Data Privacy Policy for Zurich Rock n Roll Running Series Madrid

We appreciate your interest in participating in Zurich Rock n Roll Running Series Madrid (“Event”). Privacy protection is very important to us and we are committed to protecting and respecting your privacy. This privacy policy sets out information about how we store, process, transfer and use data that identifies you or makes you identifiable as a natural person (hereinafter “personal data“).

Please be aware that this privacy policy only applies to the processing of data collected in the Event registration process. Any additional data collection taking place on websites you visited prior to or during registration is subject to the privacy policies of the respective website hosts.

The registration process is conducted by Nuonet Gestión SL d/b/a RocktheSport (“RTS”) which will give the Joint Controllers identified below access to your personal data. This privacy policy only refers to our processing of your personal data after access has been granted.

1. Who is data controller of your personal data?

AD.MAPOMA, Calle Donoso Cortés 54, (28015 Madrid), and Elipse Iniciativas, S.L. Calle Aniceto Marinas, 48, (28008Madrid) (collectively, the “Event Organizer”) is a data controller and is  responsible for, and control, the processing of the personal data you submit. Event Organizer processes your personal data jointly with IRONMAN Austria GmbH, Alter Platz 12/2, 9020 Klagenfurt am Wörthersee, Austria (“IMA”), World Triathlon Corporation, 3407 W. Martin Luther King Blvd, Suite 100, Tampa, Florida 33607, USA (“WTC”), Ironman Spain, S.L., Avenida Diagonal, 540, 8^th floor, 08017 Barcelona, Spain (“IMS”), and Ironman Germany GmbH, Höchster Straße 90, 65835 Liederbach, Germany (“IMG“). For the purpose of the performance of the Event, Event Organizer, IMA, WTC, IMS and IMG, shall be therefore deemed as Joint Controllers (Event Organizer, IMA, WTC, IMS, and IMG, collectively, “we” or “Joint Controllers”).

If you wish to contact us, you can find our contact details at the end of this privacy policy.

The registration for our Event will be provided by RTS as a third-party event registration service provider (“Registration Partner“). Our Registration Partner processes the payment for our Event independently. For this reason, this privacy policy does not apply to the payment processing by our Registration Partner, and we encourage you to check the privacy policies of our Registration Partner to learn about their privacy practices. As far as our Registration Partner collects other personal data necessary for the registration, it acts on behalf of Event Organizer and this privacy policy applies to these processing activities.

2. What personal data do we collect?

The Registration Partner gives us access to the personal data you fill in the registration. The personal data will regularly include the following:

Name, e-mail address, phone number, address, birth date, gender, information on medical condition and medications, emergency contact information, and other information you provide during registration. The Joint Controllers also have access to the last 4 digits of the credit card used for the registration in order to initiate refunds by the Registration Partner.

In the course of preparing the Event, we might add other information, such as your registration number and the age group to which you are allocated.

In addition, by accepting our privacy policy, you accept that your image, through photographs and/or videos, made at our events and/or activities, may be published by us and our sponsors and/or collaborators, in any medium, including TV, radio, press, social networks, large street marketing media, etc, to carry out promotions related to the event and its activities.

3. Why and on which legal basis do we collect and use your personal data? 

Regularly we use your personal data for the following purposes and on the following legal grounds:

• We use your personal data in order to perform our contractual services or for the preparation of entering into a contract with you. If you register for our Event, we use your data to conduct our Events including national and international Leagues and national and international championships, and make your participation in our Events possible or handle cancelations, including refunds. Information we use includes: information we need to contact you or otherwise communicate with you, e.g., to send you administrative information, registration and Event information to process your Event registration and participation; information to respond to your comments and questions and provide customer service.

• We use your personal data if justified by our legitimate interests. The usage of your personal data may also be necessary for our own business interests. For example, we may use some of your personal data to evaluate and review our Event and overall business performance, understand you and your preferences to enhance your experience and enjoyment of our Event. If necessary, we may also use your personal data to pursue or defend ourselves against legal claims.

• We use your personal data after obtaining your consent. In some cases, we may ask you to grant us separate consent to use your personal data. You are free to deny your consent and the denial will have no negative consequences for you. You are free to withdraw your consent at any time with effect for the future. If you have granted us consent to use your personal data, we will use it only for the purposes specified in the consent form.

This also includes our marketing campaigns. If you sign up to an e-mail newsletter of one of the Joint Controllers or when providing us with your e-mail address allow us to use this e-mail address for e-mail marketing, the respective Joint Controller will use your personal data in e-mail marketing campaigns. You may unsubscribe from such e-mail newsletter at any time by using the link contained in every e-mail we send. You may also contact the Joint Controller via e-mail or mail at the addresses provided in this privacy policy to request to be removed from the e-mail list.

• We use your personal data to comply with legal obligations. We are obligated to retain certain data because of legal requirements, for example, tax or commercial laws or we may be required by law enforcement to provide personal data on request.

We will only use your personal data for the purposes for which we have collected them. We do not use your personal data for automated individual decision-making.

