PRIVACY POLICY

This Privacy Policy informs Users about how the Site collects, uses, stores, shares and otherwise processes their Personal Data. All such processing activities are carried out in compliance with the EU General Data Protection Regulation (‘GDPR’) and any other applicable law.

Under the GDPR, ‘Personal Data’ means any information that relates to an identified or identifiable living individual that is processed through the Site or in relation to the Site activities.

Data Controller

The data controller – meaning the entity that determines the purposes and means of the processing of Personal Data - is DIAMANT SRL, a company with registered office in Viale del Lavoro 8 - 37060 Zona Bonferrato Industriale (VR), Italy, e-mail: privacy@diamantdmt.com (the ‘Data Controller’).

The Data Controller has appointed a Data Protection Officer (DPO) to ensure that the organisation complies with the GDPR. Users may contact the DPO with enquiries, feedback, suggestions, or complaints via e-mail at: dpo@diamntdmt.com.

Types of Personal Data

Personal Data of Users processed by the Site include first name, last name, e-mail, address, telephone number, tax code (when required), IP address of the device used, and other Personal Data, strictly processed in relation to the purposes described below and the business activities carried out by the Data Controller.

More details on the Personal Data processed are included in this Privacy Policy and/or in the consent forms shared with Users before processing Personal Data.

Personal Data is shared directly by Users, or in the case of browsing data, automatically collected by the Site when Users browse through it.

For operation and maintenance purposes, the Site and/or any third-party service providers, acting on behalf of the Data Controller, may keep system logs, meaning files that record interactions with the Site and that may contain Personal Data (e.g., the User’s IP address, etc.).

Data Processing

The processing of Personal Data is carried out through electronic systems (also including cloud services, Internet, computers, and mobile devices, etc.) and automated procedures, using structured, commonly used, and readable formats.

The Data Controller ensures that only Personal Data strictly necessary for the legitimate execution of the relevant processes is collected, in compliance with the GDPR principle of ‘data minimisation’.

The electronic archives in which Personal Data is stored are protected by appropriate and effective security measures designed to mitigate the risks of breaches. The Data Controller also provides for regular and continuous verification of the measures adopted - particularly those relating to electronic and online systems - to ensure the confidentiality of the Personal Data processed through such systems, especially where such Personal Data belongs to special categories.

Purposes of Processing and Legal Basis

Personal Data is collected and processed to enable the Data Controller to provide its services. In particular:

Browsing data is used to provide services and facilitate access to, and navigation through, the Site. Such processing is necessary for the performance of a contract to which the User is party (art. 1, p. 1, lett. b) of the GDPR).
Transactional data is processed to perform contractual obligations or to provide pre-sale or post-sale assistance. Such processing is necessary for the performance of a contract to which the User is party (art. 1, p. 1, lett. b) of the GDPR).
User data (e.g., e-mail address, etc.) shared by Users is processed for marketing e-mailing purposes. In this case, the User has given consent to the processing of their Personal Data for one or more specific purposes (art. 1, p. 1, lett. a) of the GDPR).
The e-mail address provided by Users while purchasing on the Site may be processed to send direct email marketing communications to Users regarding similar products. This activity, informally referred to as "soft spam," does not require consent for processing as it performed in the legitimate interest of the Data Controller and of the User, and in a manner that does not override the User’s data protection rights. Users are always free to opt out from such direct email marketing communications. In this case, processing is necessary for the purposes of the legitimate interest pursued by the Data Controller (art. 1, p. 1, lett. f) of the GDPR).
User data (e.g., email address, etc.) is also processed to engage Users in events, opinion polls, contests, etc. In this case, the User has given consent to the processing of their Personal Data for one or more specific purposes (art. 1, p. 1, lett. a) of the GDPR).
User and behavioural data may be processed to carry out profiling activities that better personalise the shopping experience of Users. In this case, the User has given consent to the processing of their Personal Data for one or more specific purposes (art. 1, p. 1, lett. a) of the GDPR).
Visual User data and other User data may be processed for publication on the Site or social media. In this case, the User has given consent to the processing of their Personal Data for one or more specific purposes (art. 1, p. 1, lett. a) of the GDPR).

Personal Data may be used by the Data Controller in legal proceedings involving Users, especially with respect to possible violations of the Terms of Sale and Terms of Use of the Site. Users should be aware that the Data Controller may be required to disclose their Personal Data by order of public authorities.

