REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 ON THE PROTECTION OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND ON THE FREE MOVEMENT OF SUCH DATA, AND REPEALING DIRECTIVE 95/46/EC (GENERAL DATA PROTECTION REGULATION)
- “WRF” means World rafting Federation having its registered office in Viale Tiziano, 70 00196, Rome, Italy (no profit organisation);
- “GDPR” means General Data Protection Regulation;
- “Personal data” means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
- “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- “WRF User” is anyone who joins the WRF Online Platform.
For the other definitions refer to the Art. 4 of the GDPR.
ART. 1 - SCOPE & APPLICATION
WRF is committed to protecting and respecting your privacy.
The legal basis for the processing is the Regulation (EU) 2016/679 (“General Data Protection Regulation”) and the Italian Law, D.Lgs. n. 196/2003 (“Codice in materia di protezione dei dati personali”).
The GDPR does not apply to the processing of personal data:
- in the course of an activity which falls outside the scope of Union law;
- by the Member States when carrying out activities which fall within the scope of Chapter 2 of Title V of the TEU;
- by a natural person in the course of a purely personal or household activity;
- by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Within the limits set forth by law, the processing aims at achieving the purposes laid down in the WRF Statutes and Rules.
ART. 2 - INFORMATION WE COLLECT FROM YOU
We will collect and process the following data about you:
Information you give us
This is information about you that you give us by filling in forms on our websites or by corresponding with us by phone, e-mail or otherwise. It includes:
- information you provide when you register to use our sites including WRF Online Platform (World Rafting online administration system, managed by RSportz);
- agree to participate in an WRF event;
- agree to work with us as a member of staff or volunteer on an WRF Board, committee, panel or working group;
- subscribe to the WRF Newsletter, place an order on our sites and when you report a problem with our sites.
The information you give us may include:
- your name, address, e-mail address and phone number,
- date of birth,
- financial and credit card information (through Stripe),
- passport details,
- personal description and photographs.
Information we collect about you
The Personal Data that you provide directly to us through our sites will be apparent from the context in which you provide the data. In particular, when you register for a WRF account we collect your full name, email address, and account log-in credentials.
When you respond to WRF emails or surveys, we collect your email address and name.
If you are a User of WRF Online Platform, you will provide your contact details, such as name, postal address, telephone number, and email address.
As part of your institutional relationship with us, we may also receive financial and personal information about you, such as your date of birth and government identifiers associated with you and your organization (such as your social security number, tax number, or employer Identification Number).
You may also choose to submit information to us via other methods, including: (i) in response to marketing or other communications, (ii) through social media or online forums, (iii) through participation in an offer, program or promotion, (iv) in connection with an actual or potential business relationship with us, or (v) by giving us your business card or contact details at trade shows or other events.
- With regard to each of your visits to our websites we will automatically collect the following information:Technical information, including the Internet Protocol (IP) address used to connect your computer to the internet, the browser type and version, time zone setting, browser plug-in types and version and the operating system and platform.
- Information about your visit including the Uniform Resource Locators (URL), clickstream to, through and from our sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and any phone number used to call us.
- Information to enable the International Umpiring Handbook to be administered online, including personal data, assessment data and history of involvement with WRF.
Information we receive from other sources
This is information we receive about you if you use any of the other websites we operate or the other services we provide – in this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on these sites.
We will also have told you for what purpose we will share and combine your data.
We work closely with third parties and will notify you when we receive information about you from them and the purposes for which we intend to use that information.
ART. 3 - USES MADE OF THE INFORMATION
We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law.
We use Personal Data to facilitate the institutional relationships we have with our Members and WRF Users, to comply with our financial regulatory and other legal obligations, and to pursue our legitimate institutional interests.
Information you give to us.
We will use information held about you in the following ways:
- to carry out our institutional obligations arising from any contracts or agreements entered into between you and us and to provide you with the information, products and services that you request from us;
- to notify you about changes to our services;
- to ensure that content from our sites is presented in the most effective manner for you and for your computer.
- to comply with legal obligations;
- for quality control and staff training.
Information we collect about you.
