PRIVACY POLICY EVENTS ORGANIZATION

pursuant to Article 13 of REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data

I&C S.r.l.  (hereinafter referred to as the "Company" or "Data Controller"), with registered office in Via Andrea Costa 202/6 40134 Bologna (BO) Italy and VAT No. 04330500374, as the Data Controller, hereby informs you, pursuant to Article 13 of REGULATION (EU) 2016/679 on the protection of personal data ("GDPR"), about the processing of your personal data that will be carried out by I&C S.r.l..

  1. Type of Data Processed

The Company is the Data controller of the personal data you provided to the Company (hereinafter referred to as the "Data"), which may include:

  • Full name and email
  • Tax code and other personal identification numbers
  • Images (including any video recordings or shootings during the event)
  • Preferences in terms of board and lodging
  • Food preferences or dietary needs related to health conditions and/or religious beliefs
  • Data in the Curriculum Vitae
  • Data regarding any conflicts of interest
  • Any evaluation Data from verification
  1. Purposes of Data Processing

The processing of Data is carried out by the Company in conducting its business as organizer of educational, recreational and corporate events. In particular, the Data you provided shall be processed with both IT and non-IT tools for the following purposes:

Events Organization - Contract Execution - Common Data

  • Pursuant to the current regulations, the Company shall process the data referred to in this paragraph only if you have given consent to the processing of your data for the specific purpose of attending, for whatever reason, one or more of the aforesaid events. The criterion of lawfulness the data processing in question is based on is therefore the need to perform a contract to which you are a party and/or in order to take steps at your request prior to entering into a contract pursuant to Article 6(1) point (b) of the GDPR. Failure to provide your personal data to that effect shall therefore prevent you from participating in the event for whatever reason.

Events Organization - Legitimate Interests - Common Data

  • The Company shall process the data referred to in this paragraph also in order to pursue its legitimate interests by keeping those common data that are strictly necessary for the defence of legal claims pursuant to Article 6(1) point (f) of the GDPR.

Events Organization - Legal Obligation - Common Data

  • We would like to inform you that, pursuant to Article 6(1) point (c) of the GDPR, the Company shall process your personal data also in order to fulfil the legal obligations to which controllers are subject, in particular with regard to the acquisition of training credits and for the accomplishment of other legal formalities regarding all healthcare professionals.

Events Organization - Consent - Special Categories of Personal Data

  • Only for special categories of personal data (Except Article 9), the Company shall process the data referred to in this paragraph only if you have given consent to the processing of your data for the specific purpose of attending, for whatever reason, one or more of the aforesaid events. The criterion of lawfulness the data processing in question is based on is therefore your consent to data processing pursuant to Article 9(2), point (a), of the GDPR. For grater transparency, we would like to point out that “special categories of data” means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Events Organization - Right of Defence - Special Categories of Personal Data

  • The Company shall also process your special data where it is necessary to establish, exercise or defend a right in courts pursuant to Article 9(2) point (f) of the GDPR.
  1. Optional Nature of the Consent to the Processing of Special Categories of Personal Data

We would like to inform you that you are under no obligation to consent to the processing of special categories of personal data. At the same time, we would like you to acknowledge that failure to give consent and/or the withdrawal of consent will make it impossible to process data. If so, where these data are inextricably linked to non-specific data, that is, common data, this circumstance will prevent you from participating in the event for any reason. In particular, please consider that your image inevitably provides personal data falling within the special categories of personal data; therefore, whenever an event is video-recorded, or even when pictures of the event are taken for a photographic reportage, your denial will inevitably prevent you from participating in the event for whatever reason.

  1. Data Processing Methods

The Data shall be processed by the Company with both electronic and manual systems according to the principles of fairness, loyalty and transparency laid down in the applicable regulations on the protection of personal data, while protecting confidentiality by implementing technical and organisational measures to ensure an adequate level of security.

