Data Controller
Runner Marketing S.r.l., Via Caduti del Lavoro No. 11, 46010 – Levata di Curtatone (MN), VAT ID 02414230207, email: info@runnermarketing.it, pursuant to Art. 4 GDPR, is the Data Controller (hereinafter referred to as the "Controller").
1. Purpose of Processing
1.1 To view web pages and use services offered on the website www.runnermarketing.it (hereinafter: the "Site").
1.2 To comply with obligations set by applicable national and supranational regulations.
1.3 If necessary, to ascertain, exercise, or defend the rights of the Controller in court.
1.4 To send advertising and informational materials, perform direct sales or placement activities, send commercial information, conduct interactive commercial communications.
1.5 The IT systems and software procedures used for the operation of the site acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
2. Legal Basis for Processing
2.1 Contractual purposes: performance of a contract of which you are a party.
2.2 Legal obligations: necessity to fulfill legal obligations.
2.3 Owner's rights: legitimate interest.
2.4 Site operation: legitimate interest.
3. Personal Data Retention Period
3.1 Contractual purposes, Legal obligations: for the entire contractual duration and, after termination, for 10 years.
3.2 Owner's rights: in case of judicial disputes, for the entire duration, until the expiration of the terms for contesting actions.
3.3 Site operation: for the duration of the browsing session on the site. After the specified retention periods, your personal data will be destroyed, deleted, or anonymized, in accordance with deletion and backup technical procedures.
4. Types of Personal Data Processed
4.1 Personal data processed for contractual purposes - legal obligations - owner's rights - debt collection: Personal data, contact data, administrative-accounting data.
4.2 Personal data processed for site operation: IP addresses or domain names of computers used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, other parameters related to the user's operating system and computer environment, information on the user's behavior on the Site.
5. Mandatory Data Provision
Providing personal data as per point 4.1 for the purposes of point 1.1 is mandatory. Refusal to provide such personal data will not allow you to use the services/content offered by the Site. Providing personal data as per point 4.2 is mandatory for technical cookies and optional for analytical and profiling cookies if installed. Please refer in any case to the cookie acceptance form.
6. Data Recipients
Data may be processed by external entities acting as controllers such as, for example, authorities and supervisory bodies, and, in general, subjects, public or private, authorized to request data, as well as individuals, companies, associations, or professional firms providing assistance and consultancy services. Data may also be processed, on behalf of the Controller, by external subjects designated as data processors under Art. 28 of the GDPR, to whom appropriate operational instructions are given. These subjects are essentially included in the following categories:
a. Companies providing website and information system maintenance services;
b. Companies providing management and maintenance services for the Controller's database.
Your data may be processed, with your explicit consent, by third parties to whom the data is communicated. Personal data will not be disclosed but may be transmitted to Public Authorities making an express request to the Controller for administrative or institutional purposes, in accordance with current national and European regulations.
7. Authorized Persons for Processing
Your data may be processed by employees of the Controller's business functions authorized to pursue the above objectives, who have been expressly authorized for processing and have received adequate operational instructions. The data specified in point 4.2 collected during the Site browsing may be processed by employees, collaborators of the Controller, or external subjects, as data processors and persons in charge of processing, who perform technical and organizational tasks on behalf of the Controller.
8. Transfer of Personal Data
For the purposes above, the Controller may use software solution providers, web applications, and storage services also provided through cloud computing systems on servers that may be located in non-EU countries. Any transfer of Personal Data to such countries, in the absence of an adequacy decision by the European Commission, will be possible only if the Controller and the involved Processors provide adequate contractual or agreement guarantees, including binding corporate rules and standard contractual clauses for data protection. The transfer of your Personal Data to third countries outside the European Union, in the absence of an adequacy decision or other adequate measures as described above, will only be carried out if you have explicitly consented or in cases provided for by the GDPR and will be treated in any case in your interest.
9. Your Rights as the Data Subject - Complaint to the Supervisory Authority
Under certain conditions, you have the right to ask the Controller:
- Access to your personal data.
- A copy of the personal data you provided (so-called portability).
- Rectification of data in our possession.
- Deletion of any data for which we no longer have any legal basis for processing.
- Opposition to processing where provided by applicable law.
- Withdrawal of your consent, in case the processing is based on consent.
- Limitation of how we process your personal data, within the limits provided by data protection legislation.
If you wish to lodge a complaint under Art. 77 GDPR with the competent supervisory authority based on your habitual residence, place of work, or place of violation of your rights, for Italy, the competent authority is the Italian Data Protection Authority, contactable via the contact details on the website http://www.garanteprivacy.it. The exercise of these rights is subject to some exceptions aimed at safeguarding public interest (e.g., prevention or identification of crimes) and our interests (e.g., maintaining professional secrecy). If you exercise any of the aforementioned rights, it is our responsibility to verify that you are entitled to exercise them, and we will provide you with feedback.
10. Data Security
Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in accordance with the principle of necessity and proportionality, avoiding the processing of personal data if operations can be carried out using anonymous data or other methods. We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect uses, and unauthorized access. However, please do not forget that it is essential for the security of your data that your device has constantly updated antivirus tools and that the provider providing your Internet connection guarantees the secure transmission of data through firewalls, anti-spam filters, and similar measures.
11. Contact Details of the Controller
For the exercise of the rights under point 9, you can contact the data controller at the following addresses: Runner Marketing S.r.l., Via Caduti del Lavoro No. 11, 46010 – Levata di Curtatone (MN), VAT ID 02414230207, email: info@runnermarketing.it.
