Event Privacy Policy

Privacy Policy for the Processing of Personal Data pursuant to Article 13 of EU Regulation 2016/679 (GDPR)

This policy is provided to inform you about the processing of your personal data by the data controller for the purposes specified below.

1. Identity and Contract Details of the Data Controller 

The Data Controller is:

  • MIX S.r.l., Via Caldera 21, 20153, Milan (MI) (Tel.+39 02.40915701, e-mail: privacy@mix-it.net)

2. Data Protection Officer (DPO)

The DPO designated by MIX S.r.l. represents the contact point for the interested parties and can be reached by email: dpo@mix-it.net

3. Purposes and Legal Basis for Processing 

Your common personal data (identifying, contact, and demographic information, photos/videos) will be processed in full compliance with the regulations protecting personal data, both in paper and electronic form, for the following purposes: 

a) To manage/organize the event (registration of participants, distribution of badges prior to event entry) 

b) To document the event by publishing photos and videos taken during the event on MIX S.r.l.’s official website and social media pages 

c) To invite you to future events organized by MIX S.r.l. and to send newsletters containing information about MIX S.r.l.’s activities 

d) To share your contact information with event sponsors for marketing purposes 

Your lack of consent regarding the release of the waiver concerning photos/videos (purpose b), which is necessary for MIX S.r.l. to lawfully take photos and record videos during the event for subsequent publication on its official channels (website, social media) as documentation of the event, will result in an inability to register and, consequently, to participate in the requested event.

The processing of data for purposes c) and d) is lawful only upon your explicit consent.

4. Recipients of Personal Data 

Registration for events organized by MIX S.r.l. occurs through one or more platforms.  Your personal data will therefore be processed

a) By the operators of the aforementioned platforms solely for the purposes of event registration/organization 

b) By agencies supporting the organization of the event 

The processing of your data by the parties mentioned in points a) and b) is closely linked to your free choice to participate in the event and the registration methods chosen by the data controller.

c) By event sponsors (independent data controllers) 

d) By the operator of a platform managing the mailing list service 

The processing of your data by the parties in points c) and d) is closely related to your consent to the processing purposes mentioned in Article 3, letters c) and d.

5. Data Transfer to Third Countries 

The Data Controller may share your personal data with third parties that are not based in the European Union, including companies located in the United States, such as the company providing the registration management platform and some event sponsors.

The transfer of your personal data to the United States will take place in accordance with the EU-US Data Privacy Framework, which guarantees an adequate level of protection under Article 45 of the GDPR, if the recipient organisation is registered with the Data Privacy Framework, which can be found at the following link.
Alternatively, for transfers to other Third Countries where there is no adequacy decision, MIX S.r.l. will ensure that such transfers are made in accordance with the Standard Contractual Clauses (SCC) approved by the European Commission or other equivalent safeguards, as provided for in Articles 46 et seq. of the GDPR.
Data subjects have the right to obtain detailed information on the safeguards adopted for the transfer of personal data to Third Countries, including copies of the SCCs or the reference to the Data Privacy Framework, by contacting the Data Controller through the channels indicated in Section 1 of this Policy.

6. Data Retention Period 

Your personal data will be retained for the period strictly necessary to achieve the specific purposes outlined above, specifically: 

  • For the purpose in point a) of Article 3, the data will be processed for a maximum of one month from the date of the event. 
  • For the purposes indicated in letters b), c), and d) of Article 3, the data will be processed for a maximum of 2 years.

7. Rights of the Data Subject 

You may exercise the following rights at any time: 

a) Right of access [Article 15 of the EU Regulation] (the right to be informed about the processing of your personal data and to receive a copy);

b) Right to rectification of your personal data [Article 16 of the EU Regulation] (the right to have inaccurate personal data corrected); 

c) Right to erasure of your personal data without undue delay (“right to be forgotten”) [Article 17 of the EU Regulation] (the right to have your data erased); 

d) Right to restrict processing of your personal data in cases provided for in Article 18 of the EU Regulation, including in the case of unlawful processing or contestation of the accuracy of your personal data by the data subject [Article 18 of the EU Regulation]; 

e) Right to data portability [Article 20 of the EU Regulation], whereby you may request your personal data in a structured format to transmit it to another controller, in the cases provided for in the same article;

f)) Right to object to the processing of your personal data [Article 21 of the EU Regulation] (the right to oppose the processing of your personal data); 

g) Right not to be subject to automated decision-making processes [Article 22 of the EU Regulation] (the right not to be subject to a decision based solely on automated processing). 

The aforementioned rights can be exercised by sending a request to the data controller through the contact channels indicated in Article 1 of this policy. 

Requests related to the exercise of your rights will be addressed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and number of requests, this period may be extended by an additional two months. 

Regarding the purposes indicated above, the data subject has the right to withdraw consent to the processing of identification/demographic/contact data at any time by sending an email to the data controller via the contact channels indicated in Article 1 of this policy. 

Pursuant to Article 7 of the EU Regulation, the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.

The data subject has the right to lodge a complaint pursuant to Article 77 of the GDPR with the competent supervisory authority based on their habitual residence, place of work, or the place of infringement of their rights; the Italian Data Protection Authority is competent and can be contacted via the contact details on the website http://www.garanteprivacy.it.

IMAGE AND VIDEO RELEASE 

Pursuant to Article 10 of the Civil Code, Article 96 of Law 633/1941 on copyright, and Articles 13 et seq. of EU Regulation 2016/679 on personal data protection, I hereby: 

AUTHORIZE the use, reproduction, and publication by any technical means of images of my person taken by the data controller during the event. The posing and use of images are considered entirely voluntary and lawful. The photographs may be used by MIX S.r.l. for documentation and publication of the event on the official website and social media channels of the data controller.