PRIVACY POLICY – VIA RACE
(pursuant to Article 13 of the EU General Data Protection Regulation – GDPR)
1. Data ControllerUltracyclists ltd - 15254779 registered number Registered office: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
Contact email:
[email protected] Website: via-race.com
The Data Controller is the organization that manages the event and determines the purposes and methods of processing personal data.
2. Purposes and Legal Basis of Processing The personal data collected is processed for the following purposes:
Purpose | Legal Basis |
---|
Participant registration and event management | Contract performance (Art. 6.1.b GDPR) |
Operational communications before and after the event | Legitimate interest / contract performance |
Collection of logistical info (e.g., travel companions, dinner attendance) | Consent or legitimate interest |
Issuing invoices and fulfilling fiscal obligations (e.g., for merchandise or race kits) | Legal obligation |
Use of images/videos for promotional purposes (website, social media, press) | Explicit consent |
Sending future promotional content (optional) | Consent (optional and revocable) |
3. Categories of Data Processed- Personal details (first and last name)
- Contact information (e-mail, phone number)
- Date of birth, nationality, address
- Logistical info (e.g., presence of travel companion)
- Fiscal details for orders placed via Shopify
4. Processing Methods and Security Data will be processed in both digital and paper format, using appropriate technical and organizational security measures in compliance with GDPR requirements.
5. Third-Party Services and Data Transfers Personal data may be processed by third-party service providers, acting as
Data Processors, who support the organization’s activities (e.g., logistics, communication, registration platforms).
These include:
- Google LLC (Google Workspace and Forms): used for collecting and organizing registration data – data may be stored outside the EU, protected by Standard Contractual Clauses (SCC).
- Airtable Inc.: used for database management and event logistics – data stored outside the EU, transferred based on SCC and/or EU-U.S. Data Privacy Framework.
- Shopify Inc.: used for e-commerce and order management (e.g., merchandise) – data is processed in compliance with GDPR, using adequate safeguards.
- MYCAP App: used for initial participant registration and data collection – privacy practices depend on their policy and GDPR adherence.
- Mailchimp (The Rocket Science Group LLC): used for sending automated emails, newsletters, and event communications – data may be stored outside the EU and is transferred under the EU-U.S. Data Privacy Framework and/or SCC.
These providers have been selected based on their commitment to GDPR compliance and data protection standards.
Data will not be disclosed to the public, but may be shared with public authorities upon request or with insurance or medical entities in case of emergencies.
6. Data Retention Period Personal data will be retained for the duration necessary to manage the event and fulfill legal obligations, and no longer than
3 years from the date of the event, unless extended with your explicit consent for promotional purposes or as required by law.
7. Data Subject Rights As a data subject, you have the right to:
- Access your data
- Request correction or deletion
- Object to or limit processing
- Withdraw consent at any time (without affecting the lawfulness of prior processing)
- Lodge a complaint with the Data Protection Authority (in Italy: www.garanteprivacy.it)
To exercise your rights, please contact:
[email protected]8. Images and Video Usage During the event, photos or videos may be taken for logistic, promotional and communication purposes. These materials will only be used with your
explicit consent, which may be collected during registration.
9. Data Transfers Outside the EU Some of the above services (Google, Airtable, Shopify) involve
data transfers to non-EU countries, primarily the United States. These transfers are conducted under
Standard Contractual Clauses (SCC) or based on adherence to the
EU-U.S. Data Privacy Framework, ensuring adequate protection levels.
10. Cookies and Website Use Our website does not use cookies.