ARTT. 13 AND 14 OF (EU) REGULATION 2016/679

Data Subjects: Navigators, users of the services.

“BIMOTA S.P.A.”, as Controller of your personal data, in accordance with and for the purpose of (EU) Regulation 2016/679 hereinafter ‘GDPR’, hereby informs you that the aforementioned legislation provides for the protection of data subjects with regard to the processing of personal data and such processing will be used respecting the principles of correctness, legality and transparency, safeguarding your privacy and your rights.
In order to achieve its purposes relating to the management of the relationship, the Data Controller needs to acquire personal data, such as, by way of example, the name and surname, telephone or mobile number, email address, tax code.
Personal data may only be collected, processed and used in accordance with the provisions of the aforementioned legislation and the confidentiality obligations contained therein.

Provision of the service: Your data will be processed to answer any requests that may reach us via forms filled out and forms available on the website, or to answer any requests which arrive by email.

Juridical Foundation: The juridical foundation for the treatment is of the contractual type, involving a treatment of personal data for the purpose of answering a request for information.

Consequences of Non-disclosure: The processing of functional data for the fulfillment of these obligations is necessary for the correct management of the relationship and their transmission is required to implement the above-mentioned purposes. The Data Controller also states that any non-communication, or incorrect communication, of one of the mandatory information, may cause the Data Controller’s inability to guarantee the adequacy of the processing.

Processing Methods: The processing is carried out with manual and/or electronic and telematic instruments, in order to guarantee the security, integrity and confidentiality of the data in accordance with the physical and logical organizational measures, provided for by the provisions in force, in order to minimize the risks of destruction or loss, unauthorized access, modification and unauthorized disclosure in compliance with the procedures referred to in Articles 6, 32 of the GDPR.

Recipients: For the performance of certain activities, or to provide support for the operation and organization of the business, some data may be disclosed or communicated to recipients. These subjects are divided into:

Third parties: (communication to: natural or legal persons, public authorities, service or other body other than the data
subject, the data controller, the data processor and the authorized persons responsible for the processing) including:

• Companies that manage traditional or computerized postal services
• Any other subjects whose communication of data is necessary to achieve the above purposes indicated.

Data processors: (the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller)

• Providers of IT, web, or other services necessary to achieve the purposes needed to manage the relationship.

Within the company structure, your data will be processed only by personnel expressly authorized by the Data Controller, with the assurance of the adoption of a confidentiality agreement and, in particular, by the following categories of employees:

• Administration;
• Other employees whose treatment is necessary for the correct execution of the relationship;

Diffusion: Your personal data will not be further divulged in any way.

Data Transfer to Third Countries: The Data Controller shall not transfer any personal data in countries outside of the EU. If necessary, the interested parties will be informed in advance, and guarantee measures will be adopted for the transfer towards the recipients, which depending on the case may be: verification of the existence of adequacy decisions for the recipient country by the Commission , signing of standard contractual clauses, in the case of the USA verification of adherence to the international Privacy Shield agreement; notwithstanding these guarantees, the existence
of a contract or pre-contractual measures in favor of the interested party or consent is verified.

Conservation Period: Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of GDPR, your personal data will be retained for as long as necessary to fulfill the purposes they are collected and processed for. In the event that a contract is signed, this retention period may end with the forfeiture or withdrawal of the contract, the same data may be stored, where applicable, for a further period of time in order to manage any disputes, the legal basis of this conservation is the legitimate interest of the data controller. The retention period for marketing data processing is functional to the purposes pursued by the data controller, and in any case not exceeding 3 years from the last contact, or feedback received.

Data Controller: The Data Controller, pursuant to legislation, is “BIMOTA S.P.A.”, with legal and operational headquarters in Via Ausa, 118 – 47853 Cerasolo Ausa di Coriano (RN), VAT Number/Tax Code: 04451760401 in the
person of its legal representative pro tempore.
By sending an e-mail to the following address info@bimota.it you can request further information regarding the data provided.

EU Reg. 2016/679: Artt. 15, 16, 17, 18, 19, 20, 21, 22, 23 – Rights of the Data Subject

The data subject has the right to obtain confirmation of the existence or not of any personal information relating to
them and also to receive communication thereof in a comprehensive form.

2. The data subject has the right to obtain indications on:
   a. The source of personal data;
   b. The purposes and methods of processing;
   c. The logic used should the processing be made through the aid of computerized methods;
   d. The identification details of the data controller, of the managers and the designated representative pursuant to article 5, paragraph 2;
   e. The subjects or subject categories whom the personal data may be communicated or who can get to know about them appointed representative in the State territory, managers or assigned personnel.
3. The data subject has the right to obtain:
   a. The updating, the rectification or, where this is of interest, the integration of data;
   b. The cancellation, transformation to an anonymous form or the block of the data processed in breach of the law, including those that do not need to be stored for the purposes for which the data were collected or subsequently precessed;
   c. The certification that the operations relating to letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or divulged, except in the case in which this fulfillment proves to be impossible or involves the use of means manifestly disproportionate in terms of the right being safeguarded;
   d. The data portability.
4. The data subject has the right to object, either in whole or in part:
   a. For legitimate reasons, to the processing of personal data concerning him/her, although pertinent to the purpose of the gathering;
   b. To the processing of personal data concerning him/her for the purpose of sending advertising material or direct selling or for the performance of market research or business communications.

The data subjects, if conditions apply, also have the right to lodge a complaint with the Guarantor in its quality of supervisory authority in accordance with the established procedures. For any further information, and to assert the rights recognized by European Regulation, you can contact the data controller at the above references.