Information provided pursuant to art. 13 of EU Regulation 2016/679 (hereinafter “Regulation” or “GDPR”) – to users who access the site www.mcascientificevents.eu.
The information includes:
- the nature of the personal information processed;
- the purposes and legal bases of the processing of personal information (Article 13.1.c and 13.1.d of the Regulation);
- the identity and contact details of the data controller (Article 13.1.a and 13.1.b of the Regulation);
- any third parties involved in the processing activities (Article 13.1.e and 13.1.f of the Regulation);
- the retention period of personal information (Article 13.2.a of the Regulation);
- the nature of the data provided and the consequences of any refusal (Article 13.2.e of the Regulation);
- user rights (Article 13.2.b, 13.2.c and 13.2.d of the Regulation).
The data controller is M.C.A. Events S.r.l., Via A. Binda 34, 20143 Milan (MI), VAT No. 12858130151.
Contact details: email@example.com.
TYPES OF DATA PROCESSED, LEGAL BASIS AND PURPOSE OF THE PROCESSING
The site collects personal data, which for transmission is implicit to the use of Internet communication protocols. This is information is not collected to be associated with identified data subjects, but for their nature could, through processing and association with data held by third parties, allow the user to be identified. This category of data includes IP addresses or domain names of the computers used by the user who connects to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. The legal basis which allows this purpose of processing of personal data is the legitimate interest of the data controller (Art. 6 (1) (f) of the GDPR). The legitimate interest of the data controller coincides with the purposes of ensuring network and information security, include preventing unauthorized access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of messages using the “Contact us” service present on the site and/or sending e-mails to the company’s address, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well any other personal data included in the request. The legal basis for this processing is art. 6.1.b of the Regulation, is the execution of the services requested by the user.
Register to the site
Newsletter and commercial communications
The user can voluntarily choose to receive newsletters and commercial communications. The site requests explicit and free consent before undertaking such promotional initiatives and may ask the user for additional information in order to create personalized and more relevant communications. The user can always easily withdraw his/her consent, which is the legal basis of this processing (article 6.1.a of the GDPR).
Communication of the contact data to the sponsors of the event
Personal data may be communicated to third parties that have sponsored the event to which users have registered. The communication of the data to such third parties can only be done for their promotional activities and can only take place with the consent of the data subject (lawful base: Art. 6 (1) (a) of the GDPR) . You can find the entire list of the sponsors to which the data are communicated on the congress website for each and every specific event. Subject to participants’ consent, the data controller will only communicate the data which are strictly necessary to fulfill the aforementioned promotional activities pursued by the event sponsors. The user can always easily withdraw his/her consent, which is the legal basis of this processing.
The purpose of profiling is to offer products, services and initiatives tailored to the users’ preferences, habits and interests. Personal data may be used for remarketing, retargeting or profiling purposes also through third parties (for example: social networks). It is in the legitimate interest of the data controller to process personal data in such a way to offer personalized and interesting services, improving the performance of the site for its users.
The site invites parents and all those who supervise minors to instruct them on how to process personal data on the Internet in a safe and responsible manner. Minors must not transmit personal data to the site without the consent of their parents. The site is committed not to intentionally collect the personal data of minors, not to use the data in any way and not to communicate the data to third parties.
DATA SHARING AND TRANSFER
The data controller can transfer the personal data of the user to third parties qualified as data processors to perform technical or commercial operations necessary to perform the services related to the best management of the site (for example couriers and postal operators; advertising, commercial and social media, IT service providers, payment service providers, customer support service providers). In such cases, data communication is essential to meet contractual commitments and to improve site performance. Through data processing agreements the data controller obligates the data processors to process the data in an appropriate and secure way. The user can request the list of data processors using the e-mail of the data controller. In addition, the data controller may be required to share the personal data of the user when required by law or by an order of public authority or to protect a right or a right of third parties.
The Data Controller does not transfer data outside the European Union.
This information does not apply to other sites or platforms to which the site can connect (for example: banners, advertisements and other links to third-party sites or platforms) to which reference should be made by reading the related privacy policies.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
DATA RETENTION PERIOD
The data controller stores personal data for the time necessary to provide the requested services to the user or to fulfill legal or tax obligations or for the minimum period required by law. In order to determine the appropriate period of storage of personal data memorized by the site with the user’s consent, the data controller also takes into consideration the following criteria: the specific purposes specified in the information for which the site stores personal information; the type of relationship in progress with the user (how often the user accesses his account, if the user makes requests through the contact form, if the user continues to receive newsletters or commercial communications; how often he surfs the site, etc.); any specific request by the user to cancel data or withdraw consent; the legitimate commercial interest of the data controller. The site will delete or promptly make anonymous personal data no longer necessary according to law.
Apart from what specified regarding navigation data, the user can freely give his / her data through the contact form or to receive promotional communications or to purchase goods or services and failure to provide such data may make it impossible to obtain the services requested. Each form clearly indicates which data is mandatory in order to carry out what requested by the user.
RIGHTS OF THE DATA SUBJECTS
The user has the right to receive confirmation regarding the possible existence of his/her personal data processed by the data controller.
In this case, pursuant to the GDPR, the user has the right to:
- be informed about the collection and use of his/her personal information;
- access his/her personal information at no cost;
- obtain the correction or completion of inaccurate or incomplete personal information;
- obtain the cancellation of personal information;
- under specific conditions, obtain the limitation or cancellation of his/her personal information;
- obtain and re-use his/her personal information for his/her own purposes for different services when the treatment is based on a contract or consent and is performed automatically (“the right to data portability”);
- under specific conditions, oppose the processing of his/her personal information;
- the right to lodge a complaint with a supervisory authority regarding the collection and processing of personal information;
- the right to withdraw consent of the processing of personal data at any time, except for the processing carried out up to that time on the basis of the withdrawn consent.
The exercise of rights is not subject to any form constraint and is free. For all these request, data subjects can write an email to Data Controller address firstname.lastname@example.org Data Subjects are taking care to specify the reason of the request.
For any information, the user is invited to consult the Internet site of the Italian Data Protection Authority– www.garanteprivacy.it – where a section dedicated to these rights can be found.
CHANGES TO THE INFORMATION PROVIDED
Any changes to this information will be published on the site. The user is invited to check for any updates or changes.