  1. Data Storage

The Data you provided shall be processed from the time of the expression of interest to participate in the event and/or its organization until the event-related formalities - including any legal formalities connected to the event - as described in the relevant programme/agenda are completed, and, only for the data required for the Company’s defence of legal claims, for 10 years from the signing of the contract. For the data required for accreditation/further legal formalities retention is parameterized to the duration laid down in the applicable regulations.

  1. Data Disclosure, Dissemination and Transfer

The Data shall be processed, within the limits of what is necessary, by authorized personnel adequately trained by the Data Controller, as well as the staff of third parties who provide services to the Data Controller and process Data on behalf and instructions of the Data Controller in their capacity as Data processors pursuant to Article 28 of the GDPR.

In the event of disclosure to third parties, recipients shall include:

  • Service providers and other third parties involved in the organization of the event;
  • Competent public authorities for accreditation and the completion of additional legal formalities in the scope of health;
  • Legal offices and courts.

More generally, in conducting ordinary business activities, the Data may be disclosed to entities or persons performing activities such as supervision, auditing and certification of the activities carried out by the Data Controller; consultants and freelancers providing tax and legal services, as well as other services to assist companies when corporate transactions for which it is necessary to evaluate corporate assets are performed; public bodies and administrations; entities or persons entitled by law to receive such information; Italian and foreign judicial authorities within the European Union; other public authorities, for purposes related to the fulfilment of legal obligations, or the fulfilment of the obligations taken and arising from the contractual relationship established, including the defence of legal claims.

As part of the processing of data performed using electronic systems, in particular through cloud computing services, your personal data may be transferred outside the EU. The processing of such data is bound to the purposes for which data are collected, and is subject to the standards of confidentiality and security laid down in the applicable regulations on the protection of personal data. Whenever your personal data are transferred outside the EU, transfers shall be based on an adequacy decision or the Standard Contractual Clauses approved by the European Commission.

For more information, please contact us at privacy@iec-srl.it.

  1. Automated Profiling and/or Processing

The Data collected shall not be subject to automated processing.

  1. Additional Persons Related to Data Processing

Representative(s) in the EU: NA.

Joint controller(s): NA.

Data processor(s): NA.

DPO: NA.

  1. Data Subjects’ Rights

In connection with the Data processing described herein, you shall have the right to exercise the rights laid down in the GDPR (Articles 15-21), including:

  • the right to receive confirmation as to the existence of the Data, and to access their content (right of access);
  • the right to update, amend and/or correct the Data (right to rectification);
  • the right to request erasure and/or restriction of the processing of your Data, pursuant to Articles 17 and 18 of the GDPR (right to be forgotten and right to restriction);
  • the right to object to the processing of personal data (right to object);
  • the right to lodge a complaint with the Supervisory Authority (Italian Data Protection Authority www.garanteprivacy.it) in the event of infringement of the regulations on the protection of personal data (right to lodge a complaint with a supervisory authority);
  • the right to receive the personal data concerning you as data subject, which you provided to a controller, in a structured, commonly used and machine-readable format, where the processing is based on a contract or consent, and the right to request that Data are transmitted to another controller (right to data portability);
  • limited to special categories of personal data (Except Article 9), the right to withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given before its withdrawal.

To exercise these rights, you can contact the Data Controller at any time by sending an email to the following address: privacy@iec-srl.it.

When you contact us, please provide us with all the data required for identifying you so that we can process your request.

Insofar as necessary, we would like to inform you that you are under no obligation to provide us with the common or special Data hereinabove. Failure to provide some or all the Data will inevitably make it impossible for the Company to process data and, resultantly, you may not be entitled to participate in the event in point.



PRIVACY POLICY NEWSLETTERS

pursuant to Article 13 of REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data

I&C S.r.l.  (hereinafter referred to as the "Company" or "Data Controller"), with registered office in Via Andrea Costa 202/6 40134 Bologna (BO) Italy and VAT No. 04330500374, as the Data Controller, hereby informs you, pursuant to Article 13 of REGULATION (EU) 2016/679 on the protection of personal data ("GDPR"), about the processing of your personal data that will be carried out by I&C S.r.l..

