Privacy Policy

PRIVACY POLICY - MOUNTAIN RENT

March 2023

This Privacy Notice tells you how Ober Alp S.p.A. (“Ober Alp”) collects and uses the information you provided us which can be used to identify you directly or indirectly (“Personal Data”) when you are using the services provided via the Ober Alp rental platform.

1.   Who are the Data Controllers?

For the purpose described in this Privacy Notice, the following entities are responsible for making decisions on how we use and protect your Personal Data, and to help you exercise your rights:

Data Controller

Ober Alp S.p.A.

Via Waltraud-Gebert-Deeg, 4,

39100 Bolzano Italy

Phone: (+39)0471 242900

E-Mail: info@oberalp.com

 

Data Protection Officer

Ober Alp’s Data Protection Officer can be contacted at:

privacy@oberalp.com.

 

2.   What does Ober Alp do with your Personal Data and why (Categories of Personal Data, Purpose, Processing, Legal Basis)?

2.1 What Personal Data do we collect from you and use for this purpose?

We use the following Personal Data provided by you directly or indirectly:

Identity information – includes: name [first, last, initials], e-mail address, password (in case you chose to register). We use it to verify your identity.

Contact information - includes: your phone number, shipping and billing address, e-mail address and potentially social media handle any other communication channel you have used to contact us for more information. We use it to contact you for different reasons depending on the purposes stated below.

Location information - includes: your residential location, current log-in location on country level. We use it to help you find what you are looking for at your current location.

Purchase/rental information - includes: your payment information (credit card information), delivery details, shipping and billing address, customer order number, rental history with Ober Alp’s rental platform, transaction ID, and any other information related to your purchase. We use it to complete your order on Ober Alp’s rental platform.

Behavioral and Profile information- includes: your rental history, product reviews, and any other intelligence we have about you to help us learn you as a consumer better.

Social Media information – includes: information obtained through your interaction with us on various social media channels such as Facebook, Instagram, etc., including: any social media information that is publicly available such as your social media handles, social media interactions and public postings, your “Likes” and other reactions, your social media connections, your photos that are public, or those you send to us by mentioning us or following our social media posts by using “handles” or “hashtags”.

Device information – includes: information about your device or browser that give us an idea about your browsing behavior or device usage. Your device information is collected by our website, and your browser information is collected by our cookies, tags, and pixels. This is often required for network security purposes. This includes, but is not limited to: IP address, date and time of the visit, how long you remained on our website, the referral URL (if you came to our site via a different site or an advertisement), the pages visited on our site, your browser type, device type, versions, operating system.

Correspondence - includes: conversation we have when you contact customer service, the emails you write us about our products or services, the complaints you address to us via post, e-mail, fax, or call, notes we prepared on your feedback, call back from our Customer Service to you, and any other communication between you and the Ober Alp personnel. We record Customer Service calls for quality assurance purposes if you consent to it.

Preference information - includes: preferred shipping address, browsing preferences, our correspondence with you, your Ober Alp product reviews. We use it to give you convenience when you visit and/or shop on our site.

 

2.2 How and why do we use your Personal Data? (Purpose, Processing, Legal Basis)?

In this section, we provide details to all the scenarios and reasons (“Purposes”) where we may collect (directly and indirectly) and use your Personal Data from all our Platforms.

 

#. Purpose – Why do we collect and use your Personal Data?

PROCESSING – What do we do to your Personal Data?

We store your Personal Data.

LEGAL BASIS - Why are we allowed to use your Personal Data for this Purpose?

CATEGORIES OF PERSONAL DATA – What are the Categories of Personal Data we use to accomplish this purpose, including the Personal Data you provided to us for this Purpose, and the Personal Data we have obtained from other sources for other purposes? Specifically, these are the Categories of Personal you may or may not have given to us for this specific purpose, but we either have it on file, or have obtained it from a different source for a different purpose, and we know it is connected to you.

RETENTION PERIOD – How long do we keep your Personal Data for this Purpose?

CATEGORIES OF RECIPIENTS – With whom (types of service providers or companies) do we share your Personal Data to achieve the purpose?

 

a.       Purpose: Site Operation

PROCESSING

We screen all traffic to our website, and analyze data that is received by our servers to: a) run the sites that are connected to our domain, b) fix bugs to make sure the layout and design are displayed properly, and c) fix bugs to make sure the website function properly, and d) to monitor compliance with our Terms and Conditions.

