This notice is provided by Sunny Biker Srl (hereinafter, the "Data Controller" or “SunnyBiker”) in its capacity as the data controller, to inform users of the SunnyBiker App (hereinafter, the "App") about the methods of collection, use, and protection of their personal data. SunnyBiker is a community for motorcycle enthusiasts, and this notice transparently and comprehensively describes the processing activities related to personal data collected through the App, ensuring compliance with the rights and freedoms of data subjects under Regulation (EU) 2016/679 ("GDPR").
The Data Controller of the personal data of the data subjects is Sunny Biker Srl (hereinafter, the "Data Controller" or “SunnyBiker”), with its registered office at Via Della Guastalla, 5, Milan (MI), 20122, Italy, VAT N° IT13375310961. The Controller can be contacted via email at amministrazione@sunnybiker.com
This privacy notice applies exclusively to the use of the SunnyBiker App. It does not apply to information collected through other external channels, for which the respective privacy notices are provided.The SunnyBiker App and its related services are intended solely for individuals aged 18 and older. The app is not designed for or directed to minors under the age of 18. Users under this age restriction are prohibited from registering or using the app. If the processing of data from individuals under 18 is identified, the data will be promptly deleted
The personal data processed are collected directly from the data subjects through:
- The completion of the registration form and the App's functionalities.
- The use of the App, which automatically generates usage data such as access logs, browsing history.
- Interaction with emails, or messages related to the App.
Purpose of Legal Basis, Personal Data and Data Retention.pdf
The provision of personal data processed by the Sunny Biker App is categorized as mandatory or optional, depending on the purpose of the processing.
The provision of data is mandatory for:
- Registration and Access to the SunnyBiker Community: Required to enable access to the App and participation in the community.
- Allow the Controller to accomplish all formalities required by law: Necessary to comply with legal obligations and fulfill regulatory requirements.
- Improve the App by analyzing how Users navigate and/or use the Website: Necessary to enhance user experience and optimize services.
- Detecting or preventing fraudulent activity and exercising the Controller's rights in Court: Necessary to protect the App and its Users and to safeguard legal interests.
Consequences of Non-Provision: If such data is not provided, it will not be possible to access the community, use the App's core services, comply with legal requirements, enhance App functionality, or ensure the detection and prevention of fraudulent activities.
The provision of data is optional for:
- Newsletters and Promotional Communications: To receive promotional offers and personalized marketing content.
- Creation of Data Portrait and Profiling: Necessary to enhance the user's personalized experience and improve interaction with other community members.
Consequences of Non-Provision: Users may continue to use the App and access the community, but they will not receive updates or promotional communications, and their experience may be less personalized, with reduced opportunities for interaction with other users.Consent for optional processing can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal. For further details or to exercise their rights, users may contact the Controller using the contact information provided.
The personal data collected may be disclosed to the following entities for purposes related to the service:
- Technical and Hosting Service Providers: To ensure the operation and security of the App.
- Legal and Accounting Consultants: For advice necessary to fulfill legal obligations.
- Public Authorities or Regulatory Bodies: In compliance with legal obligations.
Entities designated as Data Processors act in accordance with the instructions provided by the Data Controller. A complete list of Data Processors is available upon request by sending an e-mail to the Controller's contact address.
If personal data needs to be transferred outside the European Union, such transfer will comply with the provisions set forth in Articles 45 and 46 of the GDPR. Specifically, the transfer will occur based on:
- Adequacy decisions issued by the European Commission, ensuring that the recipient country provides an adequate level of data protection; or
- Standard contractual clauses approved by the European Commission to ensure appropriate safeguards for the protection of personal data.For more information about the protection mechanisms implemented, users can contact the Data Controller at the provided contact details.
Personal data will be processed both manually and through automated means, in compliance with the principles of security and data minimization established by the GDPR.The Data Controller implements technical and organizational measures to protect data from unauthorized access, loss, destruction, or misuse. Data will be processed exclusively for the purposes specified in this Privacy Notice.
Data subjects may exercise their rights under Articles 15-22 of the GDPR by contacting the Data Controller through the provided contact details. Below is a summary of the user’s rights:
- Right of Access (Art. 15): The right to obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to access the processed information.
- Right to Rectification (Art. 16): The right to have inaccurate personal data corrected and incomplete personal data completed.
- Right to Erasure (Art. 17): The right to have personal data erased in the cases provided by the GDPR (e.g., when the processing purpose is no longer applicable).
- Right to Restriction of Processing (Art. 18): The right to request the restriction of processing in certain cases (e.g., contesting the accuracy of data).
- Right to Data Portability (Art. 20): The right to receive personal data in a structured, commonly used, and machine-readable format and to request the transfer of such data to another data controller.
- Right to Object (Art. 21): The right to object to the processing of data for legitimate reasons, including for direct marketing purposes.
- Right to Withdraw Consent (Art. 7): The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, users can send a request to the provided contact details. The Data Controller will respond within 30 days, with possible extensions for complex cases.
Users have the right to file a complaint with the competent Supervisory Authority for Personal Data Protection if they believe that the data processing violates the GDPR, under Article 77 of GDPR.
The Data Controller reserves the right to modify this privacy policy at any time, in compliance with applicable regulations. Any significant changes will be communicated to users through notifications within the App or via email, as appropriate. Users are encouraged to periodically review this section to stay informed about any updates.