Privacy Policy
This Privacy Policy refers exclusively to the domain irondames.ch including all subdomains (hereinafter the “Website“) and does not concern other websites that may be consulted by clicking links that redirect to external websites. In accordance with the Switzerland Federal Act on Data Protection (hereinafter the “FADP”) and the European Regulation on Data Protection [Regulation (EU) 2016/679, hereinafter the “GDPR“] (hereinafter, collectively, the “Applicable Law“), this Privacy Policy is provided to the individual who interacts with the Website, consulting its pages (hereinafter the “User(s)”).
With respect to cookies, please refer to the Cookie Policy. The latter is integral part of this Privacy Policy and available at the link that the User can find in the footer of the Website.
1. Data Controller and contact details
The Data Controller is DC Racing Solutions S.A., with registered office in Baarerstrasse 80, 6300 Zug (Switzerland), VAT no. CHE-296 968 866 MWST, hereinafter the “Data Controller” or just the “Controller“. For any clarification, information, or exercise of the rights listed in this Privacy Policy, the User can contact the Data Controller at the following contact details: e-mail: compliance@irondames.ch.
2. Personal data subject to processing
The personal data processed through the Website are the following:
a. Navigation data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These personal data are not collected to be associated with identified data subjects, but, considering their nature and intrinsic characteristics, they could, through processing and association with data held by third parties, enable users to be identified. This category of data includes IP addresses or domain names, country of origin of the IP addresses, browser type and device type of the computers, smartphones, tablets and other connected devices used by Users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources. This data is used for the sole purpose of obtaining aggregate or anonymous statistical information on the use of the Website and to check its correct functioning to identify anomalies and/or abuse and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes or at the request of the Public Authority.
b. Data provided on a voluntary basis
By means of the Website, the User may voluntarily and freely provide personal data such as:
- personal data provided by the User in e-mails sent to the e-mail addresses that the User can find on the Website, section “CONTACT US – BECOME PART OF OUR FAMILY”;
- e-mail address provided by the User for marketing purposes by the form “STAY UPDATED – SUBSCRIBE TO OUR NEWSLETTER”, present on each page of the Website;
- as well as other personal data provided by the User when filling in forms and which will be processed from time to time in accordance with the specific privacy policies on this Website.
Please note that the User is not expected or required to register on the Website to access its pages. The User, therefore, will not have a personal account in which data and information referring to the same will be stored and accessible by the User for consultation and/or modification. The Data Controller shall process personal data in compliance with the Applicable Law, assuming that they refer to the User or to third parties who have expressly authorised the User to provide them or whose personal data that the User was entitled to provide. With respect to these assumptions, the User undertakes to indemnify and hold harmless the Data Controller from any dispute, claim or request for compensation for damage caused by the processing of personal data that may be received from such third parties.
3. Purposes and legal basis of the processing
The following table provides the purposes and legal basis concerning the processing of the above-mentioned personal data:
| PURPOSES | LEGAL BASIS |
|---|---|
| Providing feedback to any requests for information and/or clarifications sent by the User. | The implementation of pre-contractual measures taken at the User’s request and/or the contract to which the User is a party [Article 30 and Article 31, par. 1 and par. 2, lett. a) of the FADP and Article 6, par. 1, lett. b) of the GDPR]. |
| Complying with legal obligations to which the Data Controller is bound, included to respond to any requests to exercise the User’s rights as a data subject under the Applicable Law. | The compliance with legal obligations to which the Data Controller is bound [Article 30 and Article 31, par. 1 of the FADP and Article 6, par. 1, lett. c) of the GDPR]. |
| Verifying any fraudulent or illegal use of the Website in general and ensure its security and functionality in the interest of the Users and the Data Controller. | The legitimate interest of the Data Controller and the Users themselves to prevent or identify any fraudulent or otherwise illegal use of the Website [Article 30 and Article 31, par. 1 of the FADP and Article 6, par. 1, lett. f) of the GDPR]. |
| Carrying out research/statistical analysis on aggregate or anonymous data, without therefore being able to identify the User, to measure traffic and assess usability and interest with respect to the Website. | The legitimate interest of the Controller to verify the usability and appeal of the Website [Article 30 and Article 31, par. 1 of the FADP and Article 6, par. 1, lett. f) of the GDPR]. |
| Ascertain, exercise, or defend a right of the Data Controller in administrative, jurisdictional or extrajudicial proceedings or whenever administrative or jurisdictional authorities exercise their functions. | The legitimate interest of the Data Controller to ascertain, exercise or defend a right or whenever administrative or jurisdictional authorities exercise their functions [Article 30 and Article 31, par. 1 of the FADP and Article 6, par. 1, lett. f) of the GDPR]. |
| Send newsletter for marketing purposes by filling in the form named “STAY UPDATED – SUBSCRIBE TO OUR NEWSLETTER”. | The data subject’s given consent by selecting the newsletter subscription checkbox at the bottom of the form [Article 30 and Article 31, par. 1 of the FADP and Article 13 of the Directive 2002/58/EC (so called “Directive on privacy and electronic communications”)]. |
4. Consequences of failure to provide personal data
Failure to provide the personal data, in whole or in part, may determine the impossibility to respond to any requests for information and/or clarification and/or requests to exercise the rights of the User.
The User is free to provide or not to provide his or her data for the reception of the newsletter and/or communications of a commercial nature and no consequences will arise if he or she decides not to give his or her consent or to revoke the consent initially given to receive the newsletter.
5. Methods of personal data processing
Personal data are processed with manual and/or paper-based and/or computer-based and/or telematic instruments and/or supports, in any case in such a way as to guarantee their security and confidentiality.
To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk related to the processing of personal data carried out. In particular, the Website functionality is provided solely on HTTPS encrypted connection and personal data are collected, filed, and stored on secure servers, protected by firewalls, and physically located within the European Economic Area.
