Privacy Policy

Privacy ACAI S.r.l. | EU Regulation 679/2016 (“GDPR”) | v.01 May 2024

ACAI S.R.L. (“ACAI” or the “Data Controller”) is committed to protecting Personal Data entrusted to it. Therefore, their management and security are guaranteed with utmost care, in compliance with privacy regulations under EU Regulation 679/2016 (GDPR).

This privacy policy explains who we are, for what purposes we may use your data, how we manage it, to whom it may be communicated (e.g., client companies, accommodation facilities, Public Entities, etc.), where it may be transferred, and what your rights are.

Introduction

This privacy notice relates to all sales of digital products and services via the website www.SportBALLs.news (hereinafter, the “Website”), as described in greater detail in the General Terms and Conditions of Sale available on the Website, which are fully incorporated herein (the “General Terms”).

ACAI S.r.l. will collect personal data related to Website users and buyers of Physical Products and NFTs (hereinafter collectively referred to as “Users” or “User”) and will process them in accordance with applicable laws regarding personal data processing, specifically GDPR and Legislative Decree 196/2003, as subsequently amended and supplemented.

Who will process my data?

Your data will be processed by the Data Controller:

ACAI S.R.L.
Via Luigi Einaudi 14
09127 – Cagliari

The list of external Data Processors is available at the headquarters of the Data Controller or upon request by contacting ACAI.

2. Why do you need my data?

The Data Controller will use User data exclusively for the following purposes:

  1. Purposes related to the management of the contractual relationship for the sale of Physical and Digital Products under the General Terms. Within this scope, Personal Data will be processed for the following purposes: establishment, management, and termination of the contractual relationship with ACAI; fulfillment of accounting and fiscal obligations; compliance with legal obligations (e.g., anti-terrorism checks); anti-money laundering controls; fiscal and accounting verifications; litigation management; provision, support, updates, and information about the products and services sold, and available features.
  2. Marketing purposes, provided the User has expressly consented.

ACAI will process data:

  • with reference to point a) above, irrespective of User consent, as it is necessary for contractual obligations (Art. 6.1 (b) GDPR); compliance with legal obligations to which ACAI is subject (Art. 6.1 (c) GDPR); and to pursue legitimate interests, such as anti-money laundering checks, managing post-contractual customer relationships, etc. (Art. 6.1 (f) GDPR).
  • with reference to point b) above, solely upon valid, free, and informed consent of the User (Art. 6.1 (a) GDPR).

Consequently, providing Personal Data is necessary or mandatory for the purposes described under point a) above and may occur even without your consent.

Partial or total failure to provide data for the purposes mentioned in point a) above will lead to partial or total impossibility to fulfill the related purposes. The extent and adequacy of the data provided will be evaluated case-by-case to determine related decisions and avoid processing data exceeding the pursued purposes.

Consent for marketing purposes listed under point b) above is not mandatory, and failure to provide such consent does not prevent ACAI from providing services as outlined in the General Terms.

3. How will you use my data?

ACAI aims to protect its customers’ data, processing them according to principles of correctness, lawfulness, and transparency. Your Personal Data will thus be processed using tools and procedures that ensure maximum security and confidentiality, including paper archives, digital media, and IT and telematic means. Communications as per point 2 above may occur via traditional methods (e.g., postal mail, operator-assisted calls), automated systems (e.g., automated calls), and similar methods (e.g., fax, email, SMS, MMS, messaging services such as WhatsApp, Messenger, Telegram, etc.).

You may exercise your right to object, which—unless otherwise indicated by you—will apply to both traditional and digital or automated communications.

We will not use your Personal Data for purposes different or additional to those described in this notice without first informing you and, where necessary, obtaining your consent.

4. How long will you store my information?

Your Personal Data will be retained from the time it is received/updated for a period suitable for the purposes stated above.

Below are the retention periods for different types of processing:

Type of dataRetention period
Civil, accounting, and tax documents and related data as required by applicable laws, especially concerning treatments under point a) above.10 years from the termination of the contractual relationship
Personal Data processed for Marketing PurposesStored in accordance with proportionality and minimization principles until the data subject revokes specific consent for accessory and secondary marketing processing (including communication to third parties for such purposes). Thus, retention periods depend on the data subject’s choice to revoke consent.

5. Will you share my information with others?

Your Data may be communicated to ACAI’s partner entities for the management of existing contracts with you, and to third parties (including debt recovery companies, professionals, public entities, auditing or supervisory bodies), to fulfill obligations arising from laws, regulations, EU legislation, or aspects relating to managing and executing the contractual relationship.

Your Personal Data will not be disclosed to third parties for marketing purposes unless you have expressly consented to such disclosure and have received appropriate information regarding this.

