Data Protection Policy

SimRacingXP.com Data Protection Policy

SimRacingXP.com (SRXP) is a non-commercial, non-profit, non-public community of sim racing enthusiasts. We take data protection seriously and want to explain how SRXP uses the personal data we collect from you when you use our website.

We adhere to the Regulation (EU) 2016/679, also known as the General Data Protection Regulation (henceforth referred to as ‘GDPR’) which aims to protect your data and gives you certain rights (see below for more information).

A. General Information

1. Definitions

Modelled after Article 4 of the GDPR this data protection policy defines these terms as follows:

1. “Personal data” (Article 4(1) GDPR) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. “Processing“ (Article 4(2) GDPR) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. „Controller“ (Article 4(7) GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
4. “Processor” (Article 4(8) GPDR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5. “Third party” (Article 4(10) GDPR) means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
6. “Consent” (Article 4(11) GPDR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Furthermore, we use these terms with the following meaning:

1. “Discord” is an unaffiliated third-party service provided by “Discord Inc” (https://discord.com/privacy for more information on their service and their data protection/privacy policy).
2. “Login functionality” refers to the functionality that is provided when clicking the “Login” button on our website. This functionality allows you to create a profile and makes use of “Discord to authenticate your login instead of providing original credentials that are saved on our servers.
3. “Steam” is a service provided by Valve GmbH/Valve Corporation, offering a marketplace, store and library for digital video game licences.
4. “Assetto Corsa Competizione” is a video game developed by Kunos Simulazioni and published by 505 games. Our website is based around using the multiplayer functionality of “Assetto Corsa Competizione” to create virtual racing lobbies where users of our website can play the game together.

2. Changes to this data protection policy

Due to the nature of data protection laws and the constant evolution of technical standards and methods we regularly re-check our data protection policy and update it accordingly. You can see the date of the last update at the top of this page.

3. No obligation to provide personal data

We want to emphasize that there is no obligation or requirement for you to provide any personal data. However, it is possible that we cannot provide certain functionalities or access to said functionalities without you providing certain personal data.

B. Information on the processing of your personal data

1. Collection of personal data when using the website

When using our website we are automatically collecting the following personal data of yours:

• Your IP address used to access the website
• Type of browser used
• Identifiers associated with your devices
• Your time zone
• Geolocation details including region, country, state and city

2. Processing of personal data

Processing of personal data is only lawful under the conditions and in accordance with the principles laid out in Article 5 and Article 6 of the GDPR. Particularly relevant for the purposes of the processing carried out by SRXP are the following conditions:

• the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 para. 1 lit. a GDPR)
• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 para. 1 lit. b GDPR)
• processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6 para. 1 lit. f GDPR

We will reference these provisions when detailing what personal data is collected (and processed) in the next sections.

3. Collection of personal data provided to us by you

We can only provide access to our website’s core functionalities when you provide us with the necessary personal data. For that purpose, we are collecting the following data that you provide to us when asked for them:

Using the core functionalities of this website requires you to use the login functionality (see under Definitions). Upon successfully logging in for the first time, you will be asked to provide the following personal data:

• A (chosen) first and last name (it does not have to be your legal name) [Article 6 para. 1 lit. a GDPR]
• A country of residence/origin (this does not have to be your actual country of residence/origin) [Article 6 para. 1 lit. a GDPR]
• A nickname of your choosing [Article 6 para. 1 lit. a GDPR]
• Your Steam ID [Article 6 para. 1 lit. a, b, f GDPR]

Your user profile will also be partially displayed to other logged-in users. They will be able to see your chosen name, your chosen country, the amount of races hosted by SRXP that you have participated in, the amount of race victories you have achieved and other similar statistics that are derived from the data that is provided to us by “Assetto Corsa Competizione” (compare further under “4. Collection of personal data provided to us by other sources”).

4. Collection of personal data provided to us by other sources

When using the login functionality, you are redirected to “Discord” and can sign-in with your Discord account. Discord then verifies your login and transmits to us the following personal data which we collect:

• Your Discord ID and display name [Article 6 para. 1 lit. a, b, f GDPR]
• Your Discord profile picture

You may also, alternatively to providing your Steam-ID yourself, be asked to use the link functionality provided by “Steam” (see Definitions) to login with your “Steam” account to establish a link between your profile on our website and your “Steam” profile. This is necessary to allow our website to associate your driver profile in “Assetto Corsa Competizione” (see Definitions) with your SRXP profile to display statistics, race results and to create entry lists which enables us to host closed racing events in “Assetto Corsa Competizione”. In this event we collect the following personal data provided to us by “Steam”:

