Privacy Statement - Il Giro di Abruzzo

GIRO D'ITALIA* PRIVACY POLICY *change for each event (Giro d’Abruzzo, Giro Women etc)

This privacy policy, pursuant to and for the purposes of EU Regulation 679/2016 (“GDPR”), is issued by the Joint Controllers indicated below for the processing of your personal data collected in the context of the delivery of services through websites, apps, registration, participation in and accreditation to events, initiatives and competitions.

1. JOINT CONTROLLERS AND CONTACT DETAILS

Who are the Joint Controllers? How can I contact them?

The details of the Joint Controllers and their contact details are provided below:

- RCS Sports & Events S.r.l., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT No. 10490090965,
- RCS Sport s.p.a., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT No. 09597370155,
- Società Sportiva Dilettantistica RCS Active Team a r.l., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT no. 08894770968,

(hereinafter, jointly the “Joint Controllers” and each individually the “Joint Controller”)

The Joint Controllers have entered into a joint data controller agreement in which they have determined that RCS Sports & Events S.r.l. will manage requests by the data subject to exercise their rights, and in which they have indicated the activities to be carried out by each of them and the related responsibilities. The joint contact point chosen by the Joint Controllers is the following e-mail address privacysport@rcs.it. You may request further details relating to the joint data controller agreement from the indicated contact address.

2. CATEGORIES OF PERSONAL DATA

Which categories of personal data do we process?

As part of the services provided and depending on the type of services requested, we will collect the following categories of data:

identification details (including personal details, contact details, etc.);
contractual data (including data necessary to use the services and participate in the events, payment and invoicing details, services provided, etc.);
derived data (only if you have provided consent to profiling, data relating to your habits and preferences);
only in the context of sporting events data relating to sporting fitness (only if the participant’s fitness for sporting activity is an essential requirement to participate in the sporting event, based upon Art. 9, par. 2, lett. h of the GDPR, in accordance with the health protection regulations referred to in the Decree of the Ministry of Health of 18 February 1982 as amended and supplemented).

3. PURPOSES AND LEGAL BASIS OF PROCESSING

For what purposes are the data processed? On what legal basis? For how long are they stored?

We indicate below the processing purposes, the legal basis that legitimises the processing and the storage period of your personal data:

PURPOSES	LEGAL BASIS	STORAGE PERIOD
Contractual purposes – The data you provide will be processed by the Joint Controllers for the performance of a contract and in order to take steps prior to entering into a contract. The activities involved in this purpose include all those necessary to provide you with the requested services, including to register or enrol you on the website, to allow you to participate in competitions, initiatives or events, to manage the sale and/or delivery of products or services, to manage communities and user contributions, to fulfil specific requests prior to the conclusion of the contract, to manage the contract and provide support and assistance. In addition, upon your specific request, you can subscribe to and receive newsletters.	Performance of the contract and/or take steps prior to entering into a contract	The data will be stored until the end of the service, until withdrawal or until a cancellation request is made
Compliance with legal obligations – The data will also be used to comply with the obligations envisaged by the laws in force, including the keeping of company accounting for both statutory and tax purposes, as well as compliance with obligations concerning the preparation of financial statements documents and with provisions issued by authorities authorised to do so by law.	Compliance with a legal obligation	The data will be stored for the mandatory storage period defined by the applicable accounting and/or tax laws
Administrative and accounting management purposes – The data will be used to carry out administrative, operational, financial and accounting transactions related to internal organisational requirements, also related to the right of defence of legal claims.	Legitimate interest of the Joint Controllers in effectively and efficiently managing internal business operations	The data will be stored for the limitation period of the rights and for any additional storage periods established by accounting and tax laws
Statistical analysis purposes – The data will be used to carry out statistical and aggregate analysis activities, without having any effect on the individual data subject.	Legitimate interest in carrying out aggregate analyses to plan the company strategy according to the relevant market	The personal data used for this purpose do not require separate storage but comply with the storage periods of the other purposes.
Direct marketing purposes – Only with your explicit and specific consent, the data may be used to carry out market surveys and promotional activities and to send commercial information on the services, products and promotional initiatives of the Joint Controllers, using all available means of communication, automated and otherwise (such as: paper mail, telephone, email, text messages, chats and notifications).	Consent	The data will be stored until the withdrawal of consent or until cancellation and, in case of inactivity, after five years.
Profiling purposes for marketing activities – The data may be used to carry out profiling activities based on information collected during access to and use of the services and linking them, through algorithms, in order to identify common traits and to group together similar profiles within the classes of interest. The Joint Controllers use profiling data to offer you content that is more suited to your tastes, to aggregate marketing profiles and to customise campaigns and advertising, and for the development of commercial strategies.	Consent	The data, observed from time to time, will be erased after 12 months from the start of processing
Direct marketing purposes by third parties – Only with your explicit and specific consent, your data may be provided to other companies and specific organisations, namely those operating in the publishing, financial, insurance, automotive, sports, energy, consumer goods sectors, food & beverage, fashion, luxury, healthcare, large-scale distribution, transport, humanitarian sectors and charitable organisations which may contact you in relation to their independent initiatives for market surveys and for sending commercial information on services and promotional initiatives, using all available means of communication, automated and otherwise (such as: paper mail, telephone, e-mail, text messages, chats and notifications).	Consent	The data will be stored until the withdrawal of consent or until cancellation and, in case of inactivity, after five years
Purposes of promotion of similar products or services (soft spamming) – The data will be used by the Joint Controllers to carry out promotion and direct sales activities in relation to products or services similar to those you have already purchased, using the email details provided by you in the context of a previous purchase or service request, provided that you do not exercise your right to object in the ways described in the paragraph entitled “Rights of the Data Subject” below. You may exercise your right to object through the specific link found at the bottom of any email containing promotional content that is sent to you.	Legitimate interest of the Joint Controllers in sending communications relating to similar services, as established by Art. 130, 4 of Italian Legislative Decree 196/2003.	The data will be stored until objection or cancellation and, in case of inactivity, after five years.