Use of Cookies/Tags/Pixels: We may collect your Personal Data for this purpose by using technologies such as cookies, pixels and tags to collect your device information. More information is available in “Collecting Your Device Information on Our Website Using Cookies, Pixels, Tags, And Similar Technologies”.

LEGAL BASIS        

GDPR art. 6, par. 1 lit f (legitimate interest)

CATEGORIES OF PERSONAL DATA 

●       Identity Information

●       Contact Information

●       Device Information

RETENTION PERIOD           

We need your data for as long as you are on the site. We keep it for the duration of your browsing session.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Site Administration Support Providers

b.       Purpose: Domain and Network Security and User Authentication

PROCESSING

To protect our domains, detect unusual activities, and prevent security threats and protect our site-visitors from unauthorized accesses (such as hackers), we screen all traffic to our sites, and authenticate user log-in information. 

Use of Cookies/Tags/Pixels: We may collect your Personal Data for this purpose by using technologies such as cookies, pixels and tags to collect your device information. More information is available in “Collecting Your Device Information on Our Website Using Cookies, Pixels, Tags, And Similar Technologies”.

LEGAL BASIS        

GDPR art. 6, par. 1 lit f (legitimate interest)

 

CATEGORIES OF PERSONAL DATA 

●       Identity Information

●       Contact Information

●       Device Information

RETENTION PERIOD           

We need your data for as long as you are on the site. We keep it for the duration of your browsing session.

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Site Administration Support Providers

 

c.       Purpose: User account management – User Experience

PROCESSING

We are storing and managing the information you provide during your account creation on a dedicated platform to manage your user account and provide you with a smooth user experience during your visit of Ober Alp’s rental platform and in connection with the functionalities we provide to you.

LEGAL BASIS        

GDPR art. 6, par. 1 lit f (legitimate interest)

CATEGORIES OF PERSONAL DATA 

●       Identity information

●       Contact Information

●       Device Information

RETENTION PERIOD           

Your account duration + 1 month

To allow you to sign in to Ober Alp’s rental platform, we need to maintain your data for as long as you have an account with us. We will also keep your account information for an additional month to enable a recovery of the account.

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Site Administration Support Providers

 

d.       Purpose: Rental of Ober Alp Products

PROCESSING

To process your online orders, create a smooth check-out process for you, make sure your payment is received, to manage the rent of the products including invoice processing, delivery, personalization services. Your order cannot be completed if our payment fraud detection solutions flag your transaction as suspicious and potentially fraudulent. Please note the payment fraud detection system is an automated decision-making process. It is required to allow us to conclude the contract with you. You have the right to request a human review of this decision and challenge the decision.

LEGAL BASIS        

GDPR art. 6 par. 1 lit b (performance of the contract)

GDPR art. 6 par. 1 lit c (compliance with legal obligation)

GDPR art. 6 par. 1 lit f (legitimate interest)

 

CATEGORIES OF PERSONAL DATA 

●       Identity information

●       Contact information

●       Location information

●       Purchase Information

●       Correspondence

●       Device Information

RETENTION PERIOD           

Duration of contract and statutory limitation period (10 years). We need to keep the information in case of any legal disputes concerning the contract.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Delivery Service Providers

●       Payment Risk Solution Providers

●       Payment Processing Providers

●       IT Cloud Solution Providers

 

e.       Payment Fraud Detection

PROCESSING

We combine the Payment, Purchase and Transaction Information you provide to us with other information we obtain through our third-party payment risk and fraud prevention service providers to ensure any purchases are legitimate, or you do not purchase our products in violation with our terms and conditions. This means depending on the outcome of the analysis of your information, we may reject your order, and decline your payment. This is an automated decision-making process that is required to conclude our sales contract with you.

LEGAL BASIS        

GDPR art. 6 par. 1 lit b (performance of the contract)

GDPR art. 6 par. 1 lit f (legitimate interest)

 

CATEGORIES OF PERSONAL DATA 

●       Identity information

●       Contact information

●       Purchase Information

●       Device Information

RETENTION PERIOD           

Duration of contract and statutory limitation period. We need to keep the information in case of any legal disputes concerning the contract.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Payment Risk Solution Providers

●       Payment Processing Providers

●       IT Cloud Solution Providers

 

f.        Purpose: Business Operational Analytics

PROCESSING

We need to know how we do as a business. This is in the interest of our shareholders, our board members, our employees, and our partners, as well as our consumers. We create data models for different analytical purposes, and analyze using these data models to understand how our products are selling in different markets, what are the popular features of our products, what worked and what didn’t in terms of our marketing and advertising campaigns, our product designs and distribution strategy, our website design and overall user experience, so we can establish, implement, and evaluate our business strategy.

