INFORMATION GIVEN PURSUANT TO ART. 13 OF THE EU REGULATION 679/2016 (G.D.P.R. - GENERAL DATA PROTECTION REGULATION)
The following information is given in order to protect natural persons during the processing of their Personal Data and ensure the free movement of such data. It is understood that the above processing shall be based on the principles of lawfulness, fairness and transparency pursuant to EU Regulation 2016/679 (GDPR) and any further relevant legislation, and shall apply to personal data that are or will be in the possession of, and processed by the INTERNATIONAL FEDERATION OF SPORT CLIMBING (hereinafter also shortly referred to as the ‘IFSC’ or the ‘Controller’) through the website www.ifsc-climbing.org (hereinafter shortly referred to as the ‘Website’) or other means of contact therein mentioned.
1. The Controller
2. Navigation data and cookies
Cookies are used in the Website to personalise the experience of users (hereinafter also referred to as ‘Data Subjects’) by storing on their computer a file (named ‘cookie’), which records detailed information on their Website use and navigation.
Cookies can be disabled, but to do so would prevent webpages from working properly or limit access to the Website.
3. Purposes of personal data processing
Except as otherwise provided for (in item 2 above and in any other disclosure) with regard to navigation data and cookies, the personal data provided by a Data Subject through the Website and other means of contact shall be processed for any of the following purposes.
- Performance of a contract or processing of a request for information
The Controller shall be authorised to process ‘general’ personal data (e.g. identifiers, contact data, etc.) in order to perform a contractual relationship, satisfy any contact requirements, whether before or after the conclusion of a contract, or, whenever required, fulfil any specific requests made by the Data Subject. Likewise, the other data that may be requested and processed shall include data (and pictures printed on passes for exclusive access) of journalists or other persons authorised on behalf of other information channels and media outlets in order to allow their registration and access to events. The data of members/representatives of national federations (and pictures printed on passes for exclusive access) shall also be requested and processed for their registration and participation in the Plenary Assembly and other major events related to their participation in the Association activities.
- Other purposes
The Controller shall be authorised to process general personal data to fulfil any legal requirements or its legitimate interests, such as its defence in court, or to perform statistical calculations.
4. Legal basis for processing
The legal basis for processing in the case of item 3.A) above is needed for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
The legal basis for processing in the case of item 3.B) above is the fulfilment of legal obligations to which the Controller is subject, or the legitimate interests of the Controller.
5. Categories of Recipients to which or whom Personal Data have been or will be disclosed
The categories of Recipients to which or whom Personal Data have been or will be disclosed are as follows:
- persons or entities whose service is needed in relation to, or as a result of the performance of a Contract (including, e.g., the financial management of payments by banks or other institutions);
- persons authorised or on instructions by the Controller, who shall be bound by a specific confidentiality obligation by contract or law (e.g. the Controller’s staff);
- the Processors appointed pursuant to art. 28, GDPR;
- the Controller may also be under the obligation to disclose or transmit data to Public Authorities, including Judicial Authorities.
The Controller shall have the right to disclose or transfer the Personal Data of a Data Subject to Third Countries (outside the EU) or international organisations (outside the EU) to which disclosure is necessary for the performance of a contract between the data subject and the Controller or the implementation of pre-contractual measures taken at the data subject’s request, pursuant to point (b) of art. 49(1), GDPR.
6. Limited storage period
The Controller shall store the data of the Data Subject for a period of 12 months, unless a different period is required to achieve the above purposes (e.g. the period of a court proceeding).
7. Nature of data provision and consequences arising out of a refusal
The provision of data marked by an asterisk is required; as a result, any refusal to provide such data may prevent the Controller from fulfilling a request from the Data Subject.
The provision of data not marked by an asterisk is optional; as a result, any refusal to provide such data shall not prevent the fulfilment of one such request.
8. Rights of the Data Subjects
The EU Regulation grants Data Subjects the following rights with regard to the processing of their personal data:
- right of access to the processed data, and right to obtain a copy thereof (art. 15 GDPR);
- right to rectification of inaccurate personal data without undue delay, and right to have incomplete personal data completed (art. 16 GDPR);
- right to erasure of personal data without undue delay – known as ‘right to be forgotten’ – for any of the grounds stated in points (a) to (f) of art. 17, GDPR;
- right to restriction of processing in any of the circumstances stated in points (a) to (d) of art. 18, GDPR;
- right to data portability (art. 20 GDPR);
- right to object (art. 21, GDPR), on grounds related their particular situation, to processing of personal data concerning them pursuant to points (e) or (f) of art. 6(1), GDPR, including profiling; or, where data are processed for direct marketing purposes, right to object to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
9. Right to lodge a complaint with a Supervisory Authority
Data Subjects who believe that processing of Personal Data concerning them infringes EU Regulation 2016/679 shall have the right to lodge a complaint with a Supervisory Authority – in the Member State of their habitual residence, place of work or place of the alleged infringement – pursuant to the provisions of art. 77 of the same Regulation.
10. Changes to this information
The above information has been in force since 25 May 2018.
The Controller reserves the right to change the content hereof in full or in part for any reason including changes in the Privacy Legislation.
The Controller shall publish an updated version hereof on the Website, which version shall become binding on the date of its Publication; as a result, Data Subjects are kindly requested to regularly check this Website section.