Privacy Policy

Privacy policy revision date www.theHEROmall.com: 10 June 2020

Privacy Notice for Users

Dolomiti Adventures S.r.l. with offices in 39048 Selva di Val Gardena (BZ), VAT/Tax Code and Companies Register no. 02365190210 (hereinafter, the “Controller”), as the Controller in terms of processing the personal data of users (hereinafter, the “Users”) who browse and use the services available at www.theHEROmall.com (hereinafter, the “Site” and the “Services”), provides, below, the privacy notice pursuant to article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation”, or even the “Applicable Regulation”).

This Site and the Services are reserved for people aged eighteen and over.

The Controller, therefore, does not collect personal data relating to people under 18 years of age. Upon a request from a User, the Controller will promptly delete all personal data involuntarily collected and related to people under 18 years of age.

The Controller considers the right of Users to privacy and the protection of their personal data to be of the utmost importance.

The Joint Controller is HERO SOCIETA' SPORTIVA DILETTANTISTICA A RESPONSABILITA' LIMITATA, in the person of the Chairperson of the Board of Directors, with offices at STR. MEISULES 144, 39048, SELVA DI VAL GARDENA (BZ), ITALY, TAX CODE 94106770210, VAT number: 02683860213, certified email address: hero@pec.rolmail.net.

Type of data collected

Having browsed the Site, we inform you that the Controller will process personal data, which may consist of an identifier such as your name, an identification number, an online identifier (hereinafter only “Personal Data”). Processing may involve, for example, your name, your address, your username, email address and telephone number, or even the IP address of the device used, your browsing preferences, i.e. information on how you use www.dolomtiadventures.com including any similarity to other user behaviour, in addition to your online purchasing preferences. Your Personal Data may be collected because you voluntarily provide it (for example when you subscribe to the newsletter or register with the Site) or by simply analysing your browsing behaviour on the Site. Personal Data processed through the Site includes:

  • Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with an identified data subject but, by its very nature could, through processing and association with data held by third parties, allow a user to be identified. This category of data includes IP addresses or the domain names of the computers used by users who access the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuse. Data could be used to ascertain responsibility in the event of a computer crime against the site or third parties.

  • Data provided voluntarily by the data subject

Except where reference is made to specific information contained herein, this Privacy Policy also covers the processing of data voluntarily entered by you in the various forms contained in the Site, including, for example, that dedicated to Customer Service. With this in mind, unless strictly necessary, we caution you not to enter any information that might fall into the set of special categories of Personal Data referred to in article 9 of the Regulation (“[...] personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning someone’s sex life or sexual orientation”).

  • Third-party data provided voluntarily by you

When using some Site Services, third-party Personal Data, provided by you to the Controller, may be processed since you are allowed to enter text messages. In this situation, you become the independent controller and you assume all the obligations and responsibilities under the law. In this sense, you guarantee the greatest indemnity with respect to any dispute, claim, compensation request for damage caused by processing, etc. that might be made against the Controller by a third party whose Personal Data has been processed through the use of the Site functions in breach of the applicable regulations concerning the protection of personal data. In any case, if you provide, or in any other way process, a third party’s Personal Data when using the Site, you hereby guarantee - assuming all the related responsibility - that this particular processing situation is based on an appropriate legal basis pursuant to article 6 of the Regulation which legitimises the processing of the information in question.

  • Data relative to online payments

With regard to payment data entered by users, the Controller will only process data received from digital payment companies and credit card payment institutions that consist of return information on the status related to the payment (successful/rejected). All the additional information relating to your account (e.g. PayPal), prepaid card or credit card is stored by those parties who manage the relevant service, which are not authorised to use Personal Data collected through the Site for any other purpose. If you wish to pay for products purchased through the Site with financing, you may upload, directly, the documentation necessary to apply for such financing (i.e. identity document, tax code, income tax ID and, if you are a non-EU citizen, your residence permit/card).

