Privacy policy

Circular letter on personal data processing performed by the website: www.runnerfitness.it,in compliance with art. 13 of the European General Data Protection Regulation (GDPR – 2016/679)

Runner S.r.l., as the data controller, notify to data subjects the following information on data processing.

This circular letter is referred to and is valid only for this website (www.runnerfitness.it) and not for other external websites surfed by the user through links available in www.runnerfitness.it. The data controller isn’t responsible of processing performed by third part websites. Please take a look to data processing policy when you visit a third part website.

DATA CONTROLLER

The data controller is Runner S.r.l. – Via di Vittorio 391, 41032 Cavezzo (MO) – ITALY e Vat number: IT03240440366, which avails of its own processing managers or those of external processing companies.

PURPOSES OF PROCESSING, LEGAL BASIS AND RETENTION TIME

We process personal data only with a proper legal basis established by law. In the following list you can found all the information concerning the purposes of processing, the types of personal data processed, the legal basis and the data retention time.

Purposes of processing	Categories of personal data	Legal Basis	Data retention time
To browse on the website and guarantee the proper functionality and cyber security to the website itself and other users.	– Browsing data	– Legitimate interest pursued by the controller to promote his own business through his website, to maintain it online, reachable and to defend itself and the other visitors against possible cyber attacks	Data controller will keep the browsing data for the time strictly necessary to reach processing purposes. For what concern cookies retention time more information are available consulting the website’s Cookie Policy.
Processing for statistical and analytical purposes	– Browsing data	– Legitimate interest of the Data Controller to improve and enhance the website and user experience based on statistical surveys, in order to make these changes relevant and data-driven.	The information necessary to produce the statistics will be kept in disaggregated form for the period necessary to process the anonymous and aggregated indicators.
To manage commercial and information requests received through the contact forms or other communication means available on the website	– Identification data – Data concerning contact details and addresses	– Legitimate interest of Data Controller concerning the management of communications with data subjects to satisfy specific submitted requests – To perform a contract in which data subject is part or to manage pre-contractual requests submitted by data subjects	This data will be processed for the time strictly necessary to manage your request. After this process, data submitted to fulfill your enquiry will be deleted or further processed for other purpose, if a commercial agreement took place (ex. to manage the service provision).
To send newsletter and other commercial communications following your sign in through the newsletter form	– Data concerning contact details and addresses	– Data subjects explicit consent	Your e-mail address will be kept until the revocation of your consent, by sending an unsubscription request to our address or following the unsubscription link available in our communications. After your unsubscription request we will interrupt the newsletter sending.
To carry out promotional activities, sending advertisement material and completing market researches directly to the user;	– Identification data – Data concerning contact details and addresses – Browsing data – Data related to purchasing and browsing habits	– Data subjects explicit consent – Legitimate interest of data controller regarding the communications sent with Soft Spam modalities (as described in following section “Type of data processed”)	We will process your data for marketing purposes until your consent revocation. If the recipient of promotion activities is already our partner, the data retention period will be the same as for business and administrative management (10 years after business relation end); however data subject may always exercise his rights to prevent data controller to further perform this data processing activity.

TYPES OF PERSONAL DATA PROCESSED

1. Surfing data

Systems and software procedures responsible for the functioning of this website acquire, during their normal operation, several personal data which transmission is implicit in the use of Internet communication protocols.

Those information is not collected to be associated with the purpose to identify data subjects, but them might allow users to be identified through further processing and association with other data held by data controller or third parties.

This category of data includes:

• IP addresses or domain names of computers utilized by users connecting to the site;
• the URI (Uniform Resource Identifier) addresses of the requested resources;
• the time of request;
• the method used in submitting the request to the server;
• the size of file obtained in response;
• the numeric code indicating the status of response given by the server (good result, error, etc.),
• other parameters relating to the operating system and the user’s IT environment.

This data are processed only to obtain anonymous statistical information on the use of the site and to check its proper functioning, and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical cybercrimes that might damage the website or other users during the browsing session.

The website could also automatically process data through setting cookies in user’s browser. Cookies are small strings of text set during the browsing in the website and, according to their purposes and the values set up, they allow the site and/or third parties to collect information related to the user, usually anonymously. The use of this electronic tool is analytically described through the Cookie Policy of the website.

Processing for statistical and analytical purposes The Data Controller may process information about Users’ use of the website. This information, processed where possible in anonymized and/or aggregated format, will be necessary to detect statistics on the interaction of Users with the website in order to evaluate interventions to improve, enhance or revise the functionality to optimize, make the user experience more pleasant and meaningful, as well as to evaluate more overall the impact of the tool. The results of the processing will not constitute personal data, as they will be expressed in aggregate terms and for the Holder’s internal use only. The data, including personal data, on which such processing will be based is intended for internal use only and accessible only to the site operators charged with extrapolating the reports.

Contact form Through contact forms available on the website, you can submit specific requests to the data controller. It’s required to submit personal identification data and contact details as well as other information to allow data controller to manage the request. Data collected will be exclusively processed to answer to the submitted requests and would be further kept and processed only if a relationship will take place between data subject and data controller.

