ESPO Conference 2019
Pursuant to and for the purposes of Articles 13, 14 and 15 of EU Regulation 2016/679 (hereinafter also “GDPR”), we inform you that the data provided to the North Tyrrhenian Port Network Authority, Scali Rosciano 6/7 Postcode 57123 Livorno ITALY (hereinafter also “Controller” or “AdSP MTS”) are subject to processing by our organization in compliance with the legislation referred to above.
Main definitions and legal references
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The natural person to whom the Personal Data refers.
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Data Protection Officer
The natural or legal person who informs and advises the personal data Controller, monitors compliance with the GDPR, gives opinions on the Data Protection Impact Assessment (DPIA) cooperates and acts as a contact point with the Data Protection Authority.
The natural person who materially carries out the processing operations on personal data.
A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Legislative Decree 196/2003 and subsequent amendments and additions and Regulation 2016/679 EU.
The personal data Controller is the North Tyrrhenian Sea Port Network Authority, Scali Rosciano 6/7 Postcode 57123 Livorno ITALY, T. +39 0586 249411 e-mail firstname.lastname@example.org.
Data Protection Officer (DPO)
The Data Protection Manager (DPO) has been identified in Gesta srl, in the person of Dr. Renato Goretta, Via Fontevivo, n.21/m CAP 19125 La Spezia ITALIA T.+39 0187 564442 e-mail email@example.com.
The legal basis, duration and the purposes of the processing
Personal data collected by AdSP MTS are necessary for the following purposes:
1) Institutional purposes;
2) Registration of participants in ESPO Conference 2019;
3) ESPO Conference 2019 Secretariat activities;
4) Provision of services for participants and accompanying persons;
7) Video surveillance, Security & safety;
8) Legal obligations.
The data provided by the participants are necessary for all the above purposes and are processed for a period of time to achieve the same. The participants, if they transmit data relating to other subjects (family members, accompanying persons) are personally responsible for the data provided to AdSP MTS.
The legal bases that legitimize the processing of the data provided by you, pursuant to Art. 6 of Regulation 2016/679 EU, are:
- fulfillment of contractual obligations, for the processing of data necessary for registration and participation in the 2019 ESPO Conference and related activities;
- performance of a task of public interest or in connection with the exercise of official authority vested in
the Data Controller and/or fulfilment of legal obligations to which the Controller is subject, for other purposes;
- pursuit of the legitimate interest of the Controller or of third parties in the use of the data for the purposes of advertising and promotion of the event, as well as for internal statistics.
The data used for statistical purposes are anonymized.
The Controller, in the performance of the services deduced in the contract or provided for by law, may make use of other parties (suppliers, external collaborators), recipients of the data provided to AdSP MTS and authorized to process personal data.
We inform you, in particular, that the secretarial activities related to the ESPO Conference 2019 event are carried out by Ara Congressi, located in Via Marradi 217, 57125 Livorno, appointed by the appropriate legal act, ex Art. 28 GDPR, External Data Protection Officer.
The data provided for hotel reservations and tourist services will necessarily be transmitted to external companies.
Upon your written request sent to the data controller, we will be happy to provide any additional information regarding the recipients.
Data processing modalities
The processing by AdSP MTS is carried out automatically and/or manually, without profiling as per Art. 22, paragraphs 1 and 4 of the GDPR, in accordance with the provisions of Art. 29 and 32 of the GDPR, in accordance with the principles of lawfulness, purpose limitation and data minimisation, ex Art 5 GDPR.
The data will be processed at the registered office and at the places legally available to the Data Controller.
For security reasons, AdSP MTS is required to use access control systems that involve the acquisition of images.
During the ESPO Conference 2019 event and related activities, images may be acquired that AdSP MTS may use on its institutional website, transmit to the press and/or disseminate on social media, only for the purpose of promoting the event and institutional information. The images may not be used for other purposes, nor may they ever be harmful to the dignity and reputation of the subjects filmed. Please notify any opposition to the use of your images to the addresses of the Data Controller at least 5 days before the start of ESPO Conference 2019.
Special categories of data
AdSP MTS, in the exercise of its activities, may also become aware of data that may qualify as “special categories of personal data”, namely data revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person”and judicial data (ex Articles 9 and 10 of the GDPR).
Data transfer abroad
The data processed may also be transferred to other Member States of the European Union or to third countries, not belonging to the European Union, for the above purposes and on the basis of the same legal basis.
Exercise of rights
At any time, the Interested Subject may exercise, pursuant to Art. 15 to 22 of the GDPR, the right to:
- a) ask for confirmation of the existence or otherwise of his/her personal data;
- b) obtain information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the storage period;
(c) to obtain the rectification or erasure of the data;
(d) to obtain the limitation of the processing;
(e) to achieve data portability, i.e. to receive data from a controller in a structured, commonly used and machine-readable format and to transmit them to another controller without hindrance;
(f) object to the processing at any time, including in the case of processing for communication purposes;
(g) object to an automated decision making process concerning natural persons, including profiling;
(h) revoke consent at any time without prejudice to the lawfulness of processing based on consent given prior to revocation;
- i) lodge a complaint with the Guarantor Authority for the Protection of Personal Data (firstname.lastname@example.org or email@example.com).
The interested party may exercise his/her rights by sending a written request to the aforementioned Data Controller. AdSP MTS is however at your disposal for clarifications on the processing of personal data.