  • Data relative to your position

The Controller may, subject to your consent, locate your geographical position in order to allow you to find, with the use of a map, the points of sale nearest to you. Subject to your prior and explicit consent, your internet browsing program (your “Browser”) may share your geographical position with the Site. Even if you have given your consent, you can disable this option, even temporarily, through your Browser settings (or through your operating system’s settings or those of the device used). For more information, see your Browser’s specific privacy notice.

  • Data processed through interactions with social media networks

As well as filling out forms on the Site, you can also request certain services and provide your Personal Data through your Facebook, Google or PayPal profiles, in order to, for example, register with the Site. In these cases, Facebook, Google and PayPal will automatically send your Personal Data to the Controller and you will not be required to fill out other forms.

  • Cookies

For details about cookies, refer to the Cookie Policy by clicking here.

The main purposes for processing Personal Data and the legal basis for doing so

The Controller will use your Personal Data, collected through the Site, for the following purposes:

  • to allow you to browse the Site and to provide the Services you may request, from time to time, from the Controller, such as, by way of example: registering and accessing the Site’s reserved area; managing and processing purchase orders, delivering products; as well as, in general, activities related to executing a contractual relationship with the Controller; answering and fulfilling requests for assistance or information, including pre- and post-sales customer care services (“Providing the service”).

Processing your Personal Data for this purpose is necessary in order to be able to provide you with the Services and to be able to fulfil your requests, such as, for example, executing the contract made with you. The legal basis for this processing is article 6(1)(b) of the Regulation (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”). Providing Personal Data for this purpose is optional. If you do not provide your Personal Data, however, it will not be possible to provide the Services via the Site or to fulfil your requests, if you have not filled out the fields marked with an asterisk (*).

  • to comply with any obligations required by law, regulations or EU legislation, or to fulfil a request made by a qualified authority (“Compliance”).

Processing your Personal Data for this purpose is necessary so that the Controller can fulfil its legal obligations or fulfil a request made by a qualified authority. Processing is based on article 6(1)(c) of the Regulation (“[...] processing is necessary for compliance with a legal obligation to which the controller is subject”). Processing your Personal Data for this purpose is, in fact, necessary in order to be able to comply with legal obligations to which the Controller is subject. Such processing may involve storing and communicating your Personal Data to a qualified authority for accounting, tax, or other obligations.

  • to email you commercial communications regarding products and services that are similar to those you have purchased, unless you expressly refuse to receive such communications, which you may do at the time of purchase or at a later date. You may object to Soft Spam both when requesting a product or service and in subsequent communications from the Controller by writing to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or by emailing privacy@dolomitiadventures.com, in addition to using the link found at the end of each email. (“Soft Spam”). Processing your Personal Data for this purpose represents legitimate processing under currently applicable legislation on the protection of Personal Data, which does not require your consent. You may object to the processing of your Personal Data for this purpose both when requesting a product or service available on the Site and in subsequent communications from the Controller by writing to the contact details indicated in the “Contacts” section of this notice, in addition to using the link found at the end of each email.
  • subject to your consent, to carry out marketing activities, such as compiling statistics and performing market research, to send you our newsletter or other informational or promotional material relating to the Controller’s activities, products and services as well as those of its partners, to send you communications and surveys to improve the service (“customer satisfaction”). Such communications may be made via automatic messages, email, SMS/MMS, fax, the post and/or by telephone with an operator; please note that the Controller collects a single consent for the marketing purposes described herein, pursuant to the Italian Data Protection Authority’s General Provisions, “Guidelines on marketing and against spam” of 4 July 2013. In any case, if you wish to object to the processing of your Personal Data for marketing purposes, as performed with the means indicated herein, you may do so, at any time, modifying your choices by writing to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or by emailing privacy@dolomitiadventures.com.Any withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to it being withdrawn (“Marketing”). The processing carried out for Marketing purposes is based on your specific consent pursuant to article 6(1)(a) (“[...] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”).

