Policy pursuant to Article 13 of Regulation (EU) no. 2016/679 (“GDPR”)


Feel Racing S.r.l. (hereinafter “Feel Racing”) protects the confidentiality of personal data and guarantees its necessary protection against any event that may put it at risk of violation.

As provided for by European Union Regulation No. 2016/679 (hereinafter “GDPR”) and Article 13 in particular, please find below the information that we are required by law to provide to the user ("Data Subject") relating to the processing of their personal data.




Who we are and what data we process (Article 13, paragraph 1 (a), Article 15 (b) GDPR)

Feel Racing S.r.l., hereby represented by its pro tempore legal representative, with registered offices at Valsamoggia, loc. Crespellano (BO) Via Provinciale n. 35/C C.F. 03914210376, acts as the Data Controller and can be contacted at serena.gamberini@feelracing.it; said Data Controller collects and/or receives information relating to you, the Data Subject, such as:

Category of data Examples of types of data
Contact details first name, last name, landline and/or mobile telephone number, email address(es), physical address, nationality, residential province and city, tax ID number
Banking information IBAN and banking/postal account information (except for Credit Card number)

Feel Racing does not require you to supply so-called "private" data, that is, according to the provisions of the GDPR (Art. 9), personal data that identifies race or ethnicity, political opinions, religion or philosophy, or any union affiliation, nor any genetic or biometric information used to uniquely identify a physical person, data associated with health or one's sex life, or sexual orientation. In the event the services requested from Feel Racing require the processing of this data, you will first receive specific notification with a request for your consent.

The Data Controller has not appointed a Data Protection Officer (Art. 37, GDPR).




Why we need your data (Art. 13, paragraph 1 GDPR)

The data is used by the Data Controller to fulfill the registration request and for the supply contract on the preselected Service and/or Product purchase by the website https://shop.arubaracing.it/, to manage and execute the contact requests forwarded by you, offer assistance, fulfill legal and regulatory obligations demanded of the Data Controller in accordance with the activities performed.
In particular, your data will be processed for:


  1. registration and contact information, and/or informational materials
    Your personal data is processed to implement preliminary actions and those following a registration request, to manage information and contact requests, and/or to send informational materials, as well as to satisfy any and all other obligations arising herewith.
    The legal basis for this processing is to provide the services relating to a request for registration, information and contact, and/or the sending of informational materials, and to comply with legal requirements.
  2. administering the contractual relationship
    Your personal data is processed to implement preliminary actions and those following the purchase of a Service and/or a Product, to manage the applicable order, to perform the Service itself and/or for production and/or shipping of the purchased Product, the associated invoicing and payment management, handling of any returns and/or notifications to the support service and performance of the support itself, fraud prevention, as well as fulfillment of any and all other requirements arising from the contract.
    The legal basis for this processing is to provide the services relating to the contractual relationship and to comply with legal requirements.
  3. promotional activities on Services/Products that are similar to those you have purchased (Clause 47 GDPR)
    The Data Controller, even without your explicit consent, may use the contact information you provided for direct sales of its own Services/Products, limited to those Services/Products that are similar to the ones included in the sale, unless you specifically refuse.
  4. promotional activities on Services/Products that are different to from the ones you purchased
    Your personal data may also be processed for business promotional purposes, for market research studies involving the Services/Products that the Data Controller offers, but only if you have authorized this processing and have not opposed it.
    This processing may occur by the following automated methods:
    • e-mail;
    • sms;
    • telephone contact:
    and may occur:
    • if you have not withdrawn your consent for the use of your data;
    • if processing is done through contact with a telephone operator, and you are not registered on the non-call registry as outlined in Presidential Decree No. 178/2010;

    The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time (see Section III).

