PRIVACY POLICY
Last updated: 09 October 2023
A. FOREWORD
- BEIT EVENTS S.R.L. (C.F. and VAT Number 06889150964), with registered office in 20142 – Milan (MI), Alzaia Naviglio Pavese, no. 260 (hereinafter, “Beit”), as the owner of the website linked to the domain name “[www .tramediluce.it]” (hereinafter, the “Site”), with this privacy policy on the processing of personal data (hereinafter, “Privacy Policy”), made pursuant to the Regulation (EU) 2016/679 e ss.mm.ii. (hereinafter, the “GDPR”) and the Legislative Decree. n. 196/2003 and ss.mm.ii. (hereinafter, the “Privacy Code”), informs You of how Your personal data (hereinafter, the “Data”) is handled and allows You to give express and informed consent to the processing of the Data over requested.
- The Privacy Policy is made only for the Site and not also for third-party websites that may be accessed through links on the Site’s pages.
- By accessing and using the Site, you acknowledge that you have carefully read this Privacy Policy and agree to its purposes and methods of processing your Data.
If you do not wish to accept what is stated in this Privacy Policy, please leave the Site and, in any case, do not use its contents and/or services. - All Data is acquired, stored and processed exclusively in accordance with the GDPR. Processing of Data means any operation or set of operations, carried out even without the aid of electronic instruments, concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, erasure and destruction of data, even if not registered in a database (hereinafter, the “Processing”).
B. DATA CONTROLLER AND DATA PROTECTION OFFICER DATA
- Beit is the Data Controller within the meaning of Article 4 (7) of the GDPR (hereinafter, the “Controller”). Beit’s contact information is given below:
- corporate name: BEIT EVENTS S.R.L.;
- Registered office address: 20142 – Milan (MI), Alzaia Naviglio Pavese, n.260;
- Certified Electronic Mail (CEM) address: posta@pec.beitevents.it;
- e-mail address: info@tramediluce.it;
- tax code: 06889150964;
- VAT number: 06889150964.
- The Controller has appointed pursuant to Articles 37 ff. of the GDPR a Data Protection Officer (hereinafter, the “DPO”), domiciled for the purpose at Beit and who can be contacted for matters relating to the processing of Your Data at info@tramediluce.it.
C. DATA SUBJECT TO PROCESSING
- The following Data are subject to Processing:
- Browsing Data: ‘hardware and software of the Site acquire some Data whose transmission is implicit in the use of Internet communication protocols. This is information that could, through processing and association with data held by third parties, allow you to be identified. This category of data includes the IP addresses of the devices used to connect to the Site, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment used by You. We may also receive information regarding Your geographic location and Your electronic device. This Data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its proper functioning and is deleted immediately after processing. The Data could be used to ascertain liability in case of hypothetical computer crimes against the Site. Data related to Your geographical location could be used to provide information, proposals and other personalized content based on Your location. Users who do not want to share information about their geographic location will need to disable location services on their device;
- Data collected directly from You: the Data You enter on the Site (e.g., when registering Your profile with the Site) as well as the Data You send by e-mail to the e-mail addresses listed on the Site (including the sender’s e-mail address and any other Data included in the missive);
- Data obtained from third parties: the Controller, in accordance with applicable regulations, may also process certain Data obtained from third-party companies, business partners of the Controller, such as information regarding interests, demographic status, and online identifiers. Such Data is processed in the same manner as Data obtained directly from the user, in accordance with the provisions of this policy;
- Cookies. The Site uses cookies to make Your browsing easier, faster, more intuitive and to enable the Site to work better. For more information regarding cookies on the Site, please refer to the extended cookie policy accessible by link in the footer of the Site (hereinafter, the “Cookie Policy”)
D. PURPOSE OF DATA PROCESSING
- Data will be processed by the Data Controller, according to principles of necessity, lawfulness, fairness, proportionality and transparency for the following purposes (hereinafter, the “Purposes”):
- To enable the enjoyment of the Site;
- to enable the enjoyment of services related to the Site (by way of example, prize events, events, initiatives, periodic newsletters, etc., hereinafter, the “Services” or, in the singular, the “Service”) the performance of which is gradually requested;
- For any fulfillment arising from legal obligations;
- for sending advertising material and carrying out promotional, marketing and/or direct sales activities of products and/or services sold and/or provided by the Owner by e-mail (so-called “soft-spam”);
- only with Your express consent, for the Holder to send You commercial communications regarding products or services of selected third party partners with whom the Holder has legal relationships (including by means of communication of Data to third parties if specifically permitted);
- only with Your explicit consent, to carry out profiling activities, by means of inviting You to participate in market research and combining the Data provided by You with Data obtained from third parties, i.e. to assess Your tastes, preferences and consumption habits and for the subsequent sending to You of profiled marketing communications and/or targeted advertising;
- through the use of anonymized aggregate data, to analyze activity on the Site and provide a report about sales, customers, traffic patterns, and other information to current and potential partners, advertisers, investors, and other third parties.
- In case You give consent to the profiling indicated in 8.6 above, it will presuppose an automated activity in order to place You in a category of individuals with homogeneous characteristics in terms of purchasing preferences (so-called “look-a-like” models) on the basis of Your previous purchasing experiences, market analysis and research (including surveys) in which You may have participated, Your demographic class (in relation to, for example, gender, age and place of residence) and Your activities on the Site. These are recorded through cookies on the Site.
