WHAT IS THE GDPR?
General Data Protection Regulation (hereinafter referred to as the “GDPR”) is a Regulation in EU law that defines and regulates the rules, principles and rights of personal data protection.
Full name of the GDPR: “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.”
WHO WE ARE?
The EYOF 2023 Organizing Committee, that was established by SPORT MARIBOR d.o.o., registered office: Koresova ulica 7, 2000 Maribor, Slovenia. VAT No.: SI 10663924, Reg. No.: 3388042000 (hereinafter referred to as the “EYOF OC”), is the Controller of data collected through The European Olympic Committees Games Management System (hereinafter referred to as the “GMS”).
We, as the Controller approach the processing of your personal data responsibly. The Controller collects, organizes, stores, uses, manages, and controls your personal data in compliance with the General Data Protection Regulation – GDPR and with the Personal Data Protection Act (“ZVOP-2”), as well as other relevant legislation, that provides the Controller a legal basis for processing your personal data.
HOW CAN YOU CONTACT US ON THE PERSONAL DATA PROTECTION?
If you would like to access, rectify, or erase your personal information, you can do so by contacting our Data Protection Officer here:
Zagrebška cesta 30, 2000 Maribor
Tel.: +368 051 367 210
WHAT PERSONAL DATA DO WE COLLECT?
We collect the following personal data:
Name; Surname; Age; Gender; Date of Birth; Nationality; Function; Photograph; Email Address; ID Document Type; ID Document Number; ID Document Issue Date; ID Document Expiry Date; Arrival and Departure Date, – Scan of Media ID (Media only), Arrival Date, Departure Dat, T-shirt size, Trousers size.
FOR WHAT PURPOSE IS THE DATA COLLECTED AND ON WHAT LEGAL BASIS ARE WE USING THE DATA?
Your personal data will be processed for the purposes of the accreditation process and the exercise of your rights and obligations under accreditation, on the basis of Article 6(1) points (a) to (d) of the GDPR. Your provision of personal data is a requirement for obtaining your accreditation.
Your personal data is collected and processed for the following purposes:
1. Registration and accreditation purposes
The data that is shared in the registration process is processed for the purpose of correctly and efficiently registering you and other Members of the National Olympic Committee Delegations (hereinafter referred to as the “NOC Delegations”).
The data collected in the registration and accreditation process is processed for the purpose of issuing the accreditations. Following the completion of the registration and accreditation process, each member of the NOC Delegation will receive their own individual accreditation, that will contain their respective personal data and their photograph.
The data concerned for the registration and accreditation purposes are namely: name, surname, gender, nationality, photograph, sport / function.
The legal basis for processing the personal data for the aforementioned purposes is consent, that you have given us to process your data for the specific purposes selected pursuant to the provisions of Article 6(1) point (a) of the GDPR. Your personal data will be kept for this purpose until you revoke the consent given.
The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal. You may withdraw your consent by sending a statement of withdrawal of consent to the e-mail address: firstname.lastname@example.org.
2. Arrival and Accommodation purposes
The data that is shared regarding the arrival and departure times of the individual members of the NOC Delegations, is collected and processed for the purpose of ensuring sufficient and suitable accommodations for the members of the NOC Delegations.
The data collected for the arrival and accommodation purposes will be transferred and entered into the “eTourism” portal in accordance with the mandatory regulations and legal obligations.
The data concerned for the arrival and accommodation purposes are namely: name, surname, gender, date of birth, nationality, ID document type, ID document number, arrival and departure times, number of days of stay.
The legal basis for processing the personal data for the aforementioned purposes is legal obligation, pursuant to which the data processing is necessary under the provisions of Article 6(1) point (f) of the GDPR.
The legal obligation, pursuant to which the data processing is necessary, is primarily encompassed and covered by the following regulations: Residence Registration Act (“ZPPreb-1”), Tourism Development Promotion Act (“ZSRT-1”), Hospitality Industry Act (“ZGos”), Regulation on Guest Registration and Deregistration and Regulation on the Register of Accommodation Facilities.
In accordance with the 12 paragraph of Article 39, 11 paragraph of Article 40, 4 paragraph of Article 42, and 3 paragraph of Article 43 of the Residence Registration Act (“ZPPreb-1”), as well as the 4 paragraph of Article 15b of the Hospitality Industry Act (“ZGos”), hosts who are required to register their accommodation facility in the Register of Accommodation Facilities must also report guest information to multiple institutions (police, Statistical Office of the Republic of Slovenia, and municipalities) through an application on the AJPES website.
FOR HOW LONG DO WE KEEP YOUR THE DATA?
We will retain your personal data for the duration of the EYOF 2023, if you do not request the deletion of the data, if you do not revoke the consent given or limit the processing. After that, once the EYOF 2023 will conclude, your data will be retained for the mandatory retention period established in accordance with separate regulations. But no more than 5 years after the event.
