Privacy

Dear member,

as you may know, the EU 679/2018 General Data Protection Regulation (GDPR) came into force May 25th 2018. The GDPR aims primarily to give control to citizens and residents over collection, processing and managing of their personal data.

Please be informed that clicking on “privacy” you find all the necessary information, updated in accordance with the provisions of the GDPR, regarding personal data protection as well as security measures adopted by our Association to ensure confidentiality of data.

In case of doubts or needs, please contact: info@over2000riders.com

We would like to continue to inform you about our activities. However, if you no longer wish to receive our Newsletter as well as our promotional communications and other, you can easily unsubscribe by using the “unsubscribe” option available at the bottom of this message.

Even though you confirm your consent to receive our messages now, you are entitled to require at any time to remove your address from our database.

1. PRIVACY POLICY

With the present document we wish to inform you that, under currently applicable Italian law and EU 679/2016 General Data Protection Regulation (GDPR), we recognize the importance of personal data protection as one of the main objectives of our Association.

In accordance with GDPR as well as Italian law on the matter, data will be processed with fairness, lawfulness and transparency, minimisation, accuracy and integrity. We commit to rigorously respect fundamental rights and freedom, as well as personal dignity, especially regarding privacy, personal identity and the right to data protection.

In accordance with articles 13 and 14 of GDPR, our Association, as “controller”, provides to you, as “person concerned”, the following information about the processing of your personal data.

1. Controller

The data controller is “Associazione Sportiva Dilettantistica di promozione sociale OVER2000 RIDERS” in the person of its legal representative Mr. Corrado Capra, located in Corso Galileo Ferraris 118, 10129 Torino, Italy; VAT registration number 10784290016; Italian fiscal code 97716620014; e-mail address info@over2000riders.com; phone number +393357260239.

For exercising your rights and in order to receive any information on the latter and/or the present communication, please refer to the above e-mail address.

The controller, also by means of its designated and trained representatives, will take charge of your request and provide information to you in the shortest possible time.

We inform you that, should the controller have doubts on the identity of the person presenting the request, it will perform the appropriate investigation in order to confirm the identity of the person concerned.

2. Personal data

With “personal data” we refer to any information regarding a natural person, identified or identifiable by means of a name, an identification number, location data, online identification or one or more elements that characterize their physical, physiological, psychic, economic, cultural and social identity. We only process personal data directly and voluntarily provided by you, as person concerned, like first name, family name, date of birth, phone number, e-mail address, home address, social security number, nationality and payment instructions.

Among the data you provided there might be personal data that GDPR defines as “special”, regarding racial or ethnic origin, philosophical or religious beliefs, political opinions, trade union affiliation, genetic data, biometric data aimed at uniquely identifying a natural person, data on health, sexuality or sexual orientation. Such data will be processed in accordance with the applicable legislation, only for the purposes stated below, under the assumption that it has been provided either by you or by third parties who explicitly authorized you to provide it on a suitable legal basis that legitimizes the processing of such data. That being the case, you would be the autonomous controller, and assume all obligations and responsibilities under this regulation, according us the broadest waiver on any dispute, demand or request of compensation for any damage we might receive from third parties whose personal data had been processed by you in violation of the current legislation.

3. Purpose and legal basis of data processing

Your personal data is collected and processed to the following purposes:

1. Purpose: marketing

Direct marketing, specifically:

• sending you information, promotional or other material aimed at informing you about our activities (e.g. information about events organized by OVER2000RIDERS);
• answering your queries about events organized by OVER2000RIDERS;
• sending you our Newsletter and/or information material and/or white paper/reports upon request;
• informing you on developments or new issues of the Newsletter, white paper, reports, events, and connected initiatives, including promotional or commercial activities;
• enabling you to enrol for organized events;
• sending you information and promotional communications about services and/or products we offer.

Indirect marketing, specifically:

• sending you information and advertising material about services and/or product offered by third parties operating among tourism and motorcycling;
• profiling, or analysing, also by means of surveys and with totally or partially automated instruments, your travel preferences and consumption habits;
• conducting market research aimed at improving the services offered and the commercial information provided by us or our commercial partners, in order to adapt them to your interests.

