Pursuant to articles 12, 13 and 14 of Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”), SACMI IMOLA S.C., as Data Controller of the personal data relating to persons who request to take part in and/or attend streaming Events organised by SACMI (hereinafter referred to as the “Service” or “Services”), wishes to inform you of the purposes and methods used for processing the personal data collected from you, of their scope of disclosure and dissemination, and of the nature of their provision.
DATA CONTROLLER AND CONTACT DETAILS
The Data Controller is SACMI IMOLA S.C. with registered office at Via Selice Provinciale, 17/A-40026 Imola (BO) – Tax Code 00287010375, VAT No. IT00498321207, Tel: +39-0542-607111, Fax: +39-0542-642354, E-mail: firstname.lastname@example.org@legalmail.it – email@example.com (hereinafter, also the “Company”).
The Data Protection Officer for the COMPANY is Massimiliano Bovesi –: firstname.lastname@example.org
PURPOSES OF THE PROCESSING AND PERSONAL DATA PROCESSED
In general, all the personal data (hereinafter, also “Personal Data” and/or “Data”) that Users will provide to the Company and/or that will be collected for use of the Services – specifically consisting of participation in the streaming Events organised by SACMI – will be processed in compliance with the principles laid down by current personal data protection regulations, such as the principles of transparency, fairness, lawfulness, data minimisation, purpose and storage limitation, accuracy, integrity and confidentiality.
Within the limits established by current regulations, the Data will be processed by the Company for the following purposes:
a) allowing the performance of operations strictly connected and necessary for correctly managing our relations with you, such as handling the answers to any queries received at the contact details provided by the Company; processing your requests for registration and participation in the Event, technical assistance. By filling in the registration form and creating a user consisting of the email address (username) and the password chosen at the time of registration, it will be possible to access the Event and, subsequently, to other contents that will be published on the platform such as videos and webinars; (Provision of Services);
b) allowing the correct performance of the contractual obligations undertaken by the Company towards the User and vice versa (Contractual Obligations);
c) allowing compliance with any obligations laid down by laws, regulations and EU legislation, or provisions issued by authorities (Legal Obligations);
d) obtaining information necessary to identify anomalies, fraudulent activities and/or misuse of the Website (Security);
e) carrying out information activities concerning the Company’s products and/or services as well as carrying out promotional and commercial activities, and market and marketing research using automated systems without human intervention (e.g., emails), but also traditional contact methods, such as the postal service or telephone; carrying out activities to measure your satisfaction, such as sending questionnaires and conducting surveys (Marketing).
The Personal Data that we will process consist of the categories specified below. If preceded by an asterisk (*), the Data we ask you for are considered necessary and essential by the Company to achieve the purpose for which they are processed.
1. Personal details and contact details
The Company may ask you to provide information about you such as: Name and Surname of applicant, Company email, Company role, Company name of applicant, Country, Telephone number, etc.. Further Data may be collected when managing each relationship through the Event platform or may consist of data that the User decides to provide to the Company, at any time, using the Company’s contact details. Users may also use the special chat available on the Event platform to ask questions and/or interact with the Company during the Event. When using the special interaction chat, you may choose whether to give your name and surname – which will be visible to all participants together with the content of your interaction – or to ask questions and/or interact anonymously. Surveys or live polling may also be submitted during the Event. You will be free to respond to them using the Event platform tools.
Data regarding you, such as audio and video images, will not be processed during the Event.
Whenever you decide to share third-party Personal Data with the Company (e.g. by registering with the Event in the name and on behalf of another applicant), you will be considered independent data controllers; as such, you shall undertake all the obligations and liabilities required by law. To this effect, Users grant full indemnity against any dispute, claim, request for compensation for damages as a result of processing, etc., which may be received by the Company from persons whose Personal Data have been submitted by you in breach of applicable data protection regulations. In such cases, since the Company does not collect this information directly from the data subjects (but, indirectly, from you), you shall guarantee that this particular processing is based on the consent of such data subjects or on another appropriate legal basis that legitimises the processing of the information in question.
2. Navigation data and other information
The computer systems and software procedures used to operate the Event platform acquire some Personal Data of Users.
More specifically, Data such as the following are processed: the type of content and the names of the channels the User viewed and/or interacted with; the date and time the User started the viewing, stopped the viewing, and its duration; the User’s country of origin, the type of browser, the type of device and operating system used by the User.
These Data are used by the Company solely to obtain statistical information about use of the platform and the Service, to check its correct functioning and to identify any anomalies and/or misuse.
LEGAL BASIS OF THE PROCESSING, MANDATORY/OPTIONAL PROVISION OF PERSONAL DATA AND CONSEQUENCES IN THE EVENT OF NON-RESPONSE
The legal bases used by the Company to process your Personal Data are detailed below, according to the purposes specified in the previous Section (“Purposes of the Processing and Personal Data Processed”).
The provision of your Personal Data and their processing for purposes relating to the Provision of Services and the Contractual Obligations is strictly necessary to perform the requested Service and to correctly execute the existing contractual relationship with you; your personal data, therefore, are strictly necessary for establishing the contractual relationship. Consequently, should you fail to provide the Personal Data requested for this purpose, or should the Data provided prove to be incorrect, it would be impossible for the Company to perform the Service and the contractual relationship, and will entitle the Company to refuse to perform the Service or to interrupt it.
