INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA OF FBK EVENTS’ PARTICIPANTS

Pursuant to art. 13 of EU Regulation No. 2016/679 (GDPR), and in general in observance of the principle of transparency set forth in the above Regulation, are herewith the following information regarding the processing of personal data.

1. DATA CONTROLLER

The Data Controller is Fondazione Bruno Kessler, with registered office in Trento, via Santa Croce, 77 – Ph. +39.0461.314.621-227 – .
For contact and specific information regarding the protection of personal data, including the exercise of the rights referred to in item 9, please send an e-mail to .

2. CONTACT INFORMATION FOR THE DATA PROTECTION OFFICER

Pursuant to art. 37 of the GDPR, the Data Controller has designated the Data Protection Officer (DPO), who may be reached via the following channels: , Ph. +39.0461.314.370.

3. PURPOSE OF THE PROCESSING

Your personal data will be collected and processed for the following purposes:

  • registration participation to the event (conference, seminar, meeting, talk,…);
  • processing and compliance with pre-contractual requirements;
  • processing and compliance with contract related requirements;
  • supply of contract related main and/or optional services;
  • processing and compliance with provisions under Acts, regulations and EU requirements;
  • processing, operational and reliability&solvency needs, processing of questions of law;
  • networking and research;
  • mailing of institutional informative material.

In addition, video, audio, photographic, digital, electronic or any recordings (later referred to as ‘recordings’) will be taken during the event in order to document it and for institutional, archiving and communication purposes including, but not limited to, the following categories and/or similar categories: presentations, reporting documents, creation of informative material, communication activities on institutional channels and/or through local, national and international press and through websites and social networks.

4. LEGAL BASIS FOR PROCESSING AND DATA PROVISION OBLIGATION

The legitimacy to the processing of data derives from the fact that it is necessary for you to participate at the event organized by the Foundation and for us to fulfill the related legal obligations. Refusal to provide such information will make it impossible for you to establish relationships with FBK.

5. TYPE OF DATA PROCESSED

The following data categories may be processed for the above mentioned purposes:

  1. Personal data, personal particulars, phone numbers, e-mail addresses, home address and other contact information, and further required information;
  2. Data revealing the person’s image and voice (video, audio, photographic, digital, electronic or any recordings);
  3. Data concerning any allergy, illness, and/or dietary needs or restrictions.

6. PROCESSING METHOD AND LENGTH

The data shall be processed:

  • manually and through automated means, on paper and/or electronic records;
  • by individuals authorized to perform such tasks by the Law;
  • by using proper measures to ensure confidentiality and avoid access by non-authorized third parties;
  • in contexts that do not compromise the personal dignity and the decorum of the person concerned, ensuring the necessary precautions to guarantee the confidentiality of the use.

The personal data collected shall be retained for no longer than is necessary for the purposes of managing the event activities.

Video-photographic recordings shall be stored in order to document the institutional, archiving and communication related activities including, but not limited to, in the categories described in item 3 and/or in similar categories.

7. DATA SHARING

Without prejudice to communications required to fulfil legal and contractual obligations, all data collected and processed may be shared, exclusively for the purposes specified above, to:

  • Registration system;
  • Project Partners;
  • Project auditors;
  • Stakeholders;
  • Insurance company;
  • Travel agencies, transport companies, printing companies;
  • Hotels, tourist services and similar;
  • Venue managers;
  • Police, security services (in case of very big events requiring special consideration by the police officers);
  • Companies offering proceedings and paper submission collection and management;

Personal data shall not be disseminated, besides for institutional and communication purposes.

8. PLACE OF DATA PROCESSING

The registration system to the events mostly uses the online specialized system Eventbrite.com , which use terms and conditions and privacy policy are available at the link https://www.eventbrite.com/privacypolicy. This IT tool involves the processing on the territory of the United States of America, a country for which the Commission has taken a decision on the adequacy of the protection of personal data, and therefore this transfer does not require specific authorizations.

In some cases, the registration system may use other systems which involve the processing within the European Union or in countries for which the Commission has taken a decision on the adequacy of the protection of personal data.

Apart from the above, there is no intention to transfer personal data outside the European Union.

9. RIGHTS OF THE PERSON CONCERNED

Pursuant to Section III of the GDPR, the person concerned shall be entitled to exercise their right to:

a. access personal data (will therefore have the right to have free information about the personal data held by the Data Controller, as well as to obtain a copy thereof in an accessible format);

b. amend data (we shall take care, upon his/her request, to amend incorrect or inaccurate data);

c. withdraw consent (if the person has consented to the processing, he/she can at any time withdraw their consent and such revocation of consent will result in the termination of the processing)

d. cancel their personal data – right to be forgotten (for example, in case of withdrawal of consent, if there is no other legal basis for data processing);

e. restrict data processing (in certain cases – dispute the accuracy of the data, within the timeframe necessary for verification; dispute the lawfulness of the processing with refusal to the cancellation; necessity of the party concerned to use their defense rights, while they are no longer useful for the purposes of the processing; in the event that the processing has been denied, while the necessary checks are being carried out – the data will be stored in such a manner that they may be restored if need be, but, in the meantime, cannot be consulted by the Controller if not in relation to the validity of his or her request for restriction).

f. deny consent to the processing due to legitimate reasons (under certain circumstances, he/she may in any case object to the processing of data, and in any case it may refuse processing for direct marketing purposes);

g. data portability (upon request of the person concerned, the data shall be transmitted to the indicated subject in such a format that they can be easily consulted and used);

h. advance a dispute to the Supervisory Authority (Privacy Authority).