1 – Scope of application of the European Regulation 2016/679 of the European Parliament and of the Council
The Regulation applies “to the processing of personal data carried out in the context of the activities of an establishment by a data controller or a controller in the Union, regardless of whether or not the processing is carried out in the Union” and, in paragraph 2 below, that the Regulation applies “to the processing of the personal data of data subjects who are in the Union, carried out by a data controller or a data controller who is not established in the Union, when the activities concern: (a) the supply of goods or provision of services to the aforementioned interested parties in the Union, irrespective of the obligation to pay a person concerned; or (b) monitoring their behavior to the extent that such behavior takes place within the Union ”.

2 – Why a Privacy Policy?
This document describes how to manage the site in relation to the processing of personal data of users who consult it.

This information is provided pursuant to Chapter III of Regulation (EU) 2016/679, to those who interact with the web services offered by Muma Sport Srl Uni accessible electronically starting from the Internet address corresponding to the homepage of your website.

The information is provided only for this site and not for other websites that may be consulted by the user via links. The information is also based on the Recommendation n. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by the art. 29 of the directive n. 95/46 / CE, adopted May 17, 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

The Recommendation and a summary description of its aims can be found on the website of the Guarantor for the protection of personal data

3 – The data controller
Following consultation of this site, data relating to identified or identifiable persons may be processed.

The data controller is:

Muma Sport Srl Uniproprietario
Via Eugenio Montale, 37
62010 Morrovalle (Mc)
VAT number 01717190431
Tel 0733566662 Email

4 – Place of data processing
The processing operations connected to the web services of this site take place at the structure of Muma Sport Srl Uniproprietario or at third-party hosting companies appointed by Muma Sport Srl Uniproprietario and are only handled by technical personnel in charge of processing, or by others in charge of occasional operations of maintenance.

No data deriving from the web service is communicated or disclosed to third parties except for legal obligations or contractual obligations.

5 –
Types of data processed
Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) ??addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good purpose, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, the data on web contacts do not persist for more than seven days (see Cookies Policy at the following link).

Data provided by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

Specific information pursuant to Chapter III of Regulation (EU) 2016/679 with a possible request for consent to treatment will be reported or linked via links on the pages of the site set up for the acquisition of personal data

6 – Optional supply of data
Apart from that specified for navigation data, the user is free to provide personal data contained in the various forms present on the site according to the indications contained in the relevant information ex Chapter III of Regulation (EU) 2016/679.

Failure to provide the data indicated as mandatory entails the impossibility for the User to participate in the initiative.

For completeness it must be remembered that in some cases (not subject to the ordinary management of this site) the Authority for the protection of personal data may request news and information pursuant to Art. 157 of Legislative Decree 196/2003, for the purpose of monitoring the processing of personal data. In these cases the answer is mandatory under penalty of administrative fine

7 – Processing methods
Personal data is processed by automated tools for the time strictly necessary to achieve the purposes for which it was collected.

Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.

8 – Rights of interested parties
One of the fundamental rights of the interested party guaranteed by the European Regulation 679/2016 is certainly the right of access regulated by the Art. 15 where it is stated that the interested party has the right to obtain from the data controller confirmation that the processing of personal data concerning him is being processed and, if such processing is in progress, access to the data and the following information:

  • a) the purposes of the processing;
  • b) the categories of personal data in question;
  • c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
  • d) when possible, the period of storage of the personal data envisaged or, if this is not possible, the criteria used to determine this period;
  • e) the existence of the data subject’s right to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing;
  • f) the right to lodge a complaint with a supervisory authority;
  • g) if the data is not collected from the interested party, all available information on their origin;
  • h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the expected importance and consequences of such treatment for the data subject.

The data controller must provide the data subject with information regarding the action taken regarding an access request, in accordance with articles 15 to 20, without undue delay and at the latest within one month of receiving the request. This deadline may be extended for a maximum of another two months, if necessary, taking into account the complexity of the request and the number of requests.

If the extension is applied, the interested party is informed of the reasons for the delay within one month of receiving the request. If the interested party submits the request in electronic format, the information is provided, where possible, in electronic format, unless otherwise indicated by the interested party.

Other rights of the person concerned are:

the right of rectification for which the data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, even providing a supplementary declaration.

Instead, the interested party has the right to obtain the treatment limitation from the data controller when one of the following hypotheses occurs:

  • a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
  • b) the processing is unlawful and the data subject opposes the deletion of personal data and requests instead that its use be limited;
  • c) although the data controller no longer needs it for the purposes of processing, personal data is necessary for the data subject to ascertain, exercise or defend a right in court;
  • d) the data subject has opposed the processing pursuant to Article 21, paragraph 1, pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

If the processing is limited, personal data is processed, except for storage, only with the consent of the interested party or for the verification, exercise or defense of a right in court or to protect the rights of a other natural or legal person or for reasons of significant public interest of the Union or of a Member State.

With the recognition of the right to cancellation and oblivion, the interested party must have the right to request that their personal data be deleted and no longer be processed if they are no longer necessary for the purposes for which they were collected or otherwise processed , when you have withdrawn your consent or opposed the processing of personal data concerning you or when the processing of your personal data is not otherwise compliant with the Rules.

This right is particularly relevant if the interested party has given consent when he was a minor, and therefore not fully aware of the risks deriving from the treatment, and wants to subsequently eliminate this type of personal data, in particular from the Internet.

Finally the Art. 20 of the Regulation introduces a new right with respect to the previous legislation, namely the right to data portability for which the interested party has the right to receive in a structured format, commonly used and readable by automatic device, the personal data concerning him to a data controller and has the right to transmit such data to another data controller without hindrance by the data controller to whom it supplied them if:

  • a) the processing is based on consent pursuant to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), or on a contract pursuant to Article 6, paragraph 1, letter b); is
  • b) the processing is carried out by automated means.

For the moment, requests should be addressed to the Data Controller at the contact numbers listed above.

Document updated to 01/19/2019