  5. fraud prevention (Clause 47 and Art. 22 GDPR)
    • except for special category data (Art. 9 GDPR) or data relating to criminal convictions and offences (Art. 10 GDPR), your personal data will be processed to allow controls for the purposes of monitoring and preventing fraudulent payments. This processing will be undertaken by software systems that run automated checks and will be carried out prior to negotiating Services/Products;
    • a negative result from these checks will render the transaction impossible; you can, in any event, express your opinion, obtain an explanation or dispute the decision by outlining your reasons to the Customer Care Department or to 051/969861;
    • personal data collected only for anti-fraud purposes, which differs from the data needed for the proper performance of the service requested, shall be immediately deleted upon termination of the verification phase.
  6. protection of minors
    The Services/Products offered by the Controller are reserved for those entities legally able, based on national regulations, to satisfy contractual obligations.
    To prevent illegal access to its services, the Data Controller implements preventive measures to protect its own interests, such as checking tax identification numbers and/or performing other checks, when necessary for specific Services/Products, with regard to the accuracy of the identification data on the identification documents issued by the applicable authorities.



Communication to third parties and categories of recipients (Article 13, paragraph 1 GDPR)


Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the activities relating to the contract established, and to meet certain legal requirements, such as:


Categorie di destinatari Finalità
Credit and electronic payment institutions, banks/post offices Managing deposits, payments, reimbursements associated with the contractual service
External professionals/consultants and consulting firms Fulfillment of legal requirements, exercising rights, protecting contractual rights, credit recovery
Financial Administration, Public Agencies, Legal Authorities, Supervisory and Oversight Authorities Fulfillment of legal requirements, protection of rights; lists and registries held by Public Authorities or similar agencies based on specific regulations relating to the contractual service
Formally mandated subjects or those with recognized legal rights Legal representatives, administrators, guardians, etc

* The Controller requires its own third party providers and Data Processors to adhere to security measures that are equal to those adopted for you by restricting the Data Processor's scope of action to processing directly related to the requested service.

The Controller will not transfer your personal data to countries where the GDPR is not applicable (countries outside the EU) except where specifically indicated otherwise, in which case you will be first notified, and if necessary asked for your consent..

The legal basis for this processing is fulfillment of the services outlined in the established contract, compliance with legal obligations, and the legitimate interests of Feel Racing S.r.l. to perform the processing necessary for these purposes.




What happens when you do not provide your identification information as needed to perform the requested service? (Article 13, paragraph 2 (e) GDPR)

The collection and processing of your personal data is necessary for fulfilling the services requested. Should you fail to provide the personal data expressly stipulated as necessary on the order form or the registration form, the Data Controller will not be able to carry out the processing associated with managing the requested services and/or the contract and the Services/Products associated with it, nor fulfill the operations dependent on them.


What happens if you do not grant consent for the processing of your personal data for business promotion activities on Services/Products that are different from those purchased?


When you do not give your consent to the processing of your personal data for these purposes, the processing will not be implemented for these specific purposes, but it will not affect the performance of the requested services or those for which you have already given your consent, if requested.

In the event you have given consent and later withdraw it or oppose the processing for business promotional activities, your data will no longer be processed for these activities, although this will not create negative effects or consequences for you or the services requested.


How we process your data (Article 32, GDPR)


The Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of your personal data, and requires the same security measures from third party providers and the Processors.


Where we process your data


Your data is stored in hard copy, electronic and remote archives located in countries where the GDPR is applicable (EU countries).


How long is your data stored? (Article 13, paragraph 2 (a) GDPR)


Unless you explicitly express your own desire to remove it, your personal data will be stored until required for the due purposes for which it was collected.

In particular, the data will be stored for the entire duration of your registration in a way proportionate to necessities or legal obligations.

For data provided to the Data Controller for the purposes of business promotion for services other than those you have already purchased, for which you initially gave consent, this will be stored for 24 months, unless such consent is withdrawn.

It is also important to add that, should the user forward to Feel Racing personal data that has not been requested or that is unnecessary for the purposes of performing the services requested, or for the delivery of a service strictly related thereto, Feel Racing cannot be considered controller of this data and will proceed to delete it as soon as possible.

Regardless of your determination to remove the data, your personal information will be, in any case, stored according to the terms outlined in current law and/or national regulations, for the exclusive purpose of guaranteeing specific requirements.

Furthermore, personal data will in any case be stored to comply with obligations (e.g. tax and accounting purposes) which may continue even after termination of the contract (Art. 2220 Civil Code); for these purposes, the Controller shall retain only the data necessary to complete these activities.

