PRIVACY POLICY

PRIVACY POLICY

MoveLab Climbing Amateur sports club with limited liability

(MoveLab Climbing LLC)

Via Dante Alighieri 43/B, I-39042 Bressanone (BZ)

VAT number/Tax ID: IT03321680211

Last updated: February 11, 2026

ITALIAN VERSION

1. Introduction

This Privacy Policy describes how MoveLab Climbing Società sportiva dilettantistica a responsabilità limitata (hereinafter "MoveLab Climbing," "we," "us," or "our") collects, uses, discloses, and protects the personal information of users (hereinafter "User," "you," "your," or "yours") who visit our website www.movelab-climbing.it, use our services, and frequent our climbing facilities.

This Privacy Policy applies to all MoveLab Climbing locations, including the climbing gyms in Bressanone and Treviso-Silea. By using our services, you agree to the terms described in this policy. We invite you to read this document carefully.

2. Data Controller

The data controller is:

MoveLab Climbing LLC

43/B Via Dante Alighieri

I-39042 Bressanone (BZ), Italy

VAT number/Tax ID: IT03321680211

Email: office@movelab-climbing.it

PEC: movelab-climbing@pec.it

3. Personal Data Collected

We collect various types of information to provide and improve our services:

3.1 Data provided directly by the User

Registration and contact details: first name, last name, date of birth, residential address, telephone number, email address.

Registration and subscription data: type of subscription or ticket purchased, subscription validity, visit history.

Health data (only if necessary): medical information relevant to safety during sporting activities, medical certificates of fitness for sport when required by law.

Payment details: bank details (IBAN), credit/debit card details (processed by PCI-DSS certified payment service providers), tax code for invoicing.

Release and consent: sign the liability release, specific consents for data processing.

Data relating to courses and training: enrollment in climbing courses, level of experience, notes on training progress.

3.2 Data collected automatically

Website browsing data: IP address, browser type, operating system, pages visited, duration of visit, date and time of access.

Gym access data: date and time of entry via access control system, use of gym areas.

Cookies and similar technologies: as described in our Cookie Policy.

Video surveillance: images recorded by security cameras installed in the common areas of the gym for security reasons and to prevent theft or damage.

3.3 Data relating to minors

For users under the age of 18, we require the consent of their parents or guardians. The data of minors is treated with particular care and protection in accordance with current regulations, including the GDPR. The parent or legal guardian must sign the release form and provide their contact details.

4. Legal basis for processing

We process your personal data on the following legal bases:

Performance of a contract: processing is necessary for the performance of the subscription contract or for the provision of the requested services (Art. 6(1)(b) GDPR).

Consent: for the processing of sensitive data (e.g., health data), for sending promotional communications, and for the use of non-essential cookies, we obtain your explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR).

Legal obligation: to comply with legal obligations, such as the storage of accounting and tax data, occupational safety, and video surveillance (Art. 6(1)(c) GDPR).

Legitimate interests: for the security of the facility, fraud prevention, service improvement, and administrative management (Art. 6(1)(f) GDPR).

5. Purpose of Processing

We use your personal data for the following purposes:

5.1 Contract management: user registration and management, subscription and admission management, payment processing and invoicing, request management, and customer support.

5.2 Provision of services: access to climbing facilities, organization and management of courses, events, and competitions, use of equipment rental.

5.3 Security: ensuring the safety of users and staff, preventing accidents and liability, video surveillance of common areas for security reasons.

5.4 Legal obligations: comply with tax, accounting, and administrative obligations, and comply with sports and safety regulations.

5.5 Marketing and communications (only with consent): sending newsletters and promotional communications about events, special offers, and news, sending satisfaction surveys.

5.6 Service improvement: aggregate and anonymous statistical analysis to improve the services offered, optimization of the website and user experience.

6. Recipients of Personal Data

Your personal data may be disclosed or made accessible to the following parties:

Authorized personnel: employees and collaborators of MoveLab Climbing, adequately trained and authorized.

Service providers (Data Processors): IT service providers and website hosting providers, gym management and access control system providers, payment service providers (payment gateways), accounting and tax advisory services, email marketing service providers (only with consent).

Public authorities and supervisory bodies: when required by law or in response to legitimate requests from authorities (e.g., tax authorities, law enforcement agencies, CONI, sports federations).

Insurance: in the event of accidents or incidents involving users.

Business partners: only with your explicit consent and for specific purposes (e.g., event sponsors).

7. Transfer of Data Abroad

Your personal data is stored and processed mainly within the European Union. In the event that some service providers are located outside the EU, we guarantee that the transfer will take place in accordance with the GDPR, through:

• Adequacy decisions by the European Commission.

• Standard contractual clauses approved by the European Commission.

• Other appropriate legal mechanisms.

8. Data Retention Period

We only keep your personal data for as long as it's needed for the reasons we collected it:

Contract and subscription data: for the entire duration of the contractual relationship and for 10 years after its termination, in accordance with Italian tax and civil law regulations.

Payment and billing data: 10 years from the date of issue of the invoice, as required by Italian tax regulations.

