A. Who processes your personal data?Piaggio & C. S.p.A., with registered office at Viale Rinaldo Piaggio, 25, 56025, Pontedera (PI), Italy ("Piaggio", "we", or "Owner") is the data controller under the GDPR.
B. Who is our DPO?
The Data Controller has appointed a Piaggio Group Data Protection Officer ("Group DPO") pursuant to article 37 of the GDPR. You may, at any time, contact the Group DPO to request information in relation to the processing of your personal data, to ask for an updated list of data processors, of third parties with whom your personal data are shared, information on any transfers to third countries and to exercise your privacy rights at the following addresses:
Data Protection Officer Viale Piaggio, 25 56025 PONTEDERA (PI)
Fax: +39 0587272961
Tel: +39 0587272495
C. Why do we process your data? What data do we process and what are the legal bases?
Purpose of processing
Type of personal data
|Management of the sale of Piaggio Group products and services and related pre-contractual activities (e.g. booking a test ride, appointment at the dealership) and post-sale activities (e.g. request for support services, warranty, Customer Care service); management of your interaction with our Internet, mobile and App sites, including the Site (e.g. request for registration, creation of your account and use of related functions, such as order management and the registered user area); management of your request to take part in Piaggio Group initiatives (e.g. the Piaggio Group's website, the Piaggio Group's website, the Piaggio Group's website and the Piaggio Group's website). management of your interaction with our Internet, mobile and App sites, including the Piaggio Group (e.g. request for registration, creation of an account and use of the relative functions, such as order management and the area dedicated to registered users); management of your request to take part in Piaggio Group initiatives (e.g. participation in a competition, promotion); management of your requests (e.g. request for a brochure or specific information on products, services and Piaggio Group initiatives).
|The processing is necessary for the performance of a contract to which you are party or for the performance of pre-contractual measures taken at your request.
|Providing your personal data is necessary for the purchase of our products, services and to fulfil your requests.
|Marketing via Soft Spam – Sending information about promotions and offers on products or services similar to those you have requested.
|- E-mail address
|Piaggio's legitimate interest in sending Soft Spam communications pursuant to Article 130 of the Privacy Code (consolidated Legislative Decree 196/2003)
|Submitting your personal data is optional
|Marketing – Promoting our products and services, sending advertising material dedicated to Piaggio Group brands invitations to initiatives and events organised by us or in which we participate, market research and surveys on customer satisfaction, including internal statistical surveys to improve our products and services.
|Consent of the data subject. Your consent is optional and you may revoke it at any time.
|Submitting your personal data is optional
|Profiling – Creation of group and individual profiles (profiling), for analysis, commercial assessments and to carry out personalised marketing and commercial initiatives, in line with your tastes and needs, including through the marketing activities described in the Marketing section above.
|Consent of the person concerned. Your consent is optional and you may revoke it at any time.
|Submitting your personal data is optional
|Defence of Piaggio's rights – We may process your personal data to ascertain, exercise and defend our rights in and out of court.
|Piaggio's legitimate interest in protecting its rights.
|Providing your personal information to defend Piaggio's rights is a necessary condition for the purchase of our products, services and to fulfil your requests.
|Compliance with legal obligations, including recall campaigns – We may process your personal data in order to comply with legal obligations to which we are subject (e.g. tax, accounting, anti-money laundering) and with the instructions of competent authorities and supervisory bodies to which we are subject. In addition, we may process your personal data for possible recall campaigns involving the vehicles you have purchased - for example, in the event of anomalies, in order to guarantee your safety and the quality of the vehicle being recalled.
|The processing is necessary to fulfil a legal obligation to which we are subject, including any recall campaigns
|Providing your personal data is necessary for the fulfilment of a legal obligation to which we are subject.
D. To whom do we communicate your data?
Within the limits of the purposes indicated above, your personal data may be communicated to the following categories of subjects as data controllers pursuant to article 4 (7) of the GDPR:
- dealers and/or distributors of the Piaggio Group for the provision of specific services requested by you and to manage your requests;
- independent contractors, also in associated form, for legal, accounting and tax consultancy services;
- banks and other financial institutions for the management of payments;
- third parties involved in extraordinary operations (e.g. mergers, acquisitions, transfer of business, etc.), including any consultants;
- legitimate third party recipients of communications such as competent authorities, public bodies, supervisory and control bodies and, in general, public or private entities with public functions for their own institutional purposes.