4. MANDATORY NATURE AND CONSEQUENCES OF PROVISION OF DATA

Is it mandatory to provide the data? What happens if I do not provide them?

The provision of data for the purposes indicated in points 3.1, 3.2, 3.3 and 3.4 is necessary for the conclusion and management of the contract. In the partial or total absence of provision of these data, the contractual relationship may not be initiated and/or continued. For the purposes indicated in points 3.5, 3.6, 3.7 and 3.8, the provision of data is optional and, in the event of a failure to provide it, the marketing and profiling activities specified therein may not be carried out.

5. DISCLOSURE, COMMUNICATION AND PARTIES ACCESSING THE DATA

Who can know your data? To whom do we communicate them?

Your data may be disclosed or communicated to the following parties.

Authorised persons – The data may be accessed by officers authorised by the Joint Controllers who must access them for the purposes indicated above.
Processors – Your personal data will not be disseminated, but they may be disclosed, where necessary for the provision of the service, to third parties (such as, for example, third party technical service providers, hosting providers, IT or marketing companies) appointed as Data Processors for tasks instrumental to the provision of the services.
Autonomous data controllers – your data may be shared with other controllers when required by specific rules (e.g. public administration, judicial authority) or when you have given consent (e.g. third parties for the “Direct marketing purposes by third parties”) or when necessary for the performance of contracts to which you are a party or to fulfil requests before the conclusion of the contract (e.g. banks to manage payments). Competent national sports federations or affiliated organisations or bodies for membership management) or for administrative and accounting purposes to group companies within the EU.

6. LOCATION OF DATA PROCESSING

Are the data transferred outside the EU?

Your personal data may also be processed by the joint controllers outside the European Union. If this happens, the processing will be regulated in compliance with the provisions of chapter V of the Regulation and authorised on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data, basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on appropriate safeguards expressed by the recipient third party pursuant to Art. 46 of the Regulation; c) on the adoption of Binding Corporate Rules.

7. RIGHTS OF THE DATA SUBJECT

What are your rights as a data subject?

The GDPR grants to you the following rights in relation to your personal data which you may exercise within the limits and in compliance with the provisions of the legislation:

Right of access to your personal data (art. 15);
Right to rectification (art. 16);
Right to erasure (right to be forgotten) (art. 17);
Right to restriction of processing (art. 18);
Right to data portability (art. 20);
Right to object (Art. 21); you have the right to object at any time, on grounds related to your particular situation, to the processing of personal data concerning you based on the legitimate interest, including profiling on that basis. The Joint Controllers refrain from processing unless they demonstrate the existence of compelling legitimate interests to proceed with the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a legal claim;
Right to object to a decision based solely on automated processing (art. 22);
Right to withdraw, at any time, the consent given, without prejudice to the lawfulness of the processing based on consent given before the withdrawal

You may exercise these rights by sending a communication to the Joint Controllers or to the Data Protection Officer (or “DPO”) whose contact details are indicated in the appropriate sections of this privacy policy.

Furthermore, you always have the right to lodge a complaint with the Personal Data Protection Supervisory Authority (art. 77 GDPR), which can be contacted at the address garante@gpdp.it or via the website http://www.gpdp.it, or the right to an effective judicial remedy (art. 79 of the GDPR).

8. DATA PROTECTION OFFICER AND CONTACT DETAILS

Has a DPO been appointed? How do I contact him/her?

The Joint Controllers have identified a Data Protection Officer and have set up an office for managing requests of the data subjects regarding privacy.

To exercise the rights granted to you, you can contact the Joint Controllers or contact the DPO at the following address: dpo@rcs.it.

9. DATA SOURCE

What is the source of the data?

Your personal data are normally acquired directly from you. They may occasionally be obtained from third parties during the course of the services provided (for example, for participation in some sporting events, your data will be provided by your company, teams and other parties with which you have a contractual relationship, if you have asked to participate in the event).

10. LATEST UPDATE

This Privacy Policy is updated to 04/04/2024