Newsletter and data processing to pursue marketing purposes: data controller may carry out promotional activities about his business to users and customers by sending e-mails or other communications containing commercial and marketing information. This processing will be performed in compliance with regulations on data protection and within the ethical limits, without causing damage to the rights and freedoms of the data subjects. To pursue the purpose of providing newsletter service or other direct and indirect marketing activities, the data processing is subject to your prior consent, provided checking the related tick during data submission. Promotional communications may also be delivered to data subjects using Soft Spam modalities, without the specific consent of recipients. These communications will mandatory have the following features: the activity consists in sending e-mails to recipients which already have entertained commercial relationship with data controller and the e-mail addresses have been communicated to manage or within the business relations. the contents will concern products or services related to those whom the recipient has already purchased. However, data subject has the faculty to exercise his rights, opposing or limiting the processing activities. Those rights may be exercised when personal data are collected or whenever a message with marketing purposes will be delivered from data controller.

Trasmission of PERSONAL Data TO THIRD PARTIES

Your personal data may be transmitted only to the following third parts:

Companies which provide IT systems and website management and development services (as e-commerce and secure payment infrastructure, web development consultants, etc.);

Companies and professional offices which provide business assistance and consultancy (IT technologies, accounting, etc.);

Companies which provide technical or consultancy services concerning market research, marketing and business promotion;

Public institutions, for the fulfillment of legal obligations related to commercial relationship, to investigate on crime or cyber-attacks delivered or suspected to our systems or to other visitors, or to manage disputes.

Further information related to the third parties who may process your personal data are available by submitting a specific request to the data controller.

PERSONAL DATA TRANSFER OUTSIDE THE EUROPEAN UNION

Certain services and features on the site may result in the transfer of your data outside the European Union.

Google services

Browsing the site may result in the disclosure of your personal browsing data to parties outside the European Union, as the website uses Google systems to ensure access to certain features (Google Analytics 4, Google Tag and Google Maps).

Although Google’s services are provided in the European Union by Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, for service reasons some data may be processed, communicated or stored on Google systems located outside the European Union.

The transfer is lawful because Google adheres to the “EU-US Data Privacy Framework,” a European Commission adequacy decision and mechanism that ensures adequate protection of personal data similar to that in place within the EU.

For more information on Google’s privacy policies, we suggest navigating to the following link:

https://policies.google.com/privacy/frameworks?hl=it

Mailchimp Services

The Data Controller may use Mailchimp’s email marketing platform to send communications to data subjects. This service is provided by the U.S. company The Rocket Science Group LLC, located at: 675 Ponce de Leon Ave, Suite 5000 Atlanta, Georgia 30308, outside the European Union. Therefore, personal contact data provided for this purpose (identification information, email addresses) may be transferred outside the Union.

The Rocket Science Group LLC is part of Intuit Inc., headquartered at 2700 Coast Avenue, Mountain View, CA 94043, United States of America (https://www.intuit.com)

The transfer is lawful as The Rocket Science Group LLC adheres to the “EU-US Data Privacy Framework”, an adequacy decision by the European Commission that ensures adequate protection of personal data similar to that in force within the EU.

The Rocket Science Group also provides contractual terms and addenda aimed at ensuring compliance with personal data protection as required by European regulations.

For more information about Mailchimp’s privacy policies, we suggest visiting the following link:

https://mailchimp.com/it/gdpr/

PROVISION OF DATA AND CONSEQUENCES OF REFUSAL TO REPLY

The communication of your personal data is mandatory when the process is necessary to browse in the website, to carry out commercial and information requests received through contact forms or personal area, to provide the services and to perform a contract with customers. the denial to submit those data will affect our capability to carry out your requests.

In the other cases, such as for marketing purposes, the transmission of data it’s optional and, when needed, subject to your explicit consent.

RIGHTS OF DATA SUBJECTS

We inform you about the existence of your rights to access to your personal data, to rectify and/or cancel the same, restrict the process performed on your data, object to processing activities and to request data portability (Articles 15 to 22 of the EU Regulations 2016/679 GDPR);

Any information request or complaint to the Data Controller can be presented by contacting the e-mail address: runner@runneritaly.it

If the data processing has his foundation on your explicit consent (art. 6, § 1, lect. a), you have the right to revoke this consent whenever you want, without to prejudice the lawfulness of previous processing activities.

In order to facilitate the detection of your requests about your rights, we suggest specifying in the e-mail subject the following statement: “Request to exercise a data subject right”.

Within the communication it’s important to clarify your identity, the type of your relationship with the Data Controller, the right you’re asking to exercise and all the further information useful to identify the data or the processing involved in your requests. You can also use the form provided by the Italian Supervisory Authority available at the following link: https://www.garanteprivacy.it/home/modulistica-e-servizi-online

You are entitled to file your complaints with the Italian control authority at the Supervisory Authority address for the protection of personal data, by sending a certified e-mail to the address protocollo@pec.gpdp.it or a registered letter addressed to: Piazza Venezia 11, 00187 Roma (Italy), or with the control authority of another EU member country.

This circular letter was updated on 11/02/2025