Privacy and Security

PRIVACY POLICY

Tonino Lamborghini s.p.a. with registered office in Via Funo, no. 41, 40050 Argelato (Bologna), VAT no./ Tax Code and registration number in the Business Registry of Modena 03139260370 (herein after also referred to as “Data Controller”), in quality of Data Controller of the users’ personal data (herein after, "Users") that browse and exploit the services available at www.lamborghini.it (herein after the “Site” and “Services”), provides hereto the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27th April 2016 (herein after the “Regulation" or “Applicable laws”).
This Site and the Services are reserved to subjects who are eighteen years old or older. The Controller does not collect personal data of subjects under 18 years old. Upon Users’ request, the Controller will promptly erase all personal data unintentionally collected concerning subjects under 18 years of age.
The Controller considers the right to privacy and protection of Users’ personal data of utmost importance. The users can contact the Controller at any time, for any information concerning the privacy policy, as follows:

- by sending a registered letter with return receipt at the registered office in Via Funo, no. 41, 40050 Argelato (Bologna);
- by sending an email at info@lamborghini.it;
- by sending a fax at +39 051 864956.

1. Processing scopes
The Users’ personal data will be processed lawfully by the Controller pursuant to art. 6 of the Regulation, for the following processing scopes:

a) contract obligations and supply of Services, to allow browsing the Site or enforce the Site’s Terms of Use which are accepted by the User when registering to the personal area “my personal account” on the Site and/or when using the Services and satisfy specific User’s requests (including the requests made through the Call Center dedicated to the Customer Care function and/or the forms related and any other request submitted via the “Warranty” function) and execute the purchase contract for products offered through the Site. The User’s data collected by the Controller for the afore-cited scopes include name, surname, email address, tax code, home and/or invoicing and/or shipping address if different, telephone number and any personal information of the User, potentially and voluntarily communicated. Unless the User grants specific and optional consent to the Controller for the processing of his/her data for additional scopes, the User’s personal data will be used by the Controller exclusively to ascertain the User’s identity (also through email validation), thus avoiding potential frauds or abuses, and to contact the User only for service purposes (e.g. send notifications concerning the Services). Granted any other provision set forth by this privacy policy, the Controller will not disclose the Users’ personal data to other Users and/or third parties, in any way.
b) administrative-accounting scopes, or to perform organisational, administrative, financial and accounting activities, like internal corporate activities and tasks aimed at fulfilling contractual and pre-contractual obligations;
c) legal obligations, or to fulfil obligations set forth by law, an authority, a regulation or the EU regulation.
Conferment of personal data for the abovementioned processing scopes is optional but necessary, as refusal to confer data will prevent the User to browse the Site, register to the personal area “my personal account” on the Site, exploit the Services, make specific requests – also through the Call Center – and buy products offered through the Site.
The personal data required to attain the processing scopes set forth by this par. 1 are indicated with an asterisk in the registration and/or check-out form on the Site.

2. Additional processing scopes: newsletter
With the User’s voluntary and optional consent, some User’s personal data (e.g. name, surname, email address and any personal information of the User potentially and voluntarily published) may be processed by the partner also for the scope to send the newsletter. Therefore, the User will receive a periodical newsletter from the Controller, containing information concerning novelties and promotions available on the Site and/or Controller’s initiatives.
Should consent be refused, the possibility to register to the Site will not be hindered.
The User can revoke his/her consent at any time, by sending a request to the Controller according to the methods set out in following par. 5.
Moreover, the User can easily revoke his/her consent to further transmissions of promotional communications, also by clicking on the specific unsubscribe link that is present in each email containing the newsletter. Once consent is revoked, the Controller will send an email to the User to confirm consent revocation.
The Controller informs that, despite revoking the consent for the transmission of newsletters via email, due to technical and operational reasons (e.g. contact lists compiled just before the Partner receives the revocation), the User may continue receiving some additional promotional messages. Should the User continue to receive promotional messages after 24 hours from exercising the revocation right, he/she shall notify the issue to the Controller, using the contact details set forth by following par. 5.