Providing your Personal Data for this purpose is, therefore, entirely optional and does not affect the use of the Services. We would also like to point out that if you had provided the Controller with your consent elsewhere, or had denied it (using the same email address), the chronologically most recent expression of consent (or otherwise) will be taken as the consent of reference. In any case, if you wish to revoke your consent, you may do so, at any time, by writing to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or by emailing privacy@dolomitiadventures.com. Any withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to it being withdrawn; 

  • subject to your consent, to analyse your interests, habits and consumer choices, and your preferences with regard to the products and services offered by the Controller, with the use of electronic tools capable of aggregating and comparing your Personal Data in order to personalise the communications sent to you about the products and services offered by the Controller. Such analysis will consider both your purchasing behaviour (date, subject and transaction amount) at wtheHEROmall.com, via the App, or at Points of Sale, whether and how you view the commercial communications emailed by the Controller, and your browsing behaviour, i.e. information on how you use the App and/or www.theHEROmall.com as a registered user, including any similarity to other user behaviour (“Integrated Profiling”).

More precisely, using the data of other users, the Controller can create “clusters” (homogeneous groups made up of profiles with a certain amount of overlap) based on the user’s preferences, their online behaviour and purchases made through the Controller’s Points of Sale in order to develop targeted, personalised digital campaigns in line with the users’ tastes. The Controller uses technologies that, by querying an ID (in alphanumeric form), can track registered users as they browse the Site from different devices (e.g. computers, tablets, smartphones) or from different browsers (e.g. Chrome, Firefox, etc.) with the aim of presenting users with products similar to those displayed or purchased by them (regardless of the type of device or browser used). The Personal Data of users may be used by the Controller to suggest products or services that may be of interest to them and to offer them the opportunity to participate in competitions and promotions.

In any case, if you wish to object to the processing of your Personal Data for the purposes of Integrated Profiling, you may do so, at any time, by writing to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or by emailing privacy@dolomitiadventures.com.

Any withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to it being withdrawn.

The processing carried out for the purposes of Integrated Profiling is based on specific consent being granted, pursuant to article 6(1)(a) (“[...] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”).

Providing your Personal Data for this purpose is, therefore, entirely optional and does not affect the use of the Services. We would also like to point out that if you had provided the Controller with your consent elsewhere, or had denied it (using the same email address), the chronologically most recent expression of consent (or otherwise) will be taken as the consent of reference. In any case, if you wish to revoke your consent, you may do so, at any time, by writing to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or by emailing privacy@dolomitiadventures.com. Any withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to it being withdrawn;

