Privacy Policy Persuant to article 13 of regulation (EU) 2016/679

1. Introduction

For Arena S.p.A. your privacy and the safety of your personal data are very important; for this reason, we collect and process them with the utmost care and attention, while adopting specific technical and structural measures to ensure the full safety of such processing.

Please note, therefore, that pursuant to Article 13 of European Regulation 2016/679 (the "Regulation") the processing of your personal data is carried out according to procedures aimed at ensuring safety and confidentiality, and it is performed by using paper, IT and/or telematic means, according to what is specified herein.

This privacy policy is also provided in accordance with Recommendation 2/2001 adopted by the European authorities for the protection of personal data, united in the Group established by Article 29 of Directive 95/46/EC on May 17th, 2001.

2. Definitions

Personal Data: means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, data relating to location, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Special categories of personal data: any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data relating to a natural person’s sex life or sexual orientation.

Data Controller: means the natural or legal person, public authority, agency or other body that – either alone or jointly with others – determines the purposes and means of the processing of personal data.

Data Supervisor: means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.

3. Data Controller

The processing of your personal data is carried out by Arena S.p.A. ("Arena"), with registered office in Tolentino (Macerata, Italy), C.da Cisterna 84/85, as Data Controller under and pursuant to the EU Regulation.
For any questions or requests about the processing of your personal data. you can contact Arena at any time by sending a request to the following contact addresses:

Data Controller
Company: Arena S.p.A.
Registered office address: Contrada Cisterna, 84/85, 62029, Tolentino (Macerata, Italy)
Telephone: +39 0733 956 200
E-mail: privacy@arenasport.com

4. Type of Data and Purposes of Processing

The personal data processed by Arena are the data you give us when you place a purchase order for goods or services, as well as the data we collect while you browse or use the online services supplied by Arena.

Arena can then collect information about you, including personal data such as full name, e-mail, mailing address and invoicing address, browsing data and your buying habits.

Your personal data, once collected, are used to:

Purposes Legal Basis
A Execute your purchase orders relating to one or more products available on the Site, hence perform, manage and/or fulfill the contractual obligations. The processing performed for these purposes is necessary for the fulfillment of contractual obligations and does not require any specific consent of the data subject.
B Perform statistical surveys, market research and promotional activities. The processing performed for these purposes is carried out with the specific consent of the user.
C Fulfill obligations under any applicable laws, rules, European regulations or provisions issued by a Supervisory Authority and by Monitoring and Control Bodies. The processing performed for these purposes is necessary for the fulfillment of law requirements and to make the services/goods available to you and does not require any specific consent of the data subject.
D Detect your use experience of our web services, of the products and services we offer, as well as ensure the proper functioning of the web pages and their contents. The processing performed for these purposes is based on a legitimate interest of the Data Controller, and does not require any specific consent of the data subject.
E Carry out direct promotional activities, through periodical newsletters and other promotional tools to the e-mail address that you have voluntarily provided to us when registering on the Site. The processing performed for these purposes is carried out with the specific consent of the user, except for commercial messages relating to products and/or services similar to those already purchased and/or subscribed to by the user for which the processing is based on a legitimate interest of the Data Controller.

Your personal data are processed by the duly authorized personnel of Arena pursuant to Article 4, paragraph 10 of the EU Regulation, processing data in full accordance with the instructions given by the Data Controller.

Also, your personal data will be disclosed to any third parties that we rely on to supply our services; these have been suitably selected by us and provide sufficient guarantees regarding compliance with the regulations on personal data processing. They have been appointed in accordance with Article 28 of the EU Regulation, and they are required to carry out their activities according to the specific instructions given by Arena and under its control.

These third parties may belong to the following categories: financial operators; Internet providers; companies specializing in IT services; couriers; companies that perform marketing activities; companies specializing in market research and data processing. A specific and updated list of these third parties is available at the registered office of the Data Controller, and can be consulted at the request of the data subject.

Data may be disclosed to third parties in case of mergers, takeovers, sale of businesses or business units and any other extraordinary transactions, as well as to any legitimate recipient of notifications provided for by any laws or regulations. To achieve the above processing purposes, your personal data may be disclosed to other companies of the Group which Arena belongs to; these companies will process the data according to the applicable privacy laws and are based within the European Union. It is understood that your personal data will not be disclosed to third parties so that they can use them for their own promotional purposes and will not be disseminated in any way.

Your data may also be forwarded to the police and to the judicial and administrative authorities, in compliance with the law, for the investigation and prosecution of criminal offences, the prevention of and protection against threats to public safety, as well as to allow Arena to exercise or protect its own rights or any third-party rights before the competent authorities, and for any other reasons related to the protection of the rights and freedoms of others.

5. Data transfers outside the EU

Some of the third parties referred to in paragraph 4 hereof may be based in countries outside the European Union, which do offer – however – an adequate level of data protection, as determined by specific decisions of the European Commission.

The transfer of your personal data to third parties domiciled or based in countries that do not belong to the European Union and which do not ensure an adequate level of protection will only be performed with your consent or on the basis of express agreements – entered into between Arena and such entities – containing safeguard clauses and appropriate guarantees for the protection of your personal data – that is, the so-called "standard terms", which are also approved by the European Commission, or if the transfer is necessary for the execution and performance of a contract between you and Arena or for the management of your requests.

6. Affiliate Marketing

Arena uses the advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter: "AWIN"). Through AWIN, Arena can deliver advertising content and analyse the success of the campaigns. 

