We – BRP-Rotax GmbH & Co KG (BRP-Rotax) and V&R Karting 4.0 GmbH (V&R Karting 4.0) – jointly operate this website and the Rotax MAX Dome APP, to present our achievements, services and products throughout the world of Rotax-MAX-Dome and the world of Rotax Racing.
If our privacy policy does not answer all your questions, we will be happy to provide you with answers at the mail address privacy@rotaxmaxdome.com or you can write to us at:
BRP-Rotax GmbH & Co KG
c/o data protection
Rotaxstraße 1
4623 Gunskirchen
Austria
These are the contact details of the entity responsible for all data processing and protection issues concerning this website and the Rotax MAX Dome APP. Enquiries regarding to data processing for which V&R Karting 4.0 is solely responsible will be forwarded to the correct department.
In this privacy statement, we explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (https://eur-lex.europa.eu/legal-content/EN/ALL/?tid=311888670&uri=celex%3A32016R0679) and the applicable national laws, which personal data we process as joint controller. In addition, we also inform you about your rights in relation to our data processing activities. The following information relates to data processing operations within the scope of our jointly provided website and the Rotax MAX Dome APP.
V&R Karting 4.0 is solely responsible for the social media activities of the Rotax MAX Dome. The social media privacy policy can be found at the end of this privacy policy. In addition, the website provides information on current job vacancies. Information on applicant management, for which V&R Karting 4.0 is solely responsible, can also be found in this privacy policy.
The protection of your personal data is our special concern. We therefore process your data exclusively on the basis of the relevant legal provisions (GDPR, Austrian DSG, Austrian TKG 2021, German TTDSG).
All data processing requires a legal basis. Within the scope of our website, we only process your data if at least one of the following conditions applies:
When you use this website, various personal data are collected and processed. "Personal data" is information about an individual that is linked to his or her identity, such as a name, phone number, email address, or other identity identifier (e.g., IP address). Our privacy policy explains what data we collect and what we use it for. It also explains how and for what purposes this is done.
Your data is collected when you provide them to us. This can be, for example, data that you enter in a contact form. Other data is collected by our IT systems automatically when you visit the website and the Rotax MAX Dome APP or after your consent has been given. This is mainly technical data (e.g. Internet browser, operating system or time of page view).
Purposes for data use may vary: from processing your bookings and requests, to ensuring that there is no unauthorized access to the website or the Rotax MAX Dome APP, to marketing. Detailed information on the processing purposes can be found below in the respective descriptions of the individual data processing activity.
Your personal data will not be transferred to third parties for purposes other than those listed in this Privacy Policy.
We will only transfer your personal data to third parties where:
Which of these legal grounds is relevant for a specific data processing operated by us is disclosed in the commentaries to each processing in this data protection declaration.
Unless a more specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose of the data processing has been achieved. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be used only for these purposes foreseen by law and will be deleted once these reasons no longer apply.
As part of the description of individual technologies on our website, there are specific references to the storage period of data. In our cookie table, you will be informed about the storage period of individual cookies. In addition, you always have the possibility to ask us directly about the specific storage period of your data. To do so, please use the contact details listed at the beginning of this Privacy Policy.
For some data processing we rely on the support of service processors. We have concluded a contract on commissioned processing (data processing agreement acc. to Art. 28 of the GDPR) with them. This is a contract required by data protection law, which is intended to ensure that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
We use European software products whenever possible. This process will be continued in line with the gradually expanding range of products. As far as reliance on European software products is not feasible for technical or other important reasons, we use software products from companies in third countries (primarily the USA). Whenever this should result in data transfers to these third countries, such transfers will only take place under the following conditions:
Notice on data transfer to the USA
Data transfers to the USA may also be carried out on the basis of the “EU-US Data Privacy Framework (DPF)”, which was agreed by the EU Commission with the USA in mid-2023. The lawful prerequisite for such data transfers is the public commitment of the data recipient in the USA to comply with the DPF, thereby promising to ensure adequate protection of the data when they are processed in the USA.
The current list of companies that have publicly committed themselves to complying with the DPF can be viewed on the US Department of Commerce homepage (https://www.dataprivacyframework.gov/s/participant-search).
Where data transfers are necessary to recipients who have not yet committed themselves to complying with the DPF, we carry out transfers on the basis of standard data protection clauses in accordance with the EU Commission's Implementing Decision (EU) 2021/914 of June 4, 2021. Special protective mechanisms such as pseudonymization are used wherever possible. In addition, as far as possible, provision of services via servers located in Europe is foreseen in order to make any attempts by US authorities to access data from the European Economic Area (EEA) significantly more difficult.
