View the Cookies page

INFORMATION ON THE PROCESSING OF PERSONAL DATA IN THE CONTEXT OF EVENTS

Pursuant to and for the purposes of (i) Legislative Decree No. 196 of 30 June 2003, the ‘Privacy Code’, (ii) EU Regulation 2016/679 on the ‘protection of individuals with regard to the processing of personal data and on the free movement of such data’, the “GDPR”, Art. 13, rules also referred to collectively as ‘Privacy Regulations’, a series of obligations are imposed on those who process data – ‘the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’ – (hereinafter referred to as ‘Processing’) of information concerning an identified or identifiable natural person (the ‘Data Subject’).

GO-Mobility s.r.l. with registered office in Viale Luca Gaurico, 9 – 00143 ROME (RM) (the ‘Company’) wishes to inform you, in the following sections, about the methods and purposes of the Processing of your personal data.

  1. Data Controller

GO-Mobility s.r.l. with registered office in Viale Luca Gaurico, 9 – 00143 ROME (RM) (the ‘Data Controller’) [email protected]

  1. Methods of collecting data from the Data Subject

The Data Controller may come into possession of your data in the following circumstances:

  • in the event of a contact request submitted via the company website, by e-mail or by telephone, in order to request information on the services and products provided by the Company;
  • during the execution of a contract (purchase of goods or services), including pre-contractual negotiations
  • when registering for events organised by the Company.
  1. Categories of data subject to processing

The following categories of personal data concerning you illustrate the types of data that may be collected and/or processed through the various services and contact channels described in this document:

Identification data – information relating to name, address, telephone number, email address, as well as images (photos/videos) taken during events organised by the Company.

hereinafter also referred to as ‘Data’.

  1. Purpose, legal basis and retention period

Your personal data will be processed, for the purposes described below, mainly using IT tools:

  1. Participation in Events: your personal data is processed to allow you to participate in the event, as well as to carry out the resulting organisational and administrative activities and service communications for the performance of all activities related to your participation in the event, as well as to notify participants of subsequent initiatives and/or reminders of the event using the contact details provided when requesting contact and/or registration.

Legal basis for processing: to execute the contract to which you are a party (Art. 6(1)(b) of the GDPR), processing is necessary for the pursuit of the legitimate interest of the Data Controller, which coincides with the promotion and effective management of events (Art. 6(1)(f) of the GDPR).

Data retention policy: the Data may be retained for the time necessary to achieve the purpose and until the User communicates their wish to delete it.

  1. Fulfilment of legally binding obligations: the Data Controller processes the Data to fulfil any civil, administrative, fiscal, accounting obligations required by law, regulations, European legislation or an order from the Authority and arising from participation in the event.

Legal basis for processing: to execute the contract to which you are a party (Article 6(1)(b) of the GDPR), to fulfil a legal obligation to which the Data Controller is subject (Article 6(1)(c) of the GDPR).

Data retention policy: the Data may be retained for the time necessary to fulfil legal obligations and until the User communicates their wish to have it deleted.

  1. Defence in court for the rights of the Data Controller: where required, the Data Controller will provide information about you to the authorities and bodies responsible for enforcing the law, regulations and judicial acts, as well as to third parties in litigation.

Legal basis for processing: for the pursuit of a legitimate interest of the Data Controller consisting in defending its rights or making a claim arising from participation in the event, unless your interests or fundamental rights prevail (Article 6(1)(f) of the GDPR).

Data retention policy: data may be retained until the User communicates their wish to have it deleted.

  1. Promotion of the company brand: in order to promote the Company’s activities, images of you may be collected during events organised by the Company and published in brochures, on the website, on social media channels and/or in any other form or means of transmission, existing or future.

Legal basis for processing: freely given consent to data processing (Art. 6(1)(a) of the GDPR). Your presence at the venue where the event is held will be considered as consent to audiovisual recording and possible subsequent dissemination.

Data retention policy: the images will be stored in the Company’s archives until consent is revoked, without prejudice to their publication in printed catalogues or other means of dissemination.

If the Data Controller intends to process your data for purposes other than those described above, it is required to inform you of these additional purposes before carrying out the processing.

