Notice for www.eurobump.com

The notice is a general obligation that must be fulfilled before or at the latest when starting the direct collection of personal data. In the case of personal data not collected directly from the interested party, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the interested party). Pursuant to the General Regulation for the Protection of Personal Data of Individuals (GDPR - Reg. (EU) 2016/679), the undersigned organization, data controller, informs as follows:

13 co.4

14 co.2 lett. f)

14 co.1 lett. d)

SOURCES AND CATEGORIES OF PERSONAL DATA

The personal data held by the undersigned organization are directly collected from the interested parties. This site does not collect sensitive data, for which it means those suitable for revealing racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of a religious, philosophical, political nature or trade union, health status and sex life.

Browsing data

The IP systems and software procedures used for functioning of the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used only for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data Outlining

Data outlining is not directly acquired regarding the consumption habits or choices of the interested party. However, it is possible that through links or by incorporating elements of third parties, such information may be acquired by independent or separate subjects. See the section on third-party Cookies

Cookies

Such others, this website saves the Cookies on the browser used by the user concerned for the transmission of information of a personal nature and for enhancing the experience. In fact, cookies are small text strings that the sites visited by the user send to his terminal (usually the browser), where they are stored, sometimes even with characteristics of wide temporal persistence, to be then re-transmitted to the same sites at the next visit.

As explained below, it is possible to choose whether and which cookies to accept, bearing in mind that refusing their use may affect the ability to perform certain transactions on the site or the accuracy and adequacy of some customizable content proposed or the ability to recognize the user from a visit to the next. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: however, at any time, it is possible to communicate or modify the decisions in this regard.

Technical Cookies

In particular, so-called session cookies are used, which are not stored permanently on the user's computer and disappear when the browser is closed and whose use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site and which avoid the use of other IT techniques that are potentially prejudicial to the confidentiality of users' browsing and do not allow the acquisition of personal identification data of the user. Then it is used analytics cookies that help to understand how visitors interact with the contents of the site, collecting information (geographical and web origin, technology used, language, entry pages, visited, exit, residence times, etc.) and generating website usage statistics without personal identification of individual visitors. All these are to be considered technical cookies for which, since it is not necessary to give approval, the opt-out mechanism applies. Technical cookies are not disclosed to third parties as they are necessary or useful for the functioning of the site; therefore they are processed only by persons qualified as appointees, data processors or system administrators.

Third party Cookies

Finally, the site incorporates cookies and other elements (tags, pixels, etc.) of third parties (autonomous and on which the Data Controller has no responsibility) who also carry out outlining activities and for which reference is made to the respective sites:

• Google Analytics

• Facebook (widget)

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on the site causes the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the e-mail. Even the explicit and voluntary sending of forms that can be filled in on the site containing data of the interested party involves processing to follow up on pre-contractual obligations or the execution of the services provided for by sending the forms. This information in the forms may relate to personal data, contact details, contact details, telephone numbers, email addresses of the interested parties and of identified and identifiable third parties having cause with the user of the site. However, specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

E-commerce

This is the data processed for the management of carts, orders, any registered user profile and includes personal data, addresses, purchase list, reports and notes.

The personal data provided also processed through delegated third parties (companies for home delivery, mailing and data entry) for the administrative management of orders and purchases; the management of any participation in loyalty programs; the processing of anonymous statistics related to the detection of purchasing behavior; sending advertising material relating to products and offers by possibly using email or telephone messages.

Reserved area

The information (texts, videos and images) that the user uploads to the reserved area are protected by encryption and authentication systems and are accessible only to authorized users, or to the direct interested parties and / or the intermediaries involved. This information is not subject to data distributions.

13 co.1 lett. a)

13/14 co.1 lett. c)

nel caso di legittimi interessi: 13co.1 lett.d) 14co.2 lett. b)

PURPOSE AND LEGAL BASES OF PROCESSING

Personal data are used (Ref. Articles 6(b) of the GDPR):

a)      to allow browsing on the site and

b)     potentially to perform the service or performance requested as part of the normal activity carried out by the undersigned organization (code ateco 45.31.01 Wholesale trade of motor vehicle parts and accessories).

Besides, all personal data can be processed:

c)      for purposes related to obligations established by law, as well as by provisions issued by authorities legitimated by the law (ref. Articles 6 (c) and 9 (b, g, h) of the GDPR);

d)     for the verification, exercise or defense of a right in judicial and extrajudicial (legitimate interest) of the undersigned organization (ref. Articles 6 (f) and 9 (f) of the GDPR);

e)     for direct marketing purposes according to the legitimate interest of the Data Controller in particular; for Ccookies, the advertising ids used to show advertisements and proclamations; for e-mail addresses for sending the newsletter; for browsing and usage logs to protect the site and service from cyber-attacks; in these cases, the interested party can always deny consent so that the Data Controller will refrain from processing (ref. Articles 6 (f) of the GDPR);

f)       for purposes functional to the activity for which the interested party has the right to give consent or not, such as eg. subscription to the newsletter to receive information messages and messages for the promotion and sale of products and services, detection of the degree of satisfaction, communication of data to third parties for receiving information and promotional communications and marketing (GDPR Article 6 (a))

13 co.1 lett. b/c)

13 co.2 lett. e)

CONSEQUENCES OF THE REFUSAL OF PROVIDING DATA

The conferment of data collected from the interested party is optional but essential for the purpose of processing them for the purposes in letters a) and b). In the event that the interested parties do not communicate their essential data and do not allow the processing, it will not be possible to proceed with the completion and implementation of the proposed services and to follow up on the contractual obligations undertaken, with consequent prejudice for the correct fulfillment of regulatory obligations, such as eg. accounting, fiscal and administrative etc.

