PRIVACY POLICY

1. Data Controller

  • Controller: Ayuntamiento de la Villa de Benasque (Benasque Town Council).
  • Tax ID (CIF): P2206900I.
  • Postal Address: Pza. del Ayuntamiento 1 – 22440 Benasque (Huesca), Spain.
  • Email: ayto@benasque.es.
  • Phone: +34 974551001.

2. Purposes of Processing

The personal data collected during registration will be processed for the following purposes:

  • To manage registration and participation in the tournament.
  • To verify the category, age, eligibility, and, where applicable, the legal representation of the participant.
  • To organize pairings, brackets, standings, schedules, boards, and sports results.
  • To handle communications related to the tournament, incidents, schedule changes, and organizational notices.
  • To manage insurance, emergencies, and reasonably necessary security measures during the activity, where applicable.
  • To comply with legal, tax, administrative, and security obligations applicable to the organization of the event.
  • To publish, where appropriate, lists of participants, pairings, standings, and results, limiting the data to what is strictly necessary in accordance with the principle of data minimization.
  • Where applicable, to capture and broadcast images or video of the tournament only if there is a valid and distinct legal basis, with enhanced protection when minors participate.

3. Legal Basis

The legal bases for processing may be one or more of the following, depending on the specific purpose:

  • The performance of the pre-contractual or contractual relationship arising from registration and participation in the tournament.
  • Compliance with legal obligations applicable to the organizer.
  • The consent of the data subject or their legal representative for purposes that require it, such as uses of images not strictly necessary for organizing the tournament.
  • The legitimate interest of the organizer for the proper management, security, and coordination of the event, where applicable and following the corresponding balancing test.

When processing is based on consent, it must be freely given, specific, informed, and unambiguous, and it must be as easy to withdraw as it was to give.

4. Data Processed

In general, only adequate, relevant, and limited data strictly necessary for the registration and management of the tournament will be processed:

  • Identifying data: name and surname.
  • Contact data: phone number and email address.
  • Sports data: club, federation license, ELO or rating, category, and results.
  • Age or date of birth data, when necessary to determine the category or participation of minors.
  • Data of the father, mother, or legal guardian, when registration corresponds to a minor and representation must be proven.
  • Health or emergency information only if strictly necessary for the participant’s safety (e.g., relevant allergies or an emergency contact number).

5. Minors

Minors may register subject to the following rules:

  • Under 14 years of age: the processing of their data based on consent must be authorized by the father, mother, or legal guardian, and the organizer must make reasonable efforts to verify such authorization.
  • Over 14 and under 18 years of age: they may give consent themselves for the processing of their personal data, unless a specific rule requires the assistance of their parents or guardians.

In all cases, clear and plain language must be used, especially when information is also provided to the minor. If images of the minor are to be used for broadcasting on the website, social networks, posters, or press, and this broadcast is not essential for the organization, a separate and specific authorization from the legal representative should be obtained where appropriate.

6. Recipients of the Data

Data may be communicated, when necessary and with a sufficient legal basis, to:

  • Arbiters, judges, organizational staff, and authorized collaborators.
  • Federations, delegations, or sports entities, when necessary to validate licenses, ratings, categories, or results.
  • Insurance companies or emergency services, where appropriate for reasons of security or participant care.
  • Public administrations, law enforcement agencies, judges, or courts, when there is a legal obligation.
  • Providers providing services to the organizer as data processors (e.g., web hosting, email, management or timing software), under the corresponding data processing agreement.

Data will not be disclosed to third parties for commercial purposes unrelated to the tournament unless there is a legal obligation or specific consent.

7. Publication of Lists and Results

For the normal development of a chess tournament, it may be necessary to publish name, category, club, pairings, board, score, ranking, and results. This publication must be limited to strictly necessary data and avoid excessive or irrelevant information.

In the case of minors, it is recommended to exercise extreme caution and consider less intrusive formats when possible, especially in open online publications.

8. Images and Videos

The capture and broadcast of images must be informed separately and clearly. If the recording or publication is not essential for the organization of the tournament, it must be supported by a specific legal basis, normally consent; for minors, data protection must be enhanced.

9. Data Retention

Data will be kept for the time necessary to manage registration, the development of the tournament, the handling of incidents, possible claims, and compliance with legal obligations. Once these periods have expired, they will be deleted or, where appropriate, kept blocked for the legally required periods.

Authorized images may be kept as long as the informational or historical purpose for which they were published remains valid, unless consent is withdrawn when this is the legal basis legitimizing the processing.

10. Rights of Data Subjects

The data subject, or their legal representative where applicable, may exercise the rights of:

  • Access.
  • Rectification.
  • Erasure (Right to be forgotten).
  • Objection.
  • Restriction of processing.
  • Data portability.
  • Withdrawal of consent at any time, without retroactive effects on prior lawful processing.

To exercise these rights, you may contact the Data Controller, indicating the right you wish to exercise and proving your identity in a proportionate manner. You may also file a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that the processing does not comply with applicable GDPR regulations.

11. Security Measures

The organizer will apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or improper disclosure, taking into account the nature of the data and, with enhanced measures, when minors are affected.

12. International Data Transfers

In general, no international data transfers are foreseen. If platforms or services located outside the European Economic Area are used, the organizer must inform of this and ensure that appropriate safeguards are in place in accordance with the GDPR.

13. Mandatory or Optional Nature of the Data

The fields marked as mandatory on the registration form will be necessary to process participation. Failure to complete these fields may prevent registration or the proper management of the tournament.

Optional authorizations, such as the promotional use of images, must be presented separately from the rest of the purposes and cannot be a condition for participation when they are not necessary to organize the tournament.