Privacy Policy Every Dream Matters – Daytona 2025
This Privacy Policy refers exclusively to the processing of personal data of natural persons (hereinafter “Data Subjects”) who fill in the form entitled “YOUR DREAMS ON YOUR DAYTONA 2025 LIVERY” on the website www.irondames.ch (hereinafter, “Website“), on the webpage https://www.irondames.ch/daytona-2025. It is to be considered as policy provided in accordance with the European Data Protection Regulation (hereinafter “GDPR”) and the Italian data protection legislation (hereinafter, collectively, the “Applicable Law“).
1. Data Controller and contact details
The Data Controller is Iron Lynx S.r.l., with registered office in Via Civinelli, 950 – 47522, Cesena (Italy), VAT n. 04345820403 (hereinafter, “Data Controller” or just “Controller“).
For any clarification, information, or exercise of the rights listed in this Privacy Policy, the Data Controller can be contacted at the following contact details: tel. +39 0547 1825743, e-mail welcome@ironlynx.it, certified e-mail ironlynxsrl@pec.it.
2. Personal data subject to processing
The personal data processed by the Controller are name, last name, e-mail address, message describing the dream, and any further personal data that the Data Subjects have voluntarily entered in the message text.
The Data Controller shall process personal data in compliance with the Applicable Law, assuming that they refer to the Data Subjects or to third parties who have expressly authorised the Data Subjects to provide them or whose personal data the Data Subjects was entitled to provide. With respect to these assumptions, the Data Subjects undertake to indemnify and hold harmless the Data Controller from any dispute, claim or request for compensation for damage caused by the processing of personal data that may be received from such third parties.
3. Purposes and legal basis of the processing
Personal data will be processed for the following purposes, as also stated in the General Terms and Conditions of Services, which the data subject must accept to share his or her dream:
PURPOSES | LEGAL BASIS |
---|---|
Collect, evaluate and select the dreams that will be published. | The implementation of pre-contractual measures at the request of the Data Subject or the contract to which the Data Subject is party [article 6, par. 1, lett. b), of the GDPR]. |
Once the collection, evaluation and selection of dreams has been completed, publish the selected dreams in a carousel on the Every Dream Matters – Daytona 2025 section of the Website. | The implementation of pre-contractual measures at the request of the Data Subject or the contract to which the Data Subject is party [article 6, par. 1, lett. b), of the GDPR]. |
Publish the selected dreams and the name of the dream author on the livery of the Iron Dames car during the “24 Hours of Daytona” race. | The implementation of pre-contractual measures at the request of the Data Subject or the contract to which the Data Subject is party [article 6, par. 1, lett. b), of the GDPR]. |
Publish photos and videos of the livery of the Iron Dames car with the dream depicted on the Every Dream Matters – Daytona 2025 project section of the Website. | The implementation of pre-contractual measures at the request of the Data Subject or the contract to which the Data Subject is party [article 6, par. 1, lett. b), of the GDPR]. |
Ascertain, exercise, or defend a right in administrative, jurisdictional or extrajudicial proceedings or whenever administrative or jurisdictional authorities exercise their functions. | The legitimate interest of the Data Controller to ascertain, exercise, or defend a right or whenever administrative or jurisdictional authorities exercise their functions [article 6, par. 1, lett. f), of the GDPR]. |
Send the newsletter on the products and/or on the initiatives and/or events organized by the Data Controller and/or on race results. | Send the newsletter on the products and/or on the initiatives and/or events organized by the Data Controller and/or on race results. |
4. Nature of provision of personal data and consequences of failure to provide them
The provision of personal data is optional; however, the provision of personal data is necessary to adhere to the General Terms and Conditions of Services and to see your dream published on the Website and on the livery of the Iron Dames car during the “24 Hours of Daytona” race.
The Data Subject is free to provide or not to provide his or her personal data for the reception of the newsletter and no consequences will arise on the conclusion and execution of the contract in the event that he or she decides not to give his or her consent or to withdraw the consent initially given to the reception of the newsletter.
5. Methods of personal data processing
Personal data are processed with manual and computer-based instruments, in any case in such a way as to guarantee their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk related to the processing of personal data carried out. In particular, the Website functionality is provided on HTTPS encrypted connection and personal data are collected, filed and stored on secure servers, protected by firewalls and physically located within the European Economic Area.
