INFORMATION ABOUT THE DATA CONTROLLER
Name: Registered S.r.l.
Address: Via Giovanni Paisiello 12, 00198 Roma, Italia
Email Address: firstname.lastname@example.org
PURPOSES OF THE PROCESSING
a. Contractual purpose
The Data Controller will process personal data for contractual purposes. Data processing is therefore necessary in the context of a contract. Personal data will be collected through the online contact and register forms available on the website. Specifically, personal data will be processed in order to allow data subject to:
- Create an account;
- Register to one or more activities;
- Use the website and its services;
- Answer to queries from users related to the service performance;
b. Marketing Purpose of Data Controller
We will process personal data for direct marketing purposes (contacting You by e-mail, market analysis). This processing will take place in compliance with Directive 2009/136/EC, as well as REGULATION 2016/679. You will always have the opportunity to object to such processing and opt-out by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received or by sending an email to email@example.com
c. Third party marketing purpose
With your consent, We will also disclose Your personal data to Promoters for their direct marketing purposes (market research, sending marketing messages). Promoters will then be able to inform you and update you on new events through both manual and automated messaging tools (e-mail, post). You will always have the opportunity to opt-out and withdraw your consent, by contacting directly the Promoter or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.
LEGAL BASIS FOR DATA PROCESSING
a. Contract execution and provision of services
Under Regulation EU 2016/679, Data Controller must always have a lawful basis for processing personal data. In this circumstance, the data is necessary for our performance of services to You. We will not keep your personal data for any longer than is necessary in light of the reason(s) for which they were first collected, as better explained under “Data Storage Period” chapter. Your personal data will therefore be kept until you intend to use our services and will be deleted thereafter. If You do not accept and agree to such processing, We will not able to provide the services.
If We believe it is not possible for Us to rely on legitimate interest as a legal basis for processing your personal data, We will ask Your consent to process personal data for Our marketing purposes (market research, sending e-mails). With Your consent, we will also disclose Your personal data for Promoters’ direct marketing purposes. Promoters will then be able to inform You and update You on new activities through both manual and automated messaging tools (e-mail, post). You will always have the opportunity to opt-out and withdraw your consent, by contacting directly the Promoter or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.
c. Legitimate Interest
In compliance with article 13 paragraph 2 of Directive 2009/136/EC, as well as with reference to Recital (27) of REGULATION 2016/679, We may use your e-mail address obtained through the online forms and obtained in the context of the sale of our services, to send You electronic communications concerning the direct marketing of Our products or services and as long similar to those You showed an interest for. You will have the right, at any time and free of charge, to oppose this processing of Your data for direct marketing purposes by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Per erogare i servizi, permetterti di utilizzare il sito e per finalità di marketing, potremmo condividere i tuoi dati con i seguenti destinatari.
Promoters are third party entities (individuals or companies) whose activities are listed and sold through the website (“Promoters”). Promoters can set up event registration online forms to collect Attendees’ information in connection with their registration to an event listed on the Platform. When an Attendee registers for an activity, his or her personal data are disclosed to Promoters. Such disclosure is required for contractual purposes and necessary to complete the purchasing transaction. Data disclosed may include Participant’s name, email address and contact details. Promoters receiving this information should only use it for purposes related to the transaction. They should not contact Participants for other incompatible purposes other than entering into a transaction, unless Attendees have given their free, specific, informed and unambiguous consent. Promoters are data controllers in respect of these data and therefore responsible to lawfully process personal data collected through the event registration form.
II. Amazon Web Services EMEA SARL
Service provided and description of processing: Hosting. Processing include compute and storage of personal data.
Country of processing: Europe and USA
III. Message Systems Inc.
Service provided and description of processing: SparkPost provides an email delivery, analytics, and intelligence service and other related services.
Country of processing: USA
IV. Stripe, Inc – payment processing services
Service provided and description of processing: Payment services. Stripe operates and
manages an electronic commerce platform and facilitates payment transactions on the platform.
Country of processing: Europe and USA
TRANSFER OF PERSONAL DATA OUTSIDE THE EU
Transfer of data to: United States. Both Stripe, Inc and MailChimp participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework and are therefore deemed to ensure, according to the European Commission, an adequate level of protection for personal data transferred from the data Controller to the Data Processors.
Article 26 of the EU Regulation 679/2016 states that “Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject”.
The Data Controller has entered into a joint controller agreement with Promoters. Both Controller and Promoters determine the purposes and means of processing of users’ personal data. Promoters will process user’s personal data for the purpose of activity registration and participation, as well as to send marketing e-mails with user’s previous explicit consent.
CRITERIA TO DETERMINE PERSONAL DATA STORAGE
YOUR RIGHTS AS DATA SUBJECT
Under the GDPR, You have the following rights:
- The right to obtain from Us confirmation as to whether or not personal data concerning You are being processed;
- The right to access your personal data;
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- The right to be forgotten, including to delete the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or because You withdraw consent on which the processing is based.
- The right to restrict the processing of your personal data according to article 18 of GDPR.
- The right to object to Us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to Us directly, We are using it with your consent or for the performance of a contract, and that data is processed using automated means, You can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling.
- You have the right to lodge a complaint with a supervisory authority.
HOW DO YOU ENFORCE YOUR RIGHTS?
You can enforce your rights at any time by sending us an e-mail to the following address: firstname.lastname@example.org We have a duty to respond to your requests at the latest within one month of receiving them. This deadline may be extended by two additional months if necessary, taking into account the complexity and the number of requests received. In case of extension you will be informed of the delay and the reasons.
If We do not take action on your request, We will inform you without delay and at the latest within one month of receipt of your request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Last updated: 15 May 2018