The provision of your Personal Data and their processing for purposes related to Legal Obligations is necessary for the Company to comply with relevant legal obligations. When the Company receives your Personal Data, it needs to process them in accordance with applicable laws which may include retention and disclosure to the competent authorities.
The provision of Personal Data and their processing for purposes related to Security activities, is based on the Company’s interest to identify and prevent unlawful conduct and to determine liability in the case of alleged computer crimes. Consequently, should you fail to provide the Personal Data requested for this purpose, it may be impossible for the Company to authorise access to the platform.
RECIPIENTS AND TRANSFER OF PERSONAL DATA
Your Personal Data will be disclosed to Company personnel who are authorised to process the data to achieve the above-mentioned purposes and who have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality.
Your Personal Data will be disclosed to third parties, appointed as Data Processors, because they process Data on behalf of the Company (for example, companies in charge of handling and processing sales orders, parties with whom we need to interact to provide Services such as hosting providers, suppliers of email submission platforms or parties tasked with technical maintenance including the maintenance of network equipment and electronic communication networks, software developers, parties supplying the technological platform and payment gateway for e-payment product orders, and payment service providers for e-payment activities). The Personal Data strictly necessary to complete the commercial operations or the Services requested may be shared with third parties with whom the Company has ongoing contracts for services that are necessary for carrying out the activity (for example, carriers for product delivery, auditing companies, individuals, companies or firms providing support and consultancy on administrative, legal, tax, financial and debt recovery issues regarding the provision of the Services).
Lastly, if required, your Personal Data will be disclosed to competent authorities (e.g. in the event of fraudulent activity and/or misuse of the Website), to financial offices or to other Public Authorities in accordance with the provisions of applicable laws.
Your Data will not be disseminated (“dissemination” meaning to give knowledge of your Data to unidentified parties).
RETENTION OF PERSONAL DATA
Personal Data processed for the purpose of the Provision of Services and Contractual Obligations will be held by the Company as long as strictly necessary to perform the requested Service and to correctly execute the contractual relationship with you. However, since such Personal Data are processed to provide the Services and execute the contractual relationship, the Company may retain the data for a longer period, particularly as long as necessary to protect the interests of the Company from any liabilities related to the Services. At the end of this period, the Data will be deleted.
Personal Data processed for the purposes of Legal Obligations will be retained by the Company for the period provided for by specific legal obligations or applicable regulations.
Personal Data processed for Security purposes, except in cases where they are used to determine liability in the event of alleged computer crimes against the Company or third parties (e.g. for defence in court through disclosure of such data to the competent authorities), will not be kept for more than 6 months.
Personal Data processed for Marketing purposes will be retained by the Company until you withdraw your consent. Once you have withdrawn your consent, the Company will no longer use your Personal Data for these purposes, but may still retain them, especially as long as necessary to protect the interests of the Company from any liabilities based on the processing.
YOUR RIGHTS AS DATA SUBJECTS
As a Data Subject, you can exercise the following rights at any time:
· the right to access your Personal Data (and/or a copy of your Personal Data), as well as further information about the processing that is being carried out on them;
· the right to rectify or update Personal Data concerning you that have been processed by the Company, should they be incomplete or not updated;
· the right to the erasure of your Personal Data from the Company’s databases, if you think that the processing is not necessary or is unlawful;
· the right to restriction of the processing of your Personal Data by the Company if you believe that your Personal Data are incorrect, that the processing is unlawful or not necessary, or if you have objected to the processing of your data;
· the right to exercise Data portability, i.e. to obtain in a structured, commonly used and machine-readable format a copy of the Personal Data provided to the Company concerning you, or to request the transmission of those Data to another Data Controller;
· the right to object to processing of your Personal Data, on legal grounds relating to your particular situation, which you believe should prevent the Company from processing your Personal Data;
· the right to withdraw your consent for Marketing purposes. We remind you that your express consent to send Marketing communications does not only include communications sent using automated systems without human intervention (e.g., email or text messages), but also traditional contact methods, such as telephone and postal services. You may withdraw your consent to the processing of your data in a separate manner, for example, by deciding to receive these communications only using automated systems, e.g. email or text messages, and not through postal and telephone services, and vice versa.
The Company informs you that you can make changes at any time to the Personal Data you have provided, either using the appropriate sections on the Website or by writing to email@example.com.
You can exercise your other rights by writing to the email address firstname.lastname@example.org.
We inform you that with regard to Marketing purposes, to withdraw your consent and to stop receiving commercial communications, you can write to email@example.com, at any time; or, if you have received communications via computerised tools, you can follow the procedure explained at the bottom of the communication (using the “Cancellation” or “Unsubscribe” button).
The Company also informs you that you will always have the right to lodge a complaint with the competent Supervisory Authority (for example, the Authority of the State of your habitual residence – in Italy, Garante per la Protezione dei Dati Personali – Italian Data Protection Authority) if you believe that the processing of your Data is contrary to the personal data protection regulations actually applied.