– PURSUANT TO ART. 13 OF THE GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (GDPR) AND LEGISLATIVE DECREE 196/2003 AS AMENDED –
Rai Com S.p.A. (hereinafter briefly referred to as Rai Com), informs that the personal data provided directly by participants when registering for the Event (“Data“)- by filling in the online Form – will be used exclusively to enable the accreditation of participants to the Event. The Data will be processed in compliance with the provisions of Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR“), the privacy legislation and the relevant provisions issued by the competent authorities, in accordance with the procedures set out below.
Data Controller
Data Controller means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The Data Controller is RAI COM S.p.A ., with registered office in Rome (Italy), Via Umberto Novaro 18, 00195, tax code and VAT no. 12865250158, R.E.A. RM – 949207, company subject to management and coordination activities exercised by RAI – Radiotelevisione Italiana S.p.A., share capital Euro 10,320,000 fully paid-up,e-mail address of the Focal Point Privacy of Rai Com: privacy.raicom@rai.it.
Personal data subject to processing
“Personal data” means any information concerning an identified or identifiable natural person (“data subject“). The following identification data is processed: participant’s name, surname, telephone number, e-mail address; role within the company
Processing purposes
Data shall be processed in compliance with the principles of lawfulness, correctness and transparency and in accordance with the provisions set out to protect the fundamental rights and freedoms of natural persons, pursuant to the GDPR and Legislative Decree no. 196 of 30 June 2003 as amended.
Data will be processed for the following purposes:
(a) purposes strictly related and instrumental to the management and execution of access to the Event and related initiatives,
(b) fulfilment of regulatory obligations incumbent on Rai Com S.p.A..
Legal basis of processing
The processing of personal data is legitimate insofar as it is collected and used for:
– the pursuit of the legitimate interest of the Controller in managing access to the Event in compliance with the applicable legislation;
– the fulfilment of legal obligations to which the Controller is subject;
Processing methods and data retention periods
In relation to the aforementioned purposes, the Data shall be processed in such a way as to guarantee the security and confidentiality thereof and may be carried out by means of manual, computerised and telematic tools suitable for storing, managing and transmitting the data. The logic of the processing will be strictly related to the illustrated purposes. Appropriate security measures are observed to prevent loss of Data, unlawful or incorrect use and unauthorised access. Data processing is carried out by means of the operations indicated in art. 4 of Legislative Decree 196/2003 and art. 4 no. 2) GDPR and in particular through the operations of: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The Data collected will be kept, in compliance with the provisions of art. 5 letter e) of the GDPR and of the relevant regulations in force, for a period of time not exceeding the time necessary to initiate, execute and terminate the Event and the initiatives connected to it and, in any case, for the time necessary to handle any legal, fiscal, management claims or disputes and/or defence of the rights of Rai Com S.p.A. and/or of other companies belonging to the same corporate group as the Data Controller. After said period, the data will be deleted and/or destroyed.
Nature of conferment, consequences of refusal
The provision of Data is necessary since any refusal to provide and process it will result in the impossibility for the Holder to participate in the Event.
Persons authorised to process – disclosure of data
Rai Com may communicate the Data provided by you to: (a) employees and collaborators of professional firms and/or consultancy companies and/or other third parties who, on behalf of the Data Controller and in their capacity as data processors/authorised by the Data Controller, carry out activities related to the purposes of the processing (such as, for example, the insertion of the data – and therefore the relative transfer – within the information systems of the RAI Group including other Companies of the RAI Group the Apulia Film Commission and the Apulia Region (b) employees and collaborators of the Data Controller who need the data due to their duties or hierarchical position and who have been given adequate operating instructions in order to avoid loss, destruction, unauthorised access or unauthorised processing of the Data.
Further information on the names of the individual Group companies/professional firms and/or third-party companies/entities referred to in letter (a) can be obtained by sending an e-mail to the Rai Com Privacy Focal Point: privacy.raicom@rai.it.
Non-disclosure of Data
Data acquired during the establishment and execution of the contract will not be disclosed to unspecified subjects.
Transfer of Data Abroad
Personal Data will not be transferred to non-European countries or to international organisations.
Rights of data subjects
Pursuant to articles 15 et seq. of the GDPR, Data Subjects have the right, at any time, to exercise the following specific rights:
i. confirmation as to whether or not personal data is being processed and, if so, to obtain access to it (right of access):
ii. rectification of inaccurate personal data, or supplementation of incomplete personal data (right of rectification);
iii. deletion of the data if one of the grounds provided for in the Regulation applies (right to be forgotten);
iv. limitation of processing when one of the cases provided for in the Regulation occurs (right of limitation);
v. receipt, in a structured, commonly used and machine-readable format, of personal data concerning them provided to the Controller and the transmission of such data to another controller in the cases provided for by the Regulation (right to portability).
Data Subjects also have the right to object to the processing of the Data or to withdraw consent to the processing at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation.
Without prejudice to any other administrative or jurisdictional recourse, Data Subjects have the right to lodge a complaint with the Data Protection Authority if they consider that the processing violates the rules on the protection of personal data.
In order to exercise rights or to obtain information on the Data, the Data Subject may make an express written request to be sent to the RAI COM Privacy Focal Point, sending it:
-to the e-mail address: privacy.raicom@rai.it;
– or by mail, to the RAI COM Privacy Focal Point, located in Via Umberto Novaro 18 – 00195 Rome (RM)
RAI COM has appointed a DPO – Data Protection Officer, who may be contacted for matters concerning the processing of Data, at the following address dporaicom@rai.it.