  1. Nature of data provision

The provision of data for the purposes referred to in letters a), b) and c) is mandatory and strictly functional to the execution of the contractual relationship. Any refusal to provide such data could make it impossible for the Data Controller to register you for the event, as well as to fulfil the obligations and exercise specific rights of the Data Controller or your rights arising from the relationship between you and the Company.

The provision of data referred to in letters d) is optional, and failure to authorise and/or subsequent withdrawal of consent will make it impossible to carry out the activities indicated therein.

  1. Data Processing Methods

In relation to the purposes indicated above, the Data Controller processes the data in compliance with the security measures referred to in Article 32 of the GDPR, using manual, computerised and telematic tools designed to store, manage and transmit the data, solely for the purposes for which it was collected and, in any case, in such a way as to guarantee its security and confidentiality, as well as compliance with the principles of fairness, lawfulness and transparency.

  1. Scope of data communication

Your data may be made accessible to:

  • employees and collaborators of the Company in their capacity as persons authorised and/or designated for processing and/or system administrators;
  • consultants and suppliers who, on behalf of the Data Controller, perform outsourced administrative, accounting, tax or legal activities;
  • IT service providers offering services related to information technology and IT infrastructure;
  • marketing agencies for the management of events and advertising campaigns;
  • Supervisory Bodies, Judicial Authorities and all institutional bodies to which communication is mandatory by law for the fulfilment of the aforementioned purposes;
  • other third parties for the purpose of performing the services specifically requested. Only the information necessary for the performance of the relevant functions is provided to these third parties.
  1. Transfer of Data to a third country or to an international organisation

Personal Data is processed within the European Union and stored on servers located therein. In any case, it is understood that the Data Controller, where necessary, will have the right to transmit such Data to a third country or to an international organisation and/or move the servers outside the EU. In this case, the Data Controller hereby guarantees that the transfer of Data outside the EU will take place in accordance with the applicable legal provisions, as set out in Article 44 et seq. of the GDPR.

  1. Rights of the Data Subject

Finally, the Company informs you that, in accordance with current legislation on the protection of personal data, you may exercise specific rights at any time – as set out in Articles 15-22 of the GDPR – and in particular you may ask the Data Controller:

  1. the right of access, i.e. the possibility of obtaining confirmation from the Data Controller as to whether or not personal data is being processed and, if so, to obtain access to your personal data;
  2. the right to rectification, including the integration of incomplete personal data;
  3. the right to erasure of data without delay at the request of the Data Subject and mandatorily if:
  • the personal data are no longer necessary for the purposes of the processing;
  • the consent on which the processing is based is revoked and there is no other legal basis for the processing;
  • the personal data have been unlawfully processed;
  • the personal data must be erased to comply with a legal obligation under EU or Member State law.
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or when the data subject objects to the processing in the cases provided for in Article 21(2) of the GDPR (personal data processed for direct marketing purposes);
  1. the right to restriction of processing where the accuracy of the personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data) or the processing is unlawful and/or the data subject has objected to the processing and requested restriction;
  2. the right to data portability, i.e. the right to receive from the Data Controller, in a structured, commonly used and machine-readable format, personal data and to transmit those data to another Data Controller, only in cases where the processing is based on consent and only for data processed by automated means;
  3. the right to object to the processing of your personal data, without prejudice to the right of the Data Controller to demonstrate the existence of legitimate reasons for proceeding with the processing;
  4. the right to withdraw consent at any time, if the processing is based on your explicit consent, without prejudice to the lawfulness of the processing carried out until the withdrawal is exercised;
  5. the right to lodge a complaint with a supervisory authority in the Member State where you reside or work, or in the State where the alleged infringement occurred, without prejudice to any other administrative or judicial remedy, in the event of infringements of the provisions of the aforementioned Regulation.

If you would like more information about the processing of your personal data and to exercise the rights mentioned above, you can send a written request using the contact details provided in the ‘Data Controller’ section of this policy. If you request information about your data, the Data Controller will respond as soon as possible – unless this proves impossible or involves a disproportionate effort – and in any case no later than thirty days after the request. Any impossibility or delay on the part of the Data Controller in satisfying the requests will be adequately justified.

Furthermore, you always have the right to lodge a complaint with the Data Protection Authority, which can be contacted at [email protected] or via the website http://www.gpdp.it.

View the Cookies page