(pursuant to Article 13 of the EU General Data Protection Regulation – GDPR)
1. Data Controller Ultracyclists ltd - 15254779 registered number Registered office: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ Contact email: [email protected] Website: via-race.com The Data Controller is the organization that manages the event and determines the purposes and methods of processing personal data.
2. Purposes and Legal Basis of Processing The personal data collected is processed for the following purposes:
Purpose
Legal Basis
Participant registration and event management
Contract performance (Art. 6.1.b GDPR)
Operational communications before and after the event
Legitimate interest / contract performance
Collection of logistical info (e.g., travel companions, dinner attendance)
Consent or legitimate interest
Issuing invoices and fulfilling fiscal obligations (e.g., for merchandise or race kits)
Legal obligation
Use of images/videos for promotional purposes (website, social media, press)
Explicit consent
Sending future promotional content (optional)
Consent (optional and revocable)
3. Categories of Data Processed
Personal details (first and last name)
Contact information (e-mail, phone number)
Date of birth, nationality, address
Logistical info (e.g., presence of travel companion)
Fiscal details for orders placed via Shopify
4. Processing Methods and Security Data will be processed in both digital and paper format, using appropriate technical and organizational security measures in compliance with GDPR requirements.
5. Third-Party Services and Data Transfers Personal data may be processed by third-party service providers, acting as Data Processors, who support the organization’s activities (e.g., logistics, communication, registration platforms). These include:
Google LLC (Google Workspace and Forms): used for collecting and organizing registration data – data may be stored outside the EU, protected by Standard Contractual Clauses (SCC).
Airtable Inc.: used for database management and event logistics – data stored outside the EU, transferred based on SCC and/or EU-U.S. Data Privacy Framework.
Shopify Inc.: used for e-commerce and order management (e.g., merchandise) – data is processed in compliance with GDPR, using adequate safeguards.
MYCAP App: used for initial participant registration and data collection – privacy practices depend on their policy and GDPR adherence.
Mailchimp (The Rocket Science Group LLC): used for sending automated emails, newsletters, and event communications – data may be stored outside the EU and is transferred under the EU-U.S. Data Privacy Framework and/or SCC.
These providers have been selected based on their commitment to GDPR compliance and data protection standards. Data will not be disclosed to the public, but may be shared with public authorities upon request or with insurance or medical entities in case of emergencies.
6. Data Retention Period Personal data will be retained for the duration necessary to manage the event and fulfill legal obligations, and no longer than 3 years from the date of the event, unless extended with your explicit consent for promotional purposes or as required by law.
7. Data Subject Rights As a data subject, you have the right to:
Access your data
Request correction or deletion
Object to or limit processing
Withdraw consent at any time (without affecting the lawfulness of prior processing)
Lodge a complaint with the Data Protection Authority (in Italy: www.garanteprivacy.it)
8. Images and Video Usage During the event, photos or videos may be taken for logistic, promotional and communication purposes. These materials will only be used with your explicit consent, which may be collected during registration. 9. Data Transfers Outside the EU Some of the above services (Google, Airtable, Shopify) involve data transfers to non-EU countries, primarily the United States. These transfers are conducted under Standard Contractual Clauses (SCC) or based on adherence to the EU-U.S. Data Privacy Framework, ensuring adequate protection levels.
10. Cookies and Website Use Our website does not use cookies.
