Version 1.0 — effective 2026-06-03
FIM Europe – European Motorcycling Union
Viale delle Arti 181, 00054 Fiumicino (RM), Italy
Data Protection Officer: to be designated by FIM Europe
DPO contact: support@suscom.app
| Purpose | Lawful Basis (GDPR Art. 6) |
|---|---|
| Account management and service delivery | Art. 6(1)(b) — contract performance |
| Regulatory compliance and audit logging | Art. 6(1)(c) — legal obligation |
| Event stewardship operations and checklist processing | Art. 6(1)(f) — legitimate interest (FIM Europe operational oversight) |
| Security, fraud prevention and abuse detection | Art. 6(1)(f) — legitimate interest (protecting platform integrity) |
| Analytics and service improvement | Art. 6(1)(a) — consent (withdraw anytime in Settings) |
| Marketing and event communications | Art. 6(1)(a) — consent (withdraw anytime in Settings) |
| Sub-processor | Purpose | Region |
|---|---|---|
| Cloudflare, Inc. (Cloudflare R2, D1, Workers) | Infrastructure, data storage, edge compute | EU region |
| Brevo SAS | Transactional email delivery | EU |
| Data category | Retention |
|---|---|
| Account data (name, email) | Duration of account + 30 days after deletion request |
| Checklist records (approved) | 7 years (FIM Europe regulatory compliance) |
| Audit logs | 7 years |
| Messages | Duration of account |
| Analytics data | 13 months (aggregated after 30 days) |
| Consent records | 7 years (Art. 7(1) accountability) |
Under GDPR you have the following rights. Each links to where you can exercise it:
To exercise rights that are not self-service, contact us at support@suscom.app.
You have the right to lodge a complaint with a data-protection supervisory authority. The primary authorities for this service are:
You may also lodge a complaint with the supervisory authority in your own EU/EEA country of residence.
No automated decision-making or profiling (Art. 22 GDPR) takes place. All decisions affecting users are made by human operators or administrators.
The service runs primarily on EU-region infrastructure. Some processing involves a transfer outside the European Economic Area (EEA): our hosting and edge provider, Cloudflare, Inc. (United States), processes data on our behalf. These transfers are safeguarded by the EU Standard Contractual Clauses (SCCs), Cloudflare’s certification under the EU–US Data Privacy Framework, EU-region data-residency configuration, and encryption in transit and at rest. Transactional email is sent via Brevo (Sendinblue SA, France — intra-EU). A current list of sub-processors and the safeguards applied to each is available on request from the contact above.
Personal data is collected directly from you at registration and through your use of the platform.
We use essential session cookies required for the service to function. Optional analytics and marketing cookies require your explicit consent. Manage your cookie preferences in Settings → Privacy & Consent.
Cookie & privacy settings
We use essential cookies required for the service. Analytics and marketing cookies require your consent. Privacy Policy