Whenever we transfer data to the USA or engage a service provider based in the USA, this will be explicitly mentioned in this data protection declaration.
According to Art. 7, 12–22, 77 GDPR you have the following rights:
The responsible data protection authority for Austria: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien, Tel.: +43 1 52 152-0, dsb@dsb.gv.at
For all questions relating to data protection you may contact us at any time by e-mail to privacy@rotaxmaxdome.com
or by mail to:
BRP-Rotax GmbH & Co KG
c/o data protection
Rotaxstraße 1
4623 Gunskirchen
Austria
This is the contact information for the responsible party for all data protection issues relating to this website and the Rotax MAX Dome APP. Enquiries regarding to data processing for which V&R Karting 4.0 is solely responsible will be forwarded to the correct department.
Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a proof of your identity.
WEBSITE / APP: SECURITY
When you visit our website, we use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can recognize whether an individual page of our website is transmitted in encrypted form by the appearance of the key or lock symbol in closed form in the lower status bar of your browser.
Registration options are available in the Rotax MAX Dome APP and on the booking platform. The passwords set during registration are encrypted in our database.
We use this encryption procedure on the basis of our legitimate interest in the use of suitable encryption techniques in accordance with Art. 6 (1) lit. f GDPR.
In addition, we use suitable technical and organisational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved and kept up to date in line with technological developments.
WEBSITE / APP: HOSTING
In the process of hosting our website and app, we store all data related to the operation of our website and app. This is necessary for enabling operation of our website and app. Therefore, we process this data on the legal basis of our legitimate interest in optimising our website and app (Art. 6 (1) lit. f of the GDPR). To provide access to our website and app, we use the services of web hosting providers, to whom we supply the afore mentioned data within the context of contractual processing in accordance with Art. 28 of the GDPR.
WEBSITE / APP: ACCESS-LOG-FILES
The provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: Browser type and browser version, operating system used, referrer URL, time of server request, anonymized IP address. These data will not be combined with other data sources.
Log files for the last login are also created and saved in the Rotax MAX Dome app and booking platform: IP address, date and time of access, user name/email, errors and warnings. If you activate the "near me" function, the location data (longitude and latitude) will be saved in the enquiry log files.
Legal basis: Art. 6 (1) lit. f GDPR: We have a legitimate interest in the technically error-free presentation and optimization of our website and app – for this purpose, the server log files must be collected.
Storage period: 7 days, 30 days
WEBSITE / APP: REGISTRATION AND LOG-IN / USER ACCOUNT / BOOKING
In order to use our products and services, you have to register in the Rotax MAX Dome APP or on the booking platform or directly on site at the Rotax MAX Dome. A user account is created during the registration process. You can access the racing licence required for karting via the Rotax MAX Dome APP or directly on site at the Rotax MAX Dome.
There are four ways to register and log in:
The registration and log-in processing via Apple and Google is based on your consent (Art. 6 (1) lit. a GDPR). The transfer of your data (e-mail address, for Google additionally: username, language settings, profile picture) from Apple or Google to us is based on your consent. For further information please read the privacy information from Apple (https://support.apple.com/en-gb/HT210318) and Google (https://support.google.com/accounts/answer/10130420?hl=en&ref_topic=7188760#zippy=%2Cso-werden-daten-geteilt%2Cverwaltung).
The data (e-mail address, username and password, nickname, optional photo), which you provide to us by registration directly in our Rotax MAX Dome APP, will also be processed on the basis of your consent (Art. 6 (1) lit. a GDPR) for the purposes of the Rotax MAX Dome APP.
You can book our products and services via our booking platform directly, via the website and via the Rotax MAX Dome APP. You have to register before you can make a booking. To do this, you have to create a user account. If you use the same access data as for the Rotax MAX Dome APP registration, your data will be linked to the existing user account. Your advantage: You do not need to log in to the booking platform again when you book via the Rotax MAX Dome APP.
We process the following data in the booking process: name, date of birth, gender, postal address, country, email address, optional photo, the products you purchase. The processing is carried out on the basis of Art. 6 (1) lit. b GDPR for the processing of bookings and, in addition, in accordance with Art. 6 (1) lit. c GDPR to fulfil legal storage obligations on the basis of commercial and tax regulations. The mandatory information for contract fulfilment is marked as such when it is entered in our booking system. We only transfer the data to third parties within the scope of delivery, payment or within the scope of legal authorizations and obligations, as well as within the scope of our legitimate interest vis-à-vis legal advisors and authorities in the event of an incident. The data will only be processed in third countries if this is absolutely necessary for the fulfilment of the contract (e.g. at the customer's request in the case of payment).
