Privacy Policy
POLICY STATEMENT ON THE PROCESSING OF PERSONAL DATA
For the purposes envisaged by Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation – GDPR), we inform you that the personal data you provide and acquired by AdventureLab S.r.l. through the website https://www.bikeadventureseries.com/, will be processed in compliance with the legislation envisaged by the aforementioned Regulation and further provisions on the subject.
- DATA CONTROLLER
The data controller is AdventureLab S.r.l., Via Giulio Braga, 98 59100 Prato, Italy, tax code and VAT number 02410590976 REA 532864, email [email protected], PEC [email protected]. - TYPES OF DATA PROCESSED – PURPOSE OF PROCESSING – LEGAL BASIS – STORAGE
The information is provided only for the site https://www.bikeadventureseries.com and not also for other websites that may be consulted by the user through links. AdventureLab S.r.l. respects the privacy of visitors to its site and is committed to protecting the personal data they provide. The collection and processing of personal data occur when necessary to access the site and in relation to requests for information or when the visitor himself decides to communicate his personal data to request registration for events indicated by AdventureLab.
AdventureLab assigns the user scores for ranking purposes, based on the number of events in which the user has participated and additional data pertaining to that participation. The scoring, inclusion of the user’s name in the rankings, and publication thereof are subject to the user’s consent under the terms set forth below.
Please note: The AdventureLab site contains information about events organized by sports associations, entities and companies that may directly provide services to users (e.g., paid registrations to events or sale of goods related to the sports event). In such cases, the entities in question operate as autonomous data controllers on the basis of autonomous relationship established with the user through the site of AdventureLab S.r.l. (e.g., on the basis of the registration to the event or sports entity), which operates as a data controller under Art. 28 of EU Reg. 2016/679 of said entities and in this capacity may acquire and transmit to the data controllers the data of the users and/or will process such data in order to finalize the registration. This notice, therefore, does not cover the processing that these entities will put in place in their capacity as autonomous data controllers. The user who establishes an autonomous relationship with the subjects in question through the AdventureLab site is required, for the purposes of the legislation on data processing, to read the notice that these subjects provide and to express any required consent.
AdventureLab processes the following data voluntarily provided by users:
| Purposes of the processing for which the personal data are intended | Data processed | Legal basis of the processing | Storage period |
|---|---|---|---|
| Creation of reserved area dedicated to the user on the AdventureLab site | Identification data <br> Contact data | Execution of pre-contractual/contractual measures | Until the end of activation of the reserved area |
| Handling of registration requests for sporting events and events organized by third parties | Required data: Identifying data (first name, last name, date of birth, social security number) Contact data Data related to fitness for competitive sports present in medical certificates | Execution of pre-contractual/contractual measures at the request of the data subject Processing carried out on behalf of the event organizers (see footnote) | Until the end of activation of the reserved area |
| Management of user’s restricted area | Display of relevant data, events, ranking, etc. | Execution of contract | Until term of activation of restricted area Medical Certificates: Until expiration |
| Creation and publication of rankings on the site using data related to user activities | Identification data/email <br> Rating data <br> Other optional data | Consent of data subject | Ranking data: until saved Published data: until 31/12, then deleted |
| Provide information about AdventureLab and partner activities / promotional activities | Consent of data subject | 2 years | |
| Subscription to the newsletter service for updates on activities | Consent of the data subject | Until revoked by the data subject | |
| Manage interactions with social networks (e.g. Facebook, Instagram) | Interaction data | See cookie policy | See cookie policy |
| Publication of data subject’s images (photos/videos) on the website, social, promotional material | Images (non-public place) | Consent of the data subject | Until the end of the activities |
| Images of the data subject collected at events held in a public place or open to the public | Images | Legitimate interest of the data controller | Until the end of the activities |
Personal data concerning eligibility for competitive sports practice are collected by AdventureLab in its capacity as the Data Processor of the sports bodies/companies organizing the events. The regulations regarding medical certification for the practice of the activity of Sports Promotion Bodies (EPS) and the Associations/Societies affiliated to them are given, for competitive activity, by the Decree of 18/2/1982 “Regulations for the health protection of competitive sports activity,” so the collection of special data collected through medical certificates is carried out on the basis of regulatory provisions (art. 9, co. 2, lett. g) GDPR as the processing of these data is necessary for reasons of relevant public interest on the basis of Union law or Italian law).
The processing of a minor’s personal data is carried out only with the consent given by the person exercising parental responsibility.
The provision of data for registration and the exact performance of contractual and pre-contractual obligations arising therefrom is not mandatory, however, it is a necessary requirement. In case of refusal, AdventureLab will not be able to proceed with the processing of the request and the evaluation of the application for registration to the event and the management of the reserved area, except with reference to the data expressly indicated as “optional” and/or subject to consent or with reference to promotional purposes, the provision of which is free, so that for the latter, failure to provide it does not affect the processing of the request.
Data not directly provided by users whose transmission is related to the use of Internet communication protocols, such as by way of example, session cookies to keep the session active, store user preferences, display of external platforms. More information on the processing of such data can be found in the cookie policy.
