Pursuant to Art. 13 of the European Regulation (EU) 2016/679 (hereinafter: GDPR), and in relation to the personal data that ASV Rennerclub Vinschgau Raiffeisen (hereinafter: “Data Controller”) will come into possession of, we inform you of the following:

Data controller ASV Rennerclub Vinschgau Raiffeisen with headquarters at Via Principale 22 39027 Reschen Resia BZ

email: info@reschenseelauf.it email PEC reschenseelauf@pec.it

The Owner has not appointed a data protection officer (DPO or, Data Protection Officer, DPO).

The purpose of the processing is for the correct and complete execution of the IT support activity, and your data will be processed for the purpose of:

• Fulfilling the obligations required in taxation and accounting;
• Comply with the company’s obligations under current regulations;
• Establish, manage, and terminate a contractual and business relationship;
• provide computer support services

II processing is carried out by means of the operations specified in Art. 4 GDPR: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication, transmission, dissemination, or any other form of making available, comparison or interconnection, restriction, erasure and destruction of data.

Operations may be carried out with or without the aid of electronic or otherwise automated tools. II processing is carried out by the Owner or the External Managers or Authorized Processors. Personal data are processed in ways strictly necessary to meet the above purposes.

The Data Controller processes your personal data lawfully, where the processing:

• is necessary for the performance of an order or contract to which you are a party or the performance of pre-contractual measures taken upon request;
• is necessary to fulfill a legal obligation incumbent on the Data Controller;

With regard to personal data related to the performance of the contract to which you are a party or related to the fulfillment of a regulatory obligation (e.g., fulfillments related to the keeping of accounting and tax records), failure to disclose personal data prevents the completion of the contractual relationship itself.

The management and storage of personal data will take place on servers located within the European Union, owned by the Data Controller or by third party companies contracted and duly appointed as Data Processors. It is understood that the Data Controller, should it become necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. Personal data may also be transferred outside the EU to parties with whom there is an ongoing collaboration for the establishment and management of the assignment received by the Data Controller. In such a case, the Data Controller assures as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, entering into agreements, if necessary, to ensure an adequate level of protection, and/or adopting the standard contractual clauses provided by the European Commission. In any case, it is made clear from the outset that the Data Controller will never transfer the collected personal data to third parties.

Your personal data, which are processed for the above-mentioned purposes, will be retained for the duration of the contract and, thereafter, for as long as the Data Controller is subject to retention obligations for tax or other purposes, required by law or regulation.

Your personal data may be disclosed to:

1. consultants, accountants or lawyers who provide functional services for the above purposes;
2. Banking and insurance institutions that provide functional services for the above purposes;
3. Subjects who process data in fulfillment of specific legal obligations;
4. Judicial or administrative authorities, for the fulfillment of legal obligations.

Your personal data are not subject to dissemination or any fully automated decision-making process, including profiling.

Your rights under the GDPR include those of:

• to request from the Data Controller access to your personal data and information relating thereto; rectification of inaccurate data or supplementation of incomplete data; deletion of personal data concerning you (upon the occurrence of one of the conditions indicated in Article 17(1) of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); limitation of the processing of your personal data (upon the occurrence of one of the cases indicated in Article 18(1) of the GDPR);
• to request and obtain from the Data Controller – in cases where the legal basis of the processing is a contract or consent, and the processing is carried out by automated means – your personal data in a structured, machine-readable format, including for the purpose of communicating such data to another data controller (so-called right to personal data portability);
• Object at any time to the processing of your personal data in the event of special situations concerning you;
• revoke consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and involves common personal data (e.g., date and place of birth or place of residence), Processing based on consent and carried out prior to the revocation of consent retains, however, its lawfulness;
• Propose complaints to a supervisory authority (Data Protection Authority-gareprivacy.iantt).