Your registration, user and booking data will remain stored until you delete your account. You can delete your account at any time in your profile settings. If you do not log in for five years, your account will be deleted automatically. However, this only applies insofar as the retention of account data is not mandatory for commercial or tax law reasons (Art. 6 (1) lit. c GDPR) or is necessary for legal enforcement due to our legitimate interest (Art. 6 (1) lit. f GDPR). In case of cancelling your account, we recommend you to store your data, otherwise it will be deleted.
We use Mollie B.V. as an external payment service provider for executing payments. Mollie B.V. processes payment transactions using the following payment methods, among others:
The payment service provider is used by us to fulfil contracts that we have concluded with you on the basis of Art. 6 (1) lit. b GDPR.
The payment service provider is a "third party" within the meaning of Art. 4(10) GDPR with regard to receiving user data and is therefore a controller in its own right (Art. 4(7) GDPR) subjected to the obligations of Art. 24 GDPR for the processing of payment transaction data. Should you require further information or wish to assert your rights of cancellation, information and other data subject rights, please contact Mollie B.V. You can find out how Mollie processes data in their privacy policy: https://www.mollie.com/privacy
We do not receive any account or credit card-related information from the payment services; we receive only confirmation or negative information about the payment. The general terms and conditions of the payment service provider apply to payment transactions.
APP: PUSH-COMMUNICATION / INFORMATION IN the ROTAX MAX Dome APP
If you have given your consent (Art. 6 (1) lit. a GDPR) for push messages in the Rotax MAX Dome App, we will provide you continuously with news and information about offers, events and products.
APP: PUSH MESSAGES VIA FIREBASE FROM GOOGLE
Push messages that are displayed directly in the Rotax MAX Dome APP are created via Google's US solution "Firebase" and delivered via Google's and Apple's US push providers or Huawei's Chinese providers. Push messages in the Rotax MAX Dome APP will only be displayed with your consent (Art. 6 (1) lit. a GDPR).
The push messages are created via Google's "Firebase" tool and delivered directly to your mobile phone. Push messages can be delivered to your mobile phone only, if the Mobile Device ID is processed. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for all Google services in Europe.
Data collected through Firebase is stored on Google's own servers distributed around the world. Most servers are located in the United States. Google currently transfers and processes data to/in the United States based on the EU-US-Data Privacy Framework and thus undertakes to largely comply with the European level of data protection when processing your data.
WEBSITE / APP: VIRTUAL RACE EXPERIENCE
With our Virtual Race Experience you can put your skills to the test and win MAX Boosts for your next race in the Rotax MAX Dome. When you register in the Rotax MAX Dome APP or when you access the Virtual Race Experience via the website, you can decide whether you want to consent to tracking in accordance with Art. 6 (1) lit. a GDPR. If you provide consent, your behaviour will be tracked in the Virtual Race Experience. You can revoke consent at any time via the APP settings.
REQUEST BY E-MAIL OR PHONE
If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, contact details, content of the inquiry, other information you provide) will be processed by us for the purpose of processing your request. We do not pass on these data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to pre-contractual measures or to the performance of a contract between you and us (e.g. booking). In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) lit. f GDPR).
Data from your inquiry will be stored by us for as long as it is necessary to process your request, but for no longer than six months, unless mandatory statutory provisions – in particular statutory retention periods – require longer storage.
WEBSITE: CONTACT VIA FORMS
We offer various contact forms on our website – e.g.:
Depending on the form, the following data will be collected and processed by us: Your name, your contact details (e-mail address, telephone number if applicable), products, your message; if applicable, company.
The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) lit. f) GDPR) or on your consent (Art. 6 (1) lit. a GDPR), if this has been requested.
Data from the contact forms will be stored by us for as long as is necessary to process your request, but for no longer than six months, unless mandatory legal provisions – in particular legal retention periods – require longer storage.
NEWSLETTER MARKETING FOR OWN PURPOSES
If you would like to receive the newsletter from BRP-Rotax and V&R Karting 4.0, which is offered on the website and tailored to your interests, we require an e-mail address from you as well as consent (Art. 6 (1) lit. a GDPR) to receiving the newsletter. Your data will be stored until you revoke your consent or for a maximum of two years after our last contact. You will find the link with which you can unsubscribe from the newsletter in every newsletter.
