PRIVACY POLICY
This privacy policy, pursuant to and for the purposes of EU Regulation 679/2016 (“GDPR”), is issued by the Joint Controllers indicated below for the processing of your personal data collected in the context of the delivery of services through websites, apps, registration, participation in and accreditation to events, initiatives and competitions.
1. JOINT CONTROLLERS AND CONTACT DETAILS
Who are the Joint Controllers? How can I contact them?
The details of the Joint Controllers and their contact details are provided below:
- RCS Sports & Events S.r.l., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT No. 10490090965,
- RCS Sport s.p.a., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT No. 09597370155,
- Società Sportiva Dilettantistica RCS Active Team a r.l., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT no. 08894770968,
(hereinafter, jointly the “Joint Controllers” and each individually the “Joint Controller”)
The Joint Controllers have entered into a joint data controller agreement in which they have determined that RCS Sports & Events S.r.l. will manage requests by the data subject to exercise their rights, and in which they have indicated the activities to be carried out by each of them and the related responsibilities. The joint contact point chosen by the Joint Controllers is the following e-mail address privacysport@rcs.it. You may request further details relating to the joint data controller agreement from the indicated contact address.
2. CATEGORIES OF PERSONAL DATA
Which categories of personal data do we process?
As part of the services provided and depending on the type of services requested, we will collect the following categories of data:
- identification details (including personal details, contact details, etc.);
- contractual data (including data necessary to use the services and participate in the events, payment and invoicing details, services provided, etc.);
- derived data (only if you have provided consent to profiling, data relating to your habits and preferences);
- only in the context of sporting events data relating to sporting fitness (only if the participant’s fitness for sporting activity is an essential requirement to participate in the sporting event, based upon Art. 9, par. 2, lett. h of the GDPR, in accordance with the health protection regulations referred to in the Decree of the Ministry of Health of 18 February 1982 as amended and supplemented).
3. PURPOSES AND LEGAL BASIS OF PROCESSING
For what purposes are the data processed? On what legal basis? For how long are they stored?
We indicate below the processing purposes, the legal basis that legitimises the processing and the storage period of your personal data:
PURPOSES | LEGAL BASIS | STORAGE PERIOD |
3.1. Contractual purposes – The data you provide will be processed by the Joint Controllers for the performance of a contract and in order to take steps prior to entering into a contract. The activities involved in this purpose include all those necessary to provide you with the requested services, including to register or enrol you on the website, to allow you to participate in competitions, initiatives or events, to manage the sale and/or delivery of products or services, to manage communities and user contributions, to fulfil specific requests prior to the conclusion of the contract, to manage the contract and provide support and assistance. In addition, upon your specific request, you can subscribe to and receive newsletters. | Performance of the contract and/or take steps prior to entering into a contract | The data will be stored until the end of the service, until withdrawal or until a cancellation request is made |
3.2. Compliance with legal obligations – The data will also be used to comply with the obligations envisaged by the laws in force, including the keeping of company accounting for both statutory and tax purposes, as well as compliance with obligations concerning the preparation of financial statements documents and with provisions issued by authorities authorised to do so by law. | Compliance with a legal obligation | The data will be stored for the mandatory storage period defined by the applicable accounting and/or tax laws |
3.3. Administrative and accounting management purposes – The data will be used to carry out administrative, operational, financial and accounting transactions related to internal organisational requirements, also related to the right of defence of legal claims. | Legitimate interest of the Joint Controllers in effectively and efficiently managing internal business operations | The data will be stored for the limitation period of the rights and for any additional storage periods established by accounting and tax laws |
3.4. Statistical analysis purposes – The data will be used to carry out statistical and aggregate analysis activities, without having any effect on the individual data subject. | Legitimate interest in carrying out aggregate analyses to plan the company strategy according to the relevant market | The personal data used for this purpose do not require separate storage but comply with the storage periods of the other purposes. |