6. Recipients or categories of recipients of the personal data
The personal data of the User may be shared, for the purposes set out in paragraph 3 above, with:
- employees or other types of collaborators of the company authorized by the Data Controller under Article 29 of the GDPR to process those personal data and who have received specific instructions on how to process the data in accordance with the Applicable Law;
- Rocket Science Group LLC d/b/a Mailchimp, acting as data processor (Article 9 of the FADP and Article 28 of the GDPR), as provider of the newsletter management service;
- companies, consultants or professionals entrusted with the maintenance and updating of the Website (i.e., web agencies) and, in general, management of the Data Controller’s hardware and software, including providers of cloud computing services and who typically act as data processor pursuant to and for the purposes of Article 9 of the FADP and Article 28 of the GDPR;
- companies, consultants or professionals entrusted with marketing and communication activities, who act as data processor pursuant to and for the purposes of Article 9 of the FADP and Article 28 of the GDPR;
- Public Authorities to whom, in their capacity as independent data controllers, it is mandatory to disclose the personal data of the User by virtue of legal provisions or orders of the authorities;
- law firms, associated firms, consultants, or professionals (e.g., legal, administrative and/or tax consultancies) who may be appointed to support the Data Controller in order to ensure the correct fulfilment of the legal obligations with which he is required to comply; the ascertainment, exercise or defence of a right or whenever the judicial authorities exercise their judicial functions.
7. Data transfers to countries outside Switzerland and/or EEA and/or international organisations
The Data Controller’s hosting provider’s servers are located within the European Economic Area. However, some of the Data Controller’s suppliers or the servers of such suppliers may be located in countries outside Switzerland and/or the EEA.
In particular, one of the Data Controller’s suppliers is Rocket Science Group LLC d/b/a Mailchimp, which is located in the United States of America. Rocket Science Group LLC d/b/a Mailchimp is an active participant in both the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework. The rights and freedoms of the Users are assessed as adequately protected when transfers take place within both the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework.
Another Data Controller’s suppliers is a UK marketing and communication agency. The personal data transfers take place on the basis of the adequacy decision of European Commission (EU) 2021/1772 of 28 June 2021, and/or on the basis of the Annex 1 of the Ordinance of 31 August 2022 on Data Protection entered into force on 1 September 2023. For more information, the User can contact the Data Controller at the following e-mail address: compliance@irondames.ch.
8. Period of retention of personal data
The personal data of the User will be retained for a period not exceeding the fulfilment of the above-mentioned purposes for which they are processed.
In particular, personal data processed in order to provide feedback to any requests for information and/or clarifications received will be kept no longer than 24 months after the relevant request is processed.
For marketing purposes, the data will be stored for a maximum period of 24 months from the date of subscription to the newsletter and/or from the renewal of the consent given to receive the newsletter without prejudice to the right to withdraw, at any time, the consent given.
This maximum retention period may be extended, where the conditions are met, in order to allow the User to exercise and defend a right in court or whenever the judicial authority exercises its functions and/or at the request of the latter. In any case, after expiry of the retention period, the data will be deleted or anonymised.
9. Rights of the data subject
The User has the rights:
- to receive confirmation as to whether or not his/her personal data are being processed and, if so, to obtain access to them and to a range of relevant information, including, by way of example, information concerning: a) the purposes of the processing; b) the categories of personal data that are subject to processing; c) the entities or categories of entities to whom or which the personal data have been or will be communicated; d) the storage period of the data or, if that is not possible, the criteria used to determine that period; e) the source of the personal data, if they have not been provided by you;
- to request and obtain the updating of personal data, the rectification of inaccurate data or, when needed, the integration of incomplete data;
- to request and obtain the erasure of personal data if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the User objects to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason to continue the processing; c) the personal data have been processed unlawfully; d) the personal data must be erased by the Controller in compliance with a legal obligation;
- to request and obtain the restriction of processing in the event of: (a) contestation of the accuracy of his/her personal data for the time necessary for the Data Controller to carry out the requested verifications; (b) unlawful processing of data by the Data Controller, if the User objects to the deletion of the data and instead requests the restriction of its use; (c) ascertainment, exercise or defence of a right of the User in court, although the Data Controller no longer needs the data for the purposes of processing; (d) awaiting the outcome of the verification as to whether the Data Controller’s legitimate reasons prevail over those of the data subject;
- in cases where the processing of personal data is based on a contract and is carried out by automated means, to request and receive in a structured, commonly used and machine-readable format his/her personal data and, if technically feasible, to obtain the direct transmission of them by the Controller to another controller;
- to object, in whole or in part, on legitimate grounds relating to the User’s particular situation, to the processing of personal data concerning the User, even though they are relevant to the purpose of collection;
- in cases where the processing of personal data is based on the consent, to withdraw, at any time, the given consent; the withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal;
- to file a complaint with the competent Data Protection Authorities.
The Data Controller shall inform each of the recipients to whom the User’s personal data have been transmitted of any rectification, cancellation and/or restriction of processing carried out, except when this proves impossible or involves a disproportionate effort.
10. Ways of exercising rights of the data subject
As data subject, the User may exercise the above-mentioned rights at any time by sending an e-mail to the following e-mail address: compliance@irondames.ch. If the User wishes to lodge a complaint, he/she may use, if available, the forms on the website of the competent Data Protection Authorities. The Data Protection Authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
11. Changes to this Privacy Policy
This Privacy Policy may be amended and/or integrated and/or updated periodically, also as a consequence of the updating of the Applicable Law. In this case, the Data Controller shall inform the User of any amendments and/or additions and/or updates to this Privacy Policy by publishing the updated version of the Privacy Policy on the Website.
Last Update: 29/04/2025