PRIVACY POLICY
GENERAL CONDITIONS OF USE PRIVACY POLICY
This statement on data protection (or “privacy policy”) is made in compliance with the applicable regulations for the protection of personal information and, in particular, in accordance with Section 13 and 14 of the EU Regulation 2016/679 (“GDPR”) with regard to the processing of personal data of visitors collected or otherwise processed through the www.runromethemarathon.com site (“Website” o “Site”). This Site is managed by Infront Italy S.p.A. (for companies data see para. 1). This statement contains important information on personal information processed through this Website either as a registered or non-registered user and describes the manner in which such data is used.
This document contains important information on the following matters.
- DATA CONTROLLER
- PROCESSING PURPOSES
- NATURE OF DATA CONFERRAL AND CONSEQUENCES OF A REFUSAL
- TYPES OF DATA PROCESSED/SPECIFIC PROCESSING
- DATA CONSERVATION PERIOD
- RECIPIENTS/CATEGORIES OF RECIPIENTS OF PERSONAL DATA
- RIGHTS OF THE DATA SUBJECT
- RIGHT TO OBJECT AND REVOKE
- CHILDREN’S PERSONAL DATA PROTECTION
- PROCESSING METHODS AND SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
- UPDATES OF THIS STATEMENT/NOTICES
- DATA CONTROLLER
For the purposes of this Data Protection Statement and the processing of the information described herein, we wish to specify that personal data will be processed by Infront Italy S.p.A., with its registered office in Milano, Via Deruta n. 20, p.iva 12515360159 (“Infront”), email info@infrontsports.com, as autonomous data controller (as defined in Reg. (EU) 2016/679) and hereinafter defined also as “Data Controller”. For any comment or query on this Data Protection Statement and to talk to the local reference contact, you may contact the customer service at the following e–mail address: Privacy.Italy@infrontsports.com .
- PROCESSING PURPOSES
After accessing this Website and using one or more services, information related to identified or identifiable natural persons may be processed. Any personal data collected, always in compliance with applicable regulations, will be processed solely for the following purposes:
a) purposes connected and instrumental to allowing access to and use of the Website, its features, the services requested and the services rendered by the Data Controller and, more in general, to the browsing of this Site;
- b) for the organization, management and documentation of the sport events listed, sponsored and organized also through the Website and, more in general, for internal operating and administration requirements related to services and/or products offered through the Website, including direct marketing activities;
- c) to comply with the requirements of the applicable law and regulations;
d) when expressly requested, to implement the newsletter service and promotional and advertising activities of the Data Controller and/or third parties; - e) to answer users’ requests and communications;
- f) in the event of personal data collected during the registration phase and the using of the Website’s restricted areas for: (i) the registration and management of the restricted area; (ii) the purposes provided in the relevant collection data form; (iii) sending marketing communications, newsletter, special offers and advertising material by the entities specified in the collection consent form, if necessary;
- g) for any other purpose described in the specific information statement provided during the data collection.
In the event of explicit and freely given consent, if necessary, the data collected for the purposes indicated in point a), b) and f) above will be also be processed for direct marketing purposes by the Data Controller and in particular for sending information, commercial or advertising material related to the services and/or products offered by the Data Controller. The data will be processed fairly and lawfully and used solely for the purposes indicated in the paragraphs above. Processing will take place by means of appropriate instruments to guarantee the security and confidentiality of the personal data which may be handled using paper-based instruments and/or automated means or computer systems suitable for recording, managing and transmitting data.
- NATURE OF THE DATA CONFERRAL AND CONSEQUENCES OF A REFUSAL
The provision of personal data is optional. Nevertheless, we inform that lacking the communication of personal data, user may not be allowed to properly browse the Site and the provision of any services or information requested may be prevented. The provision of additional personal data for the sending of informative material or other communications is optional. However, failure to provide such data could make it impossible to process such requests and therefore obtaining the relevant information. It should be noted that, in any case, if the processing of your data is carried out on the basis of consent, this can be revoked at any time, as specified below. - TYPES OF DATA PROCESSED/SPECIFIC PROCESSING AND LEGAL BASIS OF PROCESSING
Depending on the service provided, different types of personal data may be processed as specified in this article.
