(version no. [1] of 31 October 2019)

The version in effect at the time may be requested by emailing:

  1. Introduction.

In compliance with Regulation (EU) no. 679/2016 (hereinafter the “Regulation” or the “GDPR”, General Data Protection Regulation) and applicable domestic legislation, WOWFIT S.R.L., in its capacity as the Controller, in terms of processing personal data, intends, with this document, to provide data subjects with information on how the personal data that concerns them is processed within the scope of using the site

  1. Type of data processed and how data is collected

The Controller collects, processes and uses the following categories of personal data: identifying data (first name, last name), contact data (email address).

  1. The purpose for processing personal data and the legal basis for doing so

Collecting and processing personal data are done in order to:

  • send, periodically, information and/or notices relative to the initiatives of the company, WOWFIT S.R.L

The legal basis for processing personal data, referred to in the purpose above, is represented: by the free and informed consent given by the data subject in relation to the purpose indicated.

  1. The nature of providing data and the consequences for failing to provide it

Providing personal data by the data subject for the purpose referred to in paragraph 3 of this document is optional. Failure to provide this personal data will, however, make it impossible for the Controller to allow the data subject to receive the information that was described in the purpose referred to in paragraph 3 in this document.

  1. Scope of data handling

Data may be accessed by employees of WOWFIT S.R.L., the owner of the site as well as, by virtue of its role and within the scope of its tasks and functions, the web agency that provides assistance and maintenance services for the site, LINXS S.R.L.

In any case, the Controller guarantees that the parties indicated above have received appropriate written authorisation to process such data, whilst external parties are duly indicated as Processors (in terms of processing personal data) pursuant to and for the effects of article 28 of Regulation 679/2016.

The data, in any case, will not be divulged and will not be communicated to any other third party.

  1. The methods by which data is processed

Data will be processed both in electronic and paper form.

  1. Processing duration

The data acquired will be stored for a period no longer than that necessary to fulfil the purpose specified above (paragraph 3 of this document) and, in any case, until the data subject makes an explicit request to have the data provided erased.

  1. The data subject’s rights

“Data subjects”, or natural persons, may exercise their rights by virtue of that given in Chapter III, Section 2 of the GDPR, articles 15-22.

The Regulation allows data subjects to be able to exercise the right of access to discover what personal data the Controller possesses about them and how this data is used. Data Subjects also have the right to have this data updated, rectified, or, where appropriate, supplemented, as well as the right to have this data erased, transformed into an anonymous form, or to restrict the processing of this data.

The data subject also has the right, at any time, to revoke any consent given without, however, prejudicing the lawfulness of the processing done and based on the consent given before it was then revoked.

  1. (continued) The right to data portability

Each data subject may ask to receive, or to request the transfer of, the personal data that concerns them and which is held by the Controller in a structured, commonly used and legible form for further personal uses or to transfer this data to another Controller (the right to portability).

Exercising this right is possible when:

processing is based on consent pursuant to article 6(1)(a) or article 9(2)(a) or is based on a contract pursuant to article 6(1)(b).

processing is carried out by automated means.

Specifically, the data that may be subject to portability regards personal details (e.g. first name, last name, title, date of birth, sex, place of birth, residency, etc.)

  1. (continued) The right to object

Pursuant to that given by article 21, the data subject has the right to object, at any moment, on grounds relating to his/her particular situation, to the processing of the personal data that concerns them pursuant to article 6(1)(e) or (f), including profiling based on these provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds to proceed with processing which override the interests, rights and freedoms of the data subject or to establish, exercise or defend a right in a court of law.

In the case in which data is processed for direct marketing purposes, the data subject has the right, at any time, to object to the processing of the personal data that concerns them for such a purpose, including profiling to the extent that it is related to the direct marketing activity.

  1. How data subjects may exercise their rights

A data subject may exercise his/her rights as referred to in articles 15-22 of the GDPR by contacting: WOWFIT S.R.L. with offices at Via Irma Bandiera 36, Monte San Pietro (BO), Italy Tel: +39 3482470014 - Email:, Certified email:

The term in which a reply is due is one (1) month, which may be extended to two (2) months in particularly complex cases; in these cases, WOWFIT S.R.L. will provide at least an interim communication within one (1) month.

Exercising these rights is, in principle, free of charge; WOWFIT S.R.L. reserves the right, however, to charge a fee in the event of a manifestly unfounded or excessive request (including repeated requests).

WOWFIT S.R.L. has the right to ask for certain information deemed necessary to identify the requesting party.

Exercising a data subject’s right, as provided for by articles 15-22 of the GDPR may be delayed, limited or excluded under certain conditions, for example in the event in which exercising a right might actually jeopardise the confidentiality of the identity of the employee who reported an offence pursuant to Italian law (so-called whistleblowing), or which might jeopardise interests protected by provisions against money laundering or provisions on protecting victims of extortion, or which might jeopardise carrying out defensive investigations or exercising a right in a court of law, etc. (Privacy Code, article 2-undecies)

  1. Lodging a complaint with a Supervisory Authority

WOWFIT S.R.L. informs data subjects that they have the right to lodge a complaint or to make a report to a Supervisory Authority which in Italy is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or, alternatively, to appeal to a Judicial Authority pursuant to articles 77 et seq. of the Regulation.

  1. Changes to this privacy policy

The Controller reserves the right to modify this document at any time and at its sole discretion. Any change will be effective from the date on which the amended version of this policy is published and made available from the URL XXXXXXXX. In any case, the Controller will ensure that processing personal data will be based on the principles of correctness, lawfulness and transparency, safeguarding the confidentiality and rights of the data subject.