4, 16035, Rapallo (GE), Italy
Via e-mail at firstname.lastname@example.org
So that we can process your inquiry regarding your rights specified above and ensure that personal data is not given to unauthorised third parties, please address the inquiry with a short description regarding the scope of the exercise of your data subject rights listed above.
Version date: April 2021