Möt Studios Privacy Policy

PRIVACY POLICY UNDER THE EU GENERAL DATA PROTECTION REGULATION NO. 2016/679 (“GDPR”)

Möt Studios S.r.l. (hereafter, also, “MÖT STUDIOS”), P. I.V.A./C.F. 09994940964, based in 20121 Milan, Viale F. Crispi 3, as the Data Controller, wishes to provide you with clear and simple indications about the processing of your personal data. In case of any doubt or clarification with respect to the following, please contact us at the contact details below: info@motstudios.it or by calling +39 02 38266833

1. Main Definitions

“Personal data” is any information concerning an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” is any operation or set of operations, performed with or without the aid of automated processes applied to Personal Data, such as collecting, recording, organizing, structuring, storing, adapting, modifying, extracting, consulting, using, communicating by transmission, disseminating, making available, comparing, interconnecting, limiting, erasing, destroying.
“Data Controller” is the natural or legal person who, individually or together with others, determines the purposes and means of the Processing of Personal Data.
“Data Controller” is the natural or legal person who jointly determines with one or more Data Controllers the purposes and means of the Processing of the Data Subject’s Personal Data, the responsibilities regarding compliance with the obligations arising from the applicable legislation. “Data Processor” is the natural or legal person who processes Personal Data on behalf of the Data Controller.
“Consent” of the Data Subject is the free, specific, informed and unambiguous manifestation of the Data Subject’s will, by which the Data Subject indicates his or her assent, by means of a statement or unambiguous affirmative action, for Personal Data concerning him or her to be subject to Processing.
“Marketing” means the performance of activities of a commercial, advertising and promotional nature, such as, for example, in a non-exhaustive manner, the sending of advertising material, direct sales, the performance of market research or commercial communication, or promotional activities carried out as part of events and prize events promoted by the Owner.
“Profiling” is Processing by computerized and automated means consisting of the use of Personal Data to assess certain aspects of an individual’s personal or professional performance, economic situation, personal preferences, interests, payment reliability, behavior, location, or movements.

2. In connection with the individual service requested, the Controller may process your Personal Data for the following purposes and legal bases:

A) without express consent for the following purposes:

a. To conclude the contract in order to use the services of the Holder;

b. Reservation of classes in the Holder’s sports disciplines;

c. Purchase the Holder’s services, i.e., packages in order to attend sports classes at the Holder’s facility;

d. Fulfill pre-contractual, contractual and tax obligations arising from existing relationships;

e. Fulfilling obligations required by law, regulation, EU legislation or an order of the Authority (such as in the area of anti-money laundering);

f. Exercise the Holder’s right of defense in court;

g. In dunning and debt collection activities, including by giving the data to companies/professionals for debt collection activities.

In cases where the disclosure of data is a legal or contractual obligation or a necessary requirement for the conclusion of the contract, the Interested Party has an obligation to provide personal data, otherwise the contract and the requested service cannot be executed.
The legal basis for Processing is therefore contractual and legal.
In the case of payment by credit card, the person will be asked for the card ID and expiration date. Personal credit card information will be handled directly by Gestpay, an online payment service of Banca Sella S.p.A., which will process personal data according to its own policy.
In the event of a violation of the regulations regarding the processing of personal data from online payments, no liability will be attributable to Möt Studios, since the data will be handled by another party, totally independent from Möt Studios. For any further information on the processing of personal data in the case of online payments, please refer to Gestpay’s privacy policy.
The information transmitted will be processed directly by the Owner and/or by third parties who provide data processing services or perform activities closely related to the provision of services. In particular, computer systems acquire certain data such as IP addresses, access times and other reference parameters of the Data Subject, with the sole purpose of verifying the proper functioning of the system and possibly, to detect anomalies or to ascertain liability in case of computer crimes. The data thus collected, once processed are immediately deleted from the system.

B) Only with prior and specific and separate consent for the following purposes marketing, market research and profiling purposes of the Owner.

2. Mode and period of data retention

Your Personal Data will be processed in a manner that ensures adequate security and confidentiality and prevents unauthorized access to or use of the Personal Data. Therefore, your Personal Data will be processed and stored in full compliance with the principles of necessity, minimization of data and limitation of the period of storage, through the adoption of technical and organizational measures appropriate to the level of risk of the processing and for a period of time not exceeding the achievement of the purposes for which they are processed, in any case for the period required by law.

