DATA CONTROLLER
The Data Controller is NORD EST CONGRESSI S.R.L., with registered office in Udine (UD), via Portanuova n. 3, (hereinafter "Data Controller").
In order to exercise the rights recognised by REGULATION (EU) 2016/679 (hereinafter "GDPR" or "Regulations") or to request any clarification regarding the processing of personal data, the interested party may contact the Data Controller directly at the above address or at the following telephone number and email address: Tel 0432/21391 - email privacy@nordestcongressi.it
PURPOSE OF PROCESSING
The data may be processed by the Data Controller for the purposes described below:
1. to fulfil the obligations arising from registration for an event, including ancillary purposes (e.g. management of any overnight stays and/or transfer services, etc..);
2. to provide assistance services to members and/or third parties;
3. to comply with fiscal obligations and legal obligations in general;
4. to manage the obligations provided for by legislation, including regulations, on Continuing Medical Education (CME);
5. to verify the level of satisfaction of the participants;
6. to manage any litigation, both in and out of court;
7. to send the interested party communications relating to similar initiatives, without prejudice to the right to object at any time;
8. to send the interested party further communications on products and services of the Holder and/or third parties;
9. to transfer and/or communicate the data to third parties operating in the scientific, medical, health, editorial and/or event organisation sectors for use for marketing purposes.
LEGAL BASIS OF THE DATA PROCESSING
A) performance of a contract: purposes 1, 2;
B) fulfilment of a legal obligation to which the Data Controller is subject: purposes 3, 4;
C) pursuit of the legitimate interest of the Data Controller: purposes 5, 6, 7;
D) consent of the interested party: purposes 8, 9.
CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Your personal data may only be accessed by persons authorised to process it and by persons processing data on behalf of the Data Controller who have been appointed as Data Processors. These subjects are bound to secrecy and confidentiality also on the basis of specific internal regulations.
The data collected for the purposes listed above may be disclosed to banks, insurance companies (for the management of any insured risks), financial administrations, law firms, arbitrators, debt collection companies (for judicial or extra-judicial protection), hotels, travel agencies, transport companies and, if necessary to fulfilL the contract concluded, to other companies and/or enterprises (also partners of the Data Controller), consultants, professionals and public administrations (including Agenas for CME). Such communications of personal data are necessary because they are made on the basis of a legal or contractual obligation or requirement for the conclusion of a contract or for the pursuit of a legitimate interest.
The data will not be disseminated.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The data processed for the above purposes will not be transferred to third countries.
DATA RETENTION CRITERIA
With regard to the storage of data processed in the terms indicated above, given that on the basis of the principles of necessity, relevance and proportionality the storage times of the different types of personal data that may be processed must be identified taking into account each of the purposes pursued, we inform you that the data processed for accounting and/or tax purposes, or contained in communications and/or commercial documents (in accordance with the provisions of art. 2220 of the Civil Code), may be kept for the time established by industry regulations. The data relating to CME will be kept for five years. In the event that some information is subject to dispute and/or is necessary for the exercise of a right in court, it may be kept even beyond the limits mentioned above.
RIGHTS OF THE INTERESTED PARTY
The interested party has the right to request:
- access to personal data and information (art. 15 of the GDPR);
- rectification or deletion of the same data and information (Articles 16 and 17 of the GDPR);
- limitation of the processing of personal data (Art. 18 of the GDPR).
In addition, the interested party may
- oppose the processing of personal data under the conditions and within the limits of Art. 21 of the GDPR;
- exercise the right to data portability (Art. 20 GDPR).
We inform you that you have the right to revoke your consent to the processing at any time, without prejudice to the lawfulness of the processing based on the consent given prior to revocation.
If you believe that the processing of your data violates the Regulation, you have the right to lodge a complaint with a supervisory authority (Guarantor for the protection of personal data or any other competent authority) pursuant to art. 77 et seq. of the GDPR.