4.1. Navigation data
The information systems and software procedures used for the functioning of this Site collect, during their normal exercise, some personal data whose transmission is implicit in the navigation of websites. This information is not collected to be associated with identified interests. However, by their very nature they could, through processing and association with data held by third parties, lead to the identification of the users. These include the IP addresses or the domain names of the computers used by the users accessing the site, the URL addresses of the resources requested, time of the request, method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply from the server and other parameters related to the operating system and the platform used by the user. The information referred to above is used for the sole purpose of acquiring anonymous statistical data on the use of the site and to verify its correct functioning; these data are cancelled immediately after elaboration. The data may be used for ascertaining responsibility in the event of potential computer crimes to the detriment of the site: apart from this possibility, at the current time data on web contacts do not persist for more than seven days. Retention of access logs, maintained directly on servers that register users’ IPs, are kept for 12 months. The legal basis of processing is carrying out the services to users (art. 6, paragraph 1, lett. b) GDPR). Should personal data be processed for profiling purposes, the lawful basis of processing will be consent. As far as cookies are concerned, reference should be made to cookies policy.
4.2.1. Data provided voluntarily by the user (communications)
Optional, explicit and voluntary communications by means of contact forms available on this site or by electronic mail to the addresses indicated on this Site, will lead to the subsequent collection of the data forwarded by the sender, including his/her e-mail address and consent to receiving further messages in answer to his/her requests.
The personal data thus supplied can be used only for the purpose of fulfilling or acknowledging requests transmitted and are communicated to third parties only when necessary for such purpose. Specific statements prepared for special services on request will be listed in the related web pages. The legal basis of the processing are as per: i) Section 6, paragraph 1, letter b) of GDPR (i.e. when the processing is necessary for the performance of a contract to which you are party or in order to take steps to at your request prior to entering into a contract) and; ii) Section 6, paragraph 1, letter f) of GDPR(i.e. the legitimate interest of the Data Controller’s to carry out the users’ requests and to promote their activities).
4.2.2. Data provided voluntarily by the user (in order to receive communications related to marketing and/or commercial promoting)
Each person interested may provide his/her personal data voluntarily to the Data Controller in order to receive trade communications or promotions however they may be called either by digital or paper notices from the Data Controller and/or third parties . The legal basis of this processing is consent, pursuant to section 6, paragraph 1, letter a) of the GDPR. However, in each communication the data subject will be reminded that he/she can withdraw his/her consent at any time and without any formalities. The data will be erased at the request of the data subject, except if otherwise provided by law.
Only in the case where electronic mail details are provided by the interested party in the context of sale of a product or a service, the e-mail address thus supplied may be used for the direct sale of other similar products or services pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003 (Italian Personal Data Protection Act, the so-called “Privacy Code”), without the need for prior express consent. The legal basis of processing is the Data Controller’s legitimate interest, pursuant to Section 6, paragraph 1, letter f) of the GDPR.
4.2.3. Data provided voluntarily (in order to receive newsletter)
The Data Controller’s newsletter is sent by e-mail to whoever subscribes at the newsletter service. The legal basis are as per: i) Section 6, paragraph 1, letter b) of GDPR (i.e. the processing is necessary for the performance of a contract to which you are party or in order to take steps to at your request prior to entering into a contract; and; ii) Section 6, paragraph 1, letter f) of GDPR, the legitimate interest of the Data Controller’s to promote their activities.
If you no longer wish to receive the newsletter, all you have to do is to click on the cancellation link to be found at the end of each e-mail. Cancellation is handled by automated means, and you could receive other newsletters the mailing of which had been planned prior to receipt of your request for cancellation, in any case within a period of maximum 72 hours.
4.2.4. Data provided voluntarily by the user (through Website reserved areas and in connection with the sport events organized by Data Controller and sponsored and managed also through the Website)
Registration data (necessary for registration in any reserved area of the Website) will be used for: (i) registration and management of reserved areas (ii) the purposes indicated in any data collection form (iii) for sending of commercial information, newsletters, special offers and promotional material by the entity specifically indicated in the consent form, if necessary. The legal basis are as per: i) Section 6, paragraph 1, letter b) of GDPR (i.e. the processing is necessary for the performance of a contract to which you are party or in order to take steps to at your request prior to entering into a contract; and; ii) Section 6, paragraph 1, letter f) of GDPR, the legitimate interest of the Data Controller’s to promote their activities.
