Privacy and Cookies Policy

Privacy Policy

This privacy policy, pursuant to and for the purposes of EU Regulation 679/2016 (“GDPR”), is issued by the Joint Controllers indicated below for the processing of your personal data collected in the context of the delivery of services through websites, apps, registration, participation in and accreditation to events, initiatives and competitions.

1. JOINT CONTROLLERS AND CONTACT DETAILS

Who are the Joint Controllers? How can I contact them?

The details of the Joint Controllers and their contact details are provided below:

• RCS Sports & Events S.r.l., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT No. 10490090965,
• RCS Sport s.p.a., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT No. 09597370155,
• Società Sportiva Dilettantistica RCS Active Team a r.l., with its registered office in Via Rizzoli, No. 8 – 20132 Milan, Tax Code/VAT no. 08894770968,

(hereinafter, jointly the “Joint Controllers” and each individually the “Joint Controller”)

The Joint Controllers have entered into a joint data controller agreement in which they have determined that RCS Sports & Events S.r.l. will manage requests by the data subject to exercise their rights, and in which they have indicated the activities to be carried out by each of them and the related responsibilities. The joint contact point chosen by the Joint Controllers is the following e-mail address privacysport@rcs.it. You may request further details relating to the joint data controller agreement from the indicated contact address.

2. CATEGORIES OF PERSONAL DATA

Which categories of personal data do we process?

As part of the services provided and depending on the type of services requested, we will collect the following categories of data:

• identification details (including personal details, contact details, etc.);
• contractual data (including data necessary to use the services and participate in the events, payment and invoicing details, services provided, etc.);
• derived data (only if you have provided consent to profiling, data relating to your habits and preferences);
• only in the context of sporting events data relating to sporting fitness (only if the participant’s fitness for sporting activity is an essential requirement to participate in the sporting event, based upon Art. 9, par. 2, lett. h of the GDPR, in accordance with the health protection regulations referred to in the Decree of the Ministry of Health of 18 February 1982 as amended and supplemented).

3. PURPOSES AND LEGAL BASIS OF PROCESSING

For what purposes are the data processed? On what legal basis? For how long are they stored?

We indicate below the processing purposes, the legal basis that legitimises the processing and the storage period of your personal data:

