PURSUANT TO REGULATION (EU) 2016/679
containing the methods and procedures implemented for the management of personal data of users and/or
visitors collected through navigation on the website www.followyourpassion.it.
possibly consulted by the user and/or visitor by clicking on the appropriate links.
1. Data controller
As a result of the consultation of this site, data relating to users and/or visitors to the site may be processed
(hereinafter, the “Data Subject” or collectively the “Data Subjects”). The data controller is the company MG
SPORT S.r.l. (“MG SPORT” or the “Data Controller”), with registered office in Via Puccini n. 5, Milan (MI) C.F.
0859220966 and VAT no. 0859220966 (e-mail: [email protected]) MG SPORT guarantees that the
data personal data collected will be processed in accordance with the GDPR and the European and national
2. Categories of data processed and data subjects
The data being processed by the Data Controller belong to the following categories:
(i) Navigation data
The computer systems and software procedures in charge of the operation of this website acquire, during
course of their normal operation, some data whose transmission is implicit in the use of the protocols of
Internet communication protocols. This includes:
– IP and domain names of the computers used by Interested Parties connecting to the site;
– the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the
request, the method used in submitting the request to the server, the size of the file obtained in response
response, the number code indicating the status of the response given by the server;
– types of browsers used by the Data Subject;
– information about the pages visited within the site;
– other parameters related to the operating system and computer environment of the Data Subject.
These data are processed, for the time strictly necessary, for the sole purpose of obtaining information
anonymous statistical information on the use of the site and to check its correct functioning. In addition,
these data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
(ii) Data voluntarily provided by Data Subjects.
Included in this category is all information freely provided by Interested Parties who browse the site, with
specific reference to: (i) athletes who register online for competitions, events, manifestations, etc. organized
and/or otherwise managed by the Owner and/or by companies connected, related or partner of the circuit
FollowYourPassion; (ii) individuals who wish to remain informed and/or updated (through newsletters and/or
other communication channels) about events and further initiatives organized by the Owner and/or
companies related, connected or partners of the FollowYourPassion circuit.
More specifically, data voluntarily provided by Interested Parties include:
– the e-mail address (and other personal data included in the missive) provided for the
transmission of requests by the Interested Party;- personal and identification data for filling out the forms
for: (i) registration to the site; (ii) registration for further activities (i.e., competitions, events, etc.); (iii)
– payment data (where required for the purpose of participation in the event of interest);
– data contained in the medical certificate of fitness (where required for the purpose of participation in the
event of interest).
Apart from what has been specified for navigation data, the Interested Party is free to provide his/her
personal data, the whose failure to provide it may result in the impossibility for the Data Controller to fulfill
its requests and to provide the services offered. Please note that where provided, this data will be processed
rules dictated by the Privacy Regulations.
3. Legal basis and purpose of processing
Personal data are processed by the Data Controller for the following purposes:
– to ensure and verify the proper functioning of the website, as well as to improve the experience of the
navigation of the Data Subject. The legal basis for the processing of personal data for this purpose is the
legitimate interest of the Data Controller to enable the proper enjoyment of the website content (Art. 6,
paragraph 1(f) of the GDPR);
– to manage user requests received by e-mail; to manage user registration on the website; manage
registration for further activities (i.e., competitions, events, etc.). The legal basis of the processing of personal
data for this purpose is the execution of pre-contractual and contractual measures adopted behind the
interest of the Data Subject (Art. 6(1)(b) of the GDPR);
– sending information material (i.e., newsletters). The legal basis for the processing of personal data for this
purpose is the express consent provided by the Data Subject (Art. 6(1)(a) of the GDPR).
In addition, personal data referring to athletes may be processed for the following additional purposes:
– fulfillment of contractual and legal obligations arising from the relationship established with the athlete, or
to fulfill his pre and post contractual requests and in any case for the management of commercial or
– to formalize the registration for events, competitions or events and for all related and consequential, as
well as for updates related to the event, competition or event (including the possibility of independently
printing, through sending to appropriate links, one’s own letter of confirmation and diploma of participation,
which will remain public until the next edition);
– to accredit the athlete at events promoted by our sports club;
– to contact the athlete and send information about subsequent editions of the same event, sponsors and/or
for events in general of the FollowYourPassion circuit by e-mail or phone or App;
– for fulfillments and obligations required by laws, regulations and community rules or by provisions issued
by authorities empowered to do so by law and by supervisory and control bodies (for the keeping of accounts
and for the management of collections and payments);
– for anonymous and aggregate statistical purposes (for example: number of members broken down by men
and women, by country or region, age, or other) aimed at finding sponsors, business partners, institutional
of the event itself (aggregate statistical data).
For such purposes, the consent of the athletes is not required, as the legal basis on which such processing is
the execution of an existing contract between the Controller and the athletes or the performance of
measures pre-contractual measures in the interest of the same, as well as the legitimate interest of the
Controller in the management and organization of its events and the fulfillment of legal obligations related
to such events (e.g, in security matters) (Art. 6(1)(b), (c), (f) of the GDPR). The provision of personal data or
the above purposes is mandatory, otherwise it will not be possible to proceed with registration event.
