TimmyFit®
Privacy Policy
Last updated: 26/08/2024
1. Introduction
Welcome to the website of TimmyFit® (“we”, “our” or “the Site”). Your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Site and related services, in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.
2. Data Controller
The Data Controller is:
DF di Da Fre’ Ezio
VAT Number IT01758900938
Email: info@timmyfit.com
Phone: (+39) 333 9710262
3. Types of Data collected
We collect various types of personal data, including but not limited to:
- Identification data (e.g., first name, last name)
- Contact data (e.g., email address, phone number)
- Professional data (e.g., occupation, field of activity)
- Fiscal data (e.g., VAT number, Tax Code)
- Site usage data, including:
- IP addresses
- Navigation data (pages visited, time spent, etc.)
- Type of device and browser used
- Timestamps of visits
- Data collected through cookies and similar technologies
4. Methods and Legal Bases of Processing
4.1 Processing Methods
Your personal data is processed using automated and non-automated tools, for the time strictly necessary to achieve the purposes for which it was collected, in compliance with the rules of confidentiality and security provided by law, consequent regulations, and internal provisions.
4.2 Legal Bases
We process your personal data on the basis of one or more of the following legal bases, in accordance with Article 6 of the GDPR:
- Your consent (Art. 6(1)(a) GDPR)
- The performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request (Art. 6(1)(b) GDPR)
- Compliance with a legal obligation to which the Data Controller is subject (Art. 6(1)(c) GDPR)
- The pursuit of the legitimate interest of the Data Controller or third parties (Art. 6(1)(f) GDPR)
For each specific processing purpose, we will inform you of the applicable legal basis.
5. Purposes of Processing
Your personal data is collected and processed for the following purposes:
- Provision of our services
- Responding to your requests
- Sending marketing communications (with prior consent)
- Improvement of our Site and our services, including:
- Analysis of site traffic and usage
- Content personalization
- Optimization of user experience
- Fulfillment of legal obligations
6. Recipients of the Data
Your personal data may be shared with:
- Authorized personnel of the Data Controller
- External service providers acting as Data Processors, including:
- Hosting service providers
- Analytics service providers
- Marketing and advertising service providers
- Customer support service providers
- Public authorities, where required by law
We share some of your data with third parties for marketing or advertising purposes. This sharing occurs only with your explicit consent, which you can withdraw at any time.
7. Place of Data Processing
Personal data is processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. Specifically:
- The main servers are located in Germany
- Some data may be processed by service providers based in the EU or USA
8. International Data Transfers
If we transfer your personal data outside the European Union or the European Economic Area, we adopt appropriate measures to ensure an adequate level of data protection, as provided for in Chapter V of the GDPR. These measures include:
- The use of Standard Contractual Clauses approved by the European Commission
- Transfer to countries that the European Commission has deemed to provide an adequate level of data protection
- Obtaining your explicit consent, after informing you of the possible risks of such transfers
In the absence of an adequacy decision by the European Commission, we adopt additional security measures, such as:
- Implementation of Binding Corporate Rules
- Adoption of approved codes of conduct or approved certification mechanisms
- Conclusion of specific contractual agreements approved by the European Commission
9. Data Retention Period
We retain your personal data for the time necessary to achieve the purposes for which it was collected, respecting legal limits. In particular:
- Contract-related data: 10 years from the conclusion of the contract (Art. 2220 Civil Code)
- Marketing data: until consent is withdrawn and in any case no longer than 24 months from the last interaction
- Navigation data: maximum 6 months
- Fiscal data: 10 years, as required by tax regulations
- Support request data: 2 years from the last interaction
10. User Rights
As a data subject, you have the following rights under Articles 15-22 of the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right not to be subject to a decision based solely on automated processing (Art. 22 GDPR)
To exercise these rights, contact us at the email address info@timmyfit.com
You also have the right to lodge a complaint with the competent supervisory authority (in Italy, the Data Protection Authority – www.garanteprivacy.it)
Automated decision-making and profiling: you have the right not to be subject to a decision based solely on automated processing, including profiling. To exercise this right, you can contact us at the email address info@timmyfit.com specifying your request. We will examine your request and provide you with a response within 30 days, illustrating the measures we will take to respect your choice.
11. Cookies and Similar Technologies
We use cookies and similar technologies to improve your experience on our Site, in compliance with the ePrivacy Directive (2002/58/EC) as amended by Directive 2009/136/EC. For detailed information on the types of cookies used, purposes, and management methods, please consult our Cookie Policy.
On your first access to the site, you will be presented with a banner for accepting or rejecting cookies. You can manage your cookie preferences at any time through our Cookie Preferences Center, accessible from the same page.
12. Security Measures
In accordance with Art. 32 of the GDPR, we adopt appropriate technical and organizational security measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Strict access controls
- Regular staff training on data protection
- Regular data backups
- Data breach management procedures
Our security measures are periodically reviewed and updated to ensure continuous and adequate protection of personal data. We regularly conduct risk assessments to identify and mitigate potential vulnerabilities.
13. Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Changes will be posted on this page with the date of last update. In case of substantial changes that significantly affect your rights or the ways we process your data, we will promptly inform you via email or through a prominent notice on our Site before such changes become effective.
14. Regulatory References
This Privacy Policy is drafted in compliance with the obligations provided by the GDPR, in particular:
- Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject)
- Article 13 (Information to be provided where personal data are collected from the data subject)
- Article 14 (Information to be provided where personal data have not been obtained from the data subject)
- Article 32 (Security of processing)
15. Contacts
For any questions or clarifications about this Privacy Policy or the processing of your personal data, contact us at the email address info@timmyfit.com
16. Data Protection Officer (DPO)
The Data Controller has not appointed a Data Protection Officer (DPO) as it is not required by the processing activities carried out, pursuant to Art. 37 of the GDPR.