This includes, for example, analyzing data to understand how users browse our site to improve our user experience design to make sure you will continue to purchase our products and interact with us on our site.

We remove any identity information that would directly identify you (for example, your name and email address), and use only an internal unique identifier to minimize any possible privacy risks to you.

Use of Cookies/Tags/Pixels: We may collect your Personal Data for this purpose by using technologies such as cookies, pixels and tags to collect your device information. More information is available in “Collecting Your Device Information on Our Website Using Cookies, Pixels, Tags, And Similar Technologies”.

 

LEGAL BASIS        

GDPR art. 6 par. 1 lit f (legitimate interest)

CATEGORIES OF PERSONAL DATA 

●       Identity information

●       Behavioral and Preference Information

●       Location Information

●       Purchase Information

●       Device Information

●       Correspondence

●       Social Media Interaction and Activity

RETENTION PERIOD           

We anonymize your Personal Data as soon as possible, but at the latest after 6 months. We need the information for this duration to produce accurate analysis of our business operations.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Prospective Buyers and Investors

●       Business Consulting Service Providers

●       Data Analytics Solution Providers

●       IT Cloud Solution Providers

g.       Purpose : Customer Service

PROCESSING

We collect your Personal Data to answer your queries about your order, inform you when the product you like is available upon your request, and respond to your questions and concerns through various communications channels we make available to you, including if you contact us for questions about your Personal Data rights. Your requests to our customer service will be analyzed so that we can provide you with valuable service in the future. We may record our phone conversations with you for quality assurance purposes only when you agree to the recording.

LEGAL BASIS        

GDPR art. 6 par. 1 lit f (legitimate interest)

GDPR art. 6 par. 1 lit a (consent - for recording our phone conversations)

 

CATEGORIES OF PERSONAL DATA 

●       Identity information

●       Contact information

●       Location information

●       Purchase Information

●       Correspondence

●       Image and Recordings (with your consent only)

RETENTION PERIOD           

Statutory limitation period: 2 years

We need to keep the information in case of any legal disputes.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Rental Partner

●       Delivery Service Providers

●       Payment Risk Solution Providers

●       Payment Processing Providers

●       IT Cloud Solution Providers

 

h.       Purpose : Product Research and Development

PROCESSING

We conduct analysis to research improve our products and services. This includes asking you questions in surveys, asking you for feedback, asking you to test our products and provide us with a review, asking other service providers to conduct market and product research for us, try new technologies in our product that might collect Personal Data to stay ahead of the competition. We retain this information based on our “legitimate interest”, so by participating in any product review or survey, you agree that this is our legitimate interest. Where it is possible for the specific project or if you object to this legitimate interest, we will remove any identity, contact, or mobile device information, so the information cannot be used to identify you, and will no longer be your Personal Data, and is considered “anonymized”.

 

LEGAL BASIS        

GDPR art. 6 par. 1 lit f (legitimate interest)

 

CATEGORIES OF PERSONAL DATA 

●       Measurements (only if required by the project)

●       Identity information (only if required by the project)

●       Contact information (only if required by the project)

●       Location information (only if required by the project)

●       Payment, Purchase and Transaction Information (only if required by the project)

●       Social Media Interaction and Activity (only if required by the project)

●       Browsing Information (only if required by the project)

●       Mobile Device Information (only if required by the project)

●       Correspondence (only if required by the project)

●       Behavioral and Preference Information (only if required by the project)

●       Membership Administration Information (where membership applies / if available)

 

RETENTION PERIOD           

The duration of the project and statutory retention period stated to protect our IP rights.

Product reviews which have been published (e.g. on the rental platform) are not subject to a specific retention period. They may be kept until it is decided to delete them.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Prospective Buyers and Investors

●       Business Consulting Service Providers

●       Data Analytics Solution Providers

●       Manufacturing Providers

●       IT Cloud Solution Providers

i.        Purpose: Cooperation with Law Enforcement and Regulatory Authorities (Including Courts)

PROCESSING

When we are legally required to provide your Personal Data for national and public security reasons, crime prevention, investigation and prosecution, anti-money laundering, judicial proceedings, protection of other individuals’ rights and freedoms, and enforcement of civil claims, we will provide information as requested by the authorities or parties once we are satisfied that the request is mandated by law. We may not be able to notify you if it is against the law to do so.