Apart from what is specified for browsing data, the User is free to provide personal data for Cookies and specific requests through forms eg. on products and / or services. Their failure to provide may make it impossible to obtain what is requested. For all non-essential data, including sensitive data, the conferment is optional. In the absence of consent or incomplete or incorrect conferment of certain data, including sensitive data, the required formalities could be so incomplete as to cause prejudice either in terms of sanctions or loss of benefits, or due to the impossibility of guaranteeing the adequacy of the treatment the same to the obligations for which it is carried out, and to the possible mismatch of the results of the processing itself with the obligations imposed by the law to which it is addressed, intending to exempt the undersigned organization from any and all liability for any penalties or afflictive measures.

DATA PROCESSING METHOD

The processing related to the web services of the site are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected; take place at the server in Turkey (Dedicated Telekomunikasyon Teknoloji Hiz. Tic. San. LTD. STI.) and are only handled by technical personnel in charge of processing, or by any persons in charge of maintenance and administration operations. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access and the loss of confidentiality. The structure is equipped with anti-intrusion devices, firewalls, logs and disaster recovery. Specific encryption and data segregation mechanisms, User authentication and authorization mechanisms are used.

Data processing means data collection, registration, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place using manual, IT and telematic tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of personal data will therefore be processed in compliance with the methods indicated. in art. 5 EU Reg. 2016/679, which provides, among other things, that the data are processed lawfully and fairly, collected and recorded for specific, explicit and legitimate, exact, and if necessary updated, relevant purposes. complete and not excessive in relation to the purposes of the processing, in compliance with fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality and personal identity, through protection and security measures. The undersigned organization has prepared and will further improve the data access and storage security system.

An automated decision-making process (e.g. outlining) is not carried out.

13/14 co.1 lett. f)

TRANSFERS OUTSIDE EU

The processing takes place in non-EU and non-EEA countries, when the connections to the site come from these countries (at the request of the interested party who is there). Furthermore, the processing also takes place in non-EU and non-EEA countries where the site servers reside as it is considered functional to the efficient fulfillment of the purposes pursued in compliance with the guarantees in favor of the interested parties. Below is the list of non-EU countries to which the data are transferred:

·        Turkey

13/14 co.2 lett. a)

STORAGE PERIOD

Personal data will be stored, in general, as long as the purposes of the processing persist according to the category of data processed.

13 co.1 lett. d)

13/14 co.1 lett. e)

CATEGORIES OF RECIPIENTS

The data (only the essential ones) are communicated to

·        to persons in charge of the processing, both internal to the organization of the typewriter, and external, who carry out specific tasks and operations (site administration, analysis of navigation data, traffic, profiling, management of emails and forms sent voluntarily by User, fulfillment of e-commerce requests and orders, etc.)

·        in the cases and to the subjects required by law

The data will not be distributed unless otherwise provided by law or after anonymisation. Except as specified for Cookies and third-party elements, without the prior general consent of the interested party for communications to third parties, it will be possible to carry out only services that do not provide for such communications. In case of need, specific and timely consents will be requested and the subjects who receive the data will use them as independent data owners.

In some cases (not subject to the ordinary management of this site) the Authority may request news and information in order to control processing of personal data. In these cases, the answer is mandatory under penalty of an administrative sanction.

13 co.1 lett. e)

13/14 co.2 lett. b/c)

13/14 co.2 lett. d/e)

RIGHTS OF INTERESTED PARTY

At any time it can be exercised the rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided for in relation to the data controller, pursuant to art. from 15 to 22 of the GDPR (link to the standard); propose a complaint to the Guarantor (www.garanteprivacy.it); if the processing is based on approval, revoke this given approval, taking into account that the revocation of the approval does not affect the lawfulness of the processing based on the approval before the revocation.

Disabling Cookies

Almost all browsers provide the possibility to manage and not enable Cookies in order to respect User preferences. In some browsers it is possible to set rules to manage Cookies site by site, an option that provides more exact control over the User's privacy; another function available on some browsers is the incognito mode, so that all Cookies created in this mode are deleted after closing.

Refer the following instructions for managing Cookies in related browsers:

•    Chrome

•    Firefox

•    Internet Explorer

•    Safari

13 co.1 lett. f)

13/14 co.1 lett. a/b)

CONTACT DETAILS

The data controller is EUROBUMP OTOMOTIV SANAYI VE TICARET ANONIM SIRKETI-ITALIAN BRANCH – SECONDARY OFFICE IN ITALY, in the person of tis pro tempore legal representative.

Head Office is in Strada Comunale Da Bertolla all’Abbadia di Stura 176, cap 10156, Torino (IT).

Contact numbers are Phone +39 011 0161329; e-mail info@eurobump.com

The complete list of data processors is available on request.