(2) CONTROLLER AND DATA PROTECTION OFFICER
The data controller is Ferrari S.p.A., with registered office at Via Emilia Est, N. 1163, Modena, Italy. You can contact the Ferrari's Data Protection Officer by email at: firstname.lastname@example.org.
(3) COLLECTION OF YOUR PERSONAL DATA
We collect personal data, which is information that identifies you or relates to you as an identifiable individual.
(A) Information You Provide To Us
If you choose to engage in certain services offered on our Websites, we will collect personal data from you. We collect personal data from you when you:
Ferrari may also use the personal data we collect as described in this section to improve our products and services, to comply with the law, to efficiently maintain our business, and for other limited circumstances as described in HOW WE SHARE YOUR PERSONAL DATA. This is part of our legitimate interest in the performance of our contractual obligations, protection of legal rights, and compliance with legal obligations. Ferrari may also deidentify or aggregate the personal data for benchmarking purposes.
(B) Information Collected Automatically.
Cookies and Tracking Technologies
In addition to the personal data you provide directly, we may also collect information from you automatically as you use our Websites. This information includes the following internet or other electronic network activity information and location information:
These cookies include also the following categories:
(4) RECIPIENTS OF YOUR PERSONAL DATA
Ferrari may need to make the personal data identified in this Privacy Notice available within Ferrari, with service providers, or with other third parties. These instances include:
Within Ferrari. We may share your personal data with Ferrari subsidiaries for legitimate business purposes and general business management. The legal basis for this is our legitimate interest in carrying out our business efficiently. Upon your consent, we may also share your personal data within the Ferrari Group Companies for marketing purposes. You may revoke your consent at any time.
With Service Providers. We may share your personal data with our service providers that assist us in providing the Websites. The legal basis is our legitimate interest in providing the Websites efficiently. These service providers include communication providers, web-hosting providers, IT support, our customer management platform, shipping providers, payment processors, call center providers, marketing providers, and e-commerce providers.
With Third Parties. We may need to disclose your personal data to third parties, such as legal advisors, law enforcement agencies, or governmental/regulatory bodies in order to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm, for risk management purposes, and to comply with our legal obligations. The legal basis for this is compliance with the law, compliance with legal obligations, and our legitimate interest in the protection of the rights of others.
In the Event of a Corporate Reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we would share personal data with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We would also share personal data with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings.
With Your Consent. Apart from the reasons identified above, we may request your permission to share your personal data for a specific purpose. We will notify you and request consent before you provide the Personal data or before the personal data you have already provided is shared for such purpose. You may revoke your consent at any time.
Sharing in the Last Twelve (12) Months
For a Business Purpose. In the preceding twelve (12) months, Ferrari has disclosed the following categories of personal data for a business purpose to the following categories of third parties:
(5) YOUR DATA CHOICES
Correct or View Your Information. You may access your Ferrari owner’s account to correct or view certain personal data you have provided to us and which is associated with your account.
Online Advertising. To opt-out of interest based advertising generally or to learn more about the use of this information by our service providers you can visit the Network Advertising Initiative or the Digital Advertising Alliance. For European users, please visit the European Interactive Digital Advertising Alliance here.
Marketing Emails. You may opt-out of receiving marketing emails from us by clicking the “unsubscribe” link provided with each email. Please note that we will continue to send you notifications necessary to the Websites, your account, or requested products or services.
Device Location Settings. You may prevent your mobile device from sharing your location data by adjusting the permissions on your mobile device or within the MyFerrari mobile application.
Uninstall MyFerrari. You can stop all further collection of your personal data by the MyFerrari mobile application by uninstalling the mobile application.
(6) GENERAL DATA PROTECTION REGULATION (GDPR)
a. Right of Individuals Under the GDPR
If our processing of your personal data is subject to the GDPR, you have the following rights with respect to your personal data:
To exercise your rights, you may submit a request in writing to Ferrari S.p.A., via Abetone Inferiore 4, Maranello (MO), Italy or by email at email@example.com.
b. Personal Data Transfer Outside of the European Economic Area
Within its contractual relations, Ferrari may transfer personal data to countries outside of the European Economic Area (“EEA”). In the event personal data is transferred outside of the EEA, Ferrari will use appropriate contractual measures to guarantee an adequate protection of personal data, including implementation of agreements based on the standard contractual clauses adopted by the EU Commission.
(7) CALIFORNIA RESIDENTS
To the extent the California Consumer Privacy Act (CCPA) applies to the processing of your personal data you would be entitled to the following rights:
For requests submitted via telephone or email, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal data and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information. . The interactive webform contains the information that we need to verify your identity and review your request.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal data. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.
(8) NEVADA RESIDENTS
If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of certain of your personal data. We do not currently sell any of your personal data under Nevada law, nor do we plan to do so in the future. If you have any questions regarding our data privacy practices, or would like to opt-out of the future sale of your personal data, please contact us at firstname.lastname@example.org.
(10) DO NOT TRACK
We do not respond to Do Not Track (“DNT”) requests. Do Not Track is a preference you can set in your web browser to inform Websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
(11) INFORMATION SECURITY
To protect your personal data from unauthorized access, destruction, use, modification, or disclosure, we have implemented technical, administrative, and physical security measures. These security measures include encryption, access controls, and anti-virus and anti-malware protection. However, no security measure or modality of data transmission is 100% secure and we are unable to guarantee the absolute security of the personal data we have collected from you.
(12) CHILDREN’S PRIVACY
The Websites and the services offered thereon are not intended for individuals under the age of eighteen (18) years. If we learn that we have collected or received personal data from individuals under the age of eighteen (18), we will delete the personal data. If you believe we have personal data on individuals under the age of eighteen (18), please contact us at the contact information provided below.
(14) LINK TO THIRD PARTY WEBSITES
Third party websites accessible from this website are under the third party responsibility.
The Company declines all responsibility concerning requests and/or provision of personal data to third party websites.
For questions, please contact Ferrari at:
Data Protection Officer
Legal and Corporate Affairs
Via Abetone Inf. 4; I-41053, Maranello, (MO); Italy