Skip to main content

Privacy Policy

Version 1.0 — effective 2026-06-03

1. Controller

FIM Europe – European Motorcycling Union
Viale delle Arti 181, 00054 Fiumicino (RM), Italy
Data Protection Officer: to be designated by FIM Europe
DPO contact: support@suscom.app

2. Purposes and Lawful Basis

PurposeLawful Basis (GDPR Art. 6)
Account management and service deliveryArt. 6(1)(b) — contract performance
Regulatory compliance and audit loggingArt. 6(1)(c) — legal obligation
Event stewardship operations and checklist processingArt. 6(1)(f) — legitimate interest (FIM Europe operational oversight)
Security, fraud prevention and abuse detectionArt. 6(1)(f) — legitimate interest (protecting platform integrity)
Analytics and service improvementArt. 6(1)(a) — consent (withdraw anytime in Settings)
Marketing and event communicationsArt. 6(1)(a) — consent (withdraw anytime in Settings)

3. Data Categories Held

  • Identity data: name, email address
  • Checklist data: environmental compliance records, event assessments
  • Event data: event assignments, dates, venues, sport categories
  • Communications: messages exchanged within the platform
  • Analytics data: aggregated usage patterns (only with consent)
  • Audit logs: action timestamps, IP addresses, user agent strings

4. Recipients and Sub-Processors

Sub-processorPurposeRegion
Cloudflare, Inc. (Cloudflare R2, D1, Workers)Infrastructure, data storage, edge computeEU region
Brevo SASTransactional email deliveryEU

5. Retention Periods

Data categoryRetention
Account data (name, email)Duration of account + 30 days after deletion request
Checklist records (approved)7 years (FIM Europe regulatory compliance)
Audit logs7 years
MessagesDuration of account
Analytics data13 months (aggregated after 30 days)
Consent records7 years (Art. 7(1) accountability)

6. Your Rights

Under GDPR you have the following rights. Each links to where you can exercise it:

  • Art. 15 — Access: Download your data export in Settings → My Data & Privacy.
  • Art. 16 — Rectification: Update your name, licence number and country in Settings → Account Settings (to change your email, contact our DPO for OTP re-verification).
  • Art. 17 — Erasure: Request account deletion in Settings → My Data & Privacy (14-day cooling-off period applies).
  • Art. 18 — Restriction: You may request that we restrict (mark-and-hold) the processing of your data — for example while you contest its accuracy or the lawfulness of processing. Contact our DPO; while restricted, your data is retained but not actively processed.
  • Art. 20 — Portability: Same as Art. 15 — your data export is in machine-readable JSON format.
  • Art. 21 — Objection: You may object to processing based on our legitimate interests (operational and security processing). Manage analytics & marketing consent in Settings → Privacy & Consent; to object to other legitimate-interest processing, contact our DPO.

To exercise rights that are not self-service, contact us at support@suscom.app.

7. Complaints

You have the right to lodge a complaint with a data-protection supervisory authority. The primary authorities for this service are:

You may also lodge a complaint with the supervisory authority in your own EU/EEA country of residence.

8. Automated Decision-Making

No automated decision-making or profiling (Art. 22 GDPR) takes place. All decisions affecting users are made by human operators or administrators.

9. International Transfers

The service runs primarily on EU-region infrastructure. Some processing involves a transfer outside the European Economic Area (EEA): our hosting and edge provider, Cloudflare, Inc. (United States), processes data on our behalf. These transfers are safeguarded by the EU Standard Contractual Clauses (SCCs), Cloudflare’s certification under the EU–US Data Privacy Framework, EU-region data-residency configuration, and encryption in transit and at rest. Transactional email is sent via Brevo (Sendinblue SA, France — intra-EU). A current list of sub-processors and the safeguards applied to each is available on request from the contact above.

10. Data Source

Personal data is collected directly from you at registration and through your use of the platform.

11. Cookies and Tracking

We use essential session cookies required for the service to function. Optional analytics and marketing cookies require your explicit consent. Manage your cookie preferences in Settings → Privacy & Consent.