top of page
Leopard circuit white background .png
Leopard circuit white background .png
  • Instagram
  • Facebook
  • X
  • Youtube
  • TikTok

This Privacy Policy refers to the website https://www.viterbocircuit.com/ (hereinafter, the “Site”) and does not concern other websites that may be consulted via links to external websites/pages, even if present on the same Site. It is intended as an information notice provided pursuant to the European Regulation on the protection of personal data (hereinafter, the “GDPR”) and the Italian sector legislation (hereinafter, collectively, both of the foregoing, the “Applicable Law”) to those who interact with the Site (hereinafter, the “Users” or, in the singular, the “User”), by carrying out activities on it and/or simply by browsing the relevant pages/sections.

As regards cookies and any other tracking tools, please refer to the Cookie Policy, which is to be understood as an integral part of this Privacy Policy.

Data Controller and contact details

The Data Controller is the company with registered office at via Flaminia 53, Spoleto (PG), Tax Code and VAT No. 03837090541, R.E.A. No. PG 3559209, hereinafter also “” or simply “”.

For any clarification and/or further information on the processing of personal data carried out through the Site and for the exercise of the rights set out in this , the Data Controller can be contacted at the following details: tel. +39 0761 191500, e-mail: info@viterbocircuit.com, PEC: vitmotorsportsrl@pecstudio.it.

Personal data subject to processing

The personal data processed through the Site are those indicated below.

Browsing data

The IT systems responsible for the operation of the Site acquire, during their normal functioning, certain personal data in aggregated and not immediately identifiable form, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could allow users to be identified through processing and association with data held by third parties. This category of data includes, for example, IP addresses, the domain names used by users and the URL address. Such technical/IT data are used for the purpose of obtaining anonymous or aggregated statistical information on the use of the Site, verifying the proper functioning of the services offered through the Site and identifying anomalies and/or abuses of the same. Without prejudice to what is specified in the following paragraph B. of this Privacy Policy, such data are deleted immediately after being processed. Nevertheless, where the conditions exist, they may also be processed in the event that computer crimes have been committed or are suspected to have been committed and/or when requested by the competent Authorities.

Data voluntarily provided by the user

Through the Site, the Data Controller processes the personal data that the User has voluntarily provided, such as, by way of example:

  • the personal data provided by the User (e.g., first name, last name, e-mail address, telephone number, company, billing data, etc.) by filling in the form and/or using the e-mail address present in the “Contacts” section of the Site and referred to by other sections of the Site (for example, “Open practice sessions”, present in the “Activities” section of the Site);

  • the personal data provided by the User (e.g., first name, last name, date of birth, nickname, e-mail address, mobile number, address, identity document details, tax code, photo, personal data of the minor on whose behalf the User fills in the required fields and signs the appropriate declarations, signature, etc.) in order to proceed with “Driver Registration” in the “Drivers’ Area” section and to create a personal account, accessible for the consultation and/or modification of the data and information contained therein, including checking ticket/service purchase orders made through the “Ticket Office” present in the same section;

  • the personal data provided by the User (e.g., first name, last name, e-mail address, means of payment used, etc.) when purchasing tickets/services through the “Ticket Office” in the “Drivers’ Area” section of the Site. With regard to payment, the User will be redirected to the webpage of the payment service provider, such as Stripe, and will be asked to enter the data required for payment. Such data will not pass through the Site’s server, which will process only the data relating to the payment method used;

  • the personal data provided by the User (e.g., first name, last name, e-mail address, telephone, etc.) through the form in the “Activities” section of the Site in order to organise and take part in an amateur race for companies, groups of friends and/or colleagues and/or on the occasion of birthdays and/or in order to take part in open practice sessions;

  • the personal data provided by the User (e.g., first name, last name, e-mail address, telephone, address, licence no., medical certificate expiry date, etc.) for registration in races organised by the Data Controller by completing the “Competitor Form” in the “Guests’ Area” section of the Site.