Processing of Audiovisual Data (shared via social media)

We're happy to see how our community show and comments DMT products online, and we'd love to share some photos or videos with you to enhance our channels. The images will be used primarily on our Site or on our social media platforms (Instagram, Facebook, or LinkedIn) to showcase our products in a real-life context. If we see content we appreciate, our team may contact you to ask for your permission/consent to publish it. We'll leave you a comment below the concerned post or a direct message.

If you respond to our request with the hashtag #yesdmtcycling, you will explicitly consent to the use of the post for marketing purposes, including within our newsletters, for no compensation whatsoever.

Please read carefully the section on User Generated Content inside the Terms of Use.

Location of the Data Processing Activities

Personal Data is processed by the Data Controller through facilities located at its trading office, within remote and cloud storage service systems, and in any other place where the parties involved in the processing are located. For more specific information on this subject, please contact the Data Controller by e-mail.

Personal Data may be transferred outside the European Union where and to the extent such transfer is permitted under the GDPR. Any transfer of Personal Data outside the European Union is:

to countries for which the European Commission has issued an adequacy decision; or
subject to data transfer agreements based on the standard contractual clauses approved by the European Commission; or
explicitly approved by the relevant User; or
otherwise permitted under another legal basis.

Disclosure of Personal Data - Data Processors

When required by law, or necessary to carry out business operations, or when explicitly permitted by Users, the Data Controller may disclose Personal Data to:

Business entities that perform activities in the interest and/or on behalf of the Data Controller for reasons connected to the Data Controller’s business (e.g., couriers, financial institutions, customer service providers, etc.) or for the fulfilment of legal requirements (e.g. accounting firms, law firms, etc.).
Business entities that perform activities to which Users have given explicit consent (e.g., advertising, marketing mailing, etc.).

These business entities typically process Personal Data on behalf of the Data Controller in the role of data processors. An updated list of the categories of data processors involved in the processing may be provided by the Data Controller upon e-mail request.

The disclosure of audiovisual data shared by Users via social media is carried out in accordance with the scope and methods previously communicated by the Data Controller in the relevant consent form, disclaimer, or notice shared with Users.

Retention Period

Personal data is processed for the time needed to achieve the purposes for which it was first collected and subsequently processed.

Therefore:

Personal Data collected for purposes related to the performance of a contract of any nature between the Data Controller and the User will be retained until the performance of such contract is completed. Maximum retention period: 10 years.
Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until the legitimate interest persists. Users may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant parts of this Privacy Policy or by contacting the Data Controller via e-mail.
When the processing is based on the User's consent (marketing/profiling), the Data Controller may keep the Personal Data for a maximum period of 7 (seven) years since the date of the last interaction between the User and the Site.
Moreover, retention of Personal Data for a longer period may be required under a legal obligation or by order of a public authority.

At the end of the retention period, the Data Controller will permanently erase or anonymise the Personal Data.

Rights of Users

Within the limits set forth by law, Users may exercise the following statutory data protection rights:

Access Personal Data. Users have the right to obtain information about their Personal Data processed by the Data Controller and to receive supplementary information.
Withdraw consent at any time. Users may withdraw their consent to the processing of Personal Data.
Object to the processing of Personal Data. Users may object to the processing of their Personal Data in certain circumstances when processing occurs on a legal basis other than user consent.
Ask for the rectification of Personal Data. Users may ask to have inaccurate Personal Data rectified, or completed if it is incomplete.
Obtain restriction of Personal Data processing. Users may request the restriction of the processing of their Personal Data in certain circumstances. In such case, the Data Controller will not process the Data for any purpose other than its preservation.
Obtain the erasure of Personal Data (right to be forgotten). In certain circumstances, Users may request the erasure of their Personal Data.
Right to data portability. Users have the right to receive their Personal Data in a structured, commonly used, machine-readable format, and where technically feasible to have it transferred unimpeded to another data controller. This provision is applicable when the Data is processed by automated means and the processing is based on the User's consent, a contract the User is a party to or contractual measures related thereto.
Lodge a complaint. Users may lodge a complaint with the relevant data protection supervisory authority or to take legal action.

Users may exercise their data protection rights by submitting a request via e-mail to the Data Controller. Such requests will be processed free of charge and without undue delay, and in any event within one month.

Changes to this Privacy Policy

The Data Controller may amend the content of this Privacy Policy at any time. All changes will become effective as soon as published on the Site. Users are encouraged to visit this page regularly.