Information Notice on the Processing of Personal Data pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)
This information notice aims to provide users of the website www.appiaday.org (hereinafter the “Website”) with clear and transparent details regarding the processing of their personal data.
Data Controller
The Data Controller is Velolove APS, promoter of the Appia Day initiative, with registered office at Via Novara 43, Rome, e-mail: info@appiaday.org
Categories of Data Processed
During browsing, certain technical data are automatically collected, such as:
1. Navigation Data
During browsing, certain technical data are automatically collected, such as:
IP address (partially anonymized)
Browser and device type
Time and duration of visits
Pages visited
Server response status codes
These data are collected in anonymous or pseudonymized form in order to improve the security and functionality of the website.
2. Personal data voluntarily submitted by users
Through the following forms:
Contact form
Volunteer/Partner/Sponsor form
Event proposal form
Image upload form (gallery)
the user may voluntarily provide:
First and last name
Email and/or phone number
Name of the organization
Texts, images, and other content
Any other data entered in free text fields
Such data are used exclusively for purposes related to the Appia Day initiative.
3. Cookies and Tracking Technologies
The website uses technical, analytical, and third-party cookies, also for statistical purposes.
For further details, please refer to our Cookie Policy.
Data collected through Google services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google LLC, configured to partially anonymize IP addresses and to comply with the principles of data minimization.
Google collects aggregated statistics (e.g., number of visits, pages viewed, geographic origin) to improve the quality of the content. Data may be processed on servers located within the European Union or, in case of transfers to the USA, in compliance with the Data Privacy Framework or the Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR – User consent.
More information: https://policies.google.com/privacy
Social Links and Buttons
The website includes:
Content sharing buttons for social platforms (e.g., Facebook, Instagram, X, WhatsApp), which may collect users’ personal data (such as IP address or browsing information) even without direct interaction.
Links to the official Appia Day pages on social networks. These links redirect to external platforms (e.g., Meta, Instagram) which act as independent data controllers.
Users are invited to consult the privacy policies of each platform to learn about how personal data are processed:
Facebook/Instagram (Meta): https://www.facebook.com/privacy/policy
X/Twitter: https://twitter.com/privacy
The use of social plugins may involve the transfer of personal data to third countries. Such transfers are managed by the providers in accordance with their own compliance mechanisms (e.g., Standard Contractual Clauses, EU–U.S. Data Privacy Framework).
Purposes and Legal Bases of Processing
| Purpose | Legal Basis |
|---|---|
| Handling of contact and information requests submitted through the contact form | Art. 6(1)(b) GDPR – performance of pre-contractual steps at the data subject’s request |
| Handling of applications from volunteers, partners, and sponsors | Art. 6(1)(b) GDPR– performance of pre-contractual steps at the data subject’s request |
| Assessment and publication of event proposals | Art. 6(1)(b) GDPR – performance of pre-contractual steps at the data subject’s request |
| Publication of images in the gallery | Art. 6(1)(a) GDPR – data subject’s consent |
| Anonymous statistical analysis through Google Analytics 4 | Art. 6(1)(a) GDPR – data subject’s consent |
| Compliance with legal and regulatory obligations | Art. 6(1)(c) GDPR – legal obligation |
| Ensuring the protection and security of the website | Art. 6(1)(f) GDPR – legitimate interest pursued by the controller |
| Display of social media sharing buttons | Art. 6(1)(a) GDPR – data subject’s consent for third-party cookies/technologies |
| Links to official social media profiles (static links) | Art. 6(1)(f) GDPR – legitimate interest pursued by the controller, without active tracking |
Methods of Processing
Processing is carried out using IT and telematic tools, in accordance with appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of the data. Only authorized personnel or third parties designated as Data Processors (e.g., IT providers, hosting services, newsletter services) may access the data.
An updated list of Data Processors is available upon request by email.
Data Retention
Data are retained for the time necessary to achieve the purposes for which they were collected:
Requests via contact form: 12 months from handling the request
Images: until consent is withdrawn or use is discontinued
Legal obligations: according to statutory retention periods
Marketing/statistical consent: until withdrawal of consent
Once the retention period has expired, the data will be deleted or anonymized within 30 days.
Data Subject Rights
The user may exercise at any time the rights provided for under Articles 15–22 of the GDPR:
Access to personal data
Rectification and updating
Erasure (right to be forgotten)
Restriction of processing
Objection to processing
Data portability
Revoca del consenso
Withdrawal of consent
To exercise these rights, users may contact Velolove APS at the following email address: info@appiaday.org
Complaint to the Supervisory Authority
In the event of a violation of their rights, the user may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) through the official website: www.garanteprivacy.it