  • Data may also be used by the Controller to analyse how users use the Site, in order to examine the effectiveness of advertising, promotions, and competitions, to analyse (in aggregate form) statistics relating to browsing behaviour and activities on the Site, to simplify the Site’s use and to better adapt the Site to the interests and choices of users. Specifically, the Controller uses an online advertising network platform and will make certain data about the Site’s users available to the operator of this platform, in a form that does not allow direct identification, relating to, for example, the type of products in which the user has expressed an interest. This is to allow the platform operator to group the Site’s users into “clusters” (homogeneous groups made up of profiles with a certain amount of overlap) that can be compared with other similar “clusters” of users on other websites, which make up the system of online advertising networks. By creating clusters, users are divided into segments based on their areas of interest. These segments are then compared in order to understand which products viewed by the Controller’s users might be of interest to users at other websites included in the aforementioned system. The ultimate aim is to display advertisements containing the same or similar products to those viewed by the Controller’s users as they browse other websites (“Online Profiling”). The processing carried out for the purpose of online profiling is based on - as far as it concerns the Controller - the consent to use advertising cookies that may be granted by the user through a special banner displayed on the Site. With regard to making user data available, in aggregate form, to the operator of the online advertising network platform, processing is based on the Controller’s legitimate interest, as well as that of third parties (parties participating in the online advertising network), pursuant to article 6(1)(f) of the Regulation (“[...] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”). If you wish to object to the processing of your Personal Data for online profiling purposes, you may do so, at any time, by contacting the Controller at the contact details indicated in the “Contacts” section of this notice.
  • subject to your authorisation to geo-localisation, to locate your geographical position in order to allow you to find, with the use of a map, the points of sale nearest to you (“Geolocation”). Processing your Personal Data for this purpose is based on the consent granted pursuant to article 6(1)(a) (“[...] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”). To this end, since the geolocation option is linked to your Browser or system settings, you may provide your consent and enable geolocation services in the appropriate box that appears when you browse the Site. Providing your Personal Data for this purpose is, therefore, entirely optional and does not affect the use of the Services, but only the ability of allowing you to find, with the use of a map, the points of sale nearest to you. If you wish to object to the processing of your Personal Data for Geolocation purposes, you may do so, at any time, by disabling the option, even temporarily, through your Browser settings, or those of your device, whenever you deem it appropriate.
  • subject to your consent, to communicate your Personal Data (e.g. first name, last name, email address) to third-party companies that operate in the following sectors: tourism, sport & leisure, automotive, event organisation, clothing, for autonomous direct marketing purposes. In any case, if you wish to object to the processing of your Personal Data for the purpose of communication to third parties, you may do so, at any time, by writing to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or by emailing privacy@dolomitiadventures.com. Any withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to it being withdrawn (“Communication to third parties”). Processing your Personal Data for this purpose is based on the consent granted pursuant to article 6(1)(a) (“[...] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”). Providing your Personal Data for this purpose is, therefore, entirely optional and does not affect the use of the Services. In any case, if you wish to object to the processing of your Personal Data for the purpose of communication to third parties and if you wish to revoke your consent, you may do so, at any time, by writing to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or by emailing privacy@dolomitiadventures.com, without prejudice to the lawfulness of processing based on the consent given prior to it being revoked.
  • for the purposes of preventing fraud through the use of the Site and the Services offered by the Controller and to allow the Controller to protect its interests in court (“Abuse/Fraud”). Processing for this purpose is based on article 6(1)(f) of the Regulation (“[...] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”); Personal Data collected for this purpose will be used to prevent and/or to detect any fraudulent activity or abuse in the use of the Site and the Services and will allow the Controller to protect its interests in court.
  • for statistical purposes, without it being possible to trace your identity (“Statistics”). Note that this processing is not performed on Personal Data and can, therefore, be freely carried out by the Controller.

Recipients of Personal Data

Your Personal Data may be shared, for the purposes indicated above, with (the “Recipients”):

  • parties who typically act as processors, i.e.: i) persons, companies or professional firms that provide assistance and consulting services to the Controller concerning accounting, administrative, legal, tax, financial and credit recovery issues in relation to the provision of the Services; ii) parties with whom it is necessary to interact in order to provide the Services (e.g. hosting providers); iii) parties duly assigned to carry out technical maintenance activities (including maintenance on network equipment and electronic communication networks); iv) parties duly assigned to organise and process shipments, deliveries and returns of products purchased through the Site; v) companies that provide assistance and consulting services to the Controller concerning the purposes set out in this Privacy Policy and the Cookie Policy.
  • parties, entities or authorities to whom it is obligatory to communicate your Personal Data pursuant to legal provisions or orders from a qualified authority or to prevent and/or detect any fraudulent activity or abuse in the use of the Site and the Services offered by the Controller;
  • parties authorised by the Controller to process the Personal Data necessary to carry out those activities which are strictly related to the provision of the Services. These parties are committed to confidentiality or are legally bound by a confidentiality obligation (e.g. the Controller’s employees);
  • companies appointed as joint controllers, limited to pursuing the purposes indicated in the respective agreement which, if requested, will be made available to the interested party;
  • subject to your consent, to other companies operating in the following sectors: tourism, sport & leisure, automotive, event organisation, clothing, for autonomous direct marketing purposes;
  • the operator of the online advertising network platform of reference, for the further processing of the browsing data of users of the Controller’s Site, aimed at allowing other advertisers, who are members of the same online advertising network, and who make use of the same platform, to display the most appropriate online advertisement to users based on their browsing behaviour.