For all purposes indicated in this notice, your Data may also be communicated abroad, within the European Union, respecting the rights and guarantees provided by applicable law. Should the data be transferred to a third party located outside the European Union, this will occur only after verifying that the country ensures an “adequate” level of protection, in compliance with current legislation, also considering the European Court of Justice ruling in the case of Facebook Ireland Ltd, Maximillian Schrems, no. C-311/18.

Your Data will also be processed by internal ACAI office personnel who have been suitably trained and who operate as authorized Data Processors under Art. 29 GDPR.

Public authorities may access stored Data in the cases and methods provided for by applicable laws.

Your Personal Data will not be publicly disseminated.

For sending service-related or periodic mass communications, including those of a commercial and promotional nature, the interested party’s email address will be included in a contact list managed by third-party service providers. A list of these providers is available at our headquarters or upon request to the address above.

6. What are my rights?

You have the right at any time to request:

  1. access to your personal data;
  2. their rectification if incorrect;
  3. erasure;
  4. restriction of processing.

You also have:

the right to object to processing:

  • if data are processed based on ACAI’s legitimate interests, except in cases provided by law;
  • if data are processed for direct marketing purposes.

You have the right to data portability, meaning you may receive the personal data provided by you in a structured, commonly used, and machine-readable format.

We will handle your requests with utmost commitment to ensure your rights are effectively exercised. Finally, you have the right to lodge a complaint with the national supervisory authority (Privacy Guarantor).

7. Can I withdraw my consent after giving it?

Yes, you may withdraw your consent at any time without affecting:

  • the lawfulness of processing based on consent given before withdrawal;
  • further processing of the same data based on other legal grounds (e.g., contractual obligations or legal obligations ACAI is subject to).

8. I still have questions…

For further information regarding this notice or privacy issues, or if you wish to exercise your rights or withdraw your consent, you can contact ACAI directly or visit the website of the Privacy Guarantor at www.garanteprivacy.it.

Summary information about additional rights of the data subject.

The GDPR grants the data subject various rights, which according to the WP 260 Guidelines on Transparency, must be summarized in their main points within the notice. These rights are summarized briefly below:

Right of access (only to your personal data): the right to obtain confirmation from the Data Controller as to whether personal data concerning you are being processed and, if so, to obtain access to the personal data, and to be informed about the purposes of processing; the categories of personal data; the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations; where possible, the envisaged period for storing personal data or, if not possible, the criteria used to determine that period; if data were not collected from the data subject, the right to receive all available information on their origin; and the right to be informed about the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Right to rectification and supplementation: The data subject has the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning them. Considering the purposes of processing, the data subject has the right to have incomplete personal data completed, including by providing an additional statement. The Data Controller shall communicate any rectification to each recipient to whom personal data have been disclosed unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject about such recipients if requested by the data subject.

Right to erasure (Right to be forgotten): The data subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay (unless specific reasons provided by Art. 17(3) GDPR apply, relieving the Controller of this obligation), if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; if the data subject withdraws consent and no other legal ground for processing exists; if the data subject objects to processing for marketing or profiling purposes, including consent withdrawal; if personal data have been unlawfully processed or collected from minors in violation of Art. 8 GDPR. The Data Controller shall communicate any erasure to each recipient to whom personal data have been disclosed unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject about such recipients if requested by the data subject.

Right to restriction of processing: The data subject has the right to obtain from the Data Controller restriction of processing (defined in Art. 4 GDPR as marking stored personal data to limit future processing) under any of these circumstances: the data subject contests the accuracy of personal data, for the period necessary for verification by the Data Controller; the processing is unlawful, but the data subject opposes erasure and requests restriction instead; the Data Controller no longer needs the data, but the data subject requires them to establish, exercise, or defend legal claims; the data subject has objected to marketing processing pending verification of whether legitimate grounds of the Controller override those of the data subject. If processing is restricted, personal data, apart from storage, are processed only with the data subject’s consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another person or for reasons of important public interest. The Data Controller informs the data subject before lifting this restriction. The Data Controller shall communicate any restriction to each recipient to whom personal data have been disclosed unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject about such recipients if requested by the data subject.

Right to object: The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them performed by the Data Controller for carrying out tasks in the public interest, exercising public authority, or pursuing legitimate interests of the Controller or third parties (including profiling). Additionally, the data subject has the right to object at any time to processing for direct marketing or commercial profiling purposes.

Right not to be subject to automated decisions, including profiling: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the automated decision is necessary to enter into or perform a contract between the data subject and the Data Controller; authorized by law with appropriate safeguards; or based on explicit consent from the data subject.

For convenience, the link to articles 15 to 23 of GDPR on data subject rights is provided.

This Cookie Policy relates to the website www.SportBALLs.news (“Website”) managed and operated by ACAI S.r.l., headquartered at Via Luigi Einaudi, 14, 09127 – Cagliari.