It should also be noted that—for the purpose of proceeding with “Driver Registration” and in further cases where it is necessary to complete and sign waivers of liability and any additional declarations/regulations—for the completion of the registration process and/or participation in races and/or practice sessions, the User who is required to sign such declarations/regulations is required, at the time of signing, to take a photo via webcam and send it by clicking on the appropriate button. Sending the photo is necessary in order to verify the authenticity of the signature affixed and, moreover, in the case of minor drivers, in order to prevent the signature from being affixed by minors. Upon completion of the registration process and/or participation in races and/or practice sessions, the IP (Internet Protocol) address relating to the device connected to the network by means of which the completion in question was carried out will also be acquired and stored.

Conversely, sending the photo for the purpose of personalising the personal account, if created, is optional.

The Data Controller will process the data provided by the User in compliance with the Applicable Law, assuming that they relate to the same User and/or to third parties who have expressly authorised him/her to provide them or whose data the User is otherwise entitled/legitimised to provide. In relation to such cases, the User undertakes to hold harmless and indemnify the Data Controller from any dispute, claim, request for compensation for damage arising from the processing of personal data that may be made by such third parties.

Cookies and other tracking tools

With regard to the types of cookies and any other tracking tools used by the Site, please refer to the Cookie Policy.

Purposes and legal bases of processing – Data retention period

The data acquired through the Site will be processed for the purposes, on the basis of the legal grounds and for the maximum retention periods indicated below.

PURPOSES – LEGAL BASIS – MAXIMUM RETENTION PERIOD

Provide responses to any requests for contact/information/clarifications sent using the form or the e-mail address in the “Contacts” section of the Site; allow “Driver Registration” in the “Drivers’ Area” section of the Site and the creation of a personal account and/or allow the ordering and online purchase of tickets/services, fulfilling the order/contract concluded at a distance through the “Ticket Office” in the “Drivers’ Area” section of the Site; allow the booking of races through the “Activities” section of the Site and/or the registration and participation in races organised by the Data Controller; provide responses to any requests and/or communications and/or notices from purchasers and/or to requests to exercise the rights arising from the contract concluded at a distance through the Site and/or provided for by the legislation in force in relation to the contract itself (for example, support activities, the possibility of any change/cancellation of the order) and carry out the activities consequent to the exercise of such rights; allow the personalisation of the personal account created by acquiring/uploading photos; verify the authenticity of the signature affixed to waivers of liability and any additional declarations/regulations for the completion of the registration process and/or participation in races and/or practice sessions and, moreover, in the case of minor drivers, prevent the signature from being affixed by minors.
Legal basis: the processing is necessary for the performance of pre-contractual measures adopted at the request of the User and/or of a contract to which the data subject is party [Art. 6(1)(b) GDPR].
Retention: 10 years.

Legal basis (photo): the processing is based on the consent of the data subject who has optionally and voluntarily provided the photo [Art. 6(1)(a) GDPR].

Legal basis (signature/authenticity/minors): the processing is necessary for the pursuit of the legitimate interest of the Data Controller in verifying the authenticity of the signature affixed to waivers of liability and any additional declarations/regulations for the completion of the registration process and/or participation in races and/or practice sessions and, moreover, in the case of minor drivers, preventing the signature from being affixed by minors [Art. 6(1)(f) GDPR].

Fulfil administrative and/or accounting and/or tax obligations connected with the order and/or the purchase contract concluded through the Site (for example, issuing the sales invoice); fulfil legal obligations to which the Data Controller is subject, including responding to any requests to exercise the rights of the User as a data subject under the legislation in force on the protection of personal data.
Legal basis: the processing is necessary for compliance with a legal obligation to which the Data Controller is subject [Art. 6(1)(c) GDPR].
Retention: 10 years.