3. Processing methods and data storage times
The Controller will process the User’s personal data through manual and electronic tools, with logics strictly related to said scopes and, anyhow, so as to ensure data security and privacy. The Users’ personal data will be stored for the times strictly required to attain the primary scopes set out in previous par. 1, or anyhow, for the time required to ensure protection under Civil laws, of the Users’ and Controller’s interests.
In the instances indicated in previous par. 2, the Users’ personal data will be stored for the times strictly required to attain the scopes set forth thereto and, in any case, for no longer than twenty four (24) months.

4. Sphere of communication and diffusion of data
The Controller’ employees and/or collaborators appointed to manage the Site and all services related to the supply of Services may become aware of the Users’ personal data. These subjects, who have been trained accordingly by the Controller in accordance to art. 29 of the Regulation, will process the Users’ personal data exclusively for the purposes set forth by this privacy policy and in compliance with Applicable Laws.
Moreover, the Users’ personal data may be disclosed to third parties who may process personal data on behalf of the Controller in quality of “External Data Processors”, such as for example, suppliers of IT and logistic services that are required for the operation of the Site and/or Services, suppliers of outsourced or cloud computing services, professionals and consultants.
Users have the right to obtain a list of potential data processors appointed by the Controller, by sending a request to the Controller, according to the modalities set forth by following par. 5.
Furthermore, the Users’ personal data can be disclosed by the Controller, within the necessary and essential limits to execute contract obligations, to third independent controllers, such as operators of payment services and other services required to deliver the products sold through the Site. Said independent controllers will process the User’s data exclusively to properly execute orders concerning the Services.

5. Rights of the Data Subjects
Users can exercise the rights set forth by Applicable Laws, by contacting the Controller according to the modalities set forth:

- by sending a registered letter with return receipt at the registered office in Via Funo, no. 41, 40050 Argelato (Bologna);
- by sending an email at info@lamborghini.it;
- by sending a fax at +39 051 864956

Pursuant to Applicable Laws, the Controller informs that the Users boast the right obtain indication (i) of the origin of their personal data; (ii) processing scopes and methods; (iii) logic applied in case of processing executed with electronic tools; (iv) identification details of the Data Controller and Processors; (v) subjects or categories of subjects to whom personal data can be disclosed or that may become aware of in quality of processors or appointed subjects. Moreover, Users have the right to obtain:
a) data access, update, rectification or integration, if needed;
b) erasure, transformation in anonymous form or block of data processed in breach of laws, including data not required to be stored in view of the scopes for which it was collected and then processed;
c) confirmation that the operations set forth by letters a) and b) were disclosed, also with regards to their content, to those subjects to whom data was notified or diffused, except in case said duty is impossible to fulfil or implies a disproportionate use of means, compared to the protected right. In addition, Users boast:
a) the right to revoke the consent at any time, should processing implies their consent;
b) (if applicable) right to data portability (right to receive any personal data in a structured, commonly used, machine-readable format), right to restrict the processing of personal data and right to erasure (“right to be forgotten”);
c) right to object:
i) fully or partially, for legitimate reasons, to the processing of personal data even if pertinent to the collection scope;
ii) fully or partially, to the processing of personal data for the transmission of advertising or direct sale material or to execute market researches or business communications;
iii) should personal data be processed for direct marketing purposes, the right to object the processing of personal data at any time, executed for said scopes, including profiling, to the extent to which it is related to direct marketing.
d) should they believe that data processing is performed in breach of the Regulation, the right to lodge a complaint with a Supervisory Authority (in the member State where they usually reside, where they work or where the alleged breach occurred). The Italian supervisory Authority is the Data Protection Supervisor with office in Piazza Venezia n. 11, 00187 – Rome (http://www.garanteprivacy.it/).
The Controller is not responsible to update all the links displayed in this Privacy Policy, therefore, each time a link is not functional and/or updated, the Users acknowledge and accept to always refer to the document and/or section of the websites recalled by said link.