Privacy Policy

CHANGE LANGUAGE

English Italiano

NOTICE
pursuant to article 13 of Regulation (EU) 2016/679 ("GDPR")

 

Dear User, we invite you to pay attention to the following Notice ("the Notice"), issued pursuant to article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data ("GDPR").
This document contains a description of all the processing carried out by the Data Controller, as defined below.
Please note that the Notice only concerns the APP Vespa; therefore any web page to which you may be redirected from the APP Vespa is deemed to be excluded.
In addition, if you purchase products or use Piaggio services through official Piaggio channels rather than through the APP, at the time of such purchase or use you will be issued with a specific Notice pursuant to art. 13 of the GDPR relating to your personal data processed at that moment.

 

1. The Data Controller

 

The Data Controller is Piaggio & C. S.p.A., whose registered office is at Viale Rinaldo Piaggio 25, Pontedera (PI) ("the Data Controller").

 

The Data Controller has also appointed a Data Protection Officer ("DPO"), whom you may contact directly to exercise your rights and to receive any information concerning the processing of your personal data and/or concerning this Notice, by writing to:

Data Protection Officer – DPO
Viale Piaggio 25
56025 PONTEDERA (PI)
email: dpo@piaggio.com
Fax: +39 0587272961
Tel: +39 0587272495

 

2. The personal data we process

 

2.1 Data provided voluntarily by the user

 

The Data Controller processes the following personal data:
personal details: such as first name, surname, date of birth, diving license number, profile photo, address, telephone number, Country, e-mail address and other contact details;
usage data - the data collected automatically by the Application including: the identification of the device where the app is installed that connects to VESPA, the time of the request to the servers, the method used to submit the request the server, the file size obtained in response, the numerical code indicating the status of response from the server (successful, error, etc.) the country of origin, a series of technical data related to the use of VESPA associated to the App including:

 

  • Vehicle name
  • Model
  • Displacement
  • Production year
  • VIN
  • Total km
  • Last service check
  • Vehicle picture

 

3. The purposes for which your personal data is processed and the legal basis of processing

 

The personal data you provide processed by the Data Controller for the following purposes.

 

3.1 Provision of services

 

The Data Controller wishes to process your personal data in order to give you access to the services offered by the App.
Nature of the data processing consent: Optional.
Consequences of refusal to allow data processing: Failure to give consent will make it impossible for the Data Controller to meet your requests as described in the first paragraph above.
Legal basis of the processing: Article 6 (1) (b) of the GDPR. It is therefore not necessary to obtain your prior consent to allow processing.
Personal data retention period: Your personal data obtained for these purposes will be processed for the time strictly necessary to comply with your request and will be subsequently retained for the time required by the applicable regulations after such compliance.

 

3.2 Marketing activities on products and services similar to those already requested by the User

 

The Data Controller wishes to process your personal data in order to send you commercial communications relating to products and services similar to those requested by you and offered by the Data Controller and through the Data Processors duly appointed pursuant to art. 28 of the GDPR.
Purposes of the processing: Sending advertising material, promotion and sale of products, market surveys and research and/or commercial communications.
Nature of the data processing consent: Optional.
Consequences of refusal to allow data processing: Failure to give consent will make it impossible for the Data Controller to send you promotional and marketing communications.
Legal basis of the processing: Legitimate interest.
Personal data retention period: Your personal data obtained for this purpose will be processed until you decide to object to the processing and/or to obtain termination of the processing at any time.

 

3.3 Marketing activities

 

The Data Controller wishes to process your personal data in order to send you commercial communications relating to all products and services offered by the Data Controller and through the Data Processors duly appointed pursuant to art. 28 of the GDPR.
Purposes of the processing: Sending advertising material, promotion and sale of products, market surveys and research and/or commercial communications.
Nature of the data processing consent: Optional.
Consequences of refusal to allow data processing: Failure to give consent will make it impossible for the Data Controller to send you promotional and marketing communications.
Legal basis of the processing: Consent
Personal data retention period: Your personal data obtained for this purpose will be processed until you decide to object to the processing and/or to obtain termination of the processing at any time.

 

4. The methods used to process your personal data

 

Your personal data will be processed in compliance with the provisions of the GDPR using paper, computer and telematic means, using methods strictly related to the specified purposes and in all cases guaranteeing security and confidentiality in accordance with the provisions of article 32 of the GDPR.