Carry out promotional/marketing activities by sending, by e-mail and/or SMS, promotional/marketing communications relating to Vit Motorsport S.r.l., the activities carried out and/or its products/services.
Legal basis: the processing is based on the consent possibly given by the User for these purposes [Art. 130 of Legislative Decree No. 196/2003 (“Privacy Code”) – Art. 6(1)(a) GDPR].
Retention: the data will be kept for a maximum period of 24 months from the time consent is given, without prejudice to the possibility, at any time, to request the withdrawal of the consent given, without affecting the lawfulness of processing based on consent before its withdrawal.

Verify any fraudulent or unlawful use of the Site in general and ensure its security and functionality in the interest of the Users and the Data Controller.
Legal basis: the processing is based on the legitimate interest of the Data Controller and of the Users themselves to prevent or detect any fraudulent or otherwise unlawful uses of the Site in general [Art. 6(1)(f) GDPR].
Retention: 2 years.

Carry out research/statistical analyses on aggregated or anonymous data, thus without being able to identify the User, and measure traffic and assess the use of the Site in general and the interest shown by Users.
Legal basis: the processing is based on the legitimate interest of the Data Controller to verify the usability and attractiveness of the Site in general [Art. 6(1)(f) GDPR].
Retention: 2 years.

Establish, exercise or defend a right out of court and/or in court.
Legal basis: the processing is based on the legitimate interest to establish, exercise or defend a right out of court and/or in court [Art. 6(1)(f) GDPR].
Retention: 10 years.

Enforce the coverage provided by the insurance policies taken out by the Data Controller for damage caused to/by drivers and/or other data subjects when carrying out activities on the track or otherwise in areas owned/managed by the Data Controller.
Legal basis: the processing is based on the legitimate interest of the Data Controller to establish, exercise or defend a right out of court and/or in court [Art. 6(1)(f) GDPR].
Retention: 10 years.

Enable and/or facilitate rescue operations in favour of the data subject in the event of accidents and/or events that require such interventions.
Legal basis: the processing is necessary to protect the vital interests of the data subject or of another natural person [Art. 6(1)(d) GDPR].
Retention: 10 years.

Nature of the provision of personal data

The provision of data by the User is optional. Nonetheless, failure to provide such data, in whole or in part, may make it impossible to respond to any requests for information/clarifications and/or to requests to exercise rights and/or may make it impossible to process the order and/or complete the purchase of products.

Failure to provide consent to the sending of promotional-commercial communications, on the other hand, will not entail any consequence other than the impossibility of receiving updates and learning about news regarding Vit Motorsport S.r.l., its activities and/or its products/services.

Methods of processing personal data

Data are processed using manual and/or IT tools, in any case using methods suitable to ensure their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk related to the processing carried out.

In particular, the Site’s functionalities are provided over an encrypted HTTPS connection and personal data are collected, stored and kept on secure servers, protected by firewalls and physically located within the European Union.

Recipients of personal data

Your data may be processed and/or shared, for the purposes indicated above, with:

  • persons authorised by the Data Controller to process personal data pursuant to and for the purposes of Art. 29 GDPR and Art. 2-quaterdecies of the Italian Privacy Code and who have received specific instructions regarding the methods of processing data in compliance with the Applicable Law;

  • group companies of which the Data Controller is a part which, through their respective employees, carry out activities (e.g., web and marketing) on behalf of the Data Controller as processors pursuant to and for the purposes of Art. 28 GDPR;

  • companies, consultants and/or professionals in charge of creating, maintaining, updating the Site (for example, web agencies and marketing agencies) and/or managing the hardware and software used by the Data Controller, including the providers (Wix.com Ltd.) of hosting and cloud computing services and the provider of the software solution—and related maintenance and remote assistance services—installed on the Data Controller’s IT system, suitable for the activity of sports event promoters and leisure centre operators (Apex Timing), who act as processors pursuant to and for the purposes of Art. 28 GDPR;

  • payment service providers;