3.5. Direct marketing purposes – Only with your explicit and specific consent, the data may be used to carry out market surveys and promotional activities and to send commercial information on the services, products and promotional initiatives of the Joint Controllers, using all available means of communication, automated and otherwise (such as: paper mail, telephone, email, text messages, chats and notifications). | Consent | The data will be stored until the withdrawal of consent or until cancellation and, in case of inactivity, after five years. |
3.6. Profiling purposes for marketing activities – The data may be used to carry out profiling activities based on information collected during access to and use of the services and linking them, through algorithms, in order to identify common traits and to group together similar profiles within the classes of interest. The Joint Controllers use profiling data to offer you content that is more suited to your tastes, to aggregate marketing profiles and to customise campaigns and advertising, and for the development of commercial strategies. | Consent | The data, observed from time to time, will be erased after 12 months from the start of processing |
3.7. Direct marketing purposes by third parties – Only with your explicit and specific consent, your data may be provided to other companies and specific organisations, namely those operating in the publishing, financial, insurance, automotive, sports, energy, consumer goods sectors, food & beverage, fashion, luxury, healthcare, large-scale distribution, transport, humanitarian sectors and charitable organisations which may contact you in relation to their independent initiatives for market surveys and for sending commercial information on services and promotional initiatives, using all available means of communication, automated and otherwise (such as: paper mail, telephone, e-mail, text messages, chats and notifications). | Consent | The data will be stored until the withdrawal of consent or until cancellation and, in case of inactivity, after five years |
3.8. Purposes of promotion of similar products or services (soft spamming) – The data will be used by the Joint Controllers to carry out promotion and direct sales activities in relation to products or services similar to those you have already purchased, using the email details provided by you in the context of a previous purchase or service request, provided that you do not exercise your right to object in the ways described in the paragraph entitled “Rights of the Data Subject” below. You may exercise your right to object through the specific link found at the bottom of any email containing promotional content that is sent to you. | Legitimate interest of the Joint Controllers in sending communications relating to similar services, as established by Art. 130, 4 of Italian Legislative Decree 196/2003. | The data will be stored until objection or cancellation and, in case of inactivity, after five years. |
4. MANDATORY NATURE AND CONSEQUENCES OF PROVISION OF DATA
Is it mandatory to provide the data? What happens if I do not provide them?
The provision of data for the purposes indicated in points 3.1, 3.2, 3.3 and 3.4 is necessary for the conclusion and management of the contract. In the partial or total absence of provision of these data, the contractual relationship may not be initiated and/or continued. For the purposes indicated in points 3.5, 3.6, 3.7 and 3.8, the provision of data is optional and, in the event of a failure to provide it, the marketing and profiling activities specified therein may not be carried out.
5. DISCLOSURE, COMMUNICATION AND PARTIES ACCESSING THE DATA
Who can know your data? To whom do we communicate them?
Your data may be disclosed or communicated to the following parties.
- Authorised persons – The data may be accessed by officers authorised by the Joint Controllers who must access them for the purposes indicated above.
- Processors – Your personal data will not be disseminated, but they may be disclosed, where necessary for the provision of the service, to third parties (such as, for example, third party technical service providers, hosting providers, IT or marketing companies) appointed as Data Processors for tasks instrumental to the provision of the services.
- Autonomous data controllers – your data may be shared with other controllers when required by specific rules (e.g. public administration, judicial authority) or when you have given consent (e.g. third parties for the “Direct marketing purposes by third parties”) or when necessary for the performance of contracts to which you are a party or to fulfil requests before the conclusion of the contract (e.g. banks to manage payments). Competent national sports federations or affiliated organisations or bodies for membership management) or for administrative and accounting purposes to group companies within the EU.
6. LOCATION OF DATA PROCESSING
Are the data transferred outside the EU?
Your personal data may also be processed by the joint controllers outside the European Union. If this happens, the processing will be regulated in compliance with the provisions of chapter V of the Regulation and authorised on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data, basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on appropriate safeguards expressed by the recipient third party pursuant to Art. 46 of the Regulation; c) on the adoption of Binding Corporate Rules.
7. RIGHTS OF THE DATA SUBJECT
What are your rights as a data subject?