Video surveillance data: maximum 7 days, unless retention is necessary for investigations or legal proceedings.

Data for marketing purposes: until consent is revoked or for a maximum of 2 years from the last interaction, in the absence of activity.

Release forms and consents: retained for the entire duration of the relationship and for 10 years thereafter, in case of any disputes.

9. User Rights

In accordance with the GDPR (EU Regulation 2016/679), you have the following rights:

9.1 Right of access (Art. 15 GDPR): you have the right to obtain confirmation of the existence of personal data concerning you and to receive a copy of it.

9.2 Right to rectification (Art. 16 GDPR): you may request the correction of inaccurate data or the integration of incomplete data.

9.3 Right to erasure (Art. 17 GDPR): in certain circumstances, you may request the erasure of your personal data ("right to be forgotten").

9.4 Right to restriction of processing (Art. 18 GDPR): you may request the restriction of the processing of your data in specific cases provided for by law.

9.5 Right to data portability (Art. 20 GDPR): you can receive data concerning you in a structured, commonly used, and machine-readable format, and transmit it to another controller.

9.6 Right to object (Art. 21 GDPR): you may object to the processing of your data for legitimate reasons or for direct marketing purposes.

9.7 Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent given prior to withdrawal.

9.8 Right to lodge a complaint: you have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali - www.garanteprivacy.it).

To exercise your rights, you can contact us at: office@movelab-climbing.it or movelab-climbing@pec.it. We will respond within 30 days of your request.

10. Data Security

We adopt appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction, or alteration. These measures include:

• Encryption of data in transit (SSL/TLS) and at rest where appropriate.

• Physical and logical access controls to computer systems.

• Training of personnel on the protection of personal data.

• Regular backup procedures.

• Confidentiality agreements with suppliers and collaborators.

• Video surveillance of common areas with visible information signs.

Despite our efforts, no security system is foolproof. We encourage you to protect your login credentials and contact us immediately if you suspect a breach.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies. For detailed information on their use, please refer to our Cookie Policy, available on the website www.movelab-climbing.it.

12. Changes to the Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices, applicable legislation, or for other operational reasons. We will notify you of any material changes by posting them on our website and, where appropriate, by email. We encourage you to check this page regularly to stay informed.

13. Contacts

If you have any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, you can contact us:

MoveLab Climbing LLC

Via Dante Alighieri 43/B, I-39042 Bressanone (BZ)

Email: office@movelab-climbing.it

PEC: movelab-climbing@pec.it

Phone: [Number to be entered]

Operational headquarters:

MoveLab Climbing Bressanone

Via Dante Alighieri 43/B, I-39042 Bressanone (BZ)

MoveLab Climbing Athletes Treviso

Via Combattenti Alleati 1, I-31057 Silea (TV)

ENGLISH VERSION

1. Introduction

This Privacy Policy describes how MoveLab Climbing Società sportiva dilettantistica a responsabilità limitata (hereinafter "MoveLab Climbing", "we", "us", or "our") collects, uses, discloses, and protects the personal information of users (hereinafter "User", "you", or "your") who visit our website www.movelab-climbing.it, use our services, and attend our climbing facilities.

This Privacy Policy applies to all MoveLab Climbing locations, including the climbing gyms in Bressanone (Brixen) and Treviso-Silea. By using our services, you accept the terms described in this policy. We encourage you to read this document carefully.

2. Data Controller

The Data Controller for personal data processing is:

MoveLab Climbing LLC

43/B Via Dante Alighieri

I-39042 Bressanone (BZ), Italy

VAT/Tax Code: IT03321680211

Email: office@movelab-climbing.it

PEC: movelab-climbing@pec.it

3. Personal Data Collected

We collect various types of information to provide and improve our services:

3.1 Data provided directly by the User

Registration and contact data: first name, last name, date of birth, residential address, phone number, email address.

Membership and subscription data: type of membership or entry purchased, membership validity, visit history.

Health data (only if necessary): relevant medical information for safety during sports activities, medical certificates of sports fitness when required by law.

Payment data: bank details (IBAN), credit/debit card data (processed through PCI-DSS certified payment service providers), tax code for invoice issuance.

Waiver and consent: signature on liability waiver, specific consents for data processing.

Course and training data: climbing course registrations, experience level, training progress notes.

3.2 Automatically collected data

Website browsing data: IP address, browser type, operating system, pages visited, visit duration, date and time of access.

Gym access data: date and time of entries via access control system, use of gym areas.

Cookies and similar technologies: as described in our Cookie Policy.

Video surveillance: images recorded by security cameras installed in common areas of the gym for safety reasons and prevention of theft or damage.

3.3 Data of minors

For users under 18 years of age, we require consent from parents or legal guardians. Data of minors is processed with particular attention and protection in accordance with applicable regulations, including GDPR. The parent or legal guardian must sign the waiver and provide their contact details.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Performance of a contract: processing is necessary for the performance of the membership contract or for providing the requested services (Art. 6(1)(b) GDPR).