For those cases where the rights arising from the contract and/or registration are used in the courts, your personal data, exclusively required for these purposes, shall be processed for the time necessary to complete them.


What are your rights? (Articles 15 – 20 GDPR)


You have the right to obtain the following from the Data Controller:

  1. confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data in question;
    • the recipients or categories of recipients that have received or will receive your personal data, in particular if these recipients are in third party countries or are international organizations;
    • when possible, the anticipated storage period of your personal data or, if not possible, the criteria used to determine this period;
    • whether you have the right to ask the Data Controller to correct or delete your personal data or the limits on processing your personal data or to oppose the processing of the data;
    • the right to file a claim with a supervisory authority;
    • in the event the data is not collected from you, all of the information available regarding its source;
    • whether there is an automated decision process, including profiling, and, at lease in these cases, significant information on the logic used, as well as the importance and consequences to you for this processing.
    • the suitable guarantees provided by the third party country (outside EU) or international organization to protect any transferred data.
  2. the right to obtain a copy of the personal data processed, again given that this right does not affect the rights and freedoms of others; for extra copies requested by you, the Data Controller may assign a reasonable fee based on administrative costs.
  3. the right to edit any of your incorrect personal data from the Data Controller without unjustified delay.
  4. the right to have your personal data deleted by the Data Controller without unjustified delay, if any of the grounds outlined in the GDPR, Article 17, applies; this is also the case, for example, if the data is no longer needed for processing or if the data is considered unlawful, and as long as the conditions provided by law are fulfilled; and in any event, if the processing is not justified on other equally legitimate grounds;
  5. the right to obtain limits on the processing from the Data Controller, in those cases outlined in Art. 18 of the GDPR, for example where you have disputed the correctness, for the period necessary for the Data Controller to verify the data's accuracy. You must be notified, within an appropriate time, even when the suspension period has passed or the cause of limiting the processing has been eliminated, and therefore the limitation itself has been withdrawn;
  6. the right to obtain information from the Data Controller on the recipients who have received the requests for any corrections or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort.
  7. the right to receive your personal data in a structured format, commonly used and readable by automatic devices as well as the right to forward this data to another Data Controller without obstruction from the original Data Controller, in those cases outlined by Art. 20 of the GDPR, and the right to obtain direct forwarding of your personal data from one Data Controller to another, if technically feasible.


For further information and to send your request, contact the Data Controller at daniele.casolari@feelracing.it. To guarantee that the above-mentioned rights are exercised by you and not by unauthorized third parties, the Data Controller may require you to provide other information that may be necessary for this purpose.


How and when can you oppose the processing of your personal data? (Art. 21 GDPR)


For reasons relating to your own particular situation, you may at any time oppose the processing of your personal data if it is based on legitimate reasons or if the processing is undertaken for business promotion activities, by sending a request to the Data Controller at daniele.casolari@feelracing.it.

You have the right to have your own personal data deleted if the Data Controller has no legitimate reason prevailing over such request, and in any case, where you have opposed the processing for business promotional activities.


Who can you file a claim with? (Art. 15 GDPR)


Without prejudice to any other ongoing administrative or judicial action, you may file a claim with the applicable supervisory authority of the Italian territory (Italian Personal Data Protection Authority), that is, with the agency that performs its duties and exercises its rights within the member country where the GDPR violation occurred.

Any updates to this information shall be communicated in a timely manner and through suitable means, and will be notified to you if the Data Controller processes your data for purposes other than those outlined in this notice prior to proceeding and after you have given your consent, if necessary.





What are cookies?

Cookies are small strings of text that sites visited by the user send to his/her terminal (usually to the browser), where they are stored so that they can be retransmitted to those sites on the user’s next visit. When browsing a site, the user may also receive cookies on his/her terminal that are sent from different sites or web servers (so-called "third parties"), on which certain elements (such as, for example, images, maps, sounds, specific links to pages of other domains) on the site that he/she is visiting, may reside.
Two macro-categories of cookies can be distinguished: "technical" cookies and "profiling" cookies.

