fanteam privacy policy

Privacy Policy Fan Team

 

Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri 3 in Milan, VAT no. 97866790153, VAT no. 11199200962, as data controller (hereinafter, "Owner" or "Milano Cortina 2026"), informs you in accordance with EU Regulation 2016/679 ("GDPR") and the current national legislation on the protection of personal data that, by joining the FanTeam, you transmit or share with the Owner some information about yourself.

Milano Cortina 2026 has appointed its own DPO who can be contacted by e-mail at DPO@milanocortina2026.org.

1. Object of processing

 

The Controller processes the following personal data that you have communicated to us (hereinafter, "Data" or "Personal Data"):

• identifying and non-particular data (such as, for example, name, surname, date and place of birth, sex, fiscal code, e-mail address) provided at the time of the application for FanTeam membership;
• data related to your preferences and interests such as, for example, information about your favourite sports, events and initiatives of interest, participation in promotions, as well as about your online behaviour on the Controller's websites. This data may also be collected by means of cookies and similar tracking tools.

 

2. Purpose and legal basis of processing

 

Your personal data are processed for the following purposes and legal bases.

1. Without your prior consent, your data will be processed for:

• the execution of the contract, i.e. for the management of the FanTeam membership and the provision of related services including service communications strictly related to the contractual relationship, updates and facilities, privileges and dedicated services (such as, but not limited to, discounts, promotions, dedicated events, initiatives and prize competitions, discounts on services and products of the Owner and Partners and Sponsors), made available at the discretion of the Owner dedicated to FanTeam members.

 

• the fulfilment of legal obligations, i.e. to comply with and fulfil obligations under laws, regulations, EU legislation, orders and requirements of the competent authorities.

 

• the pursuit of a legitimate interest of the Controller, namely for:

1. to check the age of those who apply for membership of the FanTeam: the interest of the owner corresponds to the need to ensure the correct conclusion of the contract reserved for those who have reached the age of 14, as well as the validity of any consents given;
2. managing complaints and disputes, recovering credits, preventing fraud and illegal activities, as well as exercising the rights and protecting the legitimate interests of the Data Controller, such as the right to defence in court: the interest of the Data Controller corresponds to the constitutionally guaranteed right of action (Article 24 of the Italian Constitution) and, as such, is socially recognised as prevailing over the interests of the individual concerned.

 

1. Subject to your consent, your data will be processed for:

• profiling purposes, i.e. to analyse, also by automated means, your preferences and interests (e.g. preferred sports practices, events and initiatives of interest, participation in promotions, etc.), as well as information about your online behaviour possibly collected through profiling cookies implemented on the Owner's websites and to offer you (by ordinary letters, phone calls, emails, SMS, MMS, notifications and newsletters) customised services, initiatives and promotions;
• communication to third parties for marketing purposes, e. to communicate your data to the International Olympic Committee (IOC) for marketing purposes relating to the Olympic and Paralympic Games and the Olympic Movement as described in the information you will receive from the IOC (privacy policy available at https://www.olympic.org/privacy-policy).

 

3. Methods of processing and profiling

 

The processing of your Data is carried out by means of the operations of collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Your personal data is processed electronically and, where appropriate, automatically. Your personal data are protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the original purpose of collection. This is achieved by the technical and organisational security measures implemented by the Data Controller.

In case of consent to profiling, your Data will be analysed according to your interests in the world of sport, leisure, preferred communication channels, in order to send you communications more relevant to the selected areas of interest.

4. Data Retention

 

The Controller processes Personal Data for the time necessary to fulfil the above purposes and, in any case, without prejudice to the statute of limitations provided by law, for no longer:

• 1 year from the end of the 2026 Paralympic Winter Games in Milan Cortina with reference to your membership in the FanTeam;
• 6 years from the time of collection with regard to data processed for profiling purposes, unless consent is withdrawn.

If you request to unsubscribe from the FanTeam communications, your data will be stored on a black list for the sole purpose of not sending you any more newsletters and will be deleted 6 months after the unsubscription.