 

5. Persons to whom your personal data may be communicated or who may become aware of it

 

To fulfil the purposes described in point 3 above, your personal data will be known by the Data Controller's dependent and quasi-dependent personnel and by its contractors, all acting in the capacity of persons authorised to process personal data.
In addition, your personal data will be communicated and processed by third parties belonging to the following categories:

 

  1. Persons used by the Data Controller to manage the App
  2. Companies that manage the Data Controller's computer system
  3. Companies and consultants providing legal and/or financial advice
  4. Authorities and supervisory and control bodies, and in general public or private entities with functions relating to public law
  5. Persons used by the Data Controller for various reasons to provide the requested service
  6. Other Piaggio Group companies, for the purposes of marketing, direct sales, market surveys and for statistical processing such as monitoring the degree of customer satisfaction in relation to the services and products offered by Piaggio and/or other Piaggio Group companies, as well as for communication to third parties (e.g. suppliers) if this is necessary to enable you to benefit from our services.

 

You have the right to revoke the consent you may have provided at any time. This will make it impossible for the Data Controller to continue to use your personal data for the purpose in respect of which you have refused consent.
In some cases, the persons belonging to the foregoing categories operate in complete autonomy as separate Data Controllers; in others, they operate as Data Processors specifically appointed by the Data Controller in compliance with article 28 of the GDPR.
A complete and updated list of the persons to whom your personal data may be communicated can be requested from the registered office of the Data Controller or by contacting its DPO.
Your personal data will not be transferred to third parties outside the European Union and will not be disseminated.

 

6. Data of minors

 

The Data Controller does not process the personal data of persons under the age of 16 for the purposes referred to in sections 3.1 and 3.2 above.
If the User says that he/she is less than 16 years old, the field relating to the giving of consent will be pre-completed with a negative response.

 

8. Your rights as a data subject

 

In relation to the processing described in this Privacy Notice, as a data subject you can, under the conditions specified by the GDPR, exercise the rights enshrined in articles 15 to 21 of the GDPR and, in particular, the following rights:

 

  • Right of access – article 15 of the GDPR: The right to obtain confirmation of whether personal data concerning you is being processed and, if it is, to obtain access to your personal data – including a copy thereof – and notification of the following information, inter alia:
    • Purposes of the processing
    • Categories of personal data processed
    • Recipients to whom the data has been or will be communicated
    • Data retention period or the criteria used
    • Rights of the data subject (rectification or erasure of personal data, restriction of processing and the right to object to processing
    • Right to complain
    • Right to receive information on the origin of personal data if it has not been collected from the data subject
    • The existence of an automated decision-making process, including profiling
  • Right to rectification – article 16 of the GDPR: The right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data
  • Right to erasure (right to be forgotten) – article 17 of the GDPR: The right to obtain, without undue delay, the erasure of personal data concerning you, when:
    1. The data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
    2. You have withdrawn your consent and there is no other legal basis for the processing
    3. You have successfully objected to the processing of personal data
    4. The data has been unlawfully processed
    5. The data must be erased to fulfil a legal obligation
    6. The personal data has been collected in relation to the offer of information society services referred to in article 8 (1) of the GDPR.
    The right to erasure does not apply where the processing is necessary for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of rights in legal proceedings.
  • Right to restriction of processing – article 18 of the GDPR: Right to obtain restriction of processing, when:
    1. The data subject disputes the accuracy of the personal data
    2. Processing is unlawful and the data subject objects to erasure of the personal data and requests restriction of its use instead
    3. the controller no longer needs the personal data for the purposes of the processing, but the personal data is required by the data subject for the establishment, exercise or defence of rights in legal proceedings
    4. The data subject has objected to processing as indicated above, pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Right to data portability – article 20 of the GDPR: The right to receive, in a structured, commonly used, machine-readable format, the personal data concerning you which has been provided to the Data Controller, and the right to transmit it to another Data Controller without hindrance, providing that processing is based on consent and is carried out by automated means. Also, the right to arrange for your personal data to be transmitted directly from the Data Controller to another data controller if this is technically feasible.
  • Right to object – article 21 of the GDPR: The right to object, at any time, to the processing of personal data concerning you, based on to the legitimacy of the legitimate interest, including profiling, unless there are legitimate grounds for the Data Controller to continue processing that override the interests, rights and freedoms of the data subject; or for the establishment, exercise or defence of a right in legal proceedings.
  • Right to make a complaint to the Italian Data Protection Authority, Piazza di Montecitorio no. 121, 00186, Rome (RM).

 

The above-mentioned rights may be exercised against the Data Controller by writing to the contact addresses indicated in point 1. The Data Controller will take charge of your request and, without undue delay and, in any event, no later than one month after receipt of the request, notify you regarding the action taken in respect of your request.

 

Exercising your rights as a data subject shall be free of charge pursuant to article 12 of the GDPR. In the case of manifestly unfounded or excessive requests, however, in particular because of their repetitive character, the Data Controller may charge a reasonable fee, to reflect the administrative costs incurred in handling your request, or refuse to act on it.

 

Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the data subject.