JOINT CONTROLLERS AND THIRD RECIPIENTS
The EYOF OC is the main controller of the data collected through the GMS. Certain data may be collected by third parties for certain specific purposes.
Certain data may be collected by third parties, such as National Olympic Committees (hereinafter referred to the “NOCs”) or other Responsible Organizations, for certain specific purposes. In that case, the EYOF OC and the NOCs or other Responsible Organizations are to be considered joint controllers of those data.
The processing jointly controlled between the EYOF OC, and the NOCs or other Responsible Organizations are:
– Your personal data shared and collected by the NOCs or other Responsible Organizations for the purpose of the registration and accreditation process. Before transferring any of your personal data to the EYOF OC, the NOCs or other Responsible Organizations warranted that yours or parents/legal guardians for Minor Participants, express consent was obtained for the purpose of providing personal information in view of the registration and accreditation process for the EYOF 2023.
Some of the personal data collected can be transferred to the European Olympic Committee/Comitati Olimpici Europei (hereinafter referred to as the “EOC“), with registered offices in Rome, Via della Pallacanestro 19, 00135 Rome, Italy, VAT No.: 96144860580.
In case personal data is transferred to the EOC and in execution of the services provided directly by them, the EYOF OC and the EOC shall be considered as Joint Controllers of those data under Article 26 of the GDPR. Detailed information about the terms and shared responsibilities of such joint controllership will be provided from time to time.
With data subjects’ consent, some of the data provided (name, surname, country, email address) will be processed by the EOC in order to send a newsletter and commercial communications via email, push notifications, in-app or SMS or other instant messaging channels about its activities, (the competitions it organizes, campaigns, public viewings, shows or live events), products, services, contests, offers, sweepstakes and/or promotions, or contests, offers, sweepstakes and/or promotions carried out by us on products and services promoted jointly with our official sponsors, national or international federations and national and international television channels or media, among other collaborators, with the scope of promoting the European Games (“EG”) and the European Youth Olympic Festival (“EYOF”) upcoming editions.
To exercise your rights in relation to such processing or withdraw the consent provided, you may use the following contact:
EOC Data Protection Officer,
European Olympic Committees
Via della Pallacanestro 19 – 00135 Rome – Italy
For presenting the athletes to the public, the EYOF OC is entitled to publish biographical information, i.e., names, functions, date of birth and other additional data, such as sports results on the EYOF OC’s official website and/or other media resources. EYOF OC is also entitled to transmit such information to media organizations (e.g., newspapers, websites, electronic newspapers, newspapers, TV stations, radio stations and news agencies) who may also make such information publicly accessible in their coverage of the EYOF 2023. The EYOF OC and the EOC may keep/store the collected information for statistical and historical purposes on their servers, including after the conclusion of the EYOF 2023.
The personal data collected from you will be transferred to: entities processing them on behalf of the Controller and to public authorities or entities entitled to obtain the data on the basis of applicable laws.
We do not intend to transfer your personal data to a third country. The data processed for promotional and commercial purposes by the EOC may be transferred to its local and international partners established in third countries. In case of third-party recipients in countries that do not provide in their laws for a level of protection of privacy equivalent to the one applied within the European Union, we implement safeguard mechanisms recognized by EU regulators such as standard contractual clauses or seek your express consent.
WE may share your personal information with the governmental offices or institutions and its authorities if required by local law and for the purpose of deciding on admissibility to Slovenia and/or the ability to access venues of the EYOF 2023 as well as other relevant sites.
In the future, we may share your data with national authorities and administration offices, National Olympic Committees or Organizing Committees involved in the organization of our events. To the extent in which your data will be further processed by these entities, you will be specifically informed pursuant to Articles 13(3) and 14(4) of the GDPR.
The EYOF OC and the EOC shall not make use of your personal data other than in connection with the above-mentioned purposes and such data shall not be disclosed to third parties (otherwise than as foreseen above) or be used for any direct marketing or unsolicited follow-up unless the EYOF OC or the EOC has informed you of this possible use, for which you or your parents/legal guardians for Minor Participants, have given their express consent.
WHAT ARE YOUR RIGHTS?
You have the right to access, rectification, deletion, limitation, opposition, refusal as well as to withdraw your consent at any time, through the procedure and means referred to in this document in which the email of the data protection officer is provided, without affecting the lawfulness of the processing based on consent prior to its withdrawal. Moreover, when the processing in based on Article 6(1) point (a) or point (b), you have the right to data portability.
More specifically, your rights consist of:
– Right to withdraw the consent – In cases where we process your personal data with your consent, you have the right to withdraw that consent at any time. You may withdraw the consent electronically, at the address of the responsible person, in writing, by a notice of withdrawal of consent or in person directly at our registered office. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
– Right of access by the data subject – You have the right to provide a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written form, unless otherwise is requested. If you have requested this information by electronic means, it will be provided to you electronically, if it is technically possible.
