For the protection of natutal persons with regard to the processing of their personal data and the free circulation of the same, guiding this processing to the principles of lawfulness, fairness and transparency, pursuant to EU Regulation 2016/679 (GDPR) and additional legislation applicable to the matter, and in relation to the personal data of which INTERNATIONAL SKI MOUNTAINEERING FEDERATION (hereinafter also simply as ‘ISMF’ or ‘Controller’) will come into possession – through the website www.ismf-ski.org (hereinafter simply ‘the Website’) or other contact channels indicated therein – and will process it, the following information is provided.
The Controller of the Processing of personal data is the INTERNATIONAL SKI MOUNTAINEERING FEDERATION with legal offices in Lausanne-3 (1000 – Switzerland), avenue de Rhodanie n° 54 – business offices in Mondovì (12084, CN, Italy), Piazza Mellano n° 4, tel. +39 0174 554755, fax +39 0174 080155, e-mail firstname.lastname@example.org, – VAT: CHE-231.976.955.
Cookies are used on the Website. The cookies allow the Website user’s (hereinafter simple the Data Subject) experience to be personalised by inserting a file on their computer (the cookie) that registers information that details how the Website and navigation is used.
It is possible to deactivate the cookies, even if that could potentially limit the functionality of webpages or access to the Website.
Besides that which regards navigation data and cookies (referred to in the previous p. 2), the personal data that the Data Subjetcs communicates through the Website and other forms of contact can be processed for the purposes of the following:
A) Execution of a contract or information requests
The Controller can process ‘general’ personal data (such as data regarding identification, contact, banks, etc.), for the execution of a contractual relationship, and to respond, even before the conclusion of the contract, to the requirements of the manifested contact, or, if requested, to fulfill specific requests made by the Data Subject.
B) Management of one’s personal account
Through the Website, enabled users have access to the reserved area, through one’s personal account, protected by personal credentials. The Controller will also process such data in order to improve the licensing procedure as well as registration to competitions or events.
C) Fulfilling of legal obligations (or orders from the Authority) and legitimate interests.
The Data Controller may also process the personal data of the Data Subject to fulfill any legal obligations, or orders of an Authority or to pursue other legitimate interests of the Controller, such as the defense in court, the communication of the institutional activities of the Controller or statistical calculations.
Through the Website, the Data Subject can also register for the newsletter service, for which their data will also be processed for this purpose.
The legal bases for data processing whose purpose is indicated in the preceding points 3.A) and 3.B) above is needed for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
The legal bases for the processing referred to in the aforementioned point 3.C) is needed to fulfill legal obligations to which the Controller is subject, or the legitimate interest of the Controller.
The legal bases for the processing referred to in the aforementioned point 3.D), as regards the Controller, are the fulfillment of requests by the Data Subject and the legitimate interest of the Controller to inform about their activities.
The categories of Recipients to whom the personal data may be communicated are the following:
a) personnel of the Controller, authorised and on instruction by the same, who are committed to confidentiality or who have an adequate legal obligation to confidentiality (ex. collaborators of the Controller);
b) eventual Processors external to the Controller, appointed ex art. 28 GDPR;
c) other subjects external to the Controller, the processing of which (as autonomous Controllers) is necessary for the execution of the activities (also of a financial nature for the management of payments: such as banks) connected and consequent to the execution of the Contract or other activities;
d) the Controller can also have to communicate or transmit the data to Public Authorities, including the Juridical Authority.
The Data Controller may communicate or transfer the personal data of the Data Subject to Third Countries (non-EU) or international organisations (outside the EU) to which the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request, pursuant to art. 49, par. 1, lett. B, GDPR).
The Controller will store the Data Subject’s Data for however long it will take to consent to the same Data Subject the requested activity or in order to reach the finality indicated and for a period over 36 months, except if a different time frame is necessary (such as the duration of a legal procedure).
7. Nature of the provision of data and consequences of the refusal
The communication of the data marked by an asterisk is necessary: the failure to provide this data will make it impossible for the Controller to provide what was requested by the Data Subject.
The communication of data not marked by an asterisk is optional: the failure to provide will allow the fulfillment of the request.
The EU Regulation grants the data subject the following rights with regard to the processing of personal data:
a) the right of access with the eventual request of copies of the processed data (art. 15 GDPR);
b) the right to rectification of inaccurate personal data without unjustified delay and integration of incomplete personal data (art. 16 GDPR);
c) the right to the erasure of personal data without unjustified delay – also known as the ‘right to be forgotten’ – for one of the motives indicated by the letters a) to f) of art. 17 GDPR;
d) the right to restriction of the processing of one of the hypothesis indicated by the letters a) to d) of art. 18 GDPR;
e) the right to data portability (art. 20 GDPR);
a) the right to object, (art. 21 GDPR), for motives connected to data subject’s specific situation, to the processing of personal data which concerns it, ex art. 6, paragraph 1, letters e) or f) GDPR, including profiling; or, where data are processed for direct marketing purposes, right to object to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The data subject who believes that the processing of personal data concerning him / her violates the EU Regulation 2016/679 may propose a Complaint to a Control Authority – in the Member State in which he / she resides habitually, works or in the place where the alleged violation has occurred – according to the provisions of art. 77 of the GDPR.
The above information has been in force since 25 May 2018.
The Controller reserves the right to modify its content, in part or completely, also due to changes in the Privacy Law.
The Controller will publish the updated version of this document on the Website, and from then on it will be binding: the Data Subject is therefore invited to regularly visit this section.