OVERVIEW concerning DATA PROTECTION
We – BRP-Rotax GmbH & Co KG and the race organizers (link to list) – jointly operate the Rotax Event Management System including the corresponding mobile app ("Rotax Global App") to provide you with information about races, events, products and services.
Or you can write us:
BRP-Rotax GmbH & Co KG
c/o data protection
(These are the contact details of the office responsible for all data protection issues relating to the Rotax Event Management System and Mobile App).
The following information relates to data processing activities carried out within the framework of our jointly provided Rotax event management system and the associated "Rotax Global App".
You may come across race organizer websites during your browsing experience in the Rotax Global App. The respective race organizers are solely responsible for the data processing that takes place directly on their websites.
THE LEGAL BASES
The protection of your personal data is our special concern. We therefore process your data exclusively on the basis of legal provisions (DSGVO, öDSG, öTKG 2021 and any mandatory legal provisions at the location of the event).
Any data processing requires a legal basis. Within the framework of our Rotax Event Management System and the associated "Rotax Global App", we only process your data if at least one of the following conditions applies:
- Consent (Art. 6(1) lit. a GDPR): You have given us your consent to process data for a specific purpose (e.g. consent to receive push messages in the Rotax Global App).
- Contract (Art. 6(1) lit. b GDPR): In order to fulfill a contract or pre-contractual obligations, we process your data (e.g. entry form for participation in races).
- Legal obligation (Art. 6(1) lit. c) GDPR): If we are subject to a legal obligation, we process your data (whenever it is foreseen by law that we have to process data of customers e.g. for insurance reasons).
- Legitimate interests (Art. 6(1) lit. f GDPR): We reserve the right to process personal data because of our legitimate interests, if this does not conflict with any overriding protective interests on your part. For example, we process data in order to provide you with information about kart races in which Rotax is involved.
WHAT ARE PERSONAL DATA?
HOW DO WE COLLECT YOUR DATA?
On the one hand, your data are collected when you provide them to us. This can be, for example, data that you enter in the registration form and upload. Other data are collected automatically or after your consent when visiting the event registration / race registration on the websites of the race organizers and the Rotax Global App by our IT systems. These are mainly technical data (e.g. internet browser, operating system or time of page view). These data are collected automatically as soon as you call up the registration forms or use the Rotax Global App.
WHAT DO WE USE YOUR DATA FOR?
Purposes for data use may vary: from processing your registration, to ensuring that there is no unauthorized access to the Rotax Event Management System and the Rotax Global App, to marketing. Detailed information on the processing purposes can be found below in the description of the respective data processing activities.
HOW LONG WILL YOUR DATA BE STORED?
NOTE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES
We take great care in our selection of systems and tools to ensure that they comply with the principles of the GDPR. Almost all systems and solutions we use are developed in Europe and hosted on European servers.
Push messages that are displayed directly in the Rotax Global App are created via Google's US solution "Firebase" and delivered via Google's and Apple's US push providers or Huawei's Chinese providers. In order for push messages to be delivered to your mobile phone, the Mobile Device ID must be processed. Push messages in the Rotax Global App will only be displayed with your consent. "Firebase" is a Google tool based in the USA. The USA does not have a data protection law equivalent to the EU data protection law. If you have activated push messages, it is possible that your personal data, insofar as it is related to the push message, may be transferred to the USA or other third countries and processed there. For example, US companies may be required by US law to release personal data to US security authorities. We have no influence on these processing activities.
For some data processing we rely on the support of service processors. We have concluded a contract on commissioned processing (data processing agreement) with them. This is a contract required by data protection law, which is intended to ensure that they process the personal data of our users, customers and interested parties only according to our instructions and in compliance with the GDPR.
WHAT RIGHTS DO YOU HAVE REGARDING YOUR DATA?
According to Art. 12–22 GDPR you have the following rights:
- Before we process your data, you will be informed by us about all essential items relating to the processing, such as in particular the categories of data concerned, the purpose of processing, the legal basis and the storage period of the data (Art. 13 and 14 GDPR).