In case of consent to disclose data to the IOC, the data will be disclosed on a one-off basis and then stored by the IOC for the time indicated on its website https://www.olympic.org/privacy-policy.

5. Provision of data

 

The provision of personal data for the purposes of paragraph 2 letter A is indispensable and therefore failure to provide such data would jeopardise membership of the FanTeam.

The provision of Personal Data for the purposes set out in point B of paragraph 2 is optional and therefore failure to provide it would still allow you to join the FanTeam, but would not allow you to receive information about services, initiatives and personalised promotions, as well as marketing information related to the Olympic and Paralympic Games and the Olympic Movement.

6. Access to Data

 

Your data may be made accessible for the above purposes to:

• employees and/or collaborators of the Controller, in their capacity as data processors and/or internal data controllers and/or system administrators;
• third party companies or other entities that perform outsourcing activities on behalf of the Controller and that will process the Data in their capacity as external data controllers.

 

7. Data communication

 

Your data may be communicated, without your express consent, to supervisory bodies, law enforcement agencies or the judiciary, at their express request, who will process it as independent data controllers for institutional purposes and/or in accordance with the law during investigations and controls. Furthermore, subject to your express consent, your data may be communicated to the International Olympic Committee (IOC) for the purposes indicated in letter B of paragraph 2 of the information notice.

8. Data transfer

 

The Data Controller may transfer Data outside the European Union. To this end, in accordance with privacy legislation, the Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (e.g. adequacy decisions or standard contractual clauses).

9. Rights of the data subject

 

The Data Controller informs you that, as a data subject, if the limitations provided for by law do not apply, you have the right to:

• obtain confirmation of the existence or otherwise of your personal data, even if not yet recorded, and that such data be made available to you in an intelligible form;
• obtain an indication and, if necessary, a copy: (a) the origin and category of the personal data; (b) the logic applied in the event of processing carried out with the aid of electronic instruments; (c) the purposes and methods of processing; (d) the identification details of the data controller and data processors; e) the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data, in particular if they are recipients in non-EU countries or international organisations; e) when possible, the data retention period or the criteria used to determine said period; f) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organisation;
• obtain, without undue delay, the updating and rectification of inaccurate data or, where interested, the integration of incomplete data;
• obtain the cancellation, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if you have objected to the processing and there is no overriding legitimate reason to continue processing; d) in the event of compliance with a legal obligation; e) in the case of data relating to minors. The Data Controller may refuse erasure only in the event of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
• obtain the limitation of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their deletion; c) exercise of one of your rights in court; d) verification of whether the Data Controller's legitimate reasons prevail over those of the data subject;
• to receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the personal data concerning him/her in order to transmit them to another data controller or - if technically feasible - to obtain the direct transmission by the data controller to another data controller;
• to object, in whole or in part, on legitimate grounds relating to your particular situation, to the processing of personal data concerning you;
• not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This does not apply when the decision:
  • is necessary for the conclusion or performance of a contract between you and the Controller, i.e. the Foundation;
  • is authorised by a legal obligation to which the Data Controller, i.e. the Foundation, is subject and which specifies the appropriate measures to protect your rights, freedoms and legitimate interests;
  • is based on your explicit consent.
• to lodge a complaint with the Italian Data Protection Authority.

 

In the above cases, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of your rights, except in specific cases (e.g. when this proves impossible or involves the use of means that are clearly disproportionate to the right protected).

 

10. Methods of exercising rights

 

You may exercise these rights at any time:

• by sending a registered letter with acknowledgement of receipt to the Controller's address;
• by sending an email to privacy@milanocortina2026.org;

 

11. Owner and controller

 

The Data Controller is Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri n. 3, 20145 - Milan, Tax Code 97866790153, VAT number 11199200962.

 

The updated list of data processors, persons in charge of processing and system administrators is kept at the Data Controller's head office.

Milan, 7 March 2021

 

Fondazione Milano Cortina 2026