A) REGISTRATION AND PARTICIPATION IN THE COMMUNITY
Registration with the Community involves the acquisition of personal data and any other information (photos, deferred GPS routes, preferences on types of activities, etc.) that the registered User spontaneously decides to upload to his or her personal profile.
Purpose and legal basis of processing (GDPR Art. 13, paragraph 1, letter c)
Personal data (name and surname) and contact details (email) are required in order to complete the registration and participate in the community. The legal basis for the processing is the performance of the contract (registration with the Community) to which the data subject is a party (Art. 6, letter b, GDPR). For other data (if any) and/or information uploaded by the User in his/her profile, the legal basis is the consent given by the person concerned.
Scope of communication (GDPR Art. 13, paragraph 1, letter e, f)
Data is only processed by duly authorised and trained personnel. Data (excluding contact details), are shared with all registered Users of the Community. The data may be indexed by search engine operators and/or third parties (e.g., Google).
Data retention period (GDPR Art. 13, paragraph 2, letter a)
The data will be stored for a period determined according to criteria of strict necessity in view of the various purposes pursued and, in any case, in compliance with the current legislation on the protection of personal data and according to the logic of protection of the rights of the Controller (limitation periods as per the Civil Code).
Provision of Data (GDPR Art. 13, paragraph 2, letter e)
Failure to provide required data will make it impossible to register with the Community.
Registration and authentication via Facebook or Apple ID
The User may also choose to register with the Community and subsequently access his personal profile via Facebook or Apple ID by authenticating on the relevant portal to which s/he is referred by clicking on the respective button. In this case, the data controller will have access to the following personal data of the data subject, which will be acquired by the relevant platform:
(i) personal data (name and surname), (ii) email address.
The same information applies to this data as to the purpose and legal basis of the processing, scope of communication, storage period and provision of data.
For more information on the content posted by the User, please refer to the Terms of Use.
(B) COMMERCIAL AND PROMOTIONAL COMMUNICATIONS BY THE CONTROLLER
The voluntary choice to receive commercial and promotional communications entails the processing of the personal and contact data of the person concerned (name, surname and email address to which communications are to be sent).
Purpose and legal basis of processing (GDPR Art. 13, paragraph 2, letter c)
The data are processed in order to send the person concerned periodic electronic communications of an informative nature relating to the Controller's activities, commercial products and news relevant to this area. The legal basis is the consent given by the person concerned.
Scope of communication (GDPR Art. 13, paragraph 1, letter e, f)
Data is only processed by duly authorised and trained personnel. Data is not disseminated or transferred to countries outside the EU.
Data retention period (GDPR Art. 13, paragraph 2, letter a)
The data is stored until the data subject requests revocation.
Provision of Data (GDPR Art. 13, paragraph 2, letter e)
Failure to provide the required data will result in the impossibility of receiving the above-mentioned communications.
(C) COMMERCIAL AND PROMOTIONAL COMMUNICATIONS RELATING TO OFFERS FROM THE CONTROLLER'S PARTNERS
The voluntary choice to receive commercial and promotional communications from third parties and partners of the Controller entails the processing of the personal and contact data of the person concerned (name, surname and email address to which communications are to be sent).
Purpose and legal basis of processing (GDPR Art. 13, paragraph 1, letter c)
The data are processed in order to send the person concerned periodic electronic communications of an informative nature relating to the activities of the Controller's partners, their commercial products and news relevant to this area. The legal basis is the consent given by the person concerned.
Scope of communication (GDPR Art. 13, paragraph 1, letter e, f)
The data are processed exclusively by duly authorised and trained personnel and disseminated, in accordance with the purpose of processing, to the Controller's partners. In any case, data are not transferred to non-EU countries.
Data retention period (GDPR Art. 13, paragraph 2, letter a)
The data is stored until the data subject requests revocation.
Provision of Data (GDPR Art. 13, paragraph 2, letter e)
Failure to provide the required data will result in the impossibility of receiving the above-mentioned communications.
(D) SITE NAVIGATION
Various personal data are processed when you browse the Site, such as IP addresses or domain names of the computers used, the web page of origin and exit, the URI/URL addresses of the resources requested, the date and time of the visit, information relating to your operating system and browser, as well as other technical data relating to navigation.
Purpose and legal basis of processing (GDPR Art. 13, paragraph 1, letter c)
This type of data is processed -in automated and aggregated form- exclusively for purposes related to the management and administration of the Site, as well as for statistical purposes. The data could also be used to ascertain responsibility in the event of computer crimes against the Site and/or other offences. The legal basis is the legitimate interest of the Controller.
Scope of communication (GDPR Art. 13, paragraph 1, letter e, f)
The data are processed exclusively by duly authorised and trained personnel, as well as by the provider of the Site's development and maintenance services, identified as the data processor. Data are not disseminated or transferred to countries outside the EU.
Data retention period (GDPR Art. 13, paragraph 2, letter a)
Unless necessary in the case of investigations following unlawful acts, data are generally not retained for more than ninety days.
Provision of Data (GDPR Art. 3, paragraph 2, letter e)
The data are not provided by the person concerned, but are acquired automatically by the website's technological systems.