Legal basis: article 6.1, letter a, of GDPR (consent).

Conferment: optional

Processing: your data will be processed with both automated (e.g. e-mail, direct e-mail marketing systems, SMS, instant message applications and so on) and non-automated instruments (e.g. regular mail, phone, and so on)

Rights of the concerned person:

You have the right to refuse data processing at any time, easily and free of charge, also by contacting the e-mail address mentioned above, and to receive immediate confirmation of the interruption of data processing. In any case, you have the right to: a) obtain human intervention on the revision of the automated decision; b) express your opinion on the automated decision and, in case of dispute, it will be recorded.

Consequences of your refusal:

should you refuse data processing, we will not be able to propose you our services and commercial offers.

1. Purpose: contract performance

Your personal data will be used in order to:

• acquire preliminary information necessary for the conclusion of a contract you might wish to stipulate with us regarding your participation to an event we organized;
• fulfil our contractual performance and provide the demanded services;
• sending you service information.

Legal basis: article 6.1, letter b, and article 9.2, letter a, of GDPR.

Conferment: necessary.

Consequences of your refusal:

should you refuse data processing for these purposes, we will not be able to conclude the contract nor to execute our performance and, therefore, you will not be able to participate to the requested event. Furthermore, it could expose you to responsibility for contractual breach.

Special data:

The processing of your special data, for the said purposes, requires your explicit consent (as per article 9.2, letter a, of GDPR). Nevertheless, without your consent, we might fail to fulfil our contractual obligations and to provide you the specific assistance you requested.

1. Purpose: legal obligation and protection of vital interest

Your personal data, including special data, will be processed in order to:

• execute legal obligations as per laws, regulations, national and/or Community legislation and/or rules following provisions by appointed authorities, to which we are obliged to comply;
• establish, exercise and/or defend our right in court
• protect your or another natural person’s vital interest

Legal basis: article 6.1, letters c and d, and article 9.2, letters b and c, of GDPR.

Conferment: necessary

4. Categories of recipients

Your data will not be disseminated, and it will be communicated and shared only for the purposes stated above to the following categories of recipients:

1. Our internal staff, properly trained and authorized to process personal data, as per article 29 of GDPR, according to specific instructions provided by the controller
2. Subjects who typically are responsible for data processing as per article 28 of GDPR, such as:

• persons, companies or professional practices that provide us assistance and consultancy on event planning and realization (including the organizational secretary office)
• persons, companies or professional practices that provide us assistance and consultancy on protecting our right and/or legitimate interest (e.g. accountants, lawyers, tax advisors, auditors, and so on)
• our external suppliers who provide services for data management and/or retention and/or technical maintenance (including IT maintenance) in order to ensure compliance with security standards in accordance with current legislation
• persons, companies or agencies who provide marketing services, market research and analysis, management of payments by credit card
• persons authorized by legal dispositions and/or secondary legislation and/or provisions by legally appointed authorities to access your personal data.

The list of data recipients is available at our Association.

5. Data processing

The ways and criteria of data processing will be those naturally related to and necessary for pursuing the above purposes. Data will be processed manually on hard copy, as well as by means of electronic or automated instruments, computers and telematic devices, or manual processes based on reasoning strictly related to the purposes of data collection, and so as to preserve data security.

Personal data might be processed and retained by means of a partially or totally automated decisional process. In order to preserve data loss, unlawful or incorrect use and unauthorized access, special security measures are enforced.

6. Transfer of personal data

Your personal data can be transferred abroad to third parties, whether or not members of the EU, still guaranteeing the preservation of your rights and exclusively for the above purposes.

Should your data be transferred to third countries outside the EU, data will be processed in compliance with current legislation, by obtaining the consent of the concerned person, introducing standard clauses approved by the European Commission, selecting subjects who adhere to international programmes for free movement of data (e.g. EU-USA Privacy Shield) or who operate in countries defined as safe by the European Commission.

