Dear user,

Across Events Srl considers the protection of your personal data a fundamental and differentiating aspect of its way of doing business and we want to provide you with any useful information to protect your privacy and maintain control of the use that is made of your data in relation to the services we offer.

This policy applies to personal data we collect when you browse our site, participate in face-to-face or streaming events organized by us or our partners [hereinafter referred to as “Services”].

2) Contacts Owner, DPO

Across Events Srl will process your personal data in accordance with Regulation (EU) 2016/679 (“GDPR”) and to the legislation in force concerning the protection of personal data. Below you will find our contacts.

Contacts and identification of the Data Controller

The Data Controller of the personal data addressed here is:
Across Events Srl, registered office in via Copernico 38, Milan, VAT number no. 11918010965.
The Data Controller makes decisions regarding the type of data processed, the method and purpose of the processing.

For any questions relating to the processing of personal data you can contact the Data Controller at the following e-mail address: congressi@acrossevents.com or by traditional mail writing to:

Across Events Srl
via F.lli Cuzio 42 c/o Technological Center
27010 Pavia

3) Type and source of personal data

When you use our services, the following personal data may be processed:

  1. common data – name, surname, residence, identity card, identity card expiry, tax code, possibly your images in which you appear as a participant in an event but without indications that make you identifiable
  2. biometric data – in particular the sound of your voice, in case of recordings during our face-to-face events, photographs in which you are identified or identifiable.
  3. data relating to your participation in our events and the organizational activities connected to them – what data and type of event you attended and information you provided are needed to manage the organisation of the event (eg departure city, special requests regarding the type of accommodation)
  4. data details related to event-related side activities – data relating to allergies necessary for the management of catering and catering services offered as collateral to the events of which we are organizers
  5. data we collect while you browse the site – (so-called navigation data) – such as your IP address, the time at which you will forward any requests for information and/clarifications, the method used in submitting the request to the server, the size of the file obtained in response and other parameters relating to the operating system and the user’s IT environment. This type of information is not used by us to profile our users, however it is information which, as such, could by its nature be processed in ways that would allow users to be identified.
  6. Payment data – billing data or data relating to your current account number, provided in the event that the payment flow is aimed at participating in an event organized by us or at the possibility of using some services related to it (e.g. overnight stay, catering service, dinner or excursions and/or organized activities), possibly provided by our partners.

The data is provided directly by you when you fill out the participation form, while visiting our website or when you contact us to request additional information or activities related to your participation in the event.

4) Purpose of the Processing

The personal data identified in the previous section may be processed for the following purposes:

  1. Allow you to use the service in question (e.g. registration and related participation in the event organized in person or online, browse the website);
  2. Allow you to take advantage of our assistance in case of questions asked via our website or organizational issues related to the event you are participating in;
  3. Tax, administrative and accounting obligations strictly connected to participation in events organized by Across Events Srl as Data Controller;
  4. Sending documentation and/or information necessary for your participation in an event organized by Across Events and/or part of it;
  5. Management of collateral activities for events such as hotel reservations or communication of particular menus to catering services;
  6. fulfilment of specific obligations laid down by law, regulation or Community legislation;
  7. Use of your image and/or voice collected during your participation in the event in person or online, also including video, audio and/or photographs taken during the event that may be published on our social channels (including the website and Facebook) and/or in our newsletters;
  8. Sending updates about future projects, initiatives, and events promoted by Across Events within the same area of interest in which the Event you participate is located, mainly via newsletters.

5) Legal basis of the Processing

The processing of personal data takes place on the basis of the following legal bases:

  • with reference to the purposes (a) to (e) of the previous section the processing is carried out in Article 6 (b) of the European General Data Protection Regulation 2016/679 (the “GDPR”) as necessary for the performance of the contract.
    If you do not provide the personal data necessary for the Contractual Purposes, it will not be possible to use the services (including assistance and other features described above).
  • with reference to purpose (f) of the previous section the processing is performed on the basis of Article 6 (c) of the European General Data Protection Regulation 2016/679 (the “GDPR”) as relating to a legal obligation;
  • with regard to the activities covered by purpose (g) of the previous section the legal basis identified is consent, as provided for in Article 6 (a) of the European General Data Protection Regulation 2016/679 (the “GDPR”);
  • with reference to purpose (h) the legal basis is to be found in paragraph 4 of article 130 of the Privacy Code, referring to communications relating to services similar to those offered and containing the possibility of objecting to them at any time.