RIGHT TO IMAGE
(a) ASSIGNMENT OF USE RIGHTS.
The cession, publication and use of the images collected in photographs/videos, shall be understood to be free of charge, with no time limit in favor of the Holder and, in this regard, the interested party will be asked to provide in writing express authorization and waiver of the rights to use the image. Only following said release authorization, the images will be processed and will remain the exclusive property of the Owner, who undertakes not to use the images in contexts that undermine the personal dignity and decorum of the interested party.
b) METHODS OF THE PROCESSING.
The processing is carried out in compliance with the provisions of the law, including Article 10 of the Civil Code and Articles 96 and 97 of Law no. 633/1941 (rights relating to the portrait) and following the assignment of the rights of (i) reproduction and/or transfer to other formats and/or multiplication into copies; (ii) processing and/or publication, in whole and/or in part, as well as the creation of archives on paper and/or digital media and the use for films and communications in Italy, that abroad; (iii) communication, transmission and/or dissemination to the public by any means and system of remote dissemination (such as, by way of example, the Internet and telecommunications networks, television, telephony, etc. ), using any technology and technical means of transmission and reception, in any form and with any mode of access.
In general, the processing of data by the Data Controller is carried out in accordance with the principles of lawfulness and fairness, and through operations, carried out with or without the aid of electronic instruments and consists of the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The Data Controller does not adopt any automated decision-making process, including profiling.
Data transfer to third countries and sharing with international organizations
Personal data are processed at the Owner’s operational offices and in any other place where the parties involved in the processing are located. For further information, the Data Subject is invited to contact the Data Controller. Data collected through certain site settings may also be stored or transmitted outside the territory of the European Union, in which case the Data Controller will ensure that the transfer is made subject to an adequacy decision adopted by the Commission and/or under the EU-US Data Protection Framework.
Publication of images on social networks: Data uploaded on the platforms Facebook, Youtube, Instagram, Linkedin could be stored or transmitted by these companies as autonomous owners also outside the territory of the European Union, as indicated in their respective privacy notices, to which you are asked to refer before expressing, if any, consent to the processing.
Facebook.com operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. For data subjects outside the U.S. or Canada, as in this case, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook’s published data protection guideline, available at https://facebook.com/about/privacy/, provides information on Facebook’s collection, processing and use of personal data.
Youtube https://www.youtube.com/howyoutubeworks/user-settings/privacy/#overview
Instagram https://privacycenter.instagram.com/policy Linkedin https://www.linkedin.com/legal/privacy-policy
DATA RETENTION
The storage of personal data will take place mainly in electronic/informatic form and for the time indicated in the table or otherwise strictly necessary to fulfill the above purposes or until the existence of other legal basis.
COMMUNICATION OF DATA
The personal data processed by the Data Controller will not be disseminated, i.e. they will not be disclosed to unspecified parties, in any possible form, including making them available or mere consultation. They may, on the other hand, be communicated to the Entities (autonomous holders) indicated in point 2., to specially appointed collaborators of the Controller with instructions for the correct processing of personal data, as well as to some external subjects who collaborate with them. In particular, your data may be made accessible to:
i. collaborators of the Data Controller in charge of fulfilling requests, consultants authorized to manage the site and provide related services, in their capacity as authorized to process personal data or as Data Processors;
ii. third party companies or other entities (by way of example only: administrative service providers, hardware, software and web support services, hosting, newsletter mailing) performing outsourcing activities on behalf of the Data Controller, in their capacity as Personal Data Processors.
Your data may also be communicated, to the extent strictly necessary, to the subjects entitled to access them by virtue of provisions of the law, regulations, and EU legislation.
In case these external subjects were not designated as data processors, they would operate as autonomous data controllers and, as such, subject to the provisions of the law.
HOW DO WE PROTECT YOUR DATA?
All personal data will be processed in accordance with the EU Regulation 2016/679 and additional regulatory provisions on personal data protection and security measures in a manner that ensures confidentiality and security and with logics strictly related to the above purposes.
However, we adhere to industry standard practices to safeguard your personal data from unauthorized access, alteration, disclosure, misuse or destruction.
WHAT, IN SUMMARY, ARE THE DATA SUBJECT’S RIGHTS?
The data subject may access the personal data provided and exercise the following rights at any time: (a) to request confirmation of the existence or otherwise of their personal data; (b) to obtain information about the purposes of the processing, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period; (c) to object to the processing at any time; d) request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning him or her, as well as the right to data portability (where technically possible); e) withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation; f) lodge a complaint with the Data Protection Authority – www. garanteprivacy.it.
The aforementioned rights may be exercised by submitting a written request sent by registered mail to AdventureLab S.r.l., Via Giulio Braga, 98 59100 Prato, Italy, tax code and VAT number 02410590976 REA 532864, tax code 02629970308, email [email protected], PEC [email protected].
THE OWNER OF THE PROCESSING OF PERSONAL DATA
AdventureLab S.r.l.
Information updated on 01/03/2024