3. Right of access to data, recipients and categories of data recipients

a. Your data may be made accessible for the above purposes:

to employees and collaborators of the Owner, authorized by the Owner, directly or through proxies, subjects to whom the communication is necessary, functional and instrumental for the execution of the activities envisaged for the execution of the business relationship, subjects to whom access is given by provisions of the law or secondary regulations, or to parent, subsidiary or associated companies, or otherwise entrusted with services on behalf of the Owner in their capacity as proxies and/or appointed employees and/or system administrators;

b. to third-party companies or other entities (by way of indication Companies specialized in credit reminder and recovery activities, consultants and freelancers also in associated form, Marketing and market research companies, credit institutions, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of the Controller, in their capacity as external data processors;

c. to third party companies that cooperate in any capacity with SDA for the purpose of performing the contractual services for example by way of example but not limited to: couriers, software companies; the Owner adopts suitable security programs on all its information systems in order to guarantee the confidentiality of the information. Our security programs are periodically adapted to technological developments.
In order to carry out certain activities instrumental to the performance of the requested service, i.e. in connection with legal obligations and in any case in accordance with data protection regulations, the Data Controller may appoint External Data Processors (third parties who process personal data on behalf of the Data Controller).

4. Disclosure of Data

Without the need for express consent, the Data Controller may disclose your data for the above purposes to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those parties to whom disclosure is required by law. These parties will process the Data in their capacity as autonomous Data Controllers.
Your Data will not be disseminated.

5. Transfer of Personal Data to a Third Country.

Transfer of Personal Data from EU countries to “third” non-EU countries is prohibited, in principle, unless the Data Controller or Processor ensures an “adequate” level of protection. No Data will be transferred to third countries, except for services expressly requested by the customer or specific cases for which the Data Controller will adopt adequate safeguards and inform the Data Subject.

6. Rights of the data subject

The Interested Party has the right of access, pursuant to Art. 15 GDPR, i.e., to obtain confirmation from the Data Controller that a Processing of Personal Data concerning him or her is or is not taking place and, if so, to obtain access to the Personal Data and information listed therein.
The Data Subject has the right to obtain from the Data Controller the rectification of Personal Data concerning him or her, or the integration thereof, pursuant to Art. 16 GDPR.
That is, when he has an interest in it, data integration.
The Data Subject has the so-called right to be forgotten, i.e., to the deletion of the Personal Data concerning him/her, as well as to the limitation of the processing, if any of the hypotheses set forth in Articles 17 and 18 GDPR exist.
The Data Subject has the right to object to the Processing, in whole or in part, pursuant to Art. 21 GDPR:
a) for legitimate reasons to the Processing of Personal Data concerning him/her, even if relevant to the purpose of collection; b) to the Processing of Personal Data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by means of email and/or through traditional marketing methods by means of telephone and/or paper mail. The Data Subject may choose to receive only communications by traditional means or only automated communications or neither type of communication.
The Data Subject has the right to data portability, pursuant to Art. 20 GDPR, i.e., the right to receive, in a structured, commonly used, machine-readable format, personal data concerning him or her that has been provided by a Data Controller and has the right to transmit such Data to another Data Controller, without hindrance from the Data Controller.
In addition, the Data Subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects his or her person, within the meaning of ar’. 22 GDPR. Finally, the Data Subject has the right to complain to the Supervisory Authority if he/she believes that the Processing concerning him/her violates the GDPR.
Please refer to the official links for full reading of the GDPR articles on the rights of the data subject (Articles 15, 16, 17, 18, 19, 20, 21, 22) and the means of recourse to the Supervisory or Judicial Authority (Articles 77, 78 and 79).

7. Ways of exercising the rights under Article 12 of the GDPR

You may at any time exercise the rights identified in art. 15 and, where applicable, art.16-21, by sending a registered letter with return receipt to the registered office of the company located in 20121 Milan, Viale F. Crispi 3, or by writing to the e-mail address info@motstudios.it

8. Child protection

Minors may be less aware of the risks, consequences, as well as their rights in relation to the processing of personal data, so the Controller addresses specific protection to them, particularly with regard to the use of personal data for marketing or individual profiling purposes and the collection of personal data as part of the services provided directly to the minor. With regard to the direct provision of information society services (i.e., any service provided electronically), the processing of personal data requires the explicit consent of the child and is lawful where the child has reached the minimum age required by applicable law.

9. Identity and contact details of the Owner, Delegates, and assigned employees

The Data Controller is MÖT STUDIOS S.r.l., with registered office as specified above. The updated list of Data Processors is kept at the registered office of the Data Controller.