We will use this information:
- to administer our sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our sites to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our sites safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to comply with legal obligations;
- for quality control and staff training.
Information we receive from other sources.
We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above.
Furthermore, if you gives consent to us, we may use Personal Data (only names, e-mail address, date of birth, country of reisdence) to pursue our legitimate promotional and business interests with WRF official commercial Partners and Sponsors.
ART. 4 - DISCLOSURE OF YOUR INFORMATION
WRF does not sell or rent Personal Data to marketers or unaffiliated third parties. We share Personal Data with a limited number of our service providers.
We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services.
These service providers may need to access Personal Data to perform their services.
We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements.
We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.
You agree that we have the right to share your personal information with any member of our group. We may ask your further permission to share your data with those acting on behalf of the WRF such as the Organising Committees of International Events.
ART. 5 - WHERE WE STORE YOUR PERSONAL DATA
ART. 6 - COOKIES
Cookies are small text files that are stored in a computer’s web browser memory. They help website providers with things like understanding how people use a website, remembering a User’s login details, and storing website preferences.
This helps us to provide you with a good experience when you browse our websites and also allows us to improve our sites.
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser.
Cookies play an important role in helping us provide personal, effective and safe Services.
- To Operate Our Services.Some cookies are essential to the operation of our website and Services. We use those cookies in a number of different ways, including:
- Fraud Prevention and Detection.Cookies and similar technologies that we deploy through websites and the Services help us learn things about computers and web browsers used to access the Services. This information helps us monitor for and detect potentially harmful or illegal use of our Services.
- To Analyze and Improve Our Services.Cookies help us understand how to make our website and Services work better for you. Cookies tell us how people reach our website and our Users’ websites and they give us insights into improvements or enhancements we need to make to our website and Services.
- For Better Advertising.Cookies can help us provide more effective advertising on our website. For example, we might use a cookie to help prevent You from seeing the same advertisement multiple times or to measure how many times an advertisement is viewed or clicked on.
6.2 - How we use other technologies
- Pixel tags.Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of Users (such as email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates.
- Flash Cookies.We may use Adobe Flash and other technologies to, among other things, collect and store information about your use of the Services. If you want to block or control flash cookies, you can adjust your settings.
6.3 - How to manage cookies
Your web browser may allow you to change your cookie preferences, including to delete and disable Stripe cookies. Please consult the help section of your web browser or follow the links below to understand your options, but please note that if you choose to disable the cookies, some features of our website or Services may not operate as intended.
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Explorer: https://support.microsoft.com/en-us/products/windows?os=windows-10
- Safari: https://support.apple.com/kb/PH21411
- Firefox: https://support.mozilla.org/products/firefox/cookies
- Opera: http://www.opera.com/help/tutorials/security/cookies/
ART. 7 - YOUR RIGHTS
You have the right to ask us not to process your personal data for marketing purposes.
We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
You are free to choose whether to provide us with the types of personal information described in this policy, however, we may not be able to serve you as effectively or offer you some or all of our Services when you choose not to share certain information with us.
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
You also have:
- the right to be forgotten and any data you wish to be deleted will be hidden from public view within 36 hours and removed in 30 days;
- the right to obtain from the us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data you have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
- the right to obtain from us the erasure of personal data concerning you without undue delay according to the art. 17 of the GDPR;
- the right to obtain from the controller restriction of processing when on of the conditions laid down in the art. 18 of the GDPR applies;
- the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
- the right to object, on grounds relating you your particular situation, at any time to processing of your personal data;
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Our sites may from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these website have their own privacy policies before you submit any personal data to these websites.
ART. 8 - ACCESS TO INFORMATION
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22 GDPR and and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Your right of access can be exercised in accordance with the art. 15 of the GDPR.
For the purpose of the GDPR, the data controller is World Rafting Federation having its headquarter in Fraz. Neyran Dessus, 4 11020 Brissogne Ao, Italy.
ART 6 - SECURITY AND RETENTION
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data.
We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse.
Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
If you are a WRF User, we retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services to you, even if you close your WRF account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention.
We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
ART. 11 - CONTACT