- The processing of Data for the purposes set out in 8.5 and 8.6 above may be done through automated (through email or text messaging), traditional (operator phone calls and postal mailings), and/or other means of contact (through promotional content shown to you online).
- In any case, You may revoke Your consent, even partially, for example by consenting only to traditional contact tools or object to the processing of Your Data for all or only some of the aforementioned purposes by writing to “info@tramediluce.it” or through Your account privacy settings. In addition to the foregoing, if promotional e-mail messages sent by the Holder are no longer of interest to you, simply click on the link at the bottom of such e-mails and you will no longer receive any such communication.
E. LEGAL BASES OF DATA PROCESSING
- Data processing:
- for the purposes set out in 8.1 and 8.2, is carried out for the performance of contracts to which You are a party and for the execution of pre-contractual measures taken at Your request, pursuant to Article 6.1 letter (b) of the GDPR;
- for the purpose stated in 8.3 is carried out for the fulfillment of a legal obligation to which Beit is subject, pursuant to Article 6.1(c) of the GDPR;
- for the purpose indicated in Section 8.4 is carried out on the basis of the legitimate interest of the Owner, pursuant to Article 6.1 letter (f) of the GDPR and Article 130, paragraph 4 of the Privacy Code, unless You object at the time of registration on the Site or subsequently in individual communications;
- for the purposes set out in 8.5 and 8.6 is carried out only with Your express and specific consent and on the basis thereof, pursuant to Article 6 (a) of the GDPR;
- for the purpose stated in 8.7 is carried out on the basis of the legitimate interest of the Controller, pursuant to Article 6.1 letter (f) of the GDPR.
F. NATURE OF DATA PROVISION
- The provision of Data for the purposes set forth in Sections 8.1 through 8.3 is mandatory, as it is necessary for the purposes of registering with the Site, to enable You to use the Services, and for Beit to comply with legal obligations.
- The provision of Data for the purposes set out in 8.4 to 8.7 is optional. It is understood that failure to consent to the Processing of Data for these Purposes, or the subsequent withdrawal of consent, will make it impossible for the Data Controller to perform the activities described therein but will not prevent you from browsing the Site.
G. DISCLOSURE OF DATA TO THIRD PARTIES
- The Data may be disclosed, solely for the purposes set out in this notice, to the categories of entities listed below based in the countries of the European Union and acting as Data Processors on behalf of the Data Controller:
- persons, companies, associations or professional firms that provide services and activities of assistance and advice to the Holder, with particular but not exclusive reference to issues in accounting, administrative, legal, tax and financial matters;
- companies that provide on behalf of the Owner some services related to the Site, with particular but not exclusive reference to the analysis of Data, the management of payment services, marketing activities, the management of services provided through the Site and their customization in favor of the user.
- The Data may also be communicated, exclusively for the purposes indicated in this information notice, to the categories of subjects indicated below who are also based in countries outside the European Union and who act as Data Processors on behalf of the Data Controller or as autonomous Data Controllers:
- companies belonging to the same corporate group as the Data Controller, with particular but not exclusive reference to Data analysis activities in aggregated and anonymized form, identity management of user profiles on the Site, profiling and profiled marketing;
- Subjects to whom the right to access the Data is recognized by legal provisions and secondary regulations;
- Third-party companies and clients with whom the Holder cooperates as a business partner (e.g., for the promotion of goods and services).
- A list of the names of the persons to whom Your Data is or may be disclosed may be provided to You by requesting it from the e-mail address info@tramediluce.it. The processing will be entrusted, in individual operations, to natural persons appointed as processors.
H. MODE AND PLACE OF DATA PROCESSING
- The Data you provide will be processed in accordance with the GDPR and, in any case, in such a way as to ensure the security and confidentiality of the same, to prevent unauthorized disclosure or use, alteration or destruction.
- Data will be processed on paper and/or by telematic means, including by electronic and informational means.
- The Data Controller will process Your Data in its own technological infrastructure and/or by making use of the technological infrastructure of third-party providers appointed as data processors.
- Your Data will be stored on servers available to the Data Controller or data processors located in the European Union. If, for technical and/or operational issues, it becomes necessary to use parties located outside the European Union, or it becomes necessary to transfer some of the collected Data to technical systems and services operated in the cloud and
located outside the European Union area, processing will be regulated in accordance with the provisions of Chapter V of the GDPR. All necessary precautions will then be taken to ensure the fullest protection of Personal Data relying on such a transfer:- On adequacy decisions of third country recipients expressed by the European Commission;
- On adequate guarantees expressed by the third party recipient under Art. 46 of the GDPR;
- On the adoption of corporate binding rules, (so-called corporate binding rules) or standard contractual clauses.
I. DATA RETENTION PERIOD
- The Data collected for the processing purposes set forth in Sections 8.1, 8.2, 8.3, 8.4 and 8.7 will be retained until You delete Your account on the Site, or until Your express request to delete the Data, except in the case of an exceptional need for the Data Controller to retain the Data to defend its rights in connection with disputes outstanding at the time of the request or at the direction of public authorities.
- The Data collected for the processing purposes set forth in Sections 8.5 and 8.6 will be retained until You withdraw Your consent to the activities described therein, or until Your account on the Site is deleted, or until You expressly request deletion of such Data, except in the exceptional case of the Owner’s need to retain the Data to defend its rights in connection with disputes existing at the time of the request, or at the direction of public authorities
J. UNDERAGE USERS
- Holder encourages parents to monitor their children’s use of the Internet for safe and filtered enjoyment of related content, including through the use of parental control