Consent: for processing sensitive data (e.g., health data), for sending promotional communications, and for using non-necessary cookies, we obtain your explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR).

Legal obligation: to comply with legal obligations, such as retention of accounting and tax data, workplace safety, and video surveillance (Art. 6(1)(c) GDPR).

Legitimate interests: for facility security, fraud prevention, service improvement, and administrative management (Art. 6(1)(f) GDPR).

5. Purpose of Processing

We use your personal data for the following purposes:

5.1 Management of contractual relationship: user registration and management, membership and entry management, payment processing and invoice issuance, customer requests and support management.

5.2 Service provision: access to climbing facilities, organization and management of courses, events and competitions, equipment rental use.

5.3 Safety: ensuring the safety of users and staff, preventing accidents and liability, video surveillance of common areas for security reasons.

5.4 Legal obligations: fulfilling tax, accounting, and administrative obligations, complying with sports and safety regulations.

5.5 Marketing and communications (with consent only): sending newsletters and promotional communications about events, special offers, and news, sending satisfaction surveys.

5.6 Service improvement: aggregated and anonymous statistical analysis to improve offered services, website optimization, and user experience.

6. Recipients of Personal Data

Your personal data may be communicated or made accessible to the following parties:

Authorized personnel: MoveLab Climbing employees and collaborators, appropriately trained and authorized.

Service providers (Data Processors): IT and website hosting service providers, gym management and access control system providers, payment service providers (payment gateways), accounting and tax consulting services, email marketing service providers (with consent only).

Public authorities and supervisory bodies: when required by law or in response to legitimate requests from authorities (e.g., tax authorities, law enforcement, CONI, sports federations).

Insurance companies: in case of accidents or incidents involving users.

Business partners: only with your explicit consent and for specific purposes (e.g., event sponsors).

7. International Data Transfer

Your personal data is stored and processed primarily within the European Union. Should some service providers be located outside the EU, we ensure that the transfer occurs in compliance with GDPR, through:

• European Commission adequacy decisions.

• Standard contractual clauses approved by the European Commission.

• Other appropriate legal mechanisms.

8. Data retention period

We retain your personal data only for as long as necessary for the purposes for which it was collected:

Contractual and membership data: for the entire duration of the contractual relationship and for 10 years after termination, in accordance with Italian tax and civil law regulations.

Payment and billing data: 10 years from the invoice issuance date, as required by Italian tax law.

Video surveillance data: maximum 7 days, unless retention is necessary for investigations or legal proceedings.

Marketing data: until consent is revoked or for a maximum of 2 years from the last interaction, in the absence of activity.

Waivers and consents: retained for the entire duration of the relationship and for 10 years thereafter, for potential litigation.

9. User Rights

In accordance with GDPR (EU Regulation 2016/679), you have the following rights:

9.1 Right of access (Art. 15 GDPR): you have the right to obtain confirmation of the existence of personal data concerning you and to receive a copy.

9.2 Right to rectification (Art. 16 GDPR): you can request correction of inaccurate data or completion of incomplete data.

9.3 Right to erasure (Art. 17 GDPR): under certain circumstances, you can request deletion of your personal data ("right to be forgotten").

9.4 Right to restriction of processing (Art. 18 GDPR): you can request restriction of processing of your data in specific cases provided by law.

9.5 Right to data portability (Art. 20 GDPR): you can receive data concerning you in a structured, commonly used and machine-readable format, and transmit it to another controller.

9.6 Right to object (Art. 21 GDPR): you can object to processing of your data for legitimate reasons or for direct marketing purposes.

9.7 Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

9.8 Right to lodge a complaint: you have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority - www.garanteprivacy.it).

To exercise your rights, you can contact us at: office@movelab-climbing.it or movelab-climbing@pec.it. We will respond to your request within 30 days.

10. Data Security

We adopt appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction, or alteration. These measures include:

• Encryption of data in transit (SSL/TLS) and at rest when appropriate.

• Physical and logical access controls to IT systems.

• Staff training on personal data protection.

• Regular backup procedures.

• Confidentiality agreements with suppliers and collaborators.

• Video surveillance of common areas with visible information signs.

Despite our efforts, no security system is infallible. We encourage you to protect your access credentials and to contact us immediately in case of suspected breach.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies. For detailed information on their use, please consult our Cookie Policy, available on the website www.movelab-climbing.it.

12. Changes to Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices, applicable legislation, or for other operational reasons. We will inform you of any substantial changes through publication on our website and, where appropriate, via email. We encourage you to regularly consult this page to stay informed.

13. Contact

If you have any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, you can contact us:

MoveLab Climbing LLC

Via Dante Alighieri 43/B, I-39042 Bressanone (BZ), Italy

Email: office@movelab-climbing.it

PEC: movelab-climbing@pec.it

Phone: [Number to be inserted]

Operating locations:

MoveLab Climbing Bressanone

Via Dante Alighieri 43/B, I-39042 Bressanone (BZ)

MoveLab Climbing Athletes Treviso

Via Combattenti Alleati 1, I-31057 Silea (TV)

‍