Pursuant to art. 13 EU Regulation 2016/679
Dear Data Subject,
The term “personal data” refers to the definition reported in art. 4, paragraph 1, of the Regulation, therefore “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (“Personal Data”).
DATA PROTECTION OFFICER
The Controller, in order to facilitate relations with the Data Subjects, arranged to nominate his own Data Protection Officer (the “DPO”), identifying it with SAPG Legal Tech S.r.l. with registered office in Via Durini n.15, 20122 – Milan (MI).
PURPOSES AND LEGAL BASIS OF THE PROCESSING
While navigating the Site, some of your Personal Data might be acquired in the following ways:
The informatic systems and software procedures in charge of the functioning of the Site acquire, in the course of their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data consists of, for example: IP addresses, the type of browser being used, the operating system, the domain name and the address of the websites from which the access or exit have been made, information over the pages visited by the users inside the Site, the time of the access, duration of the stay on a single page, the analysis of the intern route and other parameters related to the operating system and the user’s informatic environment.
Such technical/informatic data are harvested and used exclusively in an aggregated and non-identifying way and may be used to assess responsibilities in the case of hypothetical IT crimes against the Site.
All those Personal Data that the user willingly gives to the Site, for example, writing to an email address in order to have a direct contact with the company (so to, for example, ask for assistance or further information over a good/service provided by the Controller).
On the Site, in particular, it is possible to make contact with the Controller via the following email addresses: email@example.com and firstname.lastname@example.org.
Such processing will be legitimate pursuant to art. 6, paragraph 1, letter b) of the Regulation (performance of a contract of pre-contractual measures taken at the request of the interested party) and for the compliance to eventual legal obligations.
In order to allow the Controller to carry out the processing activities for the recalled ends, it will be necessary to hand out the requested Personal Data with the specific forms. Where even one of the required information has not been given, it may not be possible to proceed with the processing of your Personal Data and, therefore, to supply the requested information and services.
No special category of Personal Data will be processed, that includes information “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”, pursuant to art. 9 of the Regulation.
In addition to the above, Personal Data possessed by the Controller as an effect of a previous contract or willingly given by the user through the specific forms could be processed by the Controller for the following ends:
SUBJECTS YOUR PERSONAL DATA MAY BE SHARED WITH
As a mere example, we report some categories of subjects your Personal Data might be communicated to:
If you want to know which subjects came in possess of your Personal Data following your relationship with Meridiano Congress International S.r.l., you can ask the Controller via the following email addresses, also reported on the website: email@example.com and firstname.lastname@example.org.
STORAGE DURATION FOR YOUR PERSONAL DATA
In particular, your Personal Data will be processed for the time strictly necessary, as indicated by the 39th Whereas of the Regulation, so until the end of the relationship between yourself and the Controller, as well as un ulterior period of storage that could be imposed by the law; on the matter, the 65th Whereas of the Regulation states that “the further retention of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims”.
Your personal Data will be processed and stored for the following periods:
In any case, your Personal Data will be the object of a periodical control, no longer than every 12 months, aimed at evaluating their pertinence with the Controller’s activities; if your Personal Data won’t be pertinent anymore, they will be erased.
LINK TO/FROM THIRD-PARTY WEBSITES
From the Site it is possible to connect via link to third-party sites like Facebook, Instagram, Linkedin, Twitter and Vimeo.
If you have already logged in on these platforms the link on the Side will redirect you on the Controller’s page with your account already logged.
Concerning the above, the Controller cannot be held responsible for the eventual processing of Personal Data by third-party websites and for the processing of authentication credentials provided by third-party subjects.
RIGHTS OF THE DATA SUBJECTS AND EXERCISE METHODS
You can exercise anytime your rights granted by articles 15 et seq. of the Regulation with respect to the Controller. In particular, you have the right to obtain:
In order to exercise your rights, you can address the Controller by filling out the present form and sending it to the following email address: email@example.com.
In any case, if you feel that the processing of your Personal Data is against the privacy regulation, you have always the right to fill a complaint to the competent Personal Data Protection Authority pursuant to art. 77 GDPR.
PLACE OF THE PROCESSING
Your Personal Data will be handled inside the territory of the European Union and could be (for technical or operative reasons) transferred and/or stored in Countries outside the territory of the EU.
In these cases, we inform you from now that the subjects located outside the territory of the European Union will be nominated (whenever the necessary criteria are met) Data Processors pursuant to art. 28 of the GDPR. Moreover, the transfer of your Personal Data to such subjects, for what concerns the carrying out of specific processing activities, will be regulated in compliance with the provisions of Chapter V of GDPR.
All the necessary cautions will be adopted in order to ensure the total protection of your Personal Data basing the transfer: a) on decisions of adequacy of the third-party countries made by the European Commission; b) on adequate warranties provided by the third-party recipient pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules; d) adopting standard contractual clauses approved by the European Commission.
In any case you can ask further details to the Controller if your Personal Data have been processed outside the European Union requesting evidence of the specific warranties adopted, writing to the following email addresses: firstname.lastname@example.org and email@example.com.