Privacy

Privacy Policy

Pursuant to article 13 of EU Regulation No. 2016/679 (hereinafter the “Regulation” or “GDPR”) and to Legislative Decree no. 196/2003 “Codice in materia di protezione dei dati personali” (hereinafter the “Code”) (Code and Regulation jointly defined as  “Privacy Laws”) we hereby inform you that we shall process your personal data on the basis of the following provisions.

Definitions

 

  • Authorized people, refers to people authorized to process personal data under control of Data Controller or Data Processor, pursuant to article 29 of GDPR and 2-quaterdecies of Code;
  • Call for Submission, refers to the call for submission of a contribution in the form of an abstract concerning a particular Event; 
  • Call for Travel Grant, refers to the submission of a request for obtaining free ticket for the Conference and reimbursement of travel expenses, on a discretional and availability basis;
  • Communication, refers to sharing Personal Data with other third parties other than Data Processors and Authorized Persons;
  • Personal Data, means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 
  • Dissemination, means the transmission of Personal Data to undefined third parties in any manner;
  • Event, means any event such as, by way of mere example, talk, workshops and so on;
  • Supervisory Authority, means the authority regulated by article 51 of GDPR.
  • Privacy Policy, means this privacy notice.
  • User”, means the Data Subjects who accesses to the Site;
  • Security Measures, indicate all the technical, informatic, organizative, logistic and procedural measures adopted to guarantee an adequate level of security to the risk of Data transmission, as per Regulation art.32.
  • Processor, means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
  • Services, refers to any services connected to the Conference, such as, by way of mere example, (i) ticket sale for access to Conference and/or to single Events; (ii) the Call for Submissions; (iii) the Call for Travel Grant;
  • Site, means the website https://2020.erum.io/
  • Controller, means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • Processing, means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Privacy Notice

  1. Personal Data processed
    1. Data provided directly by the Data Subject, in order to request for information with reference to Services or in order to access to Services (es. name, surname, mail, messages). The Data Subject is not required to submit that information but, in this case, the Controller will not be able to answer to requests or provide Services (i.e, the Data Subject, without submiting his Personal Data, could not participate in the Call for Travel Grant).
    2. Data collected automatically by the Site, es. IP address. Such data is collected automatically by the Site in order to answer to the HTTP request and generate the appropriate response.
    3. Data Subject’s image, with reference to the photo and video-recording of Conference meetings.
  1. Purposes
Purpose
Lawfulness of processing
Storage period
A) Controller will process Personal Data in order to answer to the User’s requests for information.
A) Processing is necessary for the performance of a contract to which the Data Subject is a party, or in order to take steps at the request of the Data Subject prior to entering into a contract and, therefore, consent is not necessary.
24 months from the request for information.
B) Controller will process Personal Data in order to provide Services and, therefore: (i) in order to sell tickets for accessing the Conference; (ii) in order to process requests sent in the context of the Call for Submissions (iii) in order to process requests sent in the context of the Call for Travel ;
B) Processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract and, therefore, consent is not necessary.
10 years since the expiry of the limitation period provided by law.
C) Controller will process Personal Data in order to ensure that the Site is updated and satisfies Users’ needs, to analyze, review and improve Services, to provide Users with a good user experience; to guarantee the security of the Site and Users. Such information will be anonymized and will not be used to identify any User.
C) Processing is necessary for the purposes of the legitimate interests pursued by the Controller consisting in protection of his Site, business and rights.
24 months from last connection to the Site.
D) Controller will process Personal Data to send marketing communications concerning products and/or services of the Controller itself and/or third parties, to invite User to other events organized by the Controller, or to perform market research by the means of automatic (email, sms, fax etc) and non-automatic instruments (ordinary mail, telephone call etc.). The User is entitled to object to the Processing of Personal Data for that purpose, in any moment and is also entitled to choose the instruments.
D) Controller will process Personal Data only if User has given his consent
24 months from last consent.
E) Controller will process Personal Data of the speaker in order to publish audiovisual content on the Site or Controller’s social pages or in Controller’s marketing.
E) Controller will process Personal Data (of the speaker) only if User has given his consent.
24 months from last consent.
F) Controller will share Personal Data with third parties in the following market sectors: data science and data science consultancy companies and/or data science software manufacturers.
F) Controller will process Personal Data only if User has given his consent.
24 months from last consent.
  1. Processing and recipients.
    1. Unless otherwise provided for, the Controller will process Personal Data with manual and automatic systems in compliance with the general principles of Privacy Law.
    2. Controller has adopted appropriate technical and organisational measures to ensure a reasonable level of security of Personal Data. 
    3. Controller may process some Personal Data by Processors or Authorized Persons. In particular, Personal Data may be transmitted to the following Processors:
      • E-mail providers;
      • e-ticketing service providers;
      • payment service providers;
    4. User may obtain the full list of Processors by sending an email to the Controller, at the address set forth in art. 7.1.
  1. Data transfer
    1. Personal Data may be transferred in other Eu Countries. 
    2. Personal Data may be transferred in non-EU countries only on the basis of an adequacy decision of EU Commission.
  1.  User Rights
    1. User may exercise at any moment his rights under articles 15-22 of GDPR, by sending an email to the Controller. In particular:
      • User has the right to access Personal Data under article 15 GDPR;
      • User has the right to rectification under article 16 GDPR;
      • User has the right to erasure under article 17 GDPR; 
      • User has the right to restriction of processing under article 18 GDPR.
      • User has the right to Data portability under article 20 GDPR;.
      • User has the right to object to Processing under article 21 GDPR; 
      • User has the right to lodge a complaint with a supervisory authority;
      • User has the right to withdraw his consent to Processing, with reference to Processing based on consent. In any case, the withdrawal of consent shall not affect the lawfulness of Processing based on consent before its withdrawal.
  1. Data Controller
    1. Controller is Associazione MilanoR, con sede in via G.A. Diaz 11, C.F. 92054400152 duly represented by his president, email: andrea.spano[at]quantide.com
  1. Amendments
    1. Controller shall amend this Privacy Policy at any moment, by publishing a new version on the Site.

This policy has been published on December 6th 2019