Dear Data Subject, we wish to inform you that the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data as well as the free circulation of such data” (hereafter “GDPR”) provides for the protection of persons and other subjects in relation to the processing of personal data. Therefore, S.O.G.E.O. srl Impresa Sociale, provides you with the following information:
A. DATA CATEGORIES:
Your personal data may be processed such as identification data and contact data collected at the entrance and/or the images of your person subject to photographs and/or audio-video footage within the event.
B. DATA CONTROLLER:
The Data Controller is S.O.G.E.O. srl Impresa Sociale located in L.go Visconti 4 – 22012 Cernobbio, Como – P.I. 03200630139 contactable by phone at no. 031 3347503 or by email at info@orticolario.it.
C. SOURCE OF PERSONAL DATA:
The personal data held by the Data Controller are collected directly from the data subject during the event.
D. DATA PROCESSING PURPOSES AND LEGAL BASIS:
The personal data are processed by the Data Controller for the following purposes:
- Purposes connected to a legitimate interest on the part of the Data Controller: your data will be processed for the purpose of managing, organizing, promoting, carrying out and documenting the event, also through photographic and/or audio video footage; the publication of these photographs and/or audio-video footage of the interested party on websites or social networks.
E. RECIPIENTS OF DATA:
Within the limits relevant to the processing purposes indicated, your data may be disclosed to employees, collaborators, partners, consultancy companies, private companies. The Data Controller may disseminate such data through the internet, also by publishing photos or audio and/or video recordings made during the event.
F. TRANSFER OF DATA TO THIRD COUNTRIES:
The data collected shall not be transferred to third countries outside the European Community.
G. DATA STORAGE PERIOD:
the collected data will be kept for no longer than it is necessary for the purposes for which they are processed (“data storage limitation principle”, art.5, GDPR) or according to the deadlines laid down by law. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
H. SUBJECT’S RIGHTS:
The data subject has always the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing, as well as the right to data portability, the right to withdraw consent claiming these and other rights provided by the GDPR through a simple communication to the Controller. The Data Subject can also lodge a complaint with a supervisory authority.
I. MANDATORY OR NON MANDATORY CONSENT:
The provision of the consent of your data for the purposes related to legal obligations and related to the existence of the legitimate interest of the Data Controller is mandatory for participation in the event.
J. METHODS OF DATA PROCESSING:
The collected personal data will form the subject of processing operations in compliance with the aforementioned regulations and the confidentiality obligations central to the Controller’s activity. The data will be processed both with IT tools and on paper and any other type of appropriate support (e.g. cloud systems, filing systems, digital replacement conservation and so on), in compliance with adequate technical and organizational security measures under the GDPR.