  • entities, bodies or Public Authorities to whom, as autonomous data controllers, it is mandatory to communicate Your personal data by virtue of legal provisions or orders of the authorities or to prevent and/or detect any fraudulent activities or abuses in the use of the Site and the services offered by the Data Controller;

  • law firms, associated firms, consultants or professionals (for example, legal, administrative and/or tax advisory firms) possibly engaged to support the Data Controller in the proper fulfilment of legal obligations which it is required to comply with and/or in establishing, exercising or defending a right out of court or in court or whenever judicial or administrative authorities exercise their functions;

  • insurance institutions with which the Data Controller has taken out insurance policies to ensure coverage of damage caused to/by drivers and/or other data subjects when carrying out activities on the track or otherwise in areas owned/managed by the Data Controller.

Transfers to non-EU countries or international organisations

The User’s personal data or data provided by the User are transferred to non-EU countries or international organisations in the case of personal data collected and processed through the Site, the hosting of which is provided by the WIX Platform (Wix.com Ltd.), in accordance with the provisions of Chapter V of the GDPR: (https://it.wix.com/about/privacy).

Rights of the data subject

The User and/or the data subject on whose behalf the User has provided the data has the right to:

  • obtain confirmation as to whether or not processing of personal data concerning him/her is taking place and, if so, obtain access to such data and to a series of relevant information, including, by way of example, information relating to: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed; d) the retention period of the data or, if this is not possible, the criteria used to determine that period; e) the source of the personal data, where they were not provided by the user;

  • request and obtain the updating of the data, the rectification of inaccurate data or, where he/she has an interest, the integration of incomplete data;

  • request and obtain the erasure of the data where: a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the User objects to the processing carried out on the basis of a legitimate interest of the Data Controller and there is no overriding legitimate ground to continue the processing; c) the data have been processed unlawfully; d) the data must be erased by the Data Controller to comply with a legal obligation;

  • request and obtain the restriction of processing in the event of: a) contestation of the accuracy of the data for the time necessary for the Data Controller to carry out the required checks; b) unlawful processing of the data by the Data Controller, where the user opposes the erasure of the data and requests instead the restriction of their use; c) the establishment, exercise or defence of a right of the User in legal proceedings, although the Data Controller no longer needs them for the purposes of the processing; d) awaiting the outcome of verification as to whether the legitimate grounds of the Data Controller override those of the data subject;

  • in cases where the processing is based on a contract and is carried out by automated means, request and receive, in a structured, commonly used and machine-readable format, the data concerning him/her and, if technically feasible, obtain the direct transmission from the Data Controller to another controller;

  • object, in whole or in part, on legitimate grounds relating to the User’s particular situation, to the processing of data concerning him/her, even if relevant to the purpose of collection;

  • where the processing is based on the User’s consent, withdraw consent at any time without prejudice to the lawfulness of processing based on consent before its withdrawal;

  • lodge a complaint with the Italian Data Protection Authority pursuant to and for the purposes of Art. 77 GDPR and Articles 140-bis et seq. of the Italian Privacy Code, if he/she believes that the rights enjoyed under the Applicable Law have been infringed.

The Data Controller will communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, except in cases where this proves impossible or involves a disproportionate effort.

How to exercise the rights of the data subject

As a data subject, the User and/or the data subject on whose behalf the User has provided the data may exercise the above rights at any time by contacting the Data Controller at the contact details indicated above.

To lodge a complaint with the Italian Data Protection Authority, the forms made available on the Authority’s website may be used.

Updates/Changes to the Privacy Policy

This Privacy Policy may be subject to changes and/or additions and/or updates, also as a consequence of updates to the applicable legislation on the protection of personal data. In such case, the Data Controller will inform the User by publishing on the Site the amended and/or supplemented and/or updated Privacy Policy. It is therefore suggested to periodically consult the Site and the related Privacy Policy.

bottom of page