INFORMATION ABOUT THE DATA CONTROLLER
Name: Registered S.r.l.
Address: Via Giovanni Paisiello 12, 00198 Roma, Italia
Email Address: firstname.lastname@example.org
PURPOSES OF THE PROCESSING
a. Contractual purpose
The Data Controller will process personal data for contractual purposes. Data processing is therefore necessary in the context of a contract. Personal data will be collected through the online contact and register forms available on the website. Specifically, personal data will be processed in order to allow data subject to:
- Create an account;
- Register to one or more activities;
- Use the website and its services;
- Answer to queries from users related to the service performance;
b. Marketing Purpose of Data Controller
We will process personal data for direct marketing purposes (contacting You by e-mail, market analysis). This processing will take place in compliance with Directive 2009/136/EC, as well as REGULATION 2016/679. You will always have the opportunity to object to such processing and opt-out by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received or by sending an email to email@example.com
c. Third party marketing purpose
With your consent, We will also disclose Your personal data to Promoters for their direct marketing purposes (market research, sending marketing messages). Promoters will then be able to inform you and update you on new events through both manual and automated messaging tools (e-mail, post). You will always have the opportunity to opt-out and withdraw your consent, by contacting directly the Promoter or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.
LEGAL BASIS FOR DATA PROCESSING
a. Contract execution and provision of services
Under Regulation EU 2016/679, Data Controller must always have a lawful basis for processing personal data. In this circumstance, the data is necessary for our performance of services to You. We will not keep your personal data for any longer than is necessary in light of the reason(s) for which they were first collected, as better explained under “Data Storage Period” chapter. Your personal data will therefore be kept until you intend to use our services and will be deleted thereafter. If You do not accept and agree to such processing, We will not able to provide the services.
If We believe it is not possible for Us to rely on legitimate interest as a legal basis for processing your personal data, We will ask Your consent to process personal data for Our marketing purposes (market research, sending e-mails). With Your consent, we will also disclose Your personal data for Promoters’ direct marketing purposes. Promoters will then be able to inform You and update You on new activities through both manual and automated messaging tools (e-mail, post). You will always have the opportunity to opt-out and withdraw your consent, by contacting directly the Promoter or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.
c. Legitimate Interest
In compliance with article 13 paragraph 2 of Directive 2009/136/EC, as well as with reference to Recital (27) of REGULATION 2016/679, We may use your e-mail address obtained through the online forms and obtained in the context of the sale of our services, to send You electronic communications concerning the direct marketing of Our products or services and as long similar to those You showed an interest for. You will have the right, at any time and free of charge, to oppose this processing of Your data for direct marketing purposes by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Per erogare i servizi, permetterti di utilizzare il sito e per finalità di marketing, potremmo condividere i tuoi dati con i seguenti destinatari.
Promoters are third party entities (individuals or companies) whose activities are listed and sold through the website (“Promoters”). Promoters can set up event registration online forms to collect Attendees’ information in connection with their registration to an event listed on the Platform. When an Attendee registers for an activity, his or her personal data are disclosed to Promoters. Such disclosure is required for contractual purposes and necessary to complete the purchasing transaction. Data disclosed may include Participant’s name, email address and contact details. Promoters receiving this information should only use it for purposes related to the transaction. They should not contact Participants for other incompatible purposes other than entering into a transaction, unless Attendees have given their free, specific, informed and unambiguous consent. Promoters are data controllers in respect of these data and therefore responsible to lawfully process personal data collected through the event registration form.
II. Altemica S.R.L. Via Bartolomeo Colleoni, 2 – 00176 Roma (RM)
Altemica is an Italian provider of hosting services. Altemica will act as data processor as it will process personal data, which are stored within its databases or servers, on Data Controller behalf. Data Processor has undertaken to ensure that any and all personal information collected through the Data Controller’s website is gathered, processed and held in accordance with the relevant provisions of the GDPR. Here You can find more information on how Altemica is processing personal data at the following link www.altemica.com/privacy-cookie-policy
The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA (“Mailchimp”).
The Rocket Science Group is the owner of a marketing automation platform known as “MAILCHIMP”. Newsletters will be sent using Mailchimp platform. The provision of the services by Mailchimp involves it in processing the personal data on behalf of the Data Controller.
Under EU Regulation 2016/679 General Data Protection Regulation (“the GDPR”) (Article 28, paragraph 3), the Data Controller is required to put in place an agreement in writing between the Data Controller and any organization which processes personal data on its behalf governing the processing of that data. Therefore, the Data Controller has entered into a data processing agreement with MailChimp (“Data Processor”) to ensure compliance with the said provisions of the GDPR in relation to all processing of the Personal Data by the Data Processor for the Data Controller. You can find more information on how Mailchimp is processing personal data at the following link: https://mailchimp.com/legal/privacy/?_ga=2.212925458.74393180.1526551979-315691423.1526306073
IV. Stripe, Inc – payment processing services
Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”)—an entity located in Ireland and subject to European law. Stripe Payments Europe Limited may transfer personal data to Stripe, Inc., located in the US. To ensure the adequate protection of personal data, Stripe, Inc., has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. To check how Stripe processes your personal data please refer to the following link https://stripe.com/privacy-shield-policy
Under EU Regulation 2016/679 General Data Protection Regulation (“the GDPR”) (Article 28, paragraph 3), the Data Controller is required to put in place an agreement in writing between the Data Controller and any organization which processes personal data on its behalf governing the processing of that data. Therefore, the Data Controller has entered into a data processing agreement with Stripe Inc (“Data Processor”) to ensure compliance with the said provisions of the GDPR in relation to all processing of the Personal Data by the Data Processor for the Data Controller.
TRASFER OF PERSONAL DATA OUTSIDE THE EU
Transfer of data to: United States. Both Stripe, Inc and MailChimp participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework and are therefore deemed to ensure, according to the European Commission, an adequate level of protection for personal data transferred from the data Controller to the Data Processors.
Article 26 of the EU Regulation 679/2016 states that “Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject”.
The Data Controller has entered into a joint controller agreement with Promoters. Both Controller and Promoters determine the purposes and means of processing of users’ personal data. Promoters will process user’s personal data for the purpose of activity registration and participation, as well as to send marketing e-mails with user’s previous explicit consent.
CRITERIA TO DETERMINE PERSONAL DATA STORAGE
YOUR RIGHTS AS DATA SUBJECT
Under the GDPR, You have the following rights:
- The right to obtain from Us confirmation as to whether or not personal data concerning You are being processed;
- The right to access your personal data;
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- The right to be forgotten, including to delete the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or because You withdraw consent on which the processing is based.
- The right to restrict the processing of your personal data according to article 18 of GDPR.
- The right to object to Us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to Us directly, We are using it with your consent or for the performance of a contract, and that data is processed using automated means, You can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling.
- You have the right to lodge a complaint with a supervisory authority.
HOW DO YOU ENFORCE YOUR RIGHTS?
You can enforce your rights at any time by sending us an e-mail to the following address: firstname.lastname@example.org We have a duty to respond to your requests at the latest within one month of receiving them. This deadline may be extended by two additional months if necessary, taking into account the complexity and the number of requests received. In case of extension you will be informed of the delay and the reasons.
If We do not take action on your request, We will inform you without delay and at the latest within one month of receipt of your request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Last updated: 15 May 2018