The data provided within the scope of sports events organized by the Data Controller and sponsored and managed also through the Website, including events participants’ images, will be used for: (i) registration, organization, management and documentation of user participation in the events themselves (ii) purposes indicated in each data collection form (iii) for sending information and newsletters relating to events of the same nature by the entities specified in the consent form, if necessary. The legal basis of processing is to be found in the need to perform the contract/provide the services requested by users or to take steps to at your request prior to entering into a contract (Section 6, paragraph 1, letter b) of GDPR) or in the legitimate interest of the Data Controller’s to promote its activities ((Section 6, paragraph 1, letter f) of GDPR)
4.3.1. Cookies
This Website uses technologies such as cookies to collect information relating to the use of the Site by users. It should be noted that consent to the use of such technologies and the relative processing of data is optional, but please also note that if consent is not given, there could be problems with browsing and access to all or parts of the Site or limitations with respect to the full functionality of the it. For more information and details about it, visit the Cookie Policy section.
- CONSERVATION PERIOD
Except as expressly indicated in paragraph 4 above, data conferred are kept for the time strictly necessary to implement the activities for which the data has been collected and, however, for the period provided for by legislation. Additionally, such data will be stored for the period necessary to exercise the Data Controller’s rights.
- CATEGORIES OF PERSONAL DATA RECIPIENTS
For the purposes set out in Article 2 of this document, if only prior consent is required, the data can be disclosed to third parties whose cooperation may and/or needs be used by Infront for performing the services offered. Such subjects/entities will act as external data processor, pursuant to section 28 of GDPR and they will process personal data for the same purposes listed under article 2 of this document. Please note that some of the entities to which data can be communicated might act as data controllers of the communicated data, subject to their release of a proper information statement pursuant to Section 14 of GDPR, unless otherwise provided by applicable laws.
Moreover, data collected for the above purposes can be disclosed to related companies or those belonging to the same Group as the Controller and to parties authorized for such purpose by provisions of law and European regulations, also outside the European Union territory (for example in Switzerland). Having regard to Switzerland, we inform you that European Commission, with adequacy decision No 2000/518/CE of July 26, 2000, determined that Switzerland ensures an adequate level of protection.
A list of the parties to whom the Data Controller discloses personal data collected for the purposes indicated above is available for data subjects care of the Controller and can be obtained on written request.
- RIGHTS OF THE DATA SUBJECT
The data subject is the natural person, identified or identifiable, to whom the personal data processed refers. We wish to inform you that, in your capacity as data subject, you have the right to access at any time the data processed by the Controller (right of access) in order to ascertain the correctness and verify the lawfulness of the processing carried out. Moreover, you may exercise all the rights granted by the applicable national and European regulations and specifically by Sections 15 et seq. of Reg. EU n. 2016/679 and subsequent amendments and addenda: in particular, you may request at any time the access, correction and updating of inexact or erroneous data, limitation of the processing carried out and the erasure of such data (right to be forgotten) if requirements provided by section 17 of GDPR are met, as well as lodge a complaint with the Data Protection Commissioner, to the following contact details: Italian Data Protection Authority (“Autorità Garante della Protezione dei Dati Personali”), Piazza di Monte Citorio No. 121 00186 ROMA, Fax: (+39) 06.69677.3785, Telephone: (+39) 06.696771, E-mail: garante@gpdp.it.
Regarding personal data processed by automated means, you have the right to receive in a structured and commonly used format, the personal data concerning you and to transmit them, if so wished, to another controller (right to data portability).
To allow Infront to operate in the best interests of the user, the latter is requested to regularly verify and update your personal data. If you are a registered user, you can access your personal data and amend them but using the user account setting on the Website. Otherwise, you can contact the Data Controller to receive help to update your personal data.
