Please find here below an extract from the Code on the Protection of Personal Data and our privacy statement
Legislative Decree n. 196/2003 - Code on the Protection of Personal Data - EXTRACT
Section 4 - Definitions
1. For the purposes of this Code,
a)"processing" means any operation or set of operations, carried out with or without the help of electronic or automated means, concerning the collection, recording, organisation, filing, search, elaboration, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data, irrespective of whether the latter are contained or not in a data bank;
b)"personal data" mean any information relating to natural or legal persons, entities or associations that are or can be identified, also indirectly, by reference to any other information including personal identification numbers;
c)"identification data" mean personal data which are necessary for direct identification of data subjects;
d)"sensitive data" mean personal data disclosing the racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations having a religious, philosophical, political or a trade-unionist character, as well as personal data on health and personal sex life;
e)"judicial data" mean personal data disclosing the measures referred to in Section 3(1), points from a) to o) and from r) to u), of the Presidential Decree no. 313 of 14th November 2002 concerning the criminal record office, the register of offence-related administrative sanctions and the relevant applicable charges, or the status of being either defendant or the subject of investigations pursuant to Sections 60 and 61 of the Italian Code of Criminal Procedure;
f)"data controller" mean any natural or legal person, public administration, entity, association or other body that is competent, also jointly with another data controller, to determine purposes and methods of the processing of personal data and relevant means, including security issues;
g)"data processor" mean any natural or legal person, public administration, body, association or other agency that processes personal data on the controller's behalf;
h)"person in charge of the processing" shall mean any natural person authorised by the data controller or processor to carry out processing operations;
i)"data subject" mean any natural or legal person, body or association that is the subject of personal data;
l)"communication" mean disclosing personal data to one or several identified entities other than the data subject, the data controller's representative in the State's territory, the data processor and persons in charge of the processing in any form whatsoever, including by making available or accessing such data;
m)"dissemination" mean disclosing personal data to unidentified entities, in any form whatsoever, including by making available or accessing such data;
n)"anonymous data" mean any data that either originally or after processing cannot be associated with any identified or identifiable data subject;
o)"blocking" mean withholding personal data while temporarily suspending any other processing operation;
p)"data base" mean any organised set of personal data, divided into one or several units placed in one or several locations;
q)"Privacy Authority" mean the authority referred to in Section 153 as defined under Act no. 675 of 31st December 1996.
Section 7 - Personal data access and other rights
1. Data subjects are entitled to obtain confirmation that their personal data are retained, irrespective of whether such data have been recoded, as well as a notice on such data in an intelligible form.
2. Data subjects are entitled to be informed about the following:
a) the source of the personal data;
b) the purposes and methods of processing;
c) the logic applied to the processing, if carried out by electronic means;
d) the identification data concerning the relevant data controller, data processors and the representative appointed under Section 5(2);
e) the entities or categories of entities which may be notified with the personal data and which may acquire such data in their capacity of appointed representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.
3. Data subjects are entitled to obtain:
a) update, change or integration of data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations under points a) and b) have been notified, also concerning their contents, to the entities to which the data were communicated or disseminated, unless this requirement proves impracticable or involves a manifestly disproportionate effort compared with the right to be protected.
4. Data subjects are entitled to object, in whole or in part,
a) on legitimate grounds, to the processing of their personal data, including when data are relevant to the purpose of the collection;
b) to the processing of their personal data, when it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
Section 8 - Exercise of Rights
1. The rights referred to in Section 7 may be exercised upon request to the data controller or processor without formalities, also through a person in charge of the processing. A suitable response shall have be provided to such request without delay.
Legislative Decree n. 196/2003 - Code on the Protection of Personal Data - PRIVACY STATEMENT
In compliance with the provisions of the Legislative Decree n. 196/2003 - the Code on the Protection of Personal Data, the following information are provided:
Data Processing Purposes, Disclosure Requirement or Option, Denial
Collected and processed data are relevant to the business carried out by Key Congressi Srl (including but not limited to: organisation of events, conferences, translation services).
Data are required to ensure the smooth operation of the business carried out by Key Congressi Srl and the effective provision of its services.
With a view to providing some services (including but not limited to: hotel booking) some special data may be required, but not sensitive data as defined in the regulation (including, but not limited to: credit card data).
In some case, sensitive data may be required with a view to ensuring the highest degree of effectiveness in the services provided by Key Congressi Srl (including, but not limited to: customised menus, assistance at the airport).
If data are not provided, Key Congressi activity may not be carried out properly and the procedure on service provision might be disrupted.
Personal data may be used to send information material on Key Congressi Srl activity, but they will not be disseminated.
How data are processed
Required data are relevant, comprehensive and not redundant as regards the collection and processing purposes.
Data, as provided, are deemed correct and may be changed/updated at any time; such data shall be processed under the applicable regulations, in compliance with the principles of appropriateness and fairness so a to protect the data subject privacy.
Data shall be collected and recorded for the purposes described herein and shall be used in other processing procedures in line with such purposes through paper forms and/or IT or electronic media.
Data shall be protected and filed in compliance with applicable regulations, under the procedures and within the limits connected with the above business, and they shall be filed so that data subjects can be identified for the time that shall be strictly necessary for the collection or processing purposes.
Subjects or categories whose personal data may be disclosed or disseminated
With a view to ensuring the smooth operation of the activities carried out by Key Congressi Srl and the provision of its services, data may be:
- disclosed to employees, staff and advisors of Key Congressi Srl as necessary and under the applicable regulations
- disclosed to third parties, as necessary and under the applicable regulations, that may contribute to the implementation of the above business (including but not limited to: airlines, hotels, restaurants, car hire companies, CMEs providers, sponsors).
The Data Controller is the legal representative of Key Congressi.
Rights described in Section 7 of the Legislative Decree n. 196/2003 may be exercised upon request to the data controller or the person in charge of the processing by fax or email, also through a representative.