In addition to the purposes described above, the Controller may finally process athletes’ personal data:
– for the use of still or moving images that may depict them during their participation in the event,
competition or event on all media, including promotional materials and/or advertising, all over the world and
for as long as permitted by law and regulations on matter. Events will have appropriate signage installed at
– to send, via newsletter or other format, information regarding additional events and initiatives of the
FollowYourPassion circuit, unrelated to the event in which the athlete wishes to participate;
– to enable promotional activity, via newsletter, of initiatives of sponsors and/or partners and/or third parties
connected to the FollowYourPassion circuit;
– to purchase photographic or similar services through event partners.
For the purpose of pursuing these purposes, the Owner will require specific and distinct consents from the
athletes. The provision of personal data for the above purposes is optional and does not affect, therefore, on
4. Methods of data processing and storage
The data will be processed by means of instruments suitable to guarantee their confidentiality, integrity and
availability, in compliance with appropriate technical and organizational security measures provided by the
The processing is carried out by means of computerized and/or automated systems and will include all the
operations or complex of operations provided for in Article 4 of the GDPR and necessary for the processing
in question, including the communication vis-à-vis the persons authorized for the processing itself.
The data will not generally be subject to dissemination, while they will or may be communicated to subjects,
public or private, operating within the scope of the purposes described above. The athletes’ data, on the
other hand, in the case in which the latter issue appropriate consents for this purpose, may be disseminated.
The Data Controller will process the personal data of the Interested Parties for the time necessary to fulfill
the above purposes above and, in any case, for a time not exceeding the ten-year limitation period provided
The personal data collected by the Controller will be stored in a CRM managed by the company HubSpot.Inc
for the 2 years following their collection.
5. Communication and transfer of personal data
The data will be made accessible:
– To employees/collaborators of the Data Controller, in their capacity as authorized processors, subject to
– to third parties (such as legal, tax, communication consultants, etc.; authorities in charge of receive such
data by law; etc.), who will act from time to time as autonomous data controllers or data controllers on behalf
of the Data Controller.
The processing is conducted with the use of appropriate security measures to prevent unauthorized access
to the data authorized by third parties and to ensure their confidentiality. The management and storage of
personal data will take place on servers located within the European Union of the Data Controller, companies
in the same group as the Owner and/or third party companies entrusted and duly appointed as data
processors. Please consider that, as a result of any disclosure of personal data, the Controller will no longer
be able to guarantee that such data will not be transferred outside the European Union.
The site uses tracking tools such as its own and third-party cookies. Third-party cookies are managed by the
company HubSpot. Inc. which offers technical or assimilated cookies (i.e., browsing or session cookies);
analytics cookies, to collect information, in aggregate form, about the number of users and how they visit
the site itself.
The types of cookies used by this site do not require the prior explicit consent of the Data Subject and the
receipt of them can be stopped at any time by changing the settings of one’s browser. After this operation,
however, some functions of the site may not be performed our own browser. After this operation, however,
some functions of the site may not be performed correctly and certain operations may become more
complex and/or less secure.
Regarding the types and methods of operation of the tracking tools used, it is possible to consult the
7. Rights of Data Subjects
According to the provisions of the GDPR, each Data Subject has the following rights vis-à-vis the Data
– to obtain confirmation as to whether or not personal data concerning him or her is being processed and, if
so case, to obtain access to personal data (Right of Access Art. 15);
– obtain rectification of inaccurate personal data concerning him/her without undue delay (Right of
rectification art. 16);
– obtain the deletion of personal data concerning him/her without undue delay and the Controller has
obligation to delete without undue delay personal data if certain conditions are met (Right to be forgotten
– Obtain the restriction of processing in certain cases (Right to restriction of processing art. 18);
– receive in a structured, commonly used and machine-readable format the personal data concerning him or
her provided and has the right to transmit such data to another data controller, without impediments by the
Controller, in certain cases (Right to data portability Art. 20);
– object at any time, on grounds relating to his or her particular situation, to the processing of personal data
concerning him/her (Right to object art. 21). Data subjects may object at any time and with ease to the
processing of the relevant data for marketing purposes through the functionality of “opt-out” (“unsubscribe”)
at the bottom of any communication received from the Controller;
– revoke the express consent at any time, without thereby affecting the lawfulness of the processing of
personal data carried out prior to revocation (Conditions for Consent Art. 7).
Where applicable, in addition to the rights under Articles 16-21 GDPR (Right to rectification, right to be
forgotten, right to limitation of processing, right to data portability, right to object), the data subject has the
right to complaint to the competent supervisory authority.
8. Methods of exercising rights
You can exercise the rights referred to in paragraph 7 above and contact the Data Controller at the e-mail
address: [email protected]