Any request concerning the processing of personal data and any communication related to your rights may be addressed to the Controller by sending a message by e-mail:Privacy.Italy@infrontsports.com, by ordinary mail to Infront Italy S.p.A., Via Deruta n. 20, Milano.
- RIGHT TO OBJECT AND REVOKE
In addition, each data subject has the right to withdraw his consent at any time, without affecting the lawfulness of processing performed by the Controller prior to withdrawal as well as the possibility for Data Controller to continue data processing based on other legal basis of processing.
The data subject always has the right to object to the processing of the data concerning him/her if it is performed for the purpose of direct marketing as indicated in Article 2, paragraph b). In this case, your personal data will no longer be subject to processing for such purposes (right to object).
- PROTECTION OF CHILDREN’S PERSONAL DATA
This website addresses a general public but its services are intended for persons of 14 years and over. Infront does not request, collect, utilize and disclose personal data provided by persons under the age of 14. If Infront becomes aware that they have collected data concerning a minor of 14, they will erase them.
If the user is not of the required age, he/she is kindly requested not to register and to ask an adult (i.e. his/her parents or guardian) to undertake the necessary procedures.
It should be noted that pursuant to Article 2-quinquies of Legislative Decree 196/2003, where Article 6, paragraph 1, letter a) applies regarding the direct offer of information services to minors, the processing of the minor’s personal data is lawful if the minor is at least 14 years old. - PROCESSING METHODS AND SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
Personal data will be processed in compliance with the principles set forth under Section 5 of GDPR. The processing of personal data for the above-mentioned purposes will take place through information technologies and manually, with electronic devices or in paper form, based on logical criteria aimed at pursuing the purposes for which the data were collected and fulfilling specific legal obligations, in compliance with the rules of confidentiality and security provided by GDPR and with all laws and its implementing provisions, as well as with national legislation and internal regulations. However, pursuant to Section 32 of GDPR, the Data Controller has taken all appropriate security measures to prevent risks that may arise from the processing of data, such as the destruction, loss and misuse of data, as well as unauthorized access to them.
In particular, Infront has taken appropriate steps to protect the user’s personal data from accidental loss and unauthorized access, utilization, amendment and disclosure. The management of this Website uses password controls, firewall technology and other technological safety measures based on procedures. Although Infront has put the above security measures into place for its Website, the user should be aware that it is impossible to guarantee 100% security. Therefore, the user provides his/her personal data at his/her own risk and, to the maximum extent allowed by applicable law, Infront cannot be held responsible for their disclosure due to errors, omissions or unauthorized actions of third parties during or after their transmission to the latter. Infront advises the user to periodically update the software to protect transmission of data on the networks (for example, antivirus software) and to ensure that the supplier of the electronic communication services has adopted appropriate means for the security of data transmission on the networks ( for example, firewalls and spam filters); maintain the confidentiality of user name and password to access the user account and not communicate them to anybody as well as periodically changing the password.
In the unlikely event that Infront is of the opinion that the security of the user’s personal data in its possession or under its control has been or could have been compromised, the Data Controller will inform the user in accordance with the procedures envisaged by applicable law, using the methods required by law (by supplying Infront with his/her e-mail address, the user agrees to receive such communications in electronic format through such e-mail address).
- UPDATES OF THIS DATA PROTECTION STATEMENT – NOTICES
Infront, at its own discretion, reserve the right to change, amend, add or remove parts of this Data Protection Statement at any time by publishing the revised version on this page of the Website and changing the date of the “Last Amendment” indicated below. It is the user’s responsibility to re-read the Data Protection Statement from time to time in order to discover any changes made. In some cases, Infront may provide further notices concerning major changes to this Data Protection Statement by publishing a notice on the first page of this Website or, in the case of registered users, by sending an e-mail notice or by inserting a notice on their account page. Accepting such revised Data Protection Statement by clicking on the “accept” button found in the e-mail notice or in the notice published on the account page (where this is envisaged to comply with applicable regulations), by using or sending information to the Website after publication of the revised Data Protection Statement, the user accepts such revised Data Protection Statement. After the amendments made if envisaged by applicable regulations, user data will not be subject to processing without the explicit consent of the user.