Event Privacy Policy

Information on data processing ex art. 13 EU Regulation 2016/679(GDPR)

This privacy notice is made to inform you on the processing of your personal data by the Data Controller for the purposes listed below.

1. Identity and contact details of the Data Controller

The Data Controller is:

  • MIX S.r.l., Via Caldera 21, 20153, Milan (MI) (Tel.+39 02.40915701, e-mail: privacy@mix-it.net)

2. Data Protection Officer (DPO)

The DPO designated by MIX S.r.l. represents the contact point for the interested parties and can be reached by email: dpo@mix-it.net

3. Purpose and legal basis of the processing

Your common personal data (identifiers, contact details, personal data, photos / videos) will be processed in full compliance with the legislation protecting personal data, in paper and computer form, for the following purposes:

a) Manage/organize the event “Salotto del MIX” (registration of participants, delivery of the badge before entering the event)

b) Document the event by publishing photos and videos taken during the event on the institutional website of Mix S.r.l and on the Company’s Social Media pages

c) Invitation to future events organised by MIX S.r.l. and sending newsletters containing information regarding MIX S.r.l.

d) Communicating contact details to event sponsors for autonomous marketing purposes as data controllers

Your failure to consent to photo/video release (purpose b), necessary to MIX S.r.l. in order to lawfully take pictures and take videos during the event, to be subsequently published on their official channels (website, social networks) as documentation of the event itself, however free and absolutely legitimate, will not make your registration possible and therefore your participation in the requested event.

The processing of data for the purposes referred to c) and d) is only permissible with your explicit consent.

4. Recipients of personal data

Registration for events organized by MIX S.r.l. takes place via one or more platforms.

Your personal data will therefore be processed:

a) for registration purposes only, by the manager of the aforementioned platforms

b) agencies supporting the Event Organisation

The processing of your data by the person(s) referred to in points a) and b) is strictly linked to your free choice to participate in the event and to the methods of registration for the event chosen by the Data Controller.

c) event sponsors as data controllers

d) by the manager of a platform who manages the mailing list service

The processing of your data by the subject referred to in point c) is strictly connected to the release of your consent to the processing purpose referred to in art. 3 let. c) and d)

5. Data transfer to third countries

The data controller uses an external platform to manage event registrations.

This platform has its registered office in the USA (outside the countries of the Union).

The transfer of your data outside the countries of the Union (USA) will take place in accordance with the principles set out in art. 45 and 46 of the GDPR, thus guaranteeing a level of protection that complies with the requirements of European legislation on the protection of personal data. In particular, the company with its registered offices in the USA is compliant with the EU-USA Data Privacy Framework.

6. Data retention period

Your personal data will be kept for the period of time strictly necessary to achieve the specific purposes indicated above, specifically:

  • For the purposes referred to in point a) and d) of art. 3 the data will be processed for a maximum of one month from the date of the event.
  • For the purposes indicated in letters b) and c) of art. 3 the data will be processed for a maximum of 2 years.

7. Rights of the interested party

You may, at any time, exercise the rights listed below:

a) right of access of the interested party [art. 15 of the EU Regulation] (the possibility of being informed about the processing carried out on your Personal Data and possibly receiving a copy);

b) right to rectify your Personal Data [art. 16 of the EU Regulation] (the person concerned has the right to rectify inaccurate personal data concerning him);

c) the right to cancel your Personal Data without unjustified delay (“right to oblivion”) [art. 17 of the EU Regulation] (the person concerned has, as he will have, the right to delete his data);

d) right to limit the processing of personal data in the cases provided for by art. 18 of the EU Regulation, including in the case of unlawful processing or contestation of the accuracy of Personal Data by the interested party [art. 18 of the EU Regulation];

e) right to data portability [art. 20 of the EU Regulation], the interested party may request in a structured format his / her Personal Data in order to transmit them to another Controller, in the cases provided for by the same article;

f) right to object to the processing of their Personal Data [art. 21 of the EU Regulation] (the person concerned has, as he/she will, the right to object to the processing of his personal data);

g) the right not to be subjected to automated decision-making processes [art. 22 of the EU Regulation] (the interested party has, as he/she will have, the right not to be subjected to a decision based solely on automated processing).

The aforementioned rights may be exercised by sending a request to the Data Controller using the contact information indicated in art. 1 of this statement.

Requests relating to the exercise of your rights will be processed without undue delay and, in any case, no later than 1 month from the request; only in cases of particular complexity and elevated number of requests, this term may be extended by a further 2 months.

With reference to the aforementioned purposes, the interested party has the faculty to proceed, at any time, to revoke the consent for the processing of identification / personal data / contact data by sending an e-mail to the data controller through the contact information indicated in the art. 1 of this statement.

According to the art. 7 of the EU Regulation, the revocation of the consent does not involve prejudice on the lawfulness of the processing based on the consent made before the revocation.

The interested party has the right to submit complaints pursuant to Article 77 of the GDPR to the competent Control Authority based on his/her habitual residence, place of work or place of violation of his/her rights; the Authority for the protection of personal data is competent and can be contacted through the contact details indicated on the website http://www.garanteprivacy.it.

IMAGE AND VIDEO CONSENT

According to the art. 10 of the Civil Code, art. 96 l. 633/1941 on copyright and the art. 13 et seq. of EU Regulation 2016/679 on the protection of personal data, with the appropriate flag:

I AUTHORIZE the use, reproduction and publication with any technical means of the images of my person taken by the Data Controller during the event. The release and use of the images are to be considered carried out in a completely free and completely correct manner. Pictures can be used by MIX S.r.l. for documentation and communication of the event on the institutional website and on the social media of the Data Controller.