IT EN
Sprint Commerce / Privacy Policy

Privacy Policy.

Information on the processing of personal data pursuant to EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as subsequently amended.

Last revision: 4 May 2026 · Version: 1.1
— Index
  1. Data controller
  2. Personal data collected
  3. Purposes and legal bases
  4. Recipients and external processors
  5. Non-EU transfers
  6. Retention period
  7. Rights of the data subject
  8. Security and breaches
  9. Changes to this notice

1. Data controller

The data controller is Sprint Commerce Srl Unipersonale (hereinafter "Sprint Commerce"), with registered office at Via del Bosco 91, 12100 Cuneo (CN), Italy. Tax/VAT ID IT03469100048, REA CN-293097.

Contacts:

Sprint Commerce has not appointed a Data Protection Officer (DPO) as the conditions for mandatory designation under Article 37 GDPR do not apply.

2. Personal data collected

Sprint Commerce collects and processes personal data only to the extent necessary for the stated purposes. Data is collected through the following channels:

2.1 Contact forms

When you fill in one of the forms on the site (Brand Partners, Retailers, generic Contact), we collect:

  • Identifying data: first name, last name, role, company name or brand name
  • Contact data: email address, phone number
  • Commercial data: country, city, ZIP code, product category, channel type, brands of interest
  • Free-text content: notes entered in the open fields

2.2 Browsing data

While browsing the site, certain technical data is automatically collected, necessary for the operation and security of the service:

  • IP address of the user (anonymized)
  • Browser user-agent
  • Pages visited, session duration, country of origin
  • Referrer: originating site, if available

This data is not used for individual profiling and is processed exclusively in aggregated and anonymized form.

2.3 Technical cookies

The site uses only essential technical cookies. For full details, see the Cookie Policy.

3. Purposes and legal bases

Purpose Legal basis
Response to inquiries submitted via forms (contact management, evaluation of commercial partnerships, dealer applications) Performance of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR)
Possible establishment and management of the commercial relationship Performance of a contract (Art. 6.1.b GDPR)
Compliance with tax, accounting, and administrative legal obligations Legal obligation (Art. 6.1.c GDPR)
Security of the website, prevention of abuse and cyber attacks Legitimate interest of the controller (Art. 6.1.f GDPR)
Anonymous statistical analysis of web traffic Legitimate interest of the controller (Art. 6.1.f GDPR)

Providing data through the forms is optional, but failure to provide data marked as required makes it impossible to process the request.

4. Recipients and external processors

Personal data is processed by authorized Sprint Commerce personnel and may be communicated to third parties acting as data processors pursuant to Article 28 GDPR, on the basis of specific contractual agreements:

4.1 Technical service providers

  • Cloudflare, Inc. (USA, with EU presence) — site hosting and content delivery via Cloudflare Pages. Cloudflare adheres to the EU-U.S. Data Privacy Framework and applies the Standard Contractual Clauses approved by the European Commission.
  • Formspree (Formspree, Inc.) — technical management of contact form transmission. Servers located in the United States. Formspree applies the Standard Contractual Clauses approved by the European Commission with Implementing Decision 2021/914 to ensure an adequate level of protection for data transferred outside the EU.

4.2 Web analytics providers

  • Cloudflare Web Analytics — anonymous statistical analysis of web traffic. Does not use cookies and does not collect identifying data of users. Data is processed in aggregated form.

4.3 Institutional bodies

Data may be communicated to competent authorities, public bodies, and supervisory authorities only in cases provided for by law.

4.4 Brand partners in the Sprint Commerce portfolio

For inquiries relating to commercial partnerships, certain identifying and contact data may be shared with the brands in the Sprint Commerce portfolio (361° Degrees, Kailas, CEP Sports, Näak) for the joint evaluation of market opportunities. Such entities operate as autonomous data controllers for their own purposes.

5. Non-EU transfers

Some of the service providers indicated above are located outside the European Union. Sprint Commerce ensures that any non-EU transfer takes place in the presence of adequate safeguards under Article 46 GDPR:

  • Cloudflare, Inc. (USA): adheres to the EU-U.S. Data Privacy Framework certified by the U.S. Department of Commerce; in subordinate, applies the Standard Contractual Clauses (SCC) approved by the European Commission with Implementing Decision 2021/914.

Data managed via Cloudflare Web Analytics (EU servers) remains within the European Union. Data transmitted to Formspree (USA) is protected via Standard Contractual Clauses pursuant to Article 46 GDPR.

6. Retention period

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected:

  • Contact form data without commercial follow-up: 24 months from receipt, to allow for any qualified follow-up.
  • Data of active customers and commercial partners: for the entire duration of the contractual relationship and for 10 years thereafter, in compliance with tax and accounting legal obligations (Art. 2220 of the Italian Civil Code).
  • Browsing data and technical logs: maximum 180 days, in compliance with the Italian Data Protection Authority's guidelines and the policies of technical providers.

At the end of the indicated periods, data is deleted or irreversibly anonymized.

7. Rights of the data subject

As a data subject, you have the right to exercise at any time the following rights provided for in Articles 15-22 of the GDPR:

  • Right of access — obtain confirmation of the existence of processing and a copy of the data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — obtain the deletion of data in the cases provided
  • Right to restriction — request the temporary suspension of processing
  • Right to portability — receive the data in a structured and readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — when processing is based on consent, without prejudice to the lawfulness of previous processing

To exercise these rights, you can write to s.commerce@sprint-commerce.it or, for formal communications, to the certified email amministrazione@pec.sprint-commerce.it. A response will be provided within 30 days of the request.

You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), Piazza Venezia 11, 00187 Rome, Italy.

8. Security and breaches

Sprint Commerce adopts technical and organizational measures appropriate to ensure a level of security appropriate to the risk, in compliance with Article 32 GDPR. Such measures include:

  • HTTPS/TLS encryption for all communications with the website
  • Role-based access control to information systems
  • Periodic backups and disaster recovery systems
  • Security audits of external providers with whom Data Processing Agreements are stipulated

In case of personal data breach, Sprint Commerce will notify the Italian Data Protection Authority within 72 hours of discovery, where applicable, and will promptly inform data subjects in the cases provided by Article 34 GDPR.

9. Changes to this notice

Sprint Commerce reserves the right to update this notice to reflect regulatory, technical, or organizational changes. Substantial changes will be highlighted on the site with appropriate visibility. Users are invited to consult this page periodically to stay informed.

Document approved by the data controller.
Sprint Commerce Srl Unipersonale · Via del Bosco 91, 12100 Cuneo (CN), Italy · IT03469100048