PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA

PURSUANT TO THE REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

(GENERAL DATA PROTECTION REGULATION – GDPR)

***

Pursuant to Article 13 of the European Union Regulation no. 2016/679 on the Protection of Personal Data (hereinafter also referred as “General Data Protection Regulation” or “GDPR”), prior to the processing of personal data (also “Data”), the Data Subject (user of the website https://www.mxgp.com) is informed that his personal data, collected through the site, are processed by the Data Controller through computer and/or telematics tools, for the purposes indicated in this policy. For this scope, Infront Moto Racing (hereinafter also referred as “Data Controller” or “Society”), as the creator and promoter of the activities available on the website https://www.mxgp.com , provides the Data Subject with the Privacy Statement prepared.

  1. Data Controller

The Data Controller is Infront Moto Racing, with registered office in Le Gildo Pastor Center 7 Rue du Gabian 98000 Monaco, VAT Number FR75000048230.

For more information regarding the rights of the Person concerned, please consider the Paragraphs called “Rights of the Data Subject” and “Method to exercise your rights” of this Policy.

  1. Legal bases on which we process your personal data and purpose of Processing

The data provided when browsing the website https://www.mxgp.com is processed by the Data Controller in accordance with the applicable laws. The processing of your Data by the Data Controller, provided during the navigation/use of the sections of the site https://www.mxgp.com, is aimed at the pursuit of the following purposes:

  1. Execution of information requests: in case you decide to contact us, filling out the multimedia form asking to be contacted (in the “Contact” section of the site), your details (personal or contact data) will be processed to fulfill your request and provide you with the appropriate information. In this case the legal basis of data processing is identified in the interest of Data Controller to provide you with the information required;
  2. Registration to newsletter: in case you decide to subscribe to the “Newsletter” through the section of the website solely dedicated to this activity, your personal data will be processed by the Data Controller for sending of commercial or promotional communications, relative updates, for example, to the circuits, special events and promotions. In this case the legal basis of data processing is identified in the obligation of Data Controller to provide you with the Newsletter service required. To unsubscribe from the newsletter simply click on the unsubscribe link at the bottom of the emails received or by writing to gdpr@mxgp.com;

In case you decide to subscribe to the “Newsletter” through other section of website, for example when you buy tickets on line via VIP Tickets section of website, the legal basis of data processing is identified in your consent to the data processing;

  1. Request to buy VIP tickets online: the main website, via the VIP section, redirects to the viptickets website for the purchase of VIP tickets, and in case you buy tickets online your Data will be processed for the establishment, management, execution and/or conclusion of the online sales contract. The Data conferred will be processed by the Controllers for the purpose of the management of the purchase order with reference, for example, to the activity of payment, shipping, taking charge of any returns, for customer assistance, for the execution of administrative purposes – accountants related to the management of the order, for the fulfillment of obligations under the current legislation; In this case the legal basis of data processing is identified in the performance of the contract to which the data subject is party;
  2. Account Creation: in the case that you decide to register on the website and create an account before buying tickets via VIP Tickets Section, personal data will be processed by the Controller for the purpose of your registration on web site, creation and management of your account and access to the reserved area and use of its functionalities. In particular, in providing your name, last name, email address, birthdate, gender, country and the setting of an access password, these will be processed for the creation of your personal account.

In this case the legal basis of data processing is identified in interest to the Data Controllers to provide the service requested;

  1. Profiling of the physical person: Only after your express and explicit consent, the personal data you provided may be processed by the Controllers for profiling activities, or analysis of your preferences aimed at creating personalized content and offers. In this case the legal basis of data processing is identified in your consent to the data processing.

It is specified that the website https://www.mxgp.com allows access to the social pages of the Society. In this context, as best specified in the “Cookie Policy” on the site, you may experience the installation of third-party cookies on the site. Within this frame of reference, it is specified that the data processing may also be carried out for the fulfilment of the obligations under the law, regulations and, in general, by the applicable legislation from time to time.

  1. Nature of the processing

In relation to the purposes set out in paragraph 1 of the section “Legal bases on which we process your personal data and purpose of Processing – Execution of Information Requests”, the provision of your personal data is necessary. The failure provision of Data will make it impossible to take charge and fulfil any requests for information.

In relation to the purposes set out in paragraph 2 of the section “Legal bases on which we process your personal data and purpose of Processing – Registration to newsletter”, if you decide to proceed with the newsletter subscription asking for this service provided by Infront Moto Racing through the section of the website solely dedicated to this activity, the provision of your personal data is necessary. The failure provision of Data will make it impossible for the Society to allow you to subscribe to the Newsletter and to provide the service Newsletter service required.

In case you decide to subscribe to the “Newsletter” through other section of website, for example when you buy tickets on line via VIP Tickets section of website, the legal basis of data processing is identified in your consent to the data processing and the provision of your consent is optional. In you do not give consent will make it impossible for the Society to send you newsletter.

In relation to the purposes set out in paragraph 3 of the section “Legal bases on which we process your personal data and purpose of Processing – Request to buy VIP tickets online”, the provision of your personal data is necessary. The failure provision of Data will make it impossible for the Society to proceed with the establishment, management, execution and/or conclusion of the online sales contract, therefore making it impossible to perform, for example, activities related to payment, shipment, management of returns, customer support, administrative and accounting purposes related to the management of the order and the fulfillment of obligations under current legislation.

