Privacy Policy

This privacy policy is provided pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter GDPR) by We Can Race S.r.l., with registered office at via Ospedale Vecchio n.3 c/o NEST SRL STP – 33170 – Pordenone (PN), VAT number 00951680941, in its capacity as Data Controller.

The Data Controller is We Can Race S.r.l., with registered office at via Ospedale Vecchio n.3 c/o NEST SRL STP – 33170 – Pordenone (PN), VAT number 00951680941. To contact the Controller, the following contact details can be used: email: [email protected], pec: [email protected], phone: +39 0434.175.4520.

Personal data provided by users are processed for the following purposes:

The processing of personal data is based on the following legal bases: performance of a contract (Art. 6, para. 1, lett. b GDPR), compliance with legal obligations (Art. 6, para. 1, lett. c GDPR), consent of the data subject (Art. 6, para. 1, lett. a GDPR), legitimate interest of the controller (Art. 6, para. 1, lett. f GDPR).

The following categories of personal data are processed: personal details (name, surname, date of birth), contact data (email address, phone number, address), payment data (credit card information through secure processors), driving preference data, website navigation data.

The processing of personal data is carried out using computer and/or telematic tools, with organizational and logical methods strictly related to the stated purposes. Data is processed in compliance with the security measures provided for by the GDPR.

Personal data may be communicated to third parties in the following cases: payment service providers (Stripe, PayPal, Scalapay), IT service providers, consultants and professionals, competent authorities when required by law, business partners only with prior consent of the data subject.

Some data may be transferred to third countries (e.g., United States) for the use of cloud and payment services. All transfers take place in compliance with the guarantees provided for by the GDPR.

Data is retained only for the time strictly necessary to achieve the purposes for which it was collected: contract data: 10 years from the end of the relationship, marketing data: until consent is withdrawn, navigation data: 24 months.

No automated decision-making processes or profiling activities that produce significant legal effects are implemented.

The data subject has the right to: access their personal data, rectify inaccurate data, erase data (right to be forgotten), restrict processing, object to processing, data portability, withdraw consent at any time.

To exercise their rights, the data subject can contact the Controller using the contact details indicated in point 1. The Controller will provide a response without undue delay and in any case within one month of the request.

The data subject has the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) if they believe that the processing of their personal data violates the GDPR.

This privacy policy may be modified periodically. Changes will be published on this page with indication of the last update date.

For any questions regarding the processing of personal data, the Controller can be contacted at the contact details indicated in point 1.