- You have the right to obtain information at any time about
- the purpose of the data processing,
- the categories (types) of data processed,
- the recipients of the data, including information on whether data are transferred to third countries,
- the storage period,
- as well as the origin of your personal data (if they were not collected from you) (Art. 15 GDPR).
- You also have the right to request the correction or deletion of your data if you believe that the data are inaccurate or are being processed improperly (Art. 16, 17 and 19 GDPR).
- You also have the right to request the restriction of the processing of your personal data under certain circumstances (Art. 18 GDPR).
- In addition, you have the right to data portability (Art. 20 GDPR).
- Insofar as one of our processing operations is based on our legitimate interests, you have the right to object. In this case, we may only continue the processing if we succeed in proving compelling legitimate reasons for this processing (Art. 21 GDPR).
- You also have the right, in accordance with Art. 22 GDPR, not to be subject to decisions made solely by automated means. However, we do not carry out such processing.
If you have given your consent to certain data processing operations, you can revoke this consent at any time with the effect that future use of this data is prohibited. Furthermore, you have a right to lodge a complaint to the data protection supervisory authorities.
For this, as well as for further questions on the subject of data protection, you can contact us at any time.
By e-mail to firstname.lastname@example.org
Or by mail to:
BRP-Rotax GmbH & Co KG
c/o Data Protection
These are the contact details of the responsible party for all data protection issues relating to the Rotax Event Management System and the Rotax Global App. If you have any questions regarding privacy issues related to your customer relationship with a race organizer, please contact them directly. (Link to overview page)
DATA PROCESSING WITHIN THE FRAMEWORK OF OUR ROTAX EVENT MANAGEMENT SYSTEM AND THE ROTAX GLOBAL APP
We protect your personal information from unauthorized access, use or disclosure. We ensure that your personal data stored by us is used in a controlled, secure environment that prevents unauthorized access and disclosure.
The event registration / registration for the race always takes place via a website that uses SSL or TLS encryption for security reasons. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and that the lock symbol appears in your browser line.
In the Rotax Global App there is an optional registration possibility for you. Passwords set during registration are encrypted in our database.
Access-Log-Files Rotax Event Management System
The provider of the event registration pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: IP address, date and time of access, country and a corresponding information if logged in incorrectly. These data will not be combined with other data sources.
We have a legitimate interest (Art. 6(1) lit. f GDPR) in the technically error-free presentation and optimization of our event registration pages – for this purpose, the server log files must be collected.
Storage period: 365 days
Access-Log-Files Rotax Global App
Log files are also created and stored in the Rotax Global App for the last login: IP address, date and time of access, username/email, errors and warnings.
We have a legitimate interest (Art. 6(1) lit. f GDPR) in the technically error-free presentation and optimization of our Rotax Global App – for this purpose, the server log files must be collected.
Storage period: 365 days
REQUEST BY E-MAIL or PHONE
If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, contact details, content of the inquiry) will be processed by us for the purpose of dealing with your request. We do not pass on these data to third parties without your consent.
The processing of these data is based on Art. 6 (1) lit. b GDPR if your request is related to pre-contractual measures or to the performance of a contract between you and us. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) lit. f GDPR).
Data from inquiries will be stored by us for as long as is necessary to process your request, but for no longer than six months, unless mandatory statutory provisions – in particular statutory retention periods – require longer storage or where it is necessary for the establishment, exercise or defense of legal claims.
EVENT REGISTRATION / RACE REGISTRATION
The data collected during your event registration / race registration (name, contact information such as email address, phone number, address, country, date of birth, class, body weight, race license, photo, etc.) will be processed based on our legitimate interest to provide a professional event experience (Art. 6(1) lit. f GDPR). If necessary, this data may be passed on to the event location for smooth processing on site.
Some of the data you provide is necessary for the organization and execution or your participation in the race and is therefore mandatory. Other data you can provide voluntarily (e.g. sporting CV, best results or hobbies). You can change your data after the event registration / registration for the race by using the "edit code" sent to you by e-mail.