In relation to the purposes referenced in paragraph 5 of the previous section “Legal bases on which we process your personal data and purpose of Processing  Account creation”, the provision of your personal data is necessary. The failure provision of Data will make it impossible for the Controllers to allow you the registration to the web site.

In relation to the purposes referenced in paragraph 5 of the previous section “Legal bases on which we process your personal data and purpose of Processing  Profiling of the physical person”, providing your personal data and consent to its processing is optional, and it does not prevent the possibility to buy tickets online.

  1. Personal Data undergoing processing

The Data processed by the Data Controller are those provided by the user, when browsing the website https://www.mxgp.com and, depending on the processing identified in Paragraph 2 “Legal bases on which we process your personal data and purpose of Processing”, may include: first name, last name, address, bank details, email address, telephone number.

 

  1. Methods of use of the Data

The Controller in compliance with the provisions as set will process your personal information forth by applicable law on data protection. Data processing will be carried out through electronic and/or IT means, organizational and logical procedures strictly correlated with the purposes for which information is collected. In addition, the Controller has implemented the appropriate security measures intended to protect from unauthorized access, disclosure, alteration or destruction, loss or unlawful use and misuse of your personal information.

However, the Controller cannot guarantee to its users that the measures taken for the security of the site and the transmission of data and information on the site itself are able to limit or exclude any risk of unauthorized access or dispersion Data by user-relevant devices. For this reason, site users are advised to ensure that their computer has appropriate software to protect the transmission of data over the network (e.g. up-to-date antivirus) and that their Internet Provider has taken appropriate steps to protect the transmission of data over the network.

The Controller is also committed to process the Data according to the principles of fairness, law and transparency, to collect them to the necessary and exact extent for processing and to allow its use only by authorized personnel. The management and retention of the acquired data will be carried out in archives or on servers located within the European Union owned by the Controller and/or Third Companies, named External Data Processor.

  1. Data retention periods

Relating to different purposes for which they are processed, Data will be retained for as long as needed or permitted in light of the purposes for which it was obtained and, in any case, in accordance with the regulations in force.

In any case, the Controller undertakes to avoid processing of personal data for an indefinite period and to verify, periodically, the actual interest of the Data Subject.

  1. Data recipients and Data Processors

Your Personal Data will not be in any way disclosed by transmission, dissemination or otherwise made available to third parties, excluding the cases provided by law and, in any event, in compliance with the procedures set forth in the applicable regulation. Your Personal Data will be processed by the Company’s employees to the extent and according to the purposes for which it is processed. Some Data may also be processed by third parties, acting as External Data Processor, that are appointed or may be appointed by the Controller for the management of the contractual relationship, provision of the services and for organizational requirements as to corporate business. In particular, Personal Data may be shared, including but not limited to, with:

  1. private or public third parties authorised to process Personal Data by virtue of laws, regulations

or community legislation, to the extent provided for by said regulations;

  1. third parties that need to process Personal Information for purposes related to contractual

relationship between the parties, to the extent strictly necessary for the performance of the tasks assigned (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, mail carriers, and shipping companies);

  1. consultants, to the extent strictly necessary for the performance of professional assigned tasks.
  1. Transfer of personal data to third countries

The management and retention of personal data will be carried out on the servers of the Controller and/or third Companies duly appointed as External Data Processor located within the European Union. Data may be transferred abroad, in accordance with current laws, even in countries outside the European Union. The transfer to extra EU countries, in addition to the cases in which this is guaranteed by the Commission’s Adequacy Decisions, is carried out in a way that provides appropriate guarantees under articles 46, 47 and 49 of the GDPR.

  1. Rights of the Data Subject

The GDPR gives the Data Subject specific rights that help him/her be in control of his/her personal data, namely:

a) pursuant to art. 15, the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the personal data and the following information: i) the purposes of the processing ii) the categories of personal data concerned; iii) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations; iv) where possible, the envisage period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; v) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of personal data concerning the data subject or to object to such processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to articles 77 ff. of the GDPR; vii) if the Data is not collected from the Data Subject, all information available on their origin; viii) the existence of automated decision-making process, including profiling referred to Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisage consequences of such processing for the data subject; ix) where personal data are transferred to a third country or to an international organisation the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer of Personal Data to a third country or an international organisation;

b) the Data Subject shall also have (where applicable) the possibility of exercising the rights pursuant to articles 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to Data portability, right to object).

The Society undertakes to provide information on action taken on a request to the Data Subject within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. In any case, the Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Information on the action taken on a request shall be provided in writing or by electronic means.

  1. Method to exercise your rights

The Data Subject may at any time exercise the above-mentioned rights and request a copy of an updated list of the Data processors by email at: gdpr@mxgp.com.

 

  1. Changes to this policy

The Controller reserves the right to make changes to this Privacy Policy at any time by advertising it to users on the https://www.mxgp.com site.

Please consult this page often, taking as a reference the date of the last change indicated at the end of the document. If you do not accept the changes to this Privacy Policy, you may require the Controller to delete your Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to the data collected up to that point.

Privacy Policy updated on date 21/07/2020

 

Data Controller

Infront Moto Racing