XMASKRACE SRL with registered office at VIA VITTORIO BOTTEGO, 10 44124 Ferrara (FE), CF 019747000385 and P.IVA 019747000385 (hereinafter, “Data Controller”), as the data controller, informs you pursuant to Art. 13 LD. 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following manner and for the following purposes:
1. Subject of Treatment
The Controller processes personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references) hereafter, “personal data” or also “data” communicated by you in connection with the conclusion of contracts for the Controller’s services.
2. Purpose of processing.
Your personal data are processed:
- A. without your express consent (Art. 24 lett. a), b), (c) Privacy Code and Art. 6 lett. (b), (e) GDPR), for the following Service Purposes:
- ¬ conclude contracts for Holder’s services;
- ¬ fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;
- ¬ fulfill obligations required by law, regulation, EU legislation, or an order of the Authority (such as in the area of anti-money laundering);
- ¬ exercise the rights of the Holder, for example, the right of defense in court;
- B. Only with your specific and separate consent (Articles 23 and 130 Privacy Code and Article 7 GDPR), for the following Marketing Purposes:
- ¬ send you via e-mail, mail and/or sms and/or telephone contact, newsletters, commercial communications and/or advertising material on products or services offered by the Holder and satisfaction survey on the quality of services;
- ¬ send you via e-mail, mail and/or text message and/or telephone contact commercial and/or promotional communications from third parties (e.g. business partners).
Please note that if you are already our customer, we may send you commercial communications relating to services and products of the Owner similar or related to those you have already used, unless you disagree (art. 130 c. 4 Privacy Code).
3. Method of treatment.
The processing of your personal data is carried out by means of the operations specified in Art. 4 Privacy Code and Art. 4 n. 2 GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.
The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 10 years after the termination of the relationship for the Service Purposes and for no longer than 2 years after data collection for the Marketing Purposes.
4. Data Access.
Your data may be made accessible for the purposes of Art. 2.A and 2.B:
- ¬ to employees and associates of the Owner in their capacity as appointees and/or internal data processors and/or system administrators;
- ¬ to third-party companies or other entities (by way of example, credit institutions, professional firms, consultants, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors.
5. Disclosure of data
Without the need for express consent (ex art. 24 lett. a), (b), (d) Privacy Code and Art. 6 lett. (b) and (c) GDPR), the Controller may disclose your data for the purposes set forth in Art. 2.A to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom communication is obligatory by law for the fulfillment of the said purposes. These parties will process the data in their capacity as autonomous data controllers.
Your data will not be disseminated.
6. Data transfer
Personal data are stored on servers located in Italy and otherwise within the European Union. It is in any case understood that the Holder, should it become necessary, will be entitled to move the servers outside the EU as well. In such a case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
7. Nature of data provision and consequences of refusal to respond
The provision of data for the purposes of Art. 2.A) is mandatory. In their absence, we will not be able to guarantee you the Services of Art. 2.A).
The provision of data for the purposes of Art. 2.B) on the other hand is optional. You can then decide not to give any data or to deny later the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material related to the Services offered by the Owner. He will, however, continue to be entitled to the Services set forth in Art. 2.A).