 

LEGAL BASIS        

GDPR art. 6 par. 1 lit c (compliance with legal obligation)

 

CATEGORIES OF PERSONAL DATA 

All Categories of Personal Data as requested by the enforcement authority.

 

RETENTION PERIOD           

For as long as required by law.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Local and national government authorities, including tax authorities

●       Local and national law enforcement agencies

●       Local and national judiciary

 

j.        Purpose: Collecting Your Device Information on Our Website Using Cookies, Pixels, Tags, And Similar Technologies (“Cookies Notice”)

PROCESSING

When you visit the rental platform, we store data collectors such as cookies, tags, pixels, tag containers, beacons, among others, in your browser to obtain certain information about your current browsing session. These technologies are often referred to as “Cookies” collectively by other websites.

Any pixels that are used only collect anonymized data

 

LEGAL BASIS        

GDPR art. 6 par. 1 lit a (consent)

 

RETENTION PERIOD           

The cookies used to collect your device information and browsing behavior information are stored in your browser for the session or for as long as you do not clear your browser cookie setting.

The data we obtained through the cookies related to other purposes will be stored for the duration of that purpose.

 

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Site Administration Support Providers

●       Business Consulting Service Providers

●       Data Analytics Solution Providers

You can change your browser settings to delete or prevent certain cookies from being stored on your computer or mobile device without your explicit consent. The ‘help’ section in your browser should provide information on how to manage your cookie settings.

 

Find out how this works for your browser here:

Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies

Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647

Safari: http://support.apple.com/kb/PH5042

Opera: http://www.opera.com/browser/tutorials/security/privacy/

Adobe (flash cookies): http://www.adobe.com/privacy/policies/flash-player.html

Google Chrome App: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DAndroid&hl=en

 k.      Purpose: User Generated Content (UGC) Acquisition from Social media

PROCESSING

We invite you to provide your images to us via social media platforms by following specific instructions. If you follow this invitation, we will be using the images you provide for our campaign communications. We will obtain rights to your image through a license agreement in the form of our terms and conditions. By submitting your images via social media platforms to us, you will agree for us to use your images as described in the license agreement.

LEGAL BASIS        

GDPR art. 6 par. 1 lit b (performance of a contract)

CATEGORIES OF PERSONAL DATA 

●       Identity information

●       Community information: images, videos, comments, sound recordings and other files provided through the social media platform promoting BRAND

●       Social Media Interaction and Activity

RETENTION PERIOD           

Duration of license agreement and statutory limitation period in case of any disputes.

CATEGORIES OF RECIPIENTS            

●       Ober Alp S.p.A.

●       Event Partners (where applicable)

●       UGC Support Partners

●       Advertising Agency Partners

●       Social Media Platforms

●       IT Cloud Solution Providers (where applicable)

3.   What does Ober Alp do when we transfer your Personal Data outside of the EU/EEA?

For the purpose of this platform, your personal data may be shared with Ober Alp’s subsidiaries and affiliates outside the EU/EEA. Where the recipient is located outside the EU/EEA, we have implemented necessary measures such as singing the EU Standard Contractual Clauses approved by the EU Commission.

4.   How do we secure your Personal Data?

We implement appropriate technical and organizational measures to address the risks corresponding to our use of your Personal Data, including loss, alteration, or unauthorized access to your Personal Data, and empowering you to exercise your rights. We require our service providers to do the same through contractual agreements. However, you should be aware that any transmission of your Personal Data through the internet is at your own risk. We can only protect your Personal Data when we have it.

5.   What are your rights and how can you exercise them?

Under the GDPR and applicable data protection laws in the EU/EEA countries, you have the rights listed and explained below. We also provide you instructions on how to exercise each right. We need to confirm your identity before we can handle your requests. When we refuse your request for legal reasons, we will tell you why. If you wish to exercise your rights below, please contact BRAND who will be able to assist you with your request.

●       Get a copy of your Personal Data

●       Access to information about your Personal Data

●       Make sure your Personal Data are correct

●       Delete your Personal Data

●       Restrict how we use your Personal Data

●       Obtain a portable file so you can share it with another company

●       Withdraw your consent

●       Object when we process your Personal Data based on “Legitimate Interest”

●       Challenge the decision generated by our automated decision-making process

●       File a complaint with your local data protection supervisory authority

To understand more about your rights under the EU GDPR, please consult your local data protection authority’s website.

6.   Data Protection Officer

If you wish to contact the Data Protection Officer of Ober Alp and Ober Alp’s Data Controller, please write to the Privacy team below:

By email:

privacy@oberalp.com