Transferring Personal Data

Some of your Personal Data is shared with Recipients who may be located outside the European Union. The Controller shall ensure that the processing of your Personal Data by these Recipients is done in compliance with the Regulation. In fact, transfers may be done on the basis of an adequacy decision, on Standard Contractual Clauses approved by the European Commission, or on another appropriate legal basis. Further information may be obtained from the Controller by writing to the contact details indicated in the “Contacts” section of this notice.

Retention of Personal Data

Personal Data processed for the purposes of Providing the Service will be kept for the time strictly necessary to achieve those purposes and, in the second case, for as long as is required by the specific obligation or applicable law. In any case, since processing is carried out in order to provide the Services, the Controller will process Personal Data for the length of time permitted by Italian law to protect its interests (article 2946 et seq. of the Italian Civil Code) from possible complaints relating to the Services.

Personal Data processed for Compliance purposes will be kept for as long as is required by the specific obligation or applicable law.

For Soft Spam purposes, your Personal Data will be stored until you oppose the processing of it, by writing to the contact details in the “Contacts” section of this notice or by using the link found at the end of each email sent.

For Marketing purposes, your Personal Data will be processed, as a general rule and without prejudice to the principle of storing data for a period of time which is proportionate to the purpose for which it is processed, until you revoke your consent. If you withdraw from the Controller’s Services without revoking your consent, your Personal Data may still continue to be processed.

Information relating to the details of purchases and further activities will be processed for Integrated Profiling purposes for no longer than 24 months from the collection date.

For the purpose of Online Profiling, your Personal Data will be stored in a form that, in any case, would never allow the Controller to identify you directly, for 30 days.

For the purposes of Geolocation and Communication to third parties, your Personal Data will be processed, as a general rule, until you revoke your consent.

For the purpose of Abuse/Fraud, your Personal Data will be processed for the period of time necessary for the aforesaid purpose to be achieved and, therefore, for as long as the Controller is required to keep the data in order to protect its interests in court or to communicate such data to a qualified authority.

This is, in any case, without prejudice to the ability for the Controller to store your Personal Data for the period of time provided for and permitted by Italian Law protecting the Controller’s interests (article 2947(1)(3) of the Italian Civil Code).

Further information regarding the data storage period and the criteria used to determine this period can be requested by writing to the Controller at the contact details indicated in the “Contacts” section of this notice.

The Data Subject’s rights

Pursuant to articles 15 et seq. of the Regulation, you have the right to ask the Controller, at any time, for access to your Personal Data, and to have this data rectified or erased. You have the right to object to the processing of your Personal Data and to restrict the processing of it in the cases provided for by article 18 of the Regulation. You also have the right to obtain your Personal Data in a structured, commonly used and machine-readable format in the cases provided for by article 20 of the Regulation.

Requests should be made in writing to the contact details indicated in the “Contacts” section of this information notice and we remind you that, in order to change your privacy preferences, you can write to Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy.

Any withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to it being withdrawn.

Consent to Profiling through cookies can be revoked by using the methods indicated in the cookie policy.

In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (in Italy this is the Italian Data Protection Authority - Garante per la Protezione dei Dati Personali), pursuant to article 77 of the Regulation, if you believe that your Personal Data has been processed in breach of the regulations in effect.

Changes

This Privacy Policy is effective from 10 June 2020. The Controller reserves the right to modify or simply update the content, in part or in whole, including by virtue of changes made to the applicable regulations. The Controller will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Site. The Controller invites you, therefore, to return to this section regularly in order to review the latest version of the Privacy Policy and to remain updated about which data is collected by the Controller and how the same uses it. The Privacy Policy refers to processing carried out after the date on which the document is published. Anyone wishing an earlier version of the Privacy Policy, may request it by emailing privacy@dolomitiadventures.com

Contacts

To exercise any of the above rights, or for any other request, you can write to the Controller: Dolomiti Adventures S.r.l. with offices at via Meisules 242, 39048 Selva di Val Gardena (BZ), Italy, or send an email to privacy@dolomitiadventures.com

Last updated in September 2020