4. With whom do we share your personal data?

As required in accordance with how we use it, we will share your personal data with the following third parties:

• Joint Controllers: The personal data will be share between the Joint Controllers for management of the Event and for their respective processing purposes described above.

• Service providers and advisors: Third party vendors and other service providers that perform services for us, which may include marketing campaign services, providing mailing or e-mail services, tax and accounting services, services related to the registration and organization of our Event, data enhancement services, timing, filming, photographing, fraud prevention or providing analytic services. Among those services providers are the following: Time Runners S.L.; RFEA (Real Federación Española de Atletismo); SAMUR (the emergency service of Madrid City Town Hall); MYLAPS B.V., TodoTrofeo (Medal engraving service) and FinisherPix LLC (photo service, only upon athlete’s consent during registration).

Where applicable such service providers will by appropriate data processing agreements be bound to only process the data on our behalf and under our instructions.

• Marketing Partners. Provided you have granted your consent, we may disclose your personal data to our third-party sponsors and marketing partners (collectively, “Marketing Partners“) to allow them to market their products or services to you, and measure the effectiveness of their marketing campaigns, promotions, endorsements and sponsorships or for other marketing purposes.

• Event Photographers. If you participate in our Event and have given us consent to do so, we will disclose your bib number, name, e-mail address and phone number to the Event photographer, who may contact you with photos from the attended Event. Appendix Privacy Policy SPORTOGRAPH

• Purchasers and third parties in connection with a business transaction: Personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of our assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or similar proceedings.

• Law enforcement, regulators and other parties for legal reasons: Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our legal claims or to protect the security or integrity of our Event; and/or (c) to exercise or protect the rights, property, or personal safety of the Joint Controllers, our athletes, visitors, or others.

• The public: The official rankings and information justifying the ranking will be disclosed to visitors of our Event and on the website runrocknroll.com. Further a tracking function can allow public users the (estimated) location of an athlete during a race.

5. How long do we keep your data?

We will store personal data for as long as necessary to fulfil the purposes for which we collect the data, in accordance with our legal obligations and legitimate business interests. Afterwards, or at the end of the statutory retention times, the personal information will be deleted. For example, national commercial or financial codes may require to retain certain information for up to 10 years.

6. How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal data when preparing the Event. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose personal data may have been compromised and take other steps, in accordance with any applicable laws and regulations.

7. How do we safeguard your personal data when there is an international transfer?

Your personal data will be transferred to countries outside the European Union or the European Economic Area. For example, WTC will access your personal data from the USA. This may mean that your personal data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal data than the jurisdiction you are typically a resident in.

For this reason, we have entered into guarantees to ensure appropriate safeguards. If we transfer information from the European Union to third parties outside the European Union and to countries not subject to schemes which are considered as providing an adequate data protection standard, we will enter into contracts which are based on the EU Standard Contractual Clauses with these parties.

If you wish to inquire further about the safeguards we use, please contact us using the details set out at the end of this Privacy Policy.

We will take reasonable steps to ensure that your personal data is treated securely and in accordance with applicable law and this Privacy Policy.

8. What rights and choices do you have?

We want you to understand your rights and choices regarding how we may use your personal data. Depending on how you use your data, these rights and choices may include the following:

You have specific rights under applicable privacy law in respect to your personal data that we hold, including a right of access and erasure and a right to prevent certain processing activities.

You have the following rights in respect to your personal data that we hold:

• Right of access. The right to obtain access to your personal data.

• Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.

• Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.

• Right to restriction. The right to obtain restriction of the processing undertaken by us on your personal data in certain circumstances, such as, where the accuracy of the personal data is contested by you, for a period of time enabling us to verify the accuracy of that personal data.

• Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.

• Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. You can object to marketing activities for any reason whatsoever.

If you wish to exercise one of these rights, please contact us using the contact details below. For e-mail marketing, we provide the following easily usable option: If you no longer want to receive marketing e-mails from us, you may choose to unsubscribe at any time using the link provided in every e-mail we send.

In addition to the foregoing listed rights, as an EU resident, you also have the right to lodge a complaint with your local data protection authority. Further information about how to contact your local data protection authority is available at
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

9. How to contact us?

If you have any questions or concerns about our Privacy Policy or if you want to exercise your rights, please send an e-mail to the Event Organizer:

A.D Maraton Popular de Madrid
Calle Aniceto Marinas, 52
Madrid 28008
Spain
privacidad@mapoma.es

Elipse Iniciativas, S.L.
Calle Aniceto Marinas, 48
Madrid 28008
Spain
privacidad@elipseiniciativas.com

The Event Organizer will also pass your request on to the other Joint Controllers, if needed.

You may also contact IMA, WTC, IMS, and IMG directly, if you want: privacypolicy@ironman.com

10. Data Protection Officer

For all enquiries regarding Event Organizer’s activities you may also want to contact its data privacy team, which can be reached at privacidad@mapoma.es.

For all enquiries regarding IMG’s activities, you may also want to contact its Data Protection Officer who can be reached at datenschutz@ironman.com.

For all inquiries regarding WTC’s, IMA’s, and/or IMS’s activities, you may also want to contact the data privacy team which can be reached at privacypolicy@ironman.com.