7. Retention of data and protection measures

Your personal data will be retained for no longer than necessary for pursuing the purposes of its collection and processing, in compliance with principles of minimization and retention limitation as per article 5.1, letter e, of GDPR. Therefore, if personal data is processed for two different purposes, we will retain such data until the fulfilment of the purpose which requires the longest time, but we will no longer process the data for the expired purpose.

Personal data no longer necessary, or the retainment of which no longer has a legal basis, will be irreversibly anonymized (and retained as such) or safely destroyed.

Direct, indirect and profiled marketing purposes:

personal data will be retained for 24 months from your last consent for that purpose (excluding your refusal to receive further communication).

Contractual or following legal obligations purposes:

personal data will be retained for as long as necessary in order to fulfil all contractual and legal obligations under all current legislation, and in any case within 10 years from contract cancellation or following a binding decision issued by an administrative or judicial authority if this is subsequent to the cancellation. Potential obligations of retention for longer periods of time remain, should they be enforced by legislation on special categories of data, or in case of necessity of retainment in order to preserve the rights of our Association, as data controller, in the event of possible disputes regarding the provision of the service.

Personal data collected in order to assess contract cancellation, in case of its non-completion, will be cancelled within 12 months. In any case, should you withdraw your consent or refuse data processing, your data will be cancelled within 30 days of the date of your request, where requirements are satisfied.

Your data will be retained by means of operating systems and hardware infrastructures located in the EU, and software capable of guaranteeing high standards of data integrity, availability and confidentiality, through appropriate technical and organizational measures, in conformity with article 32 of GDPR.

Data provided and/or processed on hard copy will be stored in rooms and filing cabinets equipped with proper security devices.

8. Rights of the person concerned

Relatively to data processing as described in the present document, in accordance with articles 15 to 22 of GDPR, as person concerned you have the following rights:

• Right to access: right to obtain confirmation on whether your personal data is being processed and, if so, to have access to your data (including a copy) and to have information on a) purpose of the processing; b) recipients or category of recipients to which your personal data has been or will be communicated, whether your data has been or will be transferred to third countries recipients or international organizations, and whether appropriate guarantees are in force; c) time of retention of data; d) origin of data in case it had not been collected directly from you.
• Right to rectification: right to obtain rectification and/or correction of inaccurate data or integration of incomplete data.
• Right to be forgotten: right to obtain the erasure of your personal data should one of the circumstances specified by article 17 of GDPR occur.
• Right to restriction of processing: right to obtain restriction of processing should one of the circumstances specified by article 18 of GDPR occur.
• Right to data portability: right to receive your personal data in a structured, common and machine-readable form, and to transfer data to another controller without impediments, in case data processing has been performed with automated instruments.
• Right to object: right to oppose, at any time, for personal and particular reasons, to the processing of your personal data, even when data processing is based on legitimate interest. The data controller has the right to continue data processing if it prevails over your interest, right and freedom, or if it is necessary for ascertaining, exercising and defending a right in court. You have the right to oppose at any time to the processing of your personal data for marketing purposes, by selecting “unsubscribe” at the bottom of the e-mail providing marketing information, or by issuing a request to our e-mail address stated above (article 1).
• Right of withdrawal: right to withdraw your consent to the processing of your personal data at any time (except when data processing is necessary in order to comply to a legal obligation binding for the data controller).
• Right to complain: should you have any complaint or report on the processing of your personal data, we commit to respond to your concerns. Nevertheless, if you wish, you may issue your complaints or reports to the authority for data protection, at the following contact details: Garante per la protezione dei dati personali (Data Protection Supervisor), Piazza di Montecitorio 121, 00186 Roma, Fax: (+39) 06.69677.3785; Phone: (+39) 06.696771; e-mail: garante@gpdp.it; certified e-mail: protocollo@pec.gpdp.it

You may exercise these rights and/or obtain further information on personal data processing by contacting us at the e-mail address stated above (article 1). Should you exercise any of the above rights, we will verify the legitimacy of its exercise and we will typically reply you within one month.