1. Categories of personal data
The personal data processed by Data Controller are collected directly and freely provided by Data Subjects.
This information concerns personal data (e.g., personal data, contact details, telephone numbers, e-mail addresses), professional data (profession carried out, company role, registrations to registers, associations, etc.). Photographic and video images can be collected and processed with the intent of depicting the Event itself and the activities conducted and not the individual person. in fact, the Authorization for the use of audio / video and images recordings will be required in case of shooting of subjects in the foreground.
2. Scopes and ways of processing
The personal data of Data Subjects, supplied by filling in the event’s registration form, are processed for the following scopes:
-
subscription and participation in the Event;
-
hotel accommodation booking
-
fiscal, administrative and accounting duties strictly connected to the above participation;
-
execution of specific duties prescribed by law, regulation or EU norms;
-
free of charge distribution of documentation relating to the Event;
-
sending communications and / or documentation by Eurotraining S.r.l. to update the Data Subject on future Events promoted by the undersigned organization within the same area of interest, both through automated tools (for example, newsletters, e-mail, sms, mms, calls without operator, etc.) and through traditional methods of contact (paper mail and / or direct calls via operator);
-
for the security of the networks (cyber security), the assessment, exercise or defense of a right in judicial and extrajudicial (for the pursuit of the legitimate interest of the Data Controller art. 6, paragraph 1, lett. f) of the GDPR) of the undersigned organization.
Purposes functional to the activity for which the Data Subject has the right to give consent or not:
-
communication, with prior consent, of personal and contact data to sponsor companies for promotional and marketing purposes.
The processing of the personal data is executed, under authority of the Data Controller, by entities specifically Designated, authorized and instructed for the processing as per section 2-quaterdecies of Italian Law Decree n. 196 dated June 30, 2003, as amended by Italian Law Decree n. 101 dated August 10, 2018 (hence, the “Privacy Law”) and as per sections 29 of the GDPR, by means of manual, automated or telecom tools, with logics strictly connected to the scopes and in any case in such a way as to guarantee confidentiality and security of the personal data.
3. Juridical basis for processing, consequences of denial and consent by Data Subject
With reference to the scopes in letters a), b), c) and d), the provision of personal data is optional but mandatory for participation in the Event. In the event that Data Subjects do not communicate their essential data and do not allow the data processing, it will not be possible to proceed with the completion and implementation of the proposed services and follow up on the contractual agents undertaken, with consequent prejudice for the correct fulfilment of the related to the administrative, accounting and tax management. Therefore, the legal basis of the related data processing is full participation in the Event referred to in art. 6, paragraph 1, lett. b) of the GDPR.
For all non-essential data, the provision is optional.
For further scopes, consent is required, as per art. 6, paragraph 1, lett. a). Failure to consent will make it impossible to involve Data Subject in any future project, initiative and events in the same area of interest.
4. Duration of the processing
Personal data will be kept, in general, as long as the purposes of the processing persist. They will be kept for the entire duration of the Event and, after its conclusion, for the additional purposes for which Data Subject has given his consent.
In any case, the data processing will not last more than 5 years from the date of supply of the update service by the Owner, provided that Data Subject has not requested its cancellation before. Without prejudice to the foregoing, the Data Controller may retain some personal data of Data Subject even after the termination of the processing, exclusively for the scope of defense or protection of his rights, or in those defined by law or by order of a judicial authority or of government, and up to the end of the statutory limitation period (10 years) as long as the relationship is not renewed again.
5. Transfers outside the EU
The data processing will take place mainly in Italy and the European Union, except for the transfer to the USA for the use of the DROPBOX platform on the basis of the Standard Contractual Clauses approved by the Supervisory Authority in compliance with the guarantees in favor of Data Subject.
6. Entities and categories of entities to which the personal data may be communicated and context of communication.
With regards to the scopes of the data processing as indicated above, and within the strict boundaries of pertinence to these scopes, the personal data of the Data Subject could be communicated to the following entities, for the scope of subscription and subsequent participation to the Event:
-
to fiscal Authorities and other public Authorities, where mandatory by law or upon their request;
-
to financial institutions for the execution of payments related to the subscription;
-
to the structures and/or external companies that the Data Controller uses for the scope of executing connected activities, instrumental or consequent to subscription and subsequent participation in the Event (such as press services, data processing and IT consultancies, promotional activities by companies participating in the Event, mailing of the event’s program, hotel reservations etc.);
-
to persons in charge of the processing, both internal to the organization of the writer and external, who carry out specific tasks and operations (e.g. for the management of fiscal duties)
-
to internal authorized persons and external consultants in its quality of Data Processors, who perform specific tasks and operations (e.g. for management fiscal duties);
-
to the customer and subjects participating in the Event as sponsors or partner companies where present and when permitted.
Above entities, to whom the personal data of the Data Subject will be or may be communicated (insofar as not being designated Processors), will treat the personal data as Data Controllers according to the GDPR, in full autonomy, being completely separated from the original processing executed by the Data Controller.
Without the consent to communication of the personal data and to related processing, in those cases where it is foreseen as by GDPR, the operations which require the communication might not be executed, with consequences known to the Data Subject.
On request, the detailed and updated list of these Entities is always available at the Data Controller's registered office.
7. Children under the age of 14
The online registration service does not contain information or features or services directly intended for users under the age of 14. Therefore, all users who are under the age of 14 are invited not to communicate their personal data under any circumstances without the prior authorization of a parent or parental authority. If it becomes known that the personal data have been provided by a minor (under the age of 14), they will be immediately destroyed, also reserving the right to inhibit access to the services available on the site to any user who has hidden their minor age or who has in any case communicated their personal data in the absence of the consent of the person exercising parental authority.
In the event of a violation of the above by a child under 14, the service owner cannot be held responsible for the incident and will not be liable for claims for direct and/or indirect damages deriving from and consequent to such violation.
8. Rights of the Data Subject
Sections 15 and following of the GDPR grant the Data Subject the right to obtain:
-
confirmation or denial of existence of personal data related to the Data Subject, even if not yet registered and their communication in an understandable format;
-
indication of the origin of the personal data, of their scopes and of their ways of processing, of the logic applied in case of processing by means of electronic tools and of the identifying details of the Data Controller;
-
update, rectification, integration, cancellation, transformation into anonymous data or blocking of data treated in violation of the law – including data for which conservation is not necessary for the scopes for which they were collected and subsequently processed. Documentation of these operations, also pertaining to their content, is brought to the attention of the Data Subjects whose data have been communicated or published, except for the case in which this duty is impossible to perform or requires the use of tools which are obviously disproportionate in relationship to the granted right.
Moreover, the Data Subject has the right to:
-
oppose, partially or completely, for legitimate reasons, to processing of his/her personal data, even if coherent with the scope of collection;
-
propose a complaint to the Data Protection Authority as foreseen by the GDPR.
In order to know the detailed and constantly updated list of the entities to whom personal data of the Data Subject may be communicated and to exercise the rights granted by sections 15 and following of the GDPR, in accordance with section 12 of GDPR and within the limits of section 2-undecies of the Privacy Law, the Data Subject may contact the Data Processing Data Controller at the following addresses:
Eurotraining S.r.l. – Via B. Bosco 57/9, 16121 Genova Tel.: +39 010 42064090 - Email: mail@eurotraining.it
1 As per section 4 of the Data Protection Regulation, “personal data” means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