PURPOSES	LEGAL BASIS	STORAGE PERIOD
Contractual purposes – The data you provide will be processed by the Joint Controllers for the performance of a contract and in order to take steps prior to entering into a contract. The activities involved in this purpose include all those necessary to provide you with the requested services, including to register or enrol you on the website, to allow you to participate in competitions, initiatives or events, to manage the sale and/or delivery of products or services, to manage communities and user contributions, to fulfil specific requests prior to the conclusion of the contract, to manage the contract and provide support and assistance. In addition, upon your specific request, you can subscribe to and receive newsletters.	Performance of the contract and/or take steps prior to entering into a contract	The data will be stored until the end of the service, until withdrawal or until a cancellation request is made
Compliance with legal obligations – The data will also be used to comply with the obligations envisaged by the laws in force, including the keeping of company accounting for both statutory and tax purposes, as well as compliance with obligations concerning the preparation of financial statements documents and with provisions issued by authorities authorised to do so by law.	Compliance with a legal obligation	The data will be stored for the mandatory storage period defined by the applicable accounting and/or tax laws
Administrative and accounting management purposes – The data will be used to carry out administrative, operational, financial and accounting transactions related to internal organisational requirements, also related to the right of defence of legal claims.	Legitimate interest of the Joint Controllers in effectively and efficiently managing internal business operations	The data will be stored for the limitation period of the rights and for any additional storage periods established by accounting and tax laws
Statistical analysis purposes – The data will be used to carry out statistical and aggregate analysis activities, without having any effect on the individual data subject.	Legitimate interest in carrying out aggregate analyses to plan the company strategy according to the relevant market	The personal data used for this purpose do not require separate storage but comply with the storage periods of the other purposes.
Direct marketing purposes – Only with your explicit and specific consent, the data may be used to carry out market surveys and promotional activities and to send commercial information on the services, products and promotional initiatives of the Joint Controllers, using all available means of communication, automated and otherwise (such as: paper mail, telephone, email, text messages, chats and notifications).	Consent	The data will be stored until the withdrawal of consent or until cancellation and, in case of inactivity, after five years.
Profiling purposes for marketing activities – The data may be used to carry out profiling activities based on information collected during access to and use of the services and linking them, through algorithms, in order to identify common traits and to group together similar profiles within the classes of interest. The Joint Controllers use profiling data to offer you content that is more suited to your tastes, to aggregate marketing profiles and to customise campaigns and advertising, and for the development of commercial strategies.	Consent	The data, observed from time to time, will be erased after 12 months from the start of processing
Direct marketing purposes by third parties – Only with your explicit and specific consent, your data may be provided to other companies and specific organisations, namely those operating in the publishing, financial, insurance, automotive, sports, energy, consumer goods sectors, food & beverage, fashion, luxury, healthcare, large-scale distribution, transport, humanitarian sectors and charitable organisations which may contact you in relation to their independent initiatives for market surveys and for sending commercial information on services and  promotional initiatives, using all available means of communication, automated and otherwise (such as: paper mail, telephone, e-mail, text messages, chats and notifications).	Consent	The data will be stored until the withdrawal of consent or until cancellation and, in case of inactivity, after five years
Purposes of promotion of similar products or services (soft spamming) – The data will be used by the Joint Controllers to carry out promotion and direct sales activities in relation to products or services similar to those you have already purchased, using the email details provided by you in the context of a previous purchase or service request, provided that you do not exercise your right to object in the ways described in the paragraph entitled “Rights of the Data Subject” below. You may exercise your right to object through the specific link found at the bottom of any email containing promotional content that is sent to you.	Legitimate interest of the Joint Controllers in sending communications relating to similar services, as established by Art. 130, 4 of Italian Legislative Decree 196/2003.	The data will be stored until objection or cancellation and, in case of inactivity, after five years.

4. MANDATORY NATURE AND CONSEQUENCES OF PROVISION OF DATA

Is it mandatory to provide the data? What happens if I do not provide them?

The provision of data for the purposes indicated in points 3.1, 3.2, 3.3 and 3.4 is necessary for the conclusion and management of the contract. In the partial or total absence of provision of these data, the contractual relationship may not be initiated and/or continued. For the purposes indicated in points 3.5, 3.6, 3.7 and 3.8, the provision of data is optional and, in the event of a failure to provide it, the marketing and profiling activities specified therein may not be carried out.

5. DISCLOSURE, COMMUNICATION AND PARTIES ACCESSING THE DATA 

Who can know your data? To whom do we communicate them?

Your data may be disclosed or communicated to the following parties.

• Authorised persons – The data may be accessed by officers authorised by the Joint Controllers who must access them for the purposes indicated above.
• Processors – Your personal data will not be disseminated, but they may be disclosed, where necessary for the provision of the service, to third parties (such as, for example, third party technical service providers, hosting providers, IT or marketing companies) appointed as Data Processors for tasks instrumental to the provision of the services.
• Autonomous data controllers – your data may be shared with other controllers when required by specific rules (e.g. public administration, judicial authority) or when you have given consent (e.g. third parties for the “Direct marketing purposes by third parties”) or when necessary for the performance of contracts to which you are a party or to fulfil requests before the conclusion of the contract (e.g. banks to manage payments).  Competent national sports federations or affiliated organisations or bodies for membership management) or for administrative and accounting purposes to group companies within the EU.

6. LOCATION OF DATA PROCESSING

Are the data transferred outside the EU?

Your personal data may also be processed by the joint controllers outside the European Union. If this happens, the processing will be regulated in compliance with the provisions of chapter V of the Regulation and authorised on the basis of specific decisions of the European Union.  All necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data, basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on appropriate safeguards expressed by the recipient third party pursuant to Art. 46 of the Regulation; c) on the adoption of Binding Corporate Rules.

