PRIVACY NOTICE

 
With this notice, provided in compliance with the applicable legislation on the protection of personal data and, in particular, in accordance with EU Regulation 2016/679 (GDPR) and Legislative Decree No. 196/2003 (Italian Personal Data Protection Code, also called the Privacy Code), the data controller, as identified below, supplies information on the collection, purposes and methods of processing of personal data and on the rights granted to the data subject by the privacy legislation.

  1. DATA CONTROLLER

1.1 The data controller is SSD Pedale Feltrino, with its registered office at Via Montelungo 21, 32032 Feltre (BL), Italy, VAT No. 00742450257, tel. +39 0439 303735, fax +39 0439 300600, website http://www.pedalefeltrinotbh.it.

1.2 For any request regarding this privacy notice or to exercise the rights referred to in art. 11, it is possible to contact the person assigned by SSD Pedale Feltrino to handle requests relating to data processing by sending an email to info@sportfuldolomitirace.it, to the attention of Ms. Anna Valerio.

  1. PURPOSE OF THE PROCESSING

2.1 The data controller processes ordinary personal data supplied by the data subject, including identifying data (first name, last name, date of birth, sex, nationality, address and place of residence, contact details, size, etc.) and license or membership data from sports bodies and/or associations, for purposes related to registration for the Granfondo Sportful Dolomiti Race, potentially the issuing of one-day licenses to participants, and the management of relationships with insurers and race assistance services (including medical services), and in general for everything that is necessary to execute the above-mentioned sporting event.

2.2 Personal data are also processed for purposes and obligations related to the management of relations with the Italian Cycling Federation (FCI), the fulfillment of the organization’s statutory and management obligations, financial and tax obligations, and those provided by the law and by European regulations, and for these purposes the data may also be disclosed to third parties appointed as data processors pursuant to art. 6, section 6.3.

2.3 The processing may also involve data included in so-called special categories pursuant to art. 9 of the GDPR, in particular data that could reveal the health status of Granfondo Sportful Dolomiti Race participants. For the purpose of completing registration for the above-mentioned race, as per federation (FCI) regulations, a medical certification will be required, certifying the health status of the participant, also for the purposes of communicating to insurers for obtaining insurance coverage, as well as for delivery and/or communication to any medical teams and/or health services, including hospitals, in case of injury and in the event that the participant needs medical care during the event. The presentation of this certification is mandatory for registration for the race, and therefore every participant will be required to give explicit consent to the processing of the data contained in it for the specific purposes described above.

2.4 Only in the case of explicit and optional provision of consent may personal data be processed:

  1. a) for executing the newsletter service managed by SSD Pedale Feltrino;
  2. b) for direct marketing purposes by the data controller, in particular to send, to the addresses provided during registration for the race, informational, commercial or advertising material relating to services and/or products offered by the organization;
  3. c) for the purpose of commercial information, for sending advertising material, for direct sales or for market research or interactive commercial communication, or for the purpose of seeking funds and sponsorships, the data – always with the explicit and optional consent of the data subject – may be shared with organizations, businesses or third parties.
  1. LEGAL BASIS FOR THE PROCESSING

3.1 The legal basis for processing the data consists of:

  • in relation to ordinary data, the need to complete registration for the race and ensure its regular execution, including with regard to the issuance of one-day licenses, and the need for the data controller to comply with legal obligations and privacy legislation;
  • in relation to ordinary data, where the legal basis for processing is represented by the consent of the data subject (e.g., newsletter service or sharing of data for commercial and advertising purposes), the individual will be required to express or deny consent by checking or not checking the specific box on the form corresponding to the specific purpose;
  • in relation to special-category data (e.g., those that could reveal health status), the explicit consent given by the data subject.
  1. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL

4.1 The provision of personal data and special-category data and consent to their processing are optional.

4.2 However, any refusal to provide and consent to the processing of data necessary for the purposes referred to in art. 2, sections 2.1, 2.2 and 2.3 will make it impossible to complete registration or obtain a one-day license and, in general, will prevent participation in the Granfondo Sportful Dolomiti Race.

4.3 The provision of data for the processing purposes indicated in art. 2, section 2.4, items (a), (b) and (c), in contrast, remains optional and subject to explicit consent; in the absence of explicit consent, these services will not be provided, but participation in the competition will not be prevented. Any consent given during registration for the provision of data pursuant to art. 2, section 2.4, may be revoked at any time, by unsubscribing to the newsletters or contacting the data controller directly at the email address indicated in art. 1, section 1.2.

  1. LOCATION OF DATA PROCESSING

5.1 Processing connected to the purposes referred to in art. 2 is handled by SSD Pedale Feltrino staff at the locations where the organization operates.