6) How the data is processed

The treatment is carried out using the following methods

  • be computerized (mainly) through automated tools designed to store, manage and transmit the data themselves, with the observance of every precautionary measure, which guarantees their security and confidentiality.
  • both paper (particularly in the case of face-to-face events and printing of lists of participants)

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The data is stored on the Company’s computers/devices and the Servers managed and administered by it by authorized and appropriately trained personnel. While data processed in paper form are deleted after the event.

7) Data retention period

The data collected will be kept for the period strictly necessary to achieve the purposes for which they were collected. And in any case your data will be kept for 10 years from the date of termination of the contract or the termination of the relationship and/or in any case for a period necessary for the pursuit of the purposes and fulfillment, except in cases where the storage for a later period is required for any legal actions and, in case of litigation, requests from competent authorities or under applicable law

8) Who the data is shared with

The data will not be disclosed indiscriminately, with this term meaning making it known to indeterminate subjects in any way, including by making it available or consulting it.

The data may be communicated, with this term meaning giving knowledge (also for any processing) to one or more subjects determined within the limits strictly relevant to the fulfillment of the obligations, tasks and purposes referred to above:

  • to all persons to whom the right of access to such data is recognized by virtue of regulatory provisions (eg police forces, judicial authorities, financial administration, financial police, judicial offices, etc);
  • to customers, suppliers, factoring companies, debt collection companies, credit insurance companies;
  • to post offices, freight forwarders and couriers for sending documentation and/or material;
  • banking institutions and financial institutions in general for the management of collections and payments deriving from the execution of contracts.

In addition, they will be able to learn about personal data:

  • the Data Processors, our employees and collaborators as well as third parties who provide the Company with administrative, IT, logistical and consultancy services, all operating under a specific assignment.

You will be able to obtain an updated list of our Data Controllers by requesting it by post or e-mail to the contact details indicated in section 2 of this document.

9) Transfers outside the European Union Territory

In the event that Across Events Srl makes use of suppliers and/or services based outside the European Economic Area, Across Events Srl undertakes to guarantee adequate levels of protection, in full compliance with the provisions of the legislation on the protection of personal data.

10) Rights of interested parties

  1. Rights of interested parties

The interested party has the right to obtain information from the Data Controller regarding the processing carried out against him/her (art. 12, GDPR), in addition to Articles 15 et seq of the Regulation you have the right to:

  • Right of access

The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, access to the following data and information:

  1. the purposes of the processing;
    1.  the categories of personal data being processed;
    1. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;
    1. the retention period for personal data;
    1. the existence of the right of the data subject to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing;
    1. the right to lodge a complaint with a supervisory authority;
    1. where data are not collected from the data subject, all available information on their origin;
    1. the existence of automated decision-making, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
  • Right of rectification

The data subject shall have the right to obtain immediate rectification of inaccurate data together with the right to complete or supplement personal data already provided.

  • Right to cancellation

The data subject has the right to obtain the erasure of personal data, for one of the following reasons:

  1. personal data are no longer necessary in relation to the purposes for which they were collected or processed;
    1. the data subject withdraws the consent on which the processing is based;
    1. the data subject objects to the processing;
    1. personal data has been processed unlawfully;
    1. personal data must be erased in order to fulfil a legal obligation under Union or Member State law to which the controller is subject.
  • Right to limit processing

The data subject shall have the right to obtain restriction of processing in the following cases:

  1. the data subject disputes the accuracy of the personal data;
  2. the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests that their use be restricted;
  3. although the data controller no longer needs them for the purposes of the processing, the personal data are necessary for the data subject to ascertain, exercise or defend legal claims;
  4. the data subject objected to the processing, pending verification as to whether the legitimate grounds of the controller would prevail over those of the data subject.
  • Right to data portability

The data subject shall have the right to receive data in a structured, commonly used and machine-readable format personal data concerning him or her provided to a controller and shall have the right to transmit such data to another controller without impediment by the controller to whom he or she provided them

  • Right to object

The data subject shall have the right to object to the processing of personal data at any time. In this case the data will no longer be processed, unless the Data Controller demonstrates legitimate reasons to continue the processing, or to comply with legal obligations.

Requests to exercise your rights, as indicated above, can be submitted:

  • via e-mail a: congressi@acrossevents.com
  • by traditional mail to:
    Across Events Srl
    via F.lli Cuzio 42 c/o Technological Center
    27010 Pavia

We also remind you that you always have the possibility to lodge a complaint with the Guarantor for the protection of personal data (www.guaranteprivacy.it).