If you use our contact forms, the booking platform, register in the Rotax MAX Dome APP or take part in the Virtual Race Experience, we store the email address and, if applicable, the name you provide, in our customer and prospect file for marketing purposes - for B2B inquiries in our partner file. This data will - if you have not objected - be used for the newsletter communication about Rotax MAX Dome and Rotax-Racing. The data processing is based on our legitimate interest in providing you as a customer or interested party with information relevant to you about Rotax MAX Dome and Rotax-Racing (Art. 6 (1) lit. f GDPR). You have the option to object to this use at any time, before entering the data into the prospect file for marketing purposes and in each newsletter by means of an unsubscribe link or by e-mail to privacy@rotaxmaxdome.com Your data will be stored as long as you have not objected, longest, however, until two years after our last newsletter mailing.
In order to tailor our newsletters to your interests as much as possible, we analyze the behavior of newsletter recipients in the newsletters and on our website. Among other things, we can analyze how many recipients have opened the newsletter and how often which link in the newsletter was clicked. All links in the e-mail are so-called tracking links, which can be used to count your clicks and analyze your website behavior. The data processing is based on your consent (Art. 6 (1)(a) GDPR) to the cookies necessary for such processing (see Cookie Policy https://www.rotaxmaxdome.com/en/linz/cookie-details).
THE USE OF COOKIES AND SIMILAR TECHNOLOGIES
See information at https://www.rotaxmaxdome.com/en/linz/cookie-details
APPLICATION MANAGEMENT
Interested applicants can send us (V&R Karting 4.0) their application documents by email to office.linz@rotaxmaxdome.com or apply via job platforms such as karriere.at.
The processing of your data (application documents such as name, contact details, CV, certificates, letter of motivation) is based on Art. 6 (1) lit. b GDPR (fulfilment of a contract or implementation of pre-contractual measures). If no contract is concluded, we will store your data for up to one year with your consent. Your data will not be passed on to third parties. We reserve the right to use data for statistical purposes and analyses. In doing so, any personal reference will be removed so that it cannot be traced back to a specific person.
We - V&R Karting 4.0 GmbH - operate pages on various social media platforms in order to make further content about Rotax MAX Dome available to the interested web audience.
This privacy policy applies to the following social media sites
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, YouTube etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) against us as well as against the operator of the respective social media portal (e.g., Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as you revoke your consent to storage via the cookie banner or the purpose for data storage no longer applies.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).
FACEBOOK AND INSTAGRAM
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter Meta). If you visit our profile on Facebook, Meta will collect some of your data for advertising purposes. You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads
According to Meta, the data collected is also transferred to the USA and other third countries. The data transfer to the USA is based on the EU-US Data Privacy Framework, which should ensure adequate protection of the data in the USA. You can find details here: https://www.facebook.com/privacy/policies/data_privacy_framework. More details can be found in the Facebook (https://www.facebook.com/about/privacy/) and Instagram (https://privacycenter.instagram.com/policy/) privacy policy.
META-PIXEL (MARKETING)
On our website, we use the visitor action pixel from Facebook/Meta for conversion measurement. This allows us to track the behavior of our site visitors after they have been redirected to the website by clicking on a Facebook ad. This allows us to evaluate the effectiveness of the Facebook ads for statistical and market research purposes and to optimize future advertising measures.
The data collected is anonymous for us as operators of the website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that for Facebook a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://www.facebook.com/privacy/policy). This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of your data cannot be influenced by us as the site operator.
Insofar as personal data is collected on our website with the help of the tool described above and forwarded to Facebook, we and Meta are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward your request to Facebook.
You can deactivate the Facebook "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/settings?tab=ads. To do this, you must be logged into Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
The processing of your data is based on your consent within the meaning of Art. 6 (1) a GDPR, which you can manage via the cookie banner on the website. You can also revoke this consent at any time via the cookie banner with effect for the future.
These explanations apply equally to Instagram.
YOUTUBE
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Most YouTube servers are located in the United States. Google bases data transfer and processing in the United States on the EU-US Data Privacy Framework and thus undertakes to largely comply with the European level of data protection when processing your data. Details dazu findest du unter https://policies.google.com/privacy/frameworks?hl=en. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en
TIKTOK
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Data transfer to third countries is based on the Standard Contractual Clauses (SCC) edited by the European Commission. Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=en.
Details on how they handle your personal data can be found in the TikTok privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Data transfer to the US is based on the on the EU-US Data Privacy Framework. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190. For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.