  1. PROCESSING METHODS

6.1 In relation to the above-mentioned purposes, the processing of data will be carried out using appropriate tools to ensure their security and confidentiality and may be carried out not only using paper documents but also with automated information and communication technology tools. The processing of data using information and communication technology procedures will be based on the principles of transparency, necessity, lawfulness and fairness, and with the adoption of the security measures outlined in the GDPR and the Privacy Code so as to minimize the risk of destruction or loss of data (including accidentally), unauthorized access, illicit use, or processing that is not allowed and/or not compliant with the purposes of collection indicated in art. 2. However, due to the nature of the means of completing the online form, such measures cannot limit or absolutely exclude any risk of unauthorized access or data loss. For this reason, the user is advised to periodically check that his or her computer is equipped with software systems suitable for the protection of online data transmission, both incoming and outgoing (such as updated antivirus software), and that the internet service provider has adopted appropriate measures to provide for the security of data transmission via the internet.

6.2 The data will be processed by SSD Pedale Feltrino staff who have been duly instructed and authorized to process them.

6.3 For the processing of data for the purposes indicated, SSD Pedale Feltrino also collaborates with third parties, all designated as responsible for the processing pursuant to art. 28 of the GDPR, and in particular ENGAGIGO Srl, SERSIS Servizi & Sistemi s.n.c. and SOCIUS by Francesco Testaferri.

  1. SHARING AND DISSEMINATION

7.1 For the functional, institutional and management purposes of SSD Pedale Feltrino, the data may be shared, without the need for prior consent, with other subjects in addition to the organizations indicated in art. 6, section 6.3, such as:

  • insurance companies with which contracts will be signed for license holders and for participants in the race;
  • consultants appointed by SSD Pedale Feltrino to carry out legal, accounting/bookkeeping and tax-related activities;
  • radio and television news organizations, press outlets, newspapers, and periodicals, only in the cases provided for by law;
  • sports promotion bodies;
  • judicial authorities, police and public safety authorities, administrative authorities, and public administrations, for the fulfillment of regulatory, government and health service obligations;
  • the FCI, in compliance with the regulations for co-ownership of the data processing function;
  • for promotional purposes functional to its business, SSD Pedale Feltrino may disseminate some personal data of race participants, in particular images and/or videos taken of them during the event, both via its own website, pedalefeltrinotbh.it, and the site dedicated to the race, www.sportfuldolomitirace.it, always respecting the principle of data minimization;
  • SSD Pedale Feltrino may also publish on its website, pedalefeltrinotbh.it, and on that of the race, www.sportfuldolomitirace.it, the race classifications, with the first and last name of each participant, the assigned race number, position, and race time, always respecting the principle of data minimization.
  1. TRANSMISSION OF DATA TO THIRD COUNTRIES

……………………

  1. PROFILING

9.1 The personal and special-category data collected by SSD Pedale Feltrino are not subject to a fully automated decision-making process, including profiling.

  1. STORAGE PERIOD

10.1 The data of the registered individuals are kept for the time period strictly necessary for the fulfillment of the request and for the purposes described.

  1. RIGHTS OF THE DATA SUBJECT

11.1 Among the rights granted to those affected by the GDPR are the right to:

  • request of the data controller:
  1. access to personal data and information relating to them;
  2. the correction of inaccurate data or supplementation of incomplete data;
  3. the deletion of personal data (when one of the conditions outlined in art. 17, paragraph 1, of the GDPR applies, and in compliance with the exceptions provided for in paragraph 3 of that same article);
  4. the restriction of the processing of personal data (when one of the conditions outlined in art. 18, paragraph 1, of the GDPR applies);
  • request and obtain from the data controller – in the event that the legal basis for the processing is contract or consent, and the same is performed by automated means – the personal data in a structured format that is readable by automatic device, including in order to share such data with another data controller (the so-called right to the portability of personal data);
  • object at any time, for reasons connected with the individual’s own particular situation, to the processing of his or her personal data pursuant to art. 6, paragraph 1, items (e) or (f), including profiling on the basis of these provisions;
  • revoke consent at any time, limited to cases in which the processing is based on consent for one or more specific purposes and concerns common personal data, or special categories of data, without affecting the lawfulness of processing carried out by the data controller before such revocation. In any case, processing based on consent and carried out prior to the revocation retains its lawfulness;

11.2 All the aforementioned rights may be exercised by sending a request to the email address indicated in art. 1, section 1.2.

11.3 The data subject will receive a reply as soon as possible, and within 1 month at the latest, a term that may be extended by two months if necessary, taking into account the complexity and the number of requests. If the data controller has doubts about the identity of the individual submitting the request, the controller may request further information necessary to confirm it.

11.4 When the required conditions are met, the data subject may lodge a complaint with a supervisory authority (the Italian Data Protection Authority – www.garanteprivacy.it).

  1. CHANGES TO THE PRIVACY NOTICE

This notice may be subject to change. If the data controller makes substantial changes to its use of the data subjects’ data, the data controller will notify users by publishing the changes prominently on the pages of its website.