Arena will store any personal data you submit only for as long as it is needed to fulfil the purposes for which the data was submitted or for as long as required by law. Upon fulfilment of the purpose and/or expiry of the legal storage periods, the data will be deleted or blocked by us. 

The purpose of the data processing is to place targeted advertising for Arena's products on third party websites and apps based on your browsing behaviour on Arena's website. AWIN and the third party website receive a success commission should you complete a purchase on Arena's website. 
 
The data processed include: 

  • IP address,  
  • Website usage data (information about which ad you came to the website from;  
  • Time spent on the website and which areas of the website were viewed;
  • website loading times, browser and screen settings),  
  • Postal code
  • Device data, terminal device, order ID, shopping cart value, cookie ID

The legal basis for the data processing is your consent according to Art. 6 (1) a GDPR. 

The data will be stored for a period of twelve (12) months.  

You can revoke your consent at any time with effect for the future via the cookie management tool. 

Further information on the use of cookies can be found in the Arena's Cookie Policy

Arena has a shared responsibility contract with AWIN and is jointly responsible with AWIN for data processing. The contract defines the respective responsibilities for the fulfilment of the obligations under the GDPR. However, within the framework of joint responsibility, you can in principle assert your data protection rights against each of the joint controllers. 
If data is transferred to third parties that are not based in the EEA and for which there is no adequacy clause by the European Commission (so-called unsafe third countries), special EU standard contractual clauses are concluded to enable data protection such as that in the GDPR. 

For more information, please see AWIN's privacy policy

7. Data Retention

Please note that your data will be retained for a limited period of time, which varies depending on the type of processing activities and the specific purposes of the processing, as is exemplified by the following:

  • data collected to enter into and perform any purchase agreements for goods or services: the data will be retained up to the fulfillment of the administrative-accounting requirements. Invoicing data shall be retained for ten years from the date of the invoice;
  • data about users registered on a portal / website: such data will be retained until you request the cancellation of your profile;
  • payment details: the data will be retained until receipt of the payment and the fulfillment of the administrative-accounting requirements;
  • data collected within the framework of the use of services provided by Arena: these data are retained until the termination of the service or the cancellation of the service subscription by the user;
  • data related to users' requests to the Customer Service of Arena: any data useful to assist you will be retained up to the fulfillment of your request;
  • CV: for six months from receipt;
  • data for commercial communications activities, opinion polls and market research: these data are retained up to the user’s request for interruption of the activity or otherwise will be deleted within two years of the last interaction of any kind between the data subject and Arena.

At the end of such periods, your data will be permanently deleted or irreversibly anonymised by Arena.

8. Your rights

Please note that you are entitled to exercise the following rights in relation to the personal data concerned with this privacy policy, as provided for and guaranteed by the Regulations:

  • Right of access and collection (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, amended or supplemented. If you so desire, we will provide you with a copy of your data in our possession.
  • Right to data deletion (Article 17 of the Regulation): in the cases provided for by the law, you can request the deletion of your personal data. Upon receiving and examining your request, if it is found to be legitimate, we will no longer process your personal data, which will be deleted.
  • Right to the limitation of processing (Article 18 of the Regulation): you have the right to request the limitation of the processing of your personal data in the event of any unlawful processing or objection to the accuracy of the personal data by the data subject.
  • Right to data portability (Article 20 of the Regulation): you have the right to obtain from the Data Controller your personal data in order to send them to another controller, where applicable under said Article.
  • Right to object (Article 21 of the Regulation): You have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interests, by explaining to us the reasons for your request; prior to accepting it, Arena shall assess the reasons for your request.
  • Right to lodge a complaint (Article 77 of the Regulation): you have the right to lodge a complaint with the Personal Data Protection Competent Authorities if you deem that a violation of your rights concerning the processing of your personal data has occurred or is underway.

You can exercise your rights with regard to the specific treatment of your personal data by Arena at any time by contacting Arena at the following mail and/or email contacts:

Postal Address

Arena S.p.A.
Contrada Cisterna, 84/85, 62029
Tolentino (Macerata, Italy)

Email contacts

privacy@arenasport.com
dpo@arenasport.com

Further information about the rights of the data subject can be obtained by asking the Data Controller to provide an integral extract of the above-mentioned Articles.

9. Security measures

Arena adopts suitable preventive security measures to protect the confidentiality, integrity, completeness and availability of the personal data of the data subject. Technical, logistic and organizational solutions are developed which aim at the prevention of any damage, including accidental loss, alteration, misuse and unauthorized use of the data processed.

In particular, to protect the data subject's personal data, the Site uses a coding system that provides protection by encrypting the information both on the log-in page and in other sections where you can release, view or edit your personal data.

In addition, the Data Controllers shall not be held responsible for the false information sent directly by the user (e.g., the accuracy of e-mail addresses, credit card details or postal addresses), and for the information about the user provided by a third party, including fraudulently.

10. Changes to this Privacy Policy

The constant evolution of our services may result in changes to the characteristics of the personal data processing described herein. This privacy policy may be amended and supplemented over time, as may be necessary because of any new regulations concerning personal data protection or the evolution / modification of our services.

We invite you, therefore, to check the contents of our information regularly: whenever possible, we will inform you promptly about any changes and their consequences.

The updated version of the privacy policy information, in any case, will be posted on the page https://www.arenasport.com/en_no/privacy-policy, indicating the date it was last updated.

11. Date of last update

08/08/2023