Data from the event registration will be stored by us as long as this is necessary for the processing of the event, but no longer than one year after the event, unless mandatory legal provisions – in particular legal retention periods – require longer storage.
NEWSLETTER MARKETING FOR OWN PURPOSES
DATA COLLECTION FOR OWN MARKETING PURPOSES IN THE CONTEXT OF EVENT REGISTRATION / RACE REGISTRATION AND REGISTRATION IN THE ROTAX GLOBAL APP
We store the email address and name you provide in the registration form or app registration in our customer and prospect database. These data will be included in newsletter communications about our events, services and products around Rotax Kart. You have the option to object to this at any time, in each newsletter by using the unsubscribe link or by sending an email to email@example.com. This data processing is based on our legitimate interest to provide you as a customer or interested party with relevant information about Rotax Kart (Art. 6(1) lit. f GDPR). Your data will be stored until you object or for a maximum of two years after our last contact.
COMMUNICATION / INFORMATION IN THE ROTAX GLOBAL APP
If you have given your consent (Art. 6(1)(a) GDPR) for push messages in the Rotax Global App, we will provide you with news and information about the races and events you have selected. The primary purpose of these messages is to keep you up to date before, during and after the races and events directly in the Rotax Global App and to inform you about possible changes promptly.
PUSH MESSAGES VIA FIREBASE FROM GOOGLE
The push messages are created via Google's "Firebase" tool and delivered directly to your mobile phone. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for all Google services in Europe.
Where Firebase is used, Google processes personal data like the Mobile Device ID. The processing of the Mobile Device ID is technically necessary, otherwise no push messages can be delivered to your mobile phone.
Data collected through Firebase is stored on Google's own servers distributed around the world. Most servers are located in the United States. Google currently transfers and processes data to/in the United States based on the standard contractual clauses of the EU Commission (Article 46(2) and (3) of the GDPR) and thus undertakes to largely comply with the European level of data protection when processing your data. However, the fact that US authorities may request access to this data cannot be avoided. You can find details about this here: https://policies.google.com/privacy/frameworks?hl=en
Depending on whether you use Google tools (e.g., a Google account), and depending on which Google services you have consented to Google using, Google may combine data collected through the Rotax Global App with information Google already has about you and create profiles about you. This enables Google to subsequently offer services and benefits tailored to you.
The storage period depends on the type of data collected and the particular tool used for processing.
Further useful links:
- Terms of services https://policies.google.com/terms?hl=en
REGISTRATION IN THE ROTAX GLOBAL APP
As a user, you also have the possibility to register in the Rotax Global app. Your data (e-mail address and password), which you provide in the registration process, will be processed on the basis of our legitimate interest (Art. 6(1) lit. f GDPR) for the purpose of providing the following functions in the Rotax Global App: You can
- add kart drivers to the championship or adjust existing kart drivers – without an edit code
- retrieve updates on the selected race
Your registration data will remain stored until you delete the Rotax Global App. Data that you have entered during an event registration / race registration remains unaffected. The above storage period applies to this data.
COMMUNICATION OF RACE ORGANIZERS IN THE ROTAX GLOBAL APP
In the Rotax Global App, personal data are processed in some areas, and the processing is the sole responsibility of the respective race organizer. This may concern the following:
Live timing and live streaming
- Registration and participant lists, rankings and results lists (Notice Board, Results, Standings, Entry List).
- Payment processing for race fees
If you have any questions, please contact the race organizer (link to list) directly. You can find his contact details in his imprint too – available in the section "Entry Form".
PHOTOS / VIDEOS AT THE EVENT / RACE
During the events, recordings may be made of the visitor area to document the events and the mood of the participants for the interested public. No photographs will be published that depict participants in a way that they might find objectionable. If individual participants are to be separately photographed or interviewed, this will only be done with their consent. For more information, please contact the race organizer (link to list).