7. RIGHTS OF THE DATA SUBJECT 

What are your rights as a data subject?

The GDPR grants to you the following rights in relation to your personal data which you may exercise within the limits and in compliance with the provisions of the legislation:

• Right of access to your personal data (art. 15);
• Right to rectification (art. 16);
• Right to erasure (right to be forgotten) (art. 17);
• Right to restriction of processing (art. 18);
• Right to data portability (art. 20);
• Right to object (Art. 21); you have the right to object at any time, on grounds related to your particular situation, to the processing of personal data concerning you based on the legitimate interest, including profiling on that basis. The Joint Controllers refrain from processing unless they demonstrate the existence of compelling legitimate interests to proceed with the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a legal claim; 
• Right to object to a decision based solely on automated processing (art. 22);
• Right to withdraw, at any time, the consent given, without prejudice to the lawfulness of the processing based on consent given before the withdrawal

You may exercise these rights by sending a communication to the Joint Controllers or to the Data Protection Officer (or “DPO”) whose contact details are indicated in the appropriate sections of this privacy policy.

Furthermore, you always have the right to lodge a complaint with the Personal Data Protection Supervisory Authority (art. 77 GDPR), which can be contacted at the address garante@gpdp.it  or via the website http://www.gpdp.it, or the right to an effective judicial remedy (art. 79 of the GDPR).

8. DATA PROTECTION OFFICER AND CONTACT DETAILS

Has a DPO been appointed? How do I contact him/her?

The Joint Controllers have identified a Data Protection Officer and have set up an office for managing requests of the data subjects regarding privacy.

To exercise the rights granted to you, you can contact the Joint Controllers or contact the DPO at the following address: dpo@rcs.it.

9. DATA SOURCE

What is the source of the data?

Your personal data are normally acquired directly from you. They may occasionally be obtained from third parties during the course of the services provided (for example, for participation in some sporting events, your data will be provided by your company, teams and other parties with which you have a contractual relationship, if you have asked to participate in the event).

10. LATEST UPDATE

This Privacy Policy is updated to 01/08/2024.

Previous version

Cookie Policy

Cookies are small aggregates of text stored locally in the temporary memory of your browser, and hence in your computer for periods of time that may vary according to the need, generally between a few hours and some years, with the exception of the profiling cookies, whose maximum duration is 365 calendar days.

Using the cookies, it is possible to record semi-permanently information about your preferences and other technical data that allow for easier browsing and greater ease of use and effectiveness of the site itself. For example, cookies can be used to determine whether a connection between your computer and our sites has already been carried out, to highlight changes or maintain log-in information. For your protection, only the cookie stored on your computer is identified.

To make your visit of our Website more convenient, we use cookies or equivalent computer codes for the presentation of our product assortment. We also make use of usability analysis tools that track user actions to help us understand how our sites are used and improve their functionality and design.

• TYPES OF COOKIES

There are two families or types of cookies:

• Those installed by the owner and data controller of the website, called first party cookies, and
• Cookies installed by “third parties” (third party cookies).

The responsibility and the management of first party cookies rest directly with the Data Controller.

The responsibility and the management of third-party cookies are demanded to the respective data controllers who must offer appropriate mechanisms for consent refusal in their privacy policy.

There may be six different types of cookies on this website or product:

1. Technical, session and analytics Cookies

These cookies are necessary for the correct operation of the site. They are used to manage site access operations (login), to store configuration preferences (where available), or to integrate any plug‑in required for viewing specific content.

Cookies used for statistical and performance analysis are equally considered to be technical cookies, provided that they are configured to collect data in an aggregate and anonymous form, providing an overview of the performance of the sites and content.

2. Traffic and performance analysis cookies

These cookies enable us to know in what way visitors use the website, what contents they access and what regions they come from, allowing us to assess and improve the operation and promote the production of contents that better meet our users’ information needs. These cookies require the consent of the users, who can opt out directly with the respective controllers.

