Event Registration Privacy Notice

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA – EVENT REGISTRATION
(pursuant to Art. 13 of EU Regulation 2016/679)

This privacy notice is provided to describe the methods of processing the personal data of data subjects registering for the event organized by Industree Hub s.r.l., which, as Data Controller of personal data (hereinafter the “Controller”), provides this notice to the data subject in compliance with European and Italian legislation on personal data protection.

This notice supplements the website navigation policy in order to explain to the User how the Controller will specifically process the data entered in this contact form. The processing of your personal data will be based on the principles of lawfulness, fairness and transparency, protecting your confidentiality and your rights.

 

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER.

The Data Controller, hereinafter also referred to as the “Data Controller” or simply the “Controller”, is Industree Hub s.r.l., represented by its legal representative pro tempore, VAT no. 02909990356, with registered office at Via Benedetto Croce no.15, 42123 Reggio Emilia, contactable, in addition to the aforementioned registered office, at the following contacts: tel. +39 0522325270, email: info@industree.it and certified email (PEC): industreehub@pec.industree.it;

 

2. DATA PROTECTION OFFICER (DPO)

The Data Controller has appointed Piramis S.r.l. as Data Protection Officer, whose contact details are: e-mail: dpo@easygdpr.it, tel: +39 0309658901.

 

3. CATEGORIES OF PERSONAL DATA PROCESSED

For the purposes indicated below, the Controller will process the following categories of personal data:

  • Common data: first name, last name, telephone contacts, email address, job position.

 

4. PURPOSES OF PROCESSING AND LEGAL BASIS

Your personal data will be processed for the following purposes:

  • a) Management of registration and participation in the event:
    Your common data are necessary to manage your registration, allow you to participate in the event, send you service communications (confirmations, reminders, post-event materials), and fulfil related administrative obligations.

    Legal basis: Performance of a contract to which you are a party (Art. 6(1)(b) GDPR) and compliance with legal obligations (Art. 6(1)(c) GDPR).
  • b) Direct marketing purposes
    Subject to your free and optional consent, your contact data (email, telephone) may be used to send you promotional communications, newsletters and informational material regarding the Controller’s activities, services, courses and future events, through automated channels (e.g. email, SMS) and traditional channels (e.g. telephone with operator).

    Legal basis: Your consent (Art. 6(1)(a) GDPR), revocable at any time.

 

5. METHODS OF PROCESSING AND RETENTION PERIOD

The processing will be carried out using manual and/or IT and telematic tools, with organizational and processing logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security, integrity and confidentiality of the data.

Personal data will be retained in compliance with the principle of “storage limitation” (Art. 5(1)(e) GDPR):

  • for the purposes referred to in point 4.a) (“Management of registration and participation in the event”), the data will be retained for 10 years from the end of the webinar. This retention period is justified by the need to comply with legal obligations, such as the retention of correspondence and accounting records pursuant to Art. 2220 of the Italian Civil Code, and to allow the Controller to protect its rights in court, in line with the ordinary limitation period established by Art. 2946 of the Italian Civil Code;
  • for marketing purposes (point 4.b), the data will be retained until withdrawal of your consent. In the absence of withdrawal, and following periodic verification of your interest, the data will be retained for a maximum period of 24 months from the granting of consent, a period considered appropriate in view of the specific nature of the Controller’s activities;

 

6. NATURE OF DATA PROVISION

The provision of common data (point 4.a) is necessary to complete registration and participate in the event. Failure to provide such data will make your participation impossible.

The provision of consent for marketing purposes (point 4.b) is optional. Your refusal will not in any way affect your participation in the event.

 

7. DATA RECIPIENTS

Your personal data may be disclosed to:

  • employees and collaborators of the Controller, duly authorized and trained for data processing;
  • third parties providing services instrumental to the Controller’s activities (e.g. IT service companies, event management platform providers, tax consultants), appointed, where necessary, as Data Processors pursuant to Art. 28 GDPR.
  • public authorities or entities, where required for compliance with legal obligations.

Your data will not be disclosed publicly.
You may request the list of Data Processors by writing to the Data Controller.

 

8. TRANSFER OF DATA OUTSIDE THE EU

For the provision of certain services (e.g. email management, webinar platforms), your personal data may be transferred to suppliers located in countries outside the European Union (e.g. the United States). In such cases, the Controller ensures that the transfer will take place in compliance with the conditions set out in Arts. 44 et seq. GDPR, namely in the presence of an adequacy decision by the European Commission, or on the basis of appropriate safeguards such as the Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring the data subject an adequate level of data protection. You have the right to obtain a copy of such safeguards upon request to the Controller.

 

9. RIGHTS OF THE DATA SUBJECT

As a data subject, you may exercise at any time the rights provided for by Articles 15 to 22 GDPR, including:

  • Right of access: obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, obtain access to the data.
  • Right to rectification: obtain the rectification of inaccurate personal data concerning you.
  • Right to erasure (“right to be forgotten”): obtain the erasure of personal data concerning you in the cases provided for by law.
  • Right to restriction of processing: obtain restriction of processing where certain conditions apply.
  • Right to data portability: receive the personal data concerning you in a structured, commonly used and machine-readable format and transmit them to another controller.
  • Right to object: object at any time to the processing of your personal data for reasons related to your particular situation. In particular, where your data are processed for direct marketing purposes, you have the right to object at any time and without providing any justification to such processing.
  • Right to withdraw consent: withdraw at any time the consent given (for the purposes referred to in point 4.b), without affecting the lawfulness of processing based on consent before its withdrawal.

Requests to exercise your rights may be sent to the contact details of the Controller indicated in point 1.

The Controller will respond without undue delay and, in any event, no later than one month from receipt of the request. This period may be extended by two months, where necessary, subject to prior communication. 

 

10. RIGHT TO LODGE A COMPLAINT

If you believe that the processing of your personal data is carried out in violation of the GDPR, you have the right to lodge a complaint with the competent supervisory authority (in Italy, the Italian Data Protection Authority – Garante per la Protezione dei Dati Personali), as provided for by Art. 77 GDPR, or to bring proceedings before the competent judicial authorities pursuant to Art. 79 GDPR.

 

 

Place, date

The Data Controller 
Industree Hub s.r.l.