A. DATA CONTROLLER
Euroconsumers S.A. is the Data Controller of your personal data, having its registered offices in Rue de Hollande 13 – B 1060 Bruxelles (Belgium) and you can contact it writing an e-mail to firstname.lastname@example.org (hereinafter “Data Controller” or “Euroconsumers”). B. DATA PROCESSORS
The Data Controller have appointed Altroconsumo Edizioni S.r.l., with registered office in via Valassina n. 22, Milan, e-mail address email@example.com as Data Processor pursuant to art. 28 of the GDPR (hereafter "AC Data Processor") in order to support the Joint Controllers in the organization and management of webinars
Furthermore, the Joint Controllers have appointed Connexia S.r.l., with registered office in via Panizza n. 7, 20144 Milan, VAT no. 12205240158, e-mail firstname.lastname@example.org, as Data Processor pursuant to art. 28 of the GDPR (hereafter "Connexia Processor") as part of the execution of the "Use of the Webex platform" contract for the purpose of technical assistance on the Cisco Webex software.
C. WHAT PERSONAL DATA AND WHAT PURPOSE
Euroconsumers organizes a series of free webinars for all the people who are interested in and register themselves through a dedicated website (hereinafter "Webinar").
Participation in the Webinar takes place through a registration providing:
- first name - surname - email address - recorded voice.
Personal data are processed in order to inform data subjects about the organizational details of the Webinar to which they have registered, any changes in dates, cancellations, reporting of upcoming webinars organized by Euroconsumers and management communications in general.
Furthermore, only the audio of the Webinar is recorded, which will be kept in the archives of the AC Data Processor for the term as per point F below and which will be sent to the Ministry of Economic Development in compliance with the provisions of the funded projects and will be simultaneously published on the website www.altroconsumo.it. Therefore, in this case, it is possible that the data subject's voice will be recorded in case of his interventions or questions.
D. LEGAL BASIS
The delivery of the Webinar is a free service that the Data Controller provide to all interested data subjects. Therefore the legal basis of the processing is the legitimate interest of the Data Controller. To provide the Webinar service it is necessary to collect personal data of data subjects both to provide them with the access link and credentials and to report any useful information referred to in point C above.
E. SHARING INFORMATION
Personal data will be processed on the territory of the European Union and will not be transferred to third countries, they will also be shared with AC and Connexia Processors pursuant to the mandate received within the appointment pursuant to art. 28 of the GDPR.
The Webinar is offered through the Cisco Webex platform which provides the service through Connexia Processor. Cisco Webex LLC adheres to the Privacy Shield regarding the processing of personal data in an adequacy regime pursuant to the GDPR. For more information on the processing of personal data operated by Cisco, we invite you to read its information here: https://www.cisco.com/c/en/us/about/legal/privacy.html
F. DATA RETENTION
The Data Controller and Data Processors will retain personal data for a period not exceeding 12 months from the date of registration for the Webinar. The files with the registration of the Webinar will be kept for a period equal to the entire duration of the funded project and for a further 12 months at the end of the same. At the end of this period, personal data will be deleted.
G. DATA PROTECTION OFFICER
The Data Controller has appointed a Data Protection Officer pursuant to the art. 37 of the GDPR and you can contact him at the following e-mail address: email@example.com.
The Data Controller adopts adequate technical and organizational security procedures and measures to ensure the safe processing of personal data. Among these measures there are, by way of example, the imposition of confidentiality obligations on their collaborators and suppliers; the limitation of access to personal data; the destruction or anonymization of personal data if no longer necessary for the purposes for which they were collected.
Since information security depends in part on the security of the computer or device used to interact with the Data Controller and on the security adopted to protect (if applicable) user names and passwords, data subjects are asked to pay particular attention to how this data is obtained keep them
I. DATA SUBJECTS’ RIGHTS
The data subject can exercise the rights provided by the GDPR by contacting the Data Controller at the following address: firstname.lastname@example.org as:
· Access to personal data · Rectification · Cancellation · Limitation · Portability · Opposition · Opposition to processing for direct marketing purposes · Lodge a complaint to the local Data Protection Authority, even if we ask you to try to resolve any problem with us, before contacting the Authority.
Last update dated 06.07.2020