PERSONAL DATA PROCESSING POLICY

PERSONAL DATA PROCESSING POLICY

– PURSUANT TO ART. 13 OF THE GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (GDPR) AND LEGISLATIVE DECREE 196/2003 AS AMENDED –

Rai Com S.p.A. (hereinafter briefly referred to as Rai Com), informs that the personal data provided directly by participants when registering for the Event “Apulia Digital Experience 2024” (“Data“)- by filling in the online Form – will be processed in compliance with the provisions of Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR“), the privacy legislation and the relevant provisions issued by the competent authorities, in accordance with the procedures set out below.

Data Controller

Data Controller means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The Data Controller is RAI COM S.p.A ., with registered office in Rome (Italy), Via Umberto Novaro 18, 00195, tax code and VAT no. 12865250158, R.E.A. RM – 949207, company subject to management and coordination activities exercised by RAI – Radiotelevisione Italiana S.p.A., share capital Euro 10,320,000 fully paid-up,e-mail address: privacy.raicom@rai.it.

Personal data subject to processing

“Personal data” means any information concerning an identified or identifiable natural person (“data subject“). The following identification data is processed: participant’s name, surname, telephone number, e-mail address; professional role; company of origin; country of origin.

Processing purposes and legal basis

Data shall be processed in compliance with the principles of lawfulness, correctness and transparency and in accordance with the provisions set out to protect the fundamental rights and freedoms of natural persons, pursuant to the GDPR and Legislative Decree no. 196 of 30 June 2003 n. 196 e s.m.i..

The processing of personal data is legitimate insofar as it is collected and used for:

– the execution of the Interested Subject’s request to access at the Event (including the management and execution of access to the Event and initiatives connected to it ( art. 6 co. 1 letter b of the GDPR);

– the fulfilment of legal obligations to which the Controller is subject (art. 6 co.1 lett c) of GDPR);

Processing methods and data retention periods

In relation to the aforementioned purposes, the Data shall be processed in such a way as to guarantee the security and confidentiality thereof and may be carried out by means of manual, computerised and telematic tools suitable for storing, managing and transmitting the data. The logic of the processing will be strictly related to the illustrated purposes. Appropriate security measures are observed to prevent loss of Data, unlawful or incorrect use and unauthorised access. Data processing is carried out by means of the operations indicated in art. 4 of Legislative Decree 196/2003 and art. 4 no. 2) GDPR and in particular through the operations of: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The Data collected will be kept, in compliance with the provisions of art. 5 letter e) of the GDPR and of the relevant regulations in force, for a period of time not exceeding the time necessary to initiate, execute and terminate the Event and the initiatives connected to it and, in any case, for the time necessary to handle any legal, fiscal, management claims or disputes and/or defence of the rights of Rai Com S.p.A. and/or of other companies belonging to the same corporate group as the Data Controller. After said period, the data will be deleted and/or destroyed.

In any case, Rai Com will take care to avoid using the Data for an indefinite period, proceeding periodically to appropriately verify the continued interest in the processing of such Data.

Nature of conferment, consequences of refusal

The provision of Data is necessary since any refusal to provide and process it will result in the impossibility for the Subject to participate in the Event.

Persons authorised to process – disclosure of data

Rai Com may communicate the Data provided to: (a) employees and collaborators of professional firms and/or consultancy companies and/or other third parties who, on behalf of the Data Controller and in their capacity as data processors/authorised by the Data Controller, carry out activities related to the purposes of the processing (such as, for example, the insertion of the data – and therefore the relative transfer – within the information systems of the RAI Group including other Companies of the RAI Group, (b) the Apulia Film Commission and the Apulia Region, employees and collaborators of the Data Controller who need the data due to their duties or hierarchical position and who have been given adequate operating instructions in order to avoid loss, destruction, unauthorised access or unauthorised processing of the Data. 

Further information on the names of the individual Group companies/professional firms and/or third-party companies/entities referred to in letter (a) can be obtained by sending an e-mail to: privacy.raicom@rai.it.

Non-disclosure of Data

The Data collected at the time of accreditation to the Event won’t be disclosed to undetermined subject.
Transfer of Data Abroad

Personal Data will not be transferred to non-European countries or to international organisations.

Rights of data subjects

Pursuant to articles 15 et seq. of the GDPR, Data Subjects have the right, at any time, to exercise the following specific rights:

i. confirmation as to whether or not personal data is being processed and, if so, to obtain access to it (right of access):

ii. rectification of inaccurate personal data, or supplementation of incomplete personal data (right of rectification);

iii. deletion of the data if one of the grounds provided for in the Regulation applies (right to be forgotten);

iv. limitation of processing when one of the cases provided for in the Regulation occurs (right of limitation);

v. receipt, in a structured, commonly used and machine-readable format, of personal data concerning them provided to the Controller and the transmission of such data to another controller in the cases provided for by the Regulation (right to portability).

Furthermore, the Interested Subject has the right to object to the processing of the Data in whole or in part, for legitimate reasons relating to the processing of personal data, even if pertinent to the purpose of the collection.

Without prejudice to any other administrative or jurisdictional recourse, Data Subjects have the right to lodge a complaint with the Data Protection Authority if they consider that the processing violates the rules on the protection of personal data.

In order to exercise rights or to obtain information on the Data, the Data Subject may make an express written request to be sent:

-to the e-mail address: privacy.raicom@rai.it;

– or by mail, to RAI COM S.p.A., located in Via Umberto Novaro 18 – 00195 Rome (RM)

RAI COM has appointed a DPO – Data Protection Officer, who may be contacted for matters concerning the processing of Data, at the following address privacy.raicom@rai.it.