PRIVACY POLICY

SUBJECT OF THIS POLICY

In order to ensure the security of the included information, in compliance with EU Regulation 2016/679 (hereinafter referred to as “Regulation“), key information on the processing of data of users who access www.filmdipeso.it is detailed below. The website promotes the “Filmdipeso” festival by sharing short films on social, psychological and health aspects of obesity and eating disorders in adults and adolescents, and enables users (hereinafter also referred to as “the user”, “you” or “your”) to book free tickets for the festival by filling out the corresponding form. The Data Controller identified below guarantees that your data will be used in compliance with the principles of fairness, lawfulness, transparency and protection of confidentiality and the rights of the user.

The Data Controller reserves the right, at any time and at its sole discretion, to modify and/or update this policy.

This policy is not a contract and therefore does not entail contractual obligations towards the user of the website.

  1. Data Controller

The Controller of the data received from users is Pro Format Comunicazione S.r.l. (hereinafter referred to as “Data Controller” or “Controller”). Its registered office is in Viale Aventino, 45 – 00153 in Rome, Italy (VAT no. 07547371000). The Data Controller can be contacted by email: privacy@proformat.it, by certified email (PEC): info@pec.proformatcomunicazione.it or by telephone: 06-5417-093.

The processing of the user’s data, acquired on the legal basis detailed in Article 4 below, is carried out at the Controller’s registered office, located in Rome (Viale Aventino, 45).

The Data Controller is aware of the importance of guaranteeing the security of the private information under his control, and is therefore committed to protecting the user’s privacy through the most appropriate IT protection measures.

Nevertheless, however, it cannot be held responsible for any unauthorized access, data loss, unlawful or incorrect use, or for modifications of personal information out of his control.

  1. Data Protection Officer (DPO)

In order to protect users’ data, the Data Controller appointed lawyer Nicola Paglietti from Studio Internazionale, member of the Bar Association of Rome no. A18855, domiciled at Studio Internazionale, located in Rome (Via del Babuino, 51. Telephone: 06-4567-5601, fax: 06-4567-5630, certified email (PEC): n.paglietti@pec.stint.it).

  1. Purpose of the processing

The data you provided will be processed for the realization of activities strictly connected to the following purposes:

  1. Sending you confirmation emails for the delivery of free tickets for the events of the “Filmdipeso” festival.

If the Data Controller intends to process personal data for purposes different from those they were collected for, a new and specific consent request will be submitted to the user.

  1. Legal basis of the processing

In accordance with Article 6 of the Regulation, the activity carried out by the Data Controller is based on the user’s consent. Such consent will be free, specific and unequivocal and will be given after reading and understanding this policy and filling out the form on the website to book the tickets for the festival.

  1. Type of processed data

The Data Controller will collect the following personal data from the user:

  1. Name and surname
  2. Email address.

 

 

  1. Processing methods

The processing is directly carried out by the Data Controller both electronically and on paper, but always by ensuring the security and confidentiality of the data, in compliance with the Regulation.

The stories collected on the website are automatically forwarded to the Data Controller’s internal staff.

To achieve the purposes referred to in Article 3, the processing includes: the collection, storage, consultation, comparison and deletion of the users’ data.

The collection and processing of data are carried out by the Controller’s internal staff, who will automatically receive it by email when the stories, photos or videos are uploaded to the website.

The processing is carried out at the Data Controller’s registered office.

  1. Data storage

The Controller stores the collected data as long as this information is suitable for the purposes referred to in Article 3, or until the user requests its deletion.

  1. Transfer of data to a third country

The Controller does not expect any transfer of the data to third countries outside the European Union and/or international organizations.

  1. Rights of Users

At any time, users have the following rights:

  1. Right of access

You have the right to receive confirmation from the Data Controller that your personal data is being processed and, in this case, to access your personal data and the following information:

  • the purposes of the processing
  • the categories of concerned personal data
  • the recipients or categories of recipients to whom your personal data has been or will be communicated
  • the data retention period or the criteria used to determine this period
  • a list of your rights
  • if the data was not directly collected from the user, all information available on its origin
  • the existence of an automated decision-making process.
  1. Right to rectification

You have the right to obtain from the Data Controller the correction of inaccurate personal data and the integration of incomplete data without undue delay.

  1. Right to be forgotten

You have the right to obtain from the Data Controller the cancellation of your personal data, without undue delay, in cases where:

  • personal data is no longer necessary for the purposes for which it was collected and/or processed
  • you withdraw your consent
  • you oppose the processing
  • your personal data has been unlawfully processed
  • your personal data must be deleted to fulfill a legal obligation under European or Italian law.

Nevertheless, the Data Controller notes that any cancellation request from the user may be assessed to follow exceptions acknowledged by the Regulation: freedom of expression and information, fulfillment of a legal obligation, public interest, scientific or historical research, statistical purposes, legal reasons.

  1. Right to limitation of the processing

You can request the limitation of the processing of your personal data from the Data Controller if:

  • you contest the accuracy of the data. In this case, the limitation will last the necessary time to allow the Data Controller to make the appropriate changes
  • the processing is illegal and you request that the use of your data is only limited, without deletion
  • you need your personal data in order to ascertain, exercise or defend a right in court and the Controller no longer needs it for processing purposes
  • you oppose the processing. In this case, the limitation will last the necessary time to verify the legitimate reasons of the Data Controller compared to the reasons of the user.
  1. Right to object

You have the right to object to the processing of your personal data. In this case, the Data Controller will have to refrain from further processing such data, unless it can provide evidence that there are legitimate reasons or interests to continue to do so, thus prevailing over the rights of the user. Otherwise, if personal data is processed for marketing purposes, the user’s opposition will be sufficient and personal data will no longer be processed.

  1. Right to complain

If you believe that the processing of your data is violating the current European legislation on the matter of privacy, you have the right to lodge a complaint to the Data Protection Supervisor.

  1. Right to portability

You have the right to receive your personal data in a readable format from an automatic device and the right to transfer such data to a different Data Controller, without impediment by this Data Controller.

If technically feasible, you also have the right to request the direct transmission of your data from this Controller to another.

  1. Right to withdraw consent

You can easily withdraw your consent to the processing of data without any obligation to state reasons. In any case, the lawfulness of the processing carried out by the Data Controller and based on the consent given before the withdrawal remains unaffected. Following the withdrawal, the Data Controller will stop the processing.
To withdraw your consent, you will only need to deliver a clear and unequivocal communication/request to the Data Controller or the Data Protection Officer through the contacts listed in this policy. With the withdrawal, the right of cancellation is automatically triggered and the Data Controller will delete your data, except the storage needed for law and/or tax purposes.