We inform you that in this site are used technical cookies necessary to optimize navigation, but also third-party cookies for statistical purposes. Accept the use of cookies for an optimal browsing experience. If you want more details read the extended information.

Change preferences

Technical cookies

Third-party cookies

PRIVACY POLICY FOR THE PROCESSING OF PERSONAL DATA

(Last updated: December 23, 2025)


This Policy describes the methods and purposes of the processing of personal data carried out by IDEST S.r.l., as Data Controller (hereinafter, "IDEST" or the "Controller"), through the website live.idchronos.it (the "Site").

The processing of personal data of data subjects will be carried out in compliance with the applicable legislation, with particular reference to EU Regulation 2016/679 ("GDPR").

1. Data Controller

The Data Controller is IDEST S.r.l.
Registered office: Corso M. Fanti 40, 41012 Carpi (MO), Italy
Phone: +39 0594735965
Email: info@idchronos.it

2. Types of Data Processed

IDEST processes the following categories of personal data:

  • Personal and contact information: name, surname, gender, date of birth, address, email, phone number.
  • Registration data: data related to the sports club affiliation, race category.
  • Payment and billing data: data related to credit cards, PayPal, Satispay, or other payment systems and billing information.
  • Special categories of data (sensitive data):
    • Health-related data: information contained in medical fitness certificates required for registration in certain races.
    • Data concerning sports memberships: information from federation or sports promotion body cards, which may reveal membership in certain organizations.
  • Navigation data: IP addresses, domain names, browser type, access times, and other parameters related to the user's operating system and IT environment.
  • Performance and location data: race times, rankings, geolocation data during events, if applicable and with consent.
  • Images and videos: photos and videos taken during sporting events.

3. Purposes and Legal Basis for Processing

Personal data is processed for the following purposes:

  1. Provision of the requested services:
    • To manage registrations for races and sporting events.
    • To verify participation requirements, including the validity of medical certificates and memberships.
    • To process registration fee payments.
    • To publish results, rankings, and race times.
    • To provide timekeeping services and, where applicable, real-time tracking.

    Legal basis: Performance of a contract (Art. 6.1.b GDPR). For special categories of data (health, membership), the legal basis is the explicit consent of the data subject (Art. 9.2.a GDPR), provided at the time of uploading the document.

  2. Compliance with legal obligations: To manage accounting, tax, and administrative obligations.

    Legal basis: Compliance with a legal obligation (Art. 6.1.c GDPR).

  3. Service communications: To send emails regarding registration, payment confirmation, race reminders, or requests for missing documents.

    Legal basis: Performance of a contract (Art. 6.1.b GDPR).

  4. Marketing (with consent): To send newsletters and promotional communications about future events or services offered by IDEST.

    Legal basis: Consent of the data subject (Art. 6.1.a GDPR).

  5. Publication of photos and videos (with consent): To publish images of the event on the Site or social media channels for documentary and promotional purposes.

    Legal basis: Consent of the data subject, usually collected by the event organizer. Alternatively, the legitimate interest of the Controller to document the public event (Art. 6.1.f GDPR).

  6. Site security and operation: To ensure the proper functioning of the Site and protect it from fraudulent or malicious activities.

    Legal basis: Legitimate interest of the Controller (Art. 6.1.f GDPR).

4. Data Retention Period

Personal data is kept for the time strictly necessary to achieve the purposes for which it was collected:

  • Data for service provision: Kept for the duration of the contractual relationship and, after its termination, for 10 years to comply with legal obligations (e.g., invoice retention).
  • Medical certificates, memberships, and other documents: These documents are solely for the purpose of event participation. They are stored securely and are not publicly accessible. They are periodically and permanently deleted within 90 days of the end of the sporting event to which they refer.
  • Data for marketing purposes: Kept until the data subject withdraws their consent.
  • Navigation data: Deleted after statistical processing or kept for a maximum of 7 days, unless required for crime investigation.

5. Data Communication and Transfer

Personal data may be disclosed to:

  • Event organizers: For the organizational management of the race.
  • Official timekeepers and photographers of the event.
  • Service providers: Companies providing hosting services (DigitalOcean, with servers located in the European Union), payment services (e.g., Stripe, PayPal), email sending services, etc. These entities act as Data Processors (Art. 28 GDPR).
  • Competent authorities: When required by law.

Data is not subject to indiscriminate disclosure. Data transfers outside the European Economic Area occur only when necessary and by ensuring an adequate level of protection (e.g., based on adequacy decisions or standard contractual clauses).

6. Security Measures

IDEST adopts appropriate technical and organizational measures to protect personal data from loss, illicit, or unauthorized use. Sensitive documents such as medical certificates and memberships are stored with enhanced security protocols to ensure maximum confidentiality.

7. Rights of the Data Subject

As a data subject, you have the right to exercise the following rights under the GDPR:

  • Right of access (Art. 15): To obtain confirmation as to whether or not personal data concerning you is being processed, and to access that data.
  • Right to rectification (Art. 16): To obtain the correction of inaccurate personal data.
  • Right to erasure ('right to be forgotten', Art. 17): To obtain the erasure of your personal data, in the cases provided for by law.
  • Right to restriction of processing (Art. 18): To obtain the restriction of processing.
  • Right to data portability (Art. 20): To receive the personal data concerning you in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21): To object at any time to the processing of your data for marketing purposes or for reasons related to your particular situation.
  • Right to withdraw consent: To withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, you can send a request to the email address info@idchronos.it. You also have the right to lodge a complaint with the competent supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali).

8. Cookie Policy

The Site uses technical cookies and, with consent, third-party cookies. For more information, please consult the Site's Cookie Policy.

9. Changes and Updates

This policy is subject to changes and updates. Users are encouraged to consult it periodically. Substantial changes will be notified to users.