  1. Type of Data Processed

The Company is the Data controller of the personal data you provided to the Company (hereinafter referred to as "Data"), which include:

  • Full name and email
  • Profession
  1. Purposes of Data Processing

Data processing is carried out by the Company for providing you with material regarding the initiatives that will be undertaken and which, given your profession, may be of interest to you. In particular, the Data provided by data subjects will be processed with both IT and non-IT tools for the following purposes:

Newsletters

  • The Data Controller will process the data referred to in this paragraph only if you consent to the processing of your data for the specific purpose of providing you with material regarding the initiatives that will be undertaken by the Company and which, given your profession, may be of interest to you. The criterion of lawfulness the data processing in question is based on is therefore your consent to data processing pursuant to Article 6(1), point (a), of the GDPR.
  1. Data Processing Methods

The Data shall be processed by the Company with both electronic and manual systems according to the principles of fairness, loyalty and transparency laid down in the applicable regulations on the protection of personal data, while protecting confidentiality by implementing technical and organisational measures to ensure an adequate level of security.

  1. Data Storage

The Data you provided shall be processed from the time of provision until you request erasure, that is, a recognized right you can exercise without any time limits and unconditionally.

  1. Data Disclosure, Dissemination and Transfer

The Data shall be processed, within the limits of what is strictly necessary, by authorized personnel adequately trained by the Data Controller. The Data shall also be processed by the staff of third parties who provide services to the Data Controller if they process data on behalf and instructions of the Data Controller in their capacity as Data processors pursuant to Article 28.

Given the purposes of these specific data processing operations, your Data shall not be disclosed to third-party recipients as defined in article 4(1) point 9 of the GDPR.

The Data collected shall not be transferred to non-EU countries.

  1. Automated Profiling and/or Processing

The Data collected shall not be subject to automated processing.

  1. Additional Persons Related to Data Processing

Representative(s) in the EU: NA.

Joint controller(s): NA.

Data processor(s): NA.

DPO: NA.

  1. Data Subjects’ Rights

In connection with the Data processing described herein, you shall have the right to exercise the rights laid down in the GDPR (Articles 15-21), including:

  • the right to receive confirmation as to the existence of the Data, and to access their content (right of access);
  • the right to update, amend and/or correct the Data (right to rectification);
  • the right to request erasure and/or restriction of the processing of your Data, pursuant to Articles 17 and 18 of the GDPR (right to be forgotten and right to restriction);
  • the right to object to the processing of personal data (right to object);
  • the right to lodge a complaint with the Supervisory Authority (Italian Data Protection Authority www.garanteprivacy.it) in the event of infringement of the regulations on the protection of personal data (right to lodge a complaint with a supervisory authority);
  • the right to receive the personal data concerning you as data subject, which you provided to a controller, in a structured, commonly used and machine-readable format, where the processing is based on a contract or consent, and the right to request that Data are transmitted to another controller (right to data portability);
  • the right to withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given before its withdrawal.

To exercise these rights, you can contact the Data Controller at any time by sending an email to the following address: privacy@iec-srl.it.

When you contact us, please provide us with all the data required for identifying you so that we can process your request.

Insofar as necessary, we would like to inform you that you are under no obligation to provide us with the Data hereinabove. Failure to communicate Data will obviously prevent the Company from carrying out any processing.

 
   

LIST OF THIRD PARTY COOKIES USED BY THE SITE

COOKIE NAME: _ga
PURPOSE: They allow you to count visitors to the site by keeping track of a user's previous visits
EXPIRY: Two years
ORIGIN: Google Analytics

COOKIE NAME: _gid
PURPOSE: They allow to distinguish the visitors of the site
EXPIRY: 24 hours
ORIGIN: Google Analytics

COOKIE NAME: _gat
PURPOSE: Used to calculate the loading speed of a page
EXPIRY: 10 minutes
ORIGIN: Google Analytics

COOKIE NAME: _utma
PURPOSE: Like _ga, it allows you to know if a user has previously visited the site, in this way it is possible to calculate how many new users the site has
EXPIRY: 2 years after setting / updating
ORIGIN: Google Analytics