– Right to rectification – We take reasonable steps to ensure the accuracy, completeness, and timeliness of the information we have about you. If you believe that the information, we hold is inaccurate, incomplete, or outdated, please do not hesitate to ask us to modify, update or complete this information.
– Right to erasure (‘right to be forgotten’) – You have the right to ask us to erase your personal data, for example if the personal data we have collected about you is no longer necessary to fulfill the original purpose of the processing. However, your right must be assessed in the light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request.
– Right to restriction of processing – In certain circumstances, you may ask us to stop processing your personal data. For example, if you think that the personal data, we have about you may be inaccurate, or if you think we no longer need to use your personal data.
– Right to data portability – In certain circumstances, you have the right to ask us to transfer the personal data you provided to us to another third party of your choice. However, the right to portability applies only to personal data that we have obtained from you by consent or under a contract to which you are a party.
– Right to object – You have the right to object to data processing that is based on our legitimate interests. If we do not have a valid legitimate reason for processing and you object to that, we will not further process your personal data.
– Right to file a notion or to initiate a proceeding on personal data protection that is the Office of Personal Data Protection – if you do believe that your personal data are processed unfairly or unlawfully, you may file a complaint with the supervisory authority: The Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, Slovenia, e-mail: email@example.com, Tel.: +386 (0)1 230 97 30, https://www.ip-rs.si/.
HOW DO YOU EXERCISE YOUR RIGHTS?
Sending an email to: firstname.lastname@example.org. The exercise of your rights is completely free of charge.
Likewise, you may revoke the consent granted or object to the processing of data based on legitimate interest at any time, by sending an email to the address: email@example.com.
The opposition to a certain purpose or the revocation of the consents granted will not affect the use you can make of the application or the lawfulness of the processing prior to the opposition or revocation of consent.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
1. Data security
We use technical and organizational measures to protect your personal information against the risks of damage, destruction, loss, or unauthorized access, in accordance with applicable laws
2. International transfer
The information we collect will usually be processed inside the European Economic Area (EEA), which includes all EU countries and non-EU countries Iceland, Liechtenstein and Norway.
When personal data is transferred to countries outside the European Economic Area, some of which do not provide in their laws for a level of protection of your privacy equivalent to the one applied within the European Union, special safeguards are foreseen to ensure that the protection travels with the data. Before transferring data from the European Union to countries outside the European Economic Area, we implement safeguard mechanisms recognized by EU regulators such as standard contractual clauses or we seek your express consent.
3. Age limitation
We will not knowingly collect personal information about users below the age of 16. The processing of personal data of a child is lawful when the child is at least 16 years old. When the child is below the age of 16, such processing is only lawful if and to the extent that consent is given or authorized by the holder of parental responsibility for the child.
If we become aware that a child has provided us with personal information without parental or guardian consent, we will take steps to delete this information. If you become aware that your child has provided us with personal information without your consent, please contact us at:
Data Protection Officer (DPO)
Zagrebška cesta 30, 2000 Maribor
Tel.: +368 051 367 210
4. Data Retention
FESTIVAL IDENTIFICATION AND ACCREDITATION CARD (FIAC)
This European Youth Olympic Festival Identification and Accreditation Card (FIAC) is personal, non-transferable and must be worn visibly at all times and must be presented when requested by the organizer. This FIAC remains the property of the European Olympic Committees (EOC) and can be withdrawn without compensation and damages, with immediate effect, at the EOC’s sole discretion. By using FIAC, I consider that EOC has legitimate interest for making photographs, videos and live streams from the whole event. I consider that I may be recorded during the European Youth Olympic Festival (EYOF) under the conditions and for the purposes now or hereafter authored by the EOC in relation to the promotion of the EYOF. I consider that all photographs and moving images taken by me at the EYOF, including those of participants in general or athletes competing within any EYOF venue, will be used for promotional purposes. I also confirm that I fulfil the qualifications required by the EOC and I am entitled to be issued this FIAC. I observe all legislation and other regulations, which are related to the event. I am responsible for my valuables taken to the EYOF venues by me and the Organising Committee does not take responsibility for the damaged, stolen, or lost valuables.
What is a cookie?
Cookies are small text files that most websites store on users’ devices when they access the internet. Their purpose is to recognize individual devices that users have used to access the internet. The storage of cookies is under the complete control of the browser used by the user – the user can limit or disable the storage of cookies as desired.
Why are cookies necessary?
You always have the option to accept or reject cookies. Most web browsers automatically accept cookies, but you can change your browser settings to reject cookies or receive a warning before a cookie is stored.
Cookie settings in browsers
For information on cookie settings, click on the name of your browser:
We will not disclose the data collected through cookies to third parties.
Types of cookies we use: