pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council
Federazione Italiana Tennis (hereinafter, “FIT”) wishes to inform you that pursuant to article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter, the “European Regulation”), may process some personal data collected automatically or provided by you through the surfing or use of the http://ticketing.nextgenatpfinals.com and http://presale.nextgenatpfinals.com websites (hereinafter, the “Websites”).
The Data Controller is FIT, in the person of its legal representative, with registered office in Stadio Olimpico – Curva Nord, Ingresso 44, Scala G – 00135 Roma (Italy) (hereinafter, the “Data Controller”).
TYPES OF PROCESSED DATA
To enable your use of the Websites and their services, including the possibility of creating and utilising your personal area, signing up to our newsletter and purchasing valid tickets to join the event “NEXT GEN ATP FINALS”, the Data Controller requires to have knowledge of and to process some of your personal data, such as your name, your surname, your date of birth and your email address. Furthermore, additional categories of personal data (such as information about your health) may be collected in order to ascertain the conditions that will consent you to benefit from some special services (i.e. access to the event “NEXT GEN ATP FINALS” provided for people with disabilities). Lastly, in the case where, following a ticket purchase, you would require a receipt, in addition to the personal data already collected for the registration and purchase, your fiscal code and your address are also required.
The computer systems and software implemented on the Websites acquire, during their normal operation, some personal data whose transmission is implicit in the use of communication protocols of the Internet. This category of data includes IP addresses or domain names of the computers used by users connecting to the Websites, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
This data, necessary for the use of the Websites, are processed only for the purpose of obtaining statistical information on the use of the services (most frequently visited pages, number of visitors per time slot or daily, geographical area of origin etc.) and to verify the correct functioning of the offered services.
The navigation data are not stored for more than seven days and are deleted immediately after their aggregation, without prejudice to the possible requests of judicial authorities to ascertain criminal offenses.
Data provided voluntarily by the user
The creation of your personal area, the subscription to the newsletter and the purchase of tickets through the Websites entail the acquisition of your name, your surname, your date of birth, your email address and in the case of ticket purchase, the additional personal data mentioned in para. 2 below. Furthermore, the Data Controller may acquire knowledge of other possible personal data inserted in the message or in forms to be completed in case of purchase.
The Websites use the following categories of cookie.
Technical cookies and session cookies are used, i.e. small text files containing a certain amount of information exchanged between your terminal or browser and the Websites, which allow the correct operation and use of the latter. On the opposite, cookies are neither used to transmit information of a personal nature nor the so-called persistent cookies have been implemented.
Cookies for profiling users are not used, nor are other tracking methods used.
Third party Cookie
This Website only uses analytical cookies installed and made available by Google Analytics, as previously mentioned.
Options regarding the use of cookie on the Websites through browser settings
The installation of all types of cookies may, nevertheless, be disabled in settings of your browser. It should be noted, however, that any changes on these settings could make the Websites unusable where the cookies that are essential for the provision of our services were to be blocked. However, each browser has different settings for deactivating cookies. Below are the links to the instructions for the most common browsers: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox.
PURPOSE OF THE DATA PROCESSING AND LEGAL BASIS
The Data Controller exclusively holds those personal data provided by you during surfing of the Websites and the use of their services, including online purchasing. Such data will exclusively be used for:
allowing the use of our Websites and their services, such as the possibility to access your personal area and complete the ticket purchase. Some special data (such as information about your health) may be collected in order to ascertain the conditions that will consent you to benefit from the access to the event “NEXT GEN ATP FINALS” provided for people with disabilities.
The legal basis for the processing is (i) your express consent to the data processing, (ii) the execution of a contract of which you are part of, (iii) FIT’s fulfilment of legal obligations.
allowing the delivery of updated news – both through traditional methods of contact and through totally automated ones, such as, by way of example, through the use of your email address – on FIT’s activities and promotions, advertising material and/or commercial and direct marketing communications and information regarding our services and products, on the related offers, on discounts and any other promotional initiative and on loyalty programs adopted, as well as allowing the delivery of the newsletter aiming at permitting the purchase tickets in pre-emption.
The legal basis for the processing of data is your express consent to the data processing.
Your personal data may be processed either through IT tools or paper-based means.
PERIOD OF RETENTION OF PERSONAL DATA
The Data Controller plans to keep your personal data for a period of time no longer than it is necessary to achieve the purposes for which they were collected and processed.
Therefore, personal navigation data and those acquired through the use of the Websites will not be stored for longer than seven days.
Regarding the activity of personal data processing for the purpose of ticket purchasing, in compliance with the applicable legislation, including the accounting legislation, the Data Controller stores your personal data for no longer than 10 years. Successively, the Data Controller erases your personal data, or transforms them in an anonymous form, permanently and not reversibly.
The Data Controller stores your additional data used for enable you to enjoy access services to the event “NEXT GEN ATP FINALS” provided for people with disabilities, in compliance with the applicable legislation, including the accounting legislation, for no longer than 10 years. Successively, the Data Controller erases your personal data, or transforms them in an anonymous form, permanently and not reversibly.
Regarding the activity of personal data processing for the purpose of direct marketing, in compliance with the applicable legislation and if it has been explicitly authorized by you, FIT provides the automatic erasure of your personal data, or ensures they are permanently transformed in an anonymous form, permanently and not reversibly, within 24 months from their collection for marketing purposes.
With regard to other personal data, since the Data Controller cannot accurately determine the period of storage, the Data Controller commits to inspire the data processing to the principles of adequacy, relevance and data minimization, so as required by the European Regulation, annually assessing the need of continued storage. Therefore, once the purposes for which they were collected and processed are achieved, we will remove them from our systems and records and/or take any appropriate measures to render them anonymous, preventing your identification.
The abovementioned paragraphs are without prejudice to the case in which such data will be stored to comply with regulatory obligations, or to ascertain, exercise or defend our right in court.
CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
The processed data are not disclosed to third parties. The following may, however, come to know your personal data, in relation to the abovementioned processing purposes:
individuals who may access the data pursuant to European Union law or Member State legislation to which the Data Controller is subject;
subjects performing, within the borders of the European Union, in complete autonomy, as separate Data Controllers, or as Data Processors appointed for this purpose by FIT, purposes auxiliary to those activities and services under para. 3 above, i.e. postal services and shipping and delivery agencies, companies offering advertising, marketing and communication services, companies offering IT support and consultation in charge of planning and implementing software and websites, law firms, companies offering services useful to analyze and develop personal data, (including those relative to interactions between users and our services) and elaborate and conduct market researches, service centers, companies or consultants in charge of provide further services to the Data Controller within the limits of the purpose for which data has been collected.
Furthermore, our employees may also become aware of your personal data, provided that they are previously designated as an individual acting under the authority of the Data Controller pursuant to article 29 of the European Regulation or as System Administrators. Any communication of your personal data will take place in full compliance with the provisions of the law set by the European Regulation as well as technical and organizational measures put forth by the Data Controller to ensure an adequate level of security.
PERSONAL DATA TRANSFER TO THIRD COUNTRIES
The Data Controller intends to transfer your personal data to the United States for the provision of services on the Websites. Such transfer is always subject to adequate safeguards as the Data Controller has ensured that the recipients joined the Privacy Shield, which protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes.
For more information on data transfer regulations to countries outside the European Union, including the mechanisms on which we rely, please see the European Commission website here or the Privacy Shield website here.
POTENTIAL AUTOMATED DECISION MAKING PROCESSES
The Data Controller does not intend to use automated decision-making processes, including the profiling referred to in article 22, paras. 1 and 4, of the European Regulation.
NATURE OF DATA PROVISION
The provision of personal data for the purposes listed at para. 3.A above is mandatory in nature and the refusal to provide the required personal data may lead to FIT’s impossibility to allow your use of the Websites, including the possibility to buy valid tickets to join the event “NEXT GEN ATP FINALIS”. Providing the Data Controller your special data is a voluntary choice, but the lack of such data, even if it does not impede the use of the Website, do not allow us to let you enjoy access services for the event “NEXT GEN ATP FINALS” provided for people with disabilities.
The provision of personal data for the purposes listed at para. 3.B above is discretionary in nature, but the failure to provide them, even if it does not impede the use of the Websites may lead to the impossibility of enjoying to the fullest the advantages offered to our community through information of advertising, commercial and direct marketing nature, to receive our newsletter as well as to be informed on additional services, on events and promotions to be offered to you.
DATA SUBJECT’S RIGHTS
Regarding the processing of your personal data pursuant to the European Regulation, as data subjects you are entitled to the following rights:
revoke your consent to data processing at any time. However, it should be noted that revoking the consent will not undermine the legitimacy of any previous processing activity, as provided by article 7, para. 3, of the European Regulation;
request to the Data Controller access to your personal data, as provided by article 15 of European Regulation;
require the Data controller to rectify or complete your personal data, by means of a declaration, as provided by article 16 of European Regulation;
require the Data controller to erase your personal data, in the cases provided in article 17 of the European Regulation;
obtain from the Data Controller restriction of processing whenever the cases provided in article 18 of the European Regulation occur;
receive from the Data Controller your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance as provided by article 20 of the European Regulation;
object at any time, on grounds relating to your particular situation, to processing of personal data concerning you pursuant to point (e) or (f) of article 6, para. 1, including profiling based on those provisions, as provided by article 21 of the European Regulation;
not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the processing is based on your prior consent pursuant article 22 of the European Regulation. By way of example, any form of automatic personal data processing aimed at analyzing or profiling consumer and purchasing preferences, economic capabilities, interests, reliability, and behavior;
lodge a complaint with a supervisory authority (article 77 of the European Regulation), or relevant Judicial bodies (article 79 of the European Regulation) if you deem that the processing of your personal data relating infringes the European Regulation. The complaint may be filed in the Member State of your habitual residence, place of work, or place of alleged infringement.
To exercise your rights, you may contact the Data Controller, represented by its legal representative. You can send a communication to the registered office in Stadio Olimpico – Curva Nord, Ingresso 44, Scala G – 00135 Roma (Itlay), or send an email at firstname.lastname@example.org or a certified electronic mail at email@example.com, providing the following data:
name, surname and mailing or postal address;
details of the request;
type of the ticket acquired (with the indication of the date, session and seat possibly printed on such ticket);
copy of a valid identity document.
CONSENT OF MINORS IN RELATION TO SERVICES BY THE INFORMATION SOCIETY
The use of services offered through the Websites is explicitly prohibited to minors below the age of 14 (fourteen) [an exception is made for the ticketing service, that can be used only by over 18 (eighteen) years old people]. With the subscription to the newsletter, there is a confirmation of having reached the age of 14 (fourteen). With the ticket purchase, there is a confirmation of having reached the age of 18 (eighteen).