Your personal data will also be shared with the following categories of service providers of a technical and organisational nature functional to the purposes outlined above: service providers for the management of IT systems and the Site; companies controlled by Piaggio for specific services functional to the purposes outlined above; shipping companies; marketing companies. We only provide these entities with the data necessary to perform the agreed services and they act as our Data Processors pursuant to article 28 of the GDPR, on the basis of our instructions. The personal data is accessible to our duly authorised personnel within the limits of their respective competences, e.g. our employees, seconded or outsourced workers and contractors, who act as our Data Processors within the meaning of Article 29 of the GDPR.
E. Are your data transferred to a non-EU country?
Some of the companies of the Piaggio Group and some of our service providers who may access your personal data as a data controller are established outside the European Union or the European Economic Area, in third countries that do not ensure an adequate level of protection for personal data according to the standards set by the GDPR.
The transfer to third countries will take place in compliance with the guarantees provided for by applicable legislation, on the basis of an adequacy decision pursuant to article 45 of the GDPR or through the signing of standard contractual clauses approved by the European Commission. You may contact Piaggio or the Group DPO at any time at the contact details above to receive more information about the transfer of your personal data and to receive a copy of the standard contractual clauses, where applicable.
Your data is stored on servers located within the European Union, more specifically in Italy, and is fed into our Customer Relationship Management System(or "CRM" system).
F. How do we process your data?We process your personal data in accordance with the principles of fairness, lawfulness, transparency and proportionality, in compliance with the principles set out in Article 5 of the GDPR, with and without the use of electronic means and on the basis of logics and procedures that are consistent with the purposes of the processing indicated above. The activities of analysis of your tastes and preferences which, with your consent, we may carry out for profiling purposes, always involve human intervention and are not carried out using exclusively automated methods. We take - and we require our service providers to take - appropriate technical and organisational security measures to prevent the loss or destruction, even accidental, of data, unlawful or incorrect use of or unauthorised access to data, in accordance with applicable law. Moreover, computer systems are configured in such a way that personal and identification data are used only when necessary to achieve the specific processing purposes pursued from time to time.
G. How long do we keep your data?
Your personal data is only stored for as long as is necessary for the above-mentioned purposes and for the fulfilment of applicable legal obligations.
By way of example:
• For activities necessary for the performance of the contract relating to the provision of our products and services, the data is kept for administrative-accounting purposes for ten (10) years after the conclusion of the contract.
• For the purposes of profiling and personalised marketing, the data is kept for a period of 10 years from the collection of the data, following the privacy impact assessment that we carried out with the participation of the Group DPO.
Upon expiry of the above-mentioned periods, the data is permanently and non-reversibly deleted or anonymised. Retention for longer periods than those indicated above occurs if authorised by law, if necessary to fulfil legal obligations and in the event of the defence of rights in a court of law.
H. What are your rights?
You may exercise your privacy rights as set forth in articles 15 to 22 of the GDPR at any time by contacting Piaggio or the Group DPO at the addresses indicated above. In particular, you may ask Piaggio to access your personal data and to obtain certain information on the processing, to verify its accuracy, to request its integration, updating, rectification, deletion, anonymisation, to request data portability, and to request the restriction of processing in the cases set forth in article 18 of the GDPR. You may also object to the processing for reasons related to your particular situation and to the processing of your data for direct marketing purposes, as set out in Article 21 of the GDPR.
You may, at any time, object to the processing of your personal data processed for marketing and/or profiling purposes. In addition, if required by a particular situation, you may object to the processing of your personal data processed on the basis of Piaggio's legitimate interest, unless it can be demonstrated that there are compelling legitimate grounds for Piaggio to do so (e.g. the exercise or defence of a legal claim).
We would also like to remind you that you may revoke your consent at any time, with future effect, as easily as if you had given it. Withdrawing consent does not affect the lawfulness of the processing carried out prior to the withdrawal of consent.
We will provide you with all requested information and/or inform you of the actions taken in order to comply with your request within the terms of the GDPR. Only in the case of requests that are manifestly unfounded or excessive, including by reason of their repetitiveness, may we charge you a reasonable fee or refuse to comply with your request. Finally, please note that in the event of exercising your privacy rights, we may ask you for certain information that is necessary in order to confirm your identity and ensure that the data is shared with the rightful recipient.
I. Who can you turn to in order to lodge a complaint?If you believe that the processing carried out by us violates the provisions of the GDPR, you can lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or with the Data Protection Authority of the Member State where you habitually reside, work or where the alleged violation occurred (edpb.europa.eu).
However, we suggest to check our site frequently for changes.