6. Recipients of personal data
The personal data provided by the Data Subjects may be shared, for the purposes set out in paragraph 3 above, with:
- employees or other types of collaborators authorized by the Data Controller to process personal data and who have received specific instructions on how to process the personal data in accordance with art. 29 of the GDPR and art. 2-quaterdecies of the Italian Privacy Code;
- Leo Burnett Company S.r.l., acting as data processor (art. 28 of the GDPR), with registered office in Viale Jenner, 19 – 20159 Milano (Italy), VAT n. 08812990151, for the management of the section of the Website dedicated to the Every Dream Matters – Daytona 2025 project;
- Rocket Science Group LLC d/b/a Mailchimp, acting as data processor (art. 28 of the GDPR), as provider of the newsletter management service;
- companies, consultants or professionals who may be entrusted with the maintenance and updating of the Website and, in general, management of the Data Controller’s hardware and software, including the hosting provider and cloud computing services providers who typically act as data processor;
- persons, entities or authorities to whom, in their capacity as autonomous data controllers, it is mandatory to communicate personal data by virtue of legal provisions or orders of the authorities or to prevent and/or ascertain any fraudulent activity or abuse in the use of the Website and the services offered by the Controller;
- law firms, associated firms, consultants or professionals (e.g., legal, administrative and/or tax consultancies) who may be appointed to support the Data Controller in order to ensure the correct fulfilment of the legal obligations with which it is required to comply; the ascertainment, exercise or defence of a right in jurisdictional or extrajudicial proceedings or whenever administrative or jurisdictional authorities exercise their functions.
The selected dreams of the Data Subjects will be published on the Website and on the livery of the Iron Dames car during the “24 Hours of Daytona” race, as detailed in paragraph 3 of this privacy policy and in the General Terms and Conditions of Services.
7. Data transfers to countries outside the EEA or international organisations
The Controller’s hosting provider’s servers are located within the European Economic Area. However, some of the Controller’s suppliers or the servers of those suppliers may be located in countries outside the European Economic Area.
Transfers to Rocket Science Group LLC d/b/a Mailchimp, located in the US, take place on the basis of the adequacy decision adopted by the European Commission: the rights and freedoms of data subjects are assessed as adequately protected when transfers take place within the Data Privacy Framework. Rocket Science Group LLC d/b/a Mailchimp is an active participant in the Data Privacy Framework. For more information, the Data Subjects can contact the Data Controller at the contact details listed in paragraph 1.
8. Period of retention of personal data
The personal data will be retained for a maximum period of 4 months, except for processing for marketing purposes, in which case data will be retained for a maximum period of 24 months from the date of subscription to the newsletter and/or from the renewal of the consent to receive the newsletter.
After expiry of the retention period, the data will be deleted or anonymised.
9. Rights of the data subject
The Data Subjects have the rights:
- to receive confirmation as to whether or not their personal data are being processed and, if so, to obtain access to them and to a range of relevant information, including, by way of example, information relating to: a) the purposes of the processing; b) the categories of personal data that are subject to processing; c) the entities or categories of entities to whom or which the personal data have been or will be communicated; d) the storage period of the data or, if that is not possible, the criteria used to determine that period; e) the source of the personal data, if they have not been provided by the Data Subjects;
- to request and obtain the updating of personal data, the rectification of inaccurate data or, when needed, the integration of incomplete data;
- to request and obtain the erasure of personal data if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the Data Subjects object to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason to continue the processing; c) the personal data have been processed unlawfully; d) the personal data must be erased by the Controller in compliance with a legal obligation;
- to request and obtain the restriction of processing in the event of: a) contestation of the accuracy of their personal data for the time necessary for the Data Controller to carry out the requested verifications; b) unlawful processing of data by the Data Controller, if the Data Subjects object to the deletion of the data and instead request the restriction of their use; c) ascertainment, exercise or defence of a right of the data subjects in court, although the Data Controller no longer needs the data for the purposes of processing; d) awaiting the outcome of the verification as to whether the Data Controller’s legitimate reasons prevail over those of the data subjects;
- in cases where the processing of personal data is based on a contract and is carried out by automated means, to request and receive in a structured, commonly used and machine-readable format their personal data and, if technically feasible, to obtain the direct transmission of them by the Controller to another controller;
- to object, in whole or in part, on legitimate grounds relating to their particular situation, to the processing of personal data concerning the Data Subjects, even though they are relevant to the purpose of collection;
- in cases where the processing of personal data is based on the Data Subjects’ consent, to withdraw, at any time, the given consent; the withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal;
- to file a complaint with the competent Data Protection Authorities.
The Data Controller shall inform each of the recipients to whom the personal data of the Data Subjects have been transmitted of any rectification, cancellation and/or restriction of processing carried out, except when this proves impossible or involves a disproportionate effort.
10. Ways of exercising rights of data subjects
Data subjects may exercise the above-mentioned rights at any time by contacting the Data Controller at the contact details listed in paragraph 1. If the Data Subjects wish to lodge a complaint, they may use, if available, the forms on the website of the competent Data Protection Authorities.
11. Changes to this Privacy Policy
This Privacy Policy may be amended and/or integrated and/or updated periodically, also as a consequence of the updating of the Applicable Law. In this case, the Data Controller shall inform the Data Subjects of any amendments and/or additions and/or updates to this Privacy Policy by publishing the updated version of the Privacy Policy on the Website.
Last Update: 11/11/2024