3. Profiling cookies for marketing and advertising purposes

These cookies are used to deliver advertising content within a site or application. These cookies are used, for example, to track the position of the advertisement and verify if a user has already seen the advertising message, but also to follow the users while they are browsing, to define their profile and present advertising related to their personal interests and socio-demographic characteristics.

4. Widgets and other tools for interconnection with external sites and functions

These cookies are often associated with a graphic element on the website, such as an action button or a specific logo (e.g.: the Facebook “like” button) and used to integrate the functions of other sites within the one you are browsing. These cookies are the responsibility of their Data Controllers and you can object to their use directly on the cookie policy pages of the related operator.

5. Tracking pixels or web beacons

These are application scripts and/or images that do not interfere with the look of the site but allow a third party to track the traffic trend. For example, they are used by advertisers to independently measure the performance of an advertising campaign and directly collect information that would not be available otherwise. These cookies are also subject to the user’s consent and can be refused by means of opt-out selectors available in the cookie policy pages of their respective controllers.

6. Usability tools

These are application-coded features that allow the website owner to analyse how users interact with the contents and the features of a website in order to verify its ease of use, design quality and as an aid for planning improvement changes. These scripts are configured to avoid capturing any elements typed by the user that would undermine their privacy and are subject to explicit consent. Refusal to consent, when present in the pages of this site, is managed directly by the Data Controller.

• WHICH COOKIES ARE INSTALLED ON THIS SITE?

The Controller tries to limit the use of cookies to what is strictly necessary for the provision of the services of this and its other sites and products. In particular, we have the cookies indicated in the following paragraphs.

1. COOKIES NOT SUBJECT TO CONSENT

i. Technical, session and analytics cookies

• Nielsen NetRatings (Audiweb) for official access statistics
• Adobe Omniture for internal access and traffic statistics
• Google Analytics for internal‑use access and traffic statistics

2. COOKIES SUBJECT TO CONSENT

We will not use any cookie category other than those strictly required for the purposes set out in the cookie policy, and for proper site operation, with absolute respect for your expressed consent, and taking upon ourselves the obligation to communicate your will – expressed by accepting or denying consent – to our partners, for them to respect it while you are browsing this site.

For all cookies installed by third parties unknown to the Controller for which personal data is processed, subject to your prior consent, also through this website, you can exercise your right to object via the following website: http://www.youronlinechoices.eu/it/

If you have further questions or concerns about the use of cookies, you can always take action to prevent them from being set and read, for example by changing the privacy settings in your browser.

Because each browser – and often different versions of the same browser – may differ significantly from each other, if you prefer to act independently using your browser preferences, you can find detailed information about the necessary procedure in your browser’s Help menu. For an overview of how to act for the most common browsers, please visit: http://www.cookiepedia.co.uk/index.php?title=How_to_Manage_Cookies

• PROCESSING PERIOD

Cookies managed directly by the Controller have a maximum duration of 365 days, barring any voluntary renewals you carry out by reiterating consent.

The profiling cookies managed by the Controller are anonymous. Upon expiry, they remain within statistical systems and profiling platforms exclusively for general statistical purposes, in aggregate form, and can no longer be traced back to your browser.

The duration of cookies managed by third parties is indicated in the respective Cookie Policies.

• MORE INFORMATION ON YOUR RIGHTS

Any request for information or clarification or for exercising rights can be sent to the Data Processor at the following addresses:

– Office of the Data Protection Officer – RCS Sports & Events S.r.l. – Via A. Rizzoli 8, 20132 Milan, Italy;
– Privacy Office – RCS Sports & Events S.r.l. – Via A. Rizzoli 8, 20132 Milan, Italy;
– or by sending an email to: ufficio.privacy@rcs.it

Moreover, you always have the right to file a complaint with the Italian Authority for the Protection of Personal Data, at the address garante@gpdp.it or through the Website http://www.gpdp.it.

This Cookies Policy is revised as of 08/04/2021