Definition of “cookie”.

Cookies are small fragments of text (letters and/or numbers) allowing a web server to store information on the client (browser, e.g., Internet Explorer, Chrome, Firefox, Opera…) to be reused during the same session (session cookies) or later, even after days (persistent cookies). Cookies are stored, based on user preferences, by the browser on the specific device (computer, tablet, smartphone).

Similar technologies like web beacons, transparent GIFs, and forms of local storage introduced with HTML5 can also gather information on user behavior and service use.

A cookie cannot retrieve other data from the user’s hard drive, transmit viruses, or capture email addresses. Each cookie is unique to the user’s web browser. Some cookie functions may be delegated to other technologies. The term “cookies” refers broadly to cookies and all similar technologies.

Based on their characteristics and use, cookies can be categorized as follows:

Strictly necessary technical cookies: essential for website functionality, used to manage website services (e.g., login, restricted access). Disabling them may impair site usage.

Analytics and performance cookies: collect anonymous traffic data and analyze website use without identifying users directly. Disabling these cookies does not affect site functionality and will be detailed later.

Profiling cookies (not operational on this Website): used to anonymously or non-anonymously identify user preferences. For details on these unused cookies, visit www.garanteprivacy.it/cookie.

Purpose and use of technical session cookies.

The Website uses cookies solely for authentication, session monitoring, and storing technical information. Some site operations (e.g., accessing restricted areas) are impossible without these necessary cookies.

  • i cookies utilizzati per analizzare statisticamente gli accessi/le visite al sito (cookies cosiddetti “analytics”) che perseguono esclusivamente scopi statistici (e non anche di profilazione o di marketing) e raccolgono informazioni in forma aggregata senza possibilità di risalire alla identificazione del singolo utente. In questi casi, dal momento che la normativa vigente prescrive che per i cookies analytics sia fornita all’interessato l’indicazione chiara e adeguata delle modalità semplici per opporsi (opt-out) al loro impianto (compresi eventuali meccanismi di anonimizzazione dei cookies stessi), specifichiamo che è possibile procedere alla disattivazione dei cookies analytics come segue: aprire il proprio browser, selezionare il menu impostazioni , cliccare sulle opzioni internet, aprire la scheda relativa alla privacy e scegliere il desiderato livello di blocco cookies. Qualora si voglia eliminare i cookies già salvati in memoria è sufficiente aprire la scheda sicurezza ed eliminare la cronologia spuntando la casella “elimina cookies”.

    • Third-party cookies

    When visiting a website, users may receive cookies from sites managed by other organizations (“third parties”) located in Italy or abroad.

    A common example found on most websites is the presence of YouTube videos, Google APIs, Google Maps usage, and “social plugins” for Facebook, Twitter, Google+, and LinkedIn. These are sections of the visited page generated directly by the aforementioned sites and integrated into the host website page. Social plugins are typically used to share content on social networks, enhancing the visitor’s user experience.

    The presence of these plugins results in the transmission of cookies to and from all websites managed by third parties. Information collected by third parties is governed by their respective privacy policies, which we recommend reviewing. For greater transparency and convenience, below are links to these policies and details on managing cookies. Note that the Data Controller has no responsibility regarding the functionality of third-party cookies on this Website.

    This Website integrates the following third-party plugins:

    • Facebook
    • Twitter

    Below are links to the privacy policies of third parties utilizing profiling cookies:

    Responsibility for Third-party Cookies Operations.

    As stated in the Italian Privacy Authority’s General Provision on cookies (May 8, 2014): “There are numerous reasons why it is not feasible to place upon website publishers the obligation to provide disclosure and acquire consent for the installation of third-party cookies on their sites. Firstly, publishers should always possess the tools and economic-legal capacity to fulfill third-party obligations, including the ability to verify the correspondence between third parties’ declarations and the actual purposes pursued through the use of cookies. This becomes particularly challenging since publishers often do not directly know all third parties installing cookies via their website, nor the underlying logic of such processing. Additionally, intermediaries between publishers and third parties frequently complicate publishers’ oversight. Third-party cookies may also be modified by providers over time, making it impractical for publishers to track subsequent changes.”

    As indicated by the Privacy Authority, this Website cannot control third-party cookies if it employs third-party services (e.g., Facebook, Twitter “social buttons”), for which responsibility rests exclusively with the third parties. Users retain the option to delete or block cookie operations at any time by using browser plugins or adjusting browser settings as outlined in various browser manuals.

    Mandatory or optional consent for cookies that do not serve marketing purposes.

    It is not mandatory to obtain consent for technical cookies, third-party cookies, or analytical cookies treated as technical cookies. Disabling these cookies or denying their functionality may impede correct navigation on the Website and/or limit the use of available services, pages, features, or content.