The GDPR grants to you the following rights in relation to your personal data which you may exercise within the limits and in compliance with the provisions of the legislation:
- Right of access to your personal data (art. 15);
- Right to rectification (art. 16);
- Right to erasure (right to be forgotten) (art. 17);
- Right to restriction of processing (art. 18);
- Right to data portability (art. 20);
- Right to object (Art. 21); you have the right to object at any time, on grounds related to your particular situation, to the processing of personal data concerning you based on the legitimate interest, including profiling on that basis. The Joint Controllers refrain from processing unless they demonstrate the existence of compelling legitimate interests to proceed with the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a legal claim;
- Right to object to a decision based solely on automated processing (art. 22);
- Right to withdraw, at any time, the consent given, without prejudice to the lawfulness of the processing based on consent given before the withdrawal
You may exercise these rights by sending a communication to the Joint Controllers or to the Data Protection Officer (or “DPO”) whose contact details are indicated in the appropriate sections of this privacy policy.
Furthermore, you always have the right to lodge a complaint with the Personal Data Protection Supervisory Authority (art. 77 GDPR), which can be contacted at the address garante@gpdp.it or via the website http://www.gpdp.it, or the right to an effective judicial remedy (art. 79 of the GDPR).
8. DATA PROTECTION OFFICER AND CONTACT DETAILS
Has a DPO been appointed? How do I contact him/her?
The Joint Controllers have identified a Data Protection Officer and have set up an office for managing requests of the data subjects regarding privacy.
To exercise the rights granted to you, you can contact the Joint Controllers or contact the DPO at the following address: dpo@rcs.it.
9. DATA SOURCE
What is the source of the data?
Your personal data are normally acquired directly from you. They may occasionally be obtained from third parties during the course of the services provided (for example, for participation in some sporting events, your data will be provided by your company, teams and other parties with which you have a contractual relationship, if you have asked to participate in the event).
10. LATEST UPDATE
This Privacy Policy is updated to 01/08/2024.
Previous version
Cookie Policy
Cookies are small aggregates of text stored locally in the temporary memory of your browser, and thus in your computer, for varying periods of time depending on the need and generally ranging from a few hours to a few years, with the exception of profiling cookies, whose maximum duration is 365 calendar days.
Cookies can be used to semi-permanently record information concerning your preferences and other technical data to enable easier navigation and greater usability and effectiveness of the website itself. By way of example, cookies can be used to determine whether a connection has already been made between your computer and our sites to highlight new features or maintain “login” information. For your protection, only the cookie stored on your computer is identified.
In order to make your visit to our website as comfortable as possible as well as for the showcasing of our product range, we use cookies or equivalent computer codes. We also employ usability analysis tools that track user actions to enable us to understand how our sites are used and to improve their functionality and design.
- TYPES OF COOKIES
There are two families or types of cookies:
- THOSE INSTALLED BY THE OWNER/PROCESSOR OR CONTROLLER OF THE WEBSITE, REFERRED TO AS FIRST-PARTY COOKIES;
- THOSE INSTALLED BY THIRD-PARTY CONTROLLERS, KNOWN AS THIRD-PARTY COOKIES.
The responsibility and management of first-party cookies is assumed directly by the Controller.
Instead, the responsibility and management of third party cookies falls to the respective owners and operators who must provide appropriate opt-out mechanisms in their privacy policies.
Six different types of cookies may be present on this website or product:
- Technical, session and analytics Cookies
These cookies are necessary for the proper functioning of the website and allow to manage access operations (so-called login) to the sites, to record configuration preferences where available or to integrate plug-ins necessary to display certain content.
Cookies used for statistical and performance analysis are also considered technical cookies, as long as they are configured to collect data in aggregate and anonymous form that provide a general picture of the performance of the sites and content.
- Traffic and performance analysis cookies
These cookies provide insight into how visitors use a website, what content they access and what geographic regions they come from, so as to evaluate and improve the site’s performance and prioritise the production of content that best meets users’ information needs. These cookies are subject to the users’ consent and refusal can be expressed directly to the respective operators.
- Profiling cookies for marketing and advertising purposes
These are cookies used to deliver advertising content within a website or application. They are used, for instance, to track the location of the advertisement and check whether a user has already seen the advertisement, but also to follow the user as he or she browses in order to profile the user and present him or her with advertisements linked to personal interests and socio-demographic data.
