DATA PROTECTION INFORMATION SHEET FOR PARTICIPANTS TO EVENTS
AIM Italy S.r.l. (hence, the “Controller” or “AIM”), in its quality of Data Processing Controller, as per section 13 of Italian Law Decree n. 196, dated June 30, 2003 (hence the “Privacy Law”), as well as section 13 of the EU Regulation n. 679/2016 (hence, the “Data Protection Regulation”), and subsequent modifications and integrations, collects and subsequently processes personal data2 of the participants (hence, the ’“Data Subject”) – including as teachers or learner – to the congress and/or other scientific or training event (hence, the ’“Event”)
1. Scopes and ways of processing.
The personal data of Data Subjects are processed in the context of AIM’s commercial activity, for the following scopes:
1. subscription and participation to the Event;
2. fiscal, administrative and accounting duties strictly connected to above participation;
3. execution of specific duties prescribed by law, regulation or EU norms (such as administration of credits for Continuing Medical Education);
4. distribution free of charge of documentation relating to the Event;
5. use of the imagine and/or voice of the Data Subject as recorded during the Event, in videos, audio recordings and/or photographs of the Event published on the web-site and social networks of AIM Group as well as on the web-site and the social networks of the Events, if any
6. receipt of documentation from AIM in order to be updated on all its projects, initiatives and events, both my means of automated tools (such as newsletters, e-mails, SMS, MMS, robocalls) and by means of traditional tools (hardcopy mail and/or operator calls) in the same area of interest.
The processing of the personal data is executed, under authority of the Controller, by entities specifically commissioned, authorized and instructed for the processing as per section 30 of the Privacy Law and sections of the Data Protection Regulation, by means of manual, automated or telecom tools, with logics strictly connected to the scopes and in any case in such a way as to guarantee confidentiality and security of the personal data.
Without prejudice to the legal norms, the personal data will be kept for a period of time defined on the basis of criteria related to the nature and duration of the Event, as well as on further needs of the Data Subject.
2. Juridical basis for processing, nature of transfer and consequences of denial, consent by Data Subject.
With reference to the scopes listed at preceding section 1, items 1., 2., 3., 4.,5. and 6, transfer of the personal data is mandatory and represents a necessary condition to the subscription and subsequent participation to the Event and receipt of documentation from AIM about future projects, initiatives and events in the same area of interest; indeed, failure to transfer will determine impossibility of subscribing the Data Subject to the Event and of involving him/her in any initiative of the Event or other AIM’s future projects, initiatives and events of the same area of interest; thus, the juridical base of the related processing is the full participation to the Event and the next update on AIM’s future projects, initiatives and events of the same area of interest, as per section 6, paragraph 1, letter b) of the Data Protection Regulation.
3. Entities and categories of entities to which the personal data may be communicated and context of communication.
With regards to the scopes of the processing as indicated above, and within the strict boundaries of pertinence to these scopes, the personal data of the Data Subject will be communicated in Italy, in the European Union or beyond the European Union, to the following entities, for the scope of subscription and subsequent participation to the Event:
Above entities, to whom the personal data of the Data Subject will be or may be communicated (insofar as not being designated Processors), will treat the personal data as Controllers according to the Privacy Law, in full autonomy, being completely separated from the original processing executed by AIM.
Without the consent to communication of the personal data and to related processing, in those cases where it is foreseen as by Privacy Law, the operations which require the communication might not be executed, with consequences known to the Data Subject.
A detailed and constantly updated list of these entities, including their respective offices, is always available at AIM’s legal offices.
As mentioned before, the image or the voice of the Data Subject recorded over the course of the Event may be used in videos, audio recordings and/or photographs of the Event, published on the web-site and the social media of AIM Group, as well as on the web-site and the social media of the Event itself, if any.
Whenever necessary for the execution of the contract, the personal data of the Data Subject may be transferred to countries within the European Union and/or to countries outside the European Union, in full compliance with the norms of the Privacy Law, the Data Protection Regulation, the rulings and decisions of the related data protection authority as well as the EU regulations.
In particular, where necessary, AIM commits to complying with the norms defined by, respectively, decisions 2001/497/CE, 2004/915/CE and 2010/87/EU (according to the specific case), which oblige to the signing of so-called “typical contractual clauses” between the juridical entities involved in data processing outside of the European Union.
4. Rights of the Data Subject.
Section 7 of the Privacy Law and sections 15 and following of the Data Protection Regulation grant the Data Subject the right to obtain:
confirmation or denial of existence of personal data related to the Data Subject, even if not yet registered and their communication in an understandable format; indication of the origin of the personal data, of their scopes and of their ways of processing, of the logic applied in case of processing by means of electronic tools and of the identifying details of the Controller;
update, rectification, integration, cancellation, transformation into anonymous data or blocking of data treated in violation of the law – including data for which conservation is not necessary for the scopes for which they were collected and subsequently processed. Documentation of these operations, also pertaining to their content, is brought to the attention of the Data Subjects whose data have been communicated or published, except for the case in which this duty is impossible to perform or requires the use of tools which are obviously disproportionate in relationship to the granted right.
Moreover, the Data Subject has the right to:
oppose, partially or completely, for legitimate reasons, to processing of his/her personal data, even if coherent with the scope of collection;
propose a complaint to the Data Protection Authority as foreseen by the Data Protection Regulation.
In order to know the detailed and constantly updated list of the entities to whom personal data of the Data Subject may be communicated and to exercise the rights granted by section 7 of the Privacy Law and by sections 15 and following of the Data Protection Regulation, the Data Subject may contact the Data Processing Controller at the following addresses:
AIM Italy S.r.l.
Via Giuseppe Ripamonti n. 129
20141 Milan – Italy
Phone: +39 02 56601.1
5. Duration of the processing.
Except for legal obligations and for the Data Subject’s updates on all other projects, initiatives and future events promoted by AIM, the personal data of the Data Subjects will be conserved only for the Event’s duration. In any case, the processing will not have a duration exceeding 5 years from the date of the provision of the update service from AIM, as long as the Data Subject has not requested cancellation before. Notwithstanding the above, AIM may conserve some personal data of the Data Subject also after the termination of processing, exclusively for the scope of defending or safeguarding its rights, or in those cased as defined by law or by order of a judicial or government authority.
1 As per section 4 of the Data Protection Regulation, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.