• Your unique Steam-ID [Article 6 para. 1 lit. a, b, f GDPR]

Further, we collect the following personal data that is provided by Assetto Corsa Competizione:

• The name you use in said game [Article 6 para. 1 lit. a, b, f GDPR]
• The fact that you were present and for how long you were present (all collected indirectly through the amount of laps completed and the corresponding laptimes) [Article 6 para. 1 lit. a, b, f GDPR]

By linking your profile and your “Steam”-profile together and participating in any racing activities that are hosted by SRXP within “Assetto Corsa Competizione”, you actively consent into the following (personal) data being shown on our “race results” (classifications of races, qualifying and practice sessions sorted by position and/or laptimes) pages publicly on our website:

• your chosen display name
• your chosen country flag
• your chosen car
• your laptimes
• the amount of laps you completed and
• your status of participation (if you were “signed-up”/”registered”) to the race

5. Deletion of personal data

We delete personal data once they are no longer technically required for the functionalities that SRXP provides. Your data is only saved on our servers and not shared with third-parties.

6. Changing the purpose of processing

We are not intending to use your data for any other purpose than described here. If it should become necessary, it will only be done if allowed by law or after getting your informed consent.

7. Use of Cookies

Our website uses cookies. HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser (definition taken from Wikipedia.org). Cookies can store personal data such as device information that makes you identifiable, however they do not directly identify you.

Session cookies are automatically deleted when ending a browsing session while permanent cookies are placed on your device until (actively) deleted by you or other programs.

SRXP only uses strictly necessary cookies that are required to provide the intended functionalities (described above).

They serve the following purposes:

• Keeping you signed in when navigating to other sections of the website after using the login functionality (otherwise you would have to login again after you click on another page on our website)
• Remembering that you interacted with our cookie information banner for future visits.
• Preventing cross-site request forgery attacks

We use the following types of cookies:

• Strictly necessary/technically required (SRXP-Cookie):

SRXP uses these cookies solely to enable basic functionalities of the website such as our login functionality. The use of this cookie is limited to remembering your login status (i.e. This user is currently logged in/User is currently not logged in) when navigating to a different part of our website. This is a session cookie and will be deleted once you end your browsing session unless you select the ‘Remember Me’ option when logging in, which instead places a permanent cookie, for your own convenience.

• Strictly necessary/technically required (AspNet Consent):

This cookie saves whether you already interacted with the cookie information banner that shows up upon your cookie-less visit of the website. This is a permanent cookie.

You can set your browser to not accept cookies. However, this might make this website unusable for you.

8. Legal obligation to transmit certain data

We may be obligated by law to process or transfer certain personal data to public authorities (Article 6 para. 1 lit. c GDPR).

9. Cross-border processing/transmission

The data that we collect and/or process ourselves is not transmitted to countries that are not members of the EU.

C. Your rights

1. Right of access

You have the right to obtain information from us regarding your personal data to the extent of Article 15 GDPR. To exercise this right you need to send a request via E-Mail (see under D.).

2. Right to object

You have the right to object (Art. 21 GDPR) to the processing of personal data. If you object, we will immediately terminate the processing of your personal data unless we demonstrate compelling legitimate grounds for the processing.

To exercise this right you need to send a request via E-Mail (see under D.).

3. Right to withdraw consent

You have the right to withdraw your consent at any time (Article 7 para. 3 GPDR). We will cease any processing of data that is collected after your withdrawal.

To exercise this right you need to send a request via E-Mail (see under D.).

4. Right to rectification and erasure

You have the right to obtain the rectification of inaccurate personal data concerning you to the extent outlined by Article 16 GDPR. This also means you are entitled to have incomplete personal data completed.

Furthermore, you have the right to erasure (‘right to be forgotten’) of personal data concerning you without undue delay under the conditions listed by Article 17 GDPR.

To exercise these rights you need to send a request via E-Mail (see under D.).

5. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us, in the form detailed by Article 20 para. 1 GDPR. You also have the right to have your personal data transmitted directly to another controller where technically feasible.

To exercise this right you need to send a request via E-Mail (see under D.).

6. Right to restrict processing

You have the right to obtain restriction of processing if the conditions outlined in Article 18 GDPR are met.  

To exercise this right you need to send a request via E-Mail (see under D.).

7. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes on the GDPR.

Find the correct supervisory authority here:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

D. Controller and contact

Controller, as per Article 4(7) GDPR is:

Omar Tomasi, reachable under the following e-mail: info@simracingxp.com

If you have any questions about SRXP’s data protection policy, our collected personal data, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Please note that we may collect the data you provide to us by sending an e-mail for the purpose of processing your request. That data will be deleted when the request is completed.