- Widgets and other tools for interconnection with external sites and functions
These are cookies, often associated with a graphic element of the website such as an action button or a specific logo (e.g. the Facebook “like” button), used to integrate the functionalities of other sites within the one you are browsing. The responsibility for these cookies lies with the respective operators and users may object to their application directly on the information pages of the respective operator.
- Tracking pixels or web beacons
These are application codes (scripts) and/or images that do not interfere with the aesthetics of the website but allow a third party to track traffic trends. For instance, they are used by advertisers to independently measure the progress of an advertising campaign and directly collect information that is otherwise unavailable. These cookies are also subject to the user’s consent and opting out of them is possible within the information notices of the respective operators.
- Usability tools
These are functions written in application code and enable the site operator to analyse the way in which users interact with the content and functionality in order to check the user-friendliness, design quality and plan improvement changes. These scripts are configured so as not to capture elements typed by the users which would undermine their privacy and are subject to explicit consent. Consent refusal, when present on the pages of this site, is handled directly by the Controller/Owner of the website.
- WHICH COOKIES ARE INSTALLED ON THIS SITE?
The Controller limits the use of cookies to what is strictly necessary to provide you with the services of this and their other sites and products. In particular, we feature the cookies outlined below.
- COOKIES NOT SUBJECT TO CONSENT
- Technical, session and analytics cookies
- Nielsen NetRatings (Audiweb) for official access statistics
- Nielsen NetRatings (Audiweb) mobile for public access statistics
- Adobe Omniture for internal access and traffic statistics
- Google Analytics for internal‑use access and traffic statistics
- COOKIES SUBJECT TO CONSENT
The cookies referred to in this paragraph are subject to your consent.
You can consult the list of cookies and express your consent in a simplified manner as indicated in the information banner that you were shown on your first visit to this website, or in a selective manner by clicking on the button below:
We shall not use any category of cookies other than those strictly necessary for the fulfilment of the purposes set out in the cookie policy and for the operation of the website, in strict compliance with the consents you have given, and we shall pass on your wishes and choices, expressed by accepting or refusing your consent, to our business partners so that they may comply with them when you navigate on this website.
For all cookies installed by third parties not known to the Data Controller who, with your consent, may also process personal data through this site, you may exercise your right to object by accessing the following website http://www.youronlinechoices.eu/it/
Should you have further doubts or concerns about the use of cookies, you can always take action to prevent them from being set and read, for example by changing the privacy settings within your browser.
Since each browser – and often different versions of the same browser – may differ significantly from one another, should you prefer to act independently via your browser’s preferences, you can find detailed information on the necessary procedure in your browser’s help section.
For an overview of action modes for the most common browsers, please visit
http://www.cookiepedia.co.uk/index.php?title=How_to_Manage_Cookies
- DURATION OF DATA PROCESSING
The cookies managed by the Controller have a maximum duration of 365 days, unless renewed voluntarily by you by reiterating your consent.
The profiling cookies managed by the Controller are anonymous and, once expired, remain within the statistical systems and profiling platforms in aggregate form and cannot be traced back to your browser for general statistical purposes only.
The cookies managed by third parties have the durations indicated in their respective Cookie Policies.
- FURTHER INFORMATION ON THE EXERCISE OF YOUR RIGHTS
Any request for information or clarification or for the exercise of rights may be addressed to the Data Processor at the following addresses:
– UFFICIO DATA PROTECTION OFFICER C/O RCS SPORTS & EVENTS S.R.L. – VIA A. RIZZOLI 8, 20132 MILAN;
– UFFICIO PRIVACY C/O RCS SPORTS & EVENTS S.R.L. – VIA A. RIZZOLI 8, 20132 MILAN;
– OR BY SENDING AN E-MAIL TO: UFFICIO.PRIVACY@RCS.IT
Furthermore, you shall always be entitled to lodge a complaint with the Data Protection Authority, which can be contacted at garante@gpdp.it or through the Website http://www.gpdp.it.
This Privacy Policy is updated as of 01/10/2020