Technical cookies facilitate normal browsing and use of the website (for example, making it possible to make a purchase or authenticating access to restricted areas). If such cookies are not accepted, it would not be possible to carry out certain operations or these would be more complex and/or less secure; for these purposes, cookies that make it possible, for example, to identify or ensure the continued identification of the user within the session are essential.

Profiling cookies are aimed at creating profiles related to the user and can be used to send advertising messages in line with the preferences expressed by the user, or for detailed analyses or reports relating to the same in the context of browsing the network.

How we use cookies

Technical cookies, third-party cookies and, if the Interested Party has given explicit and informed consent, profiling cookies, can be installed from our website or from the corresponding subdomains. 
In all cases the user may, at any time, manage or request the general disabling or deletion of cookies by altering the settings on his/her internet browser. However, this disabling may slow down or prevent access to certain parts of the site or affect how browsing functions. 
The settings for managing or disabling cookies may vary depending on the internet browser used; therefore, for more information on how to carry out these operations, we suggest that the User consult the manual for his/her own device or the “Help” function on his/her internet browser. 
Below are links that show how to manage or disable cookies for the most common internet browsers used: 


Purpose, disabling and management of cookies
(art. 13, paragraph 1, letter c, of the GDPR)

Technical, functional technical and technical analytics cookies

The use of technical cookies, i.e. cookies necessary for the transmission of communications via the electronic communications network, or cookies strictly necessary so that the supplier can provide the service required by the customer, make it possible to use our site securely and efficiently. 
Session cookies may be installed to facilitate access to and continued presence in the restricted area of the portal as an authenticated user. 
Technical cookies are essential for the correct functioning of our website and are used to allow users access to normal browsing and the possibility of using the advanced services available on our website. The technical cookies used are divided into session cookies, which are only stored for the duration of the visit until the browser is closed, and persistent cookies, which are saved in the memory of the user’s device until they expire or are deleted by the user. 
Our site uses the following technical cookies: 
• Technical browsing or session cookies, used to manage normal browsing and user authentication; 
• Functional technical cookies, used to store customisation of the user’s choices, such as language

In accordance with the provisions of the relevant regulations in force, the installation of technical cookies does not require users’ consent.

Third-party, analytics and profiling cookies

Third-party cookies may be installed: these are the analytics and profiling cookies of Google Analytics. These cookies are sent from the internet sites of aforementioned third parties outside our own site. 
Third-party analytics cookies are used to gather information on user behavior on the site. Identification is done anonymously to monitor services and improve the site's usability. Third-party profiling cookies are used to create user profiles, in order to produce advertising messages in line with the choices made by said users. Though not receiving from Aruba any data for identifying the user (in fact the user’s IP is made anonymous before transmission), third parties can nevertheless associate the data received with other data and/or information on the user already in their possession.
The use of these cookies and the corresponding disabling option are governed by rules drawn up by the third parties; therefore the Interested Party is invited to consult the policies on the processing of personal data, and the instructions for managing or disabling cookies, which are published on the web pages shown below. The said policies may be provided in a language other than that of the Interested Party; in any case the latter may contact Aruba, using the reference details provided in Section I, to obtain information and/or clarification thereon in the language of said Interested Party: 

Google _ga Records a unique ID used to generate statistics on how the visitor uses the website. Records IP and demographics, where possible, to display user-targeted advertisements and TransactionID for orders placed (not all on all sites) https://policies.google.com/privacy?hl=it https://www.google-analytics.com/analytics.js https://support.google.com/accounts/answer/61416?hl=it
  _gid Records a unique ID used to generate statistics on how the visitor uses the website.
  _gat Used by Google Analytics to reduce the frequency of the requests
  ads/ga-audiences Pixel


How long is your data stored? (Article 13, paragraph 2 (a) GDPR)
The length of time for which the information gathered via cookies is stored depends on the type of cookies involved:
- Technical cookies: Aruba does not store data relating to technical cookies because this is stored in the user’s terminal equipment. The Interested Party may at any time delete this type of cookie by means of the processes described in this policy;
- Profiling cookies: profiling data is not stored, but its management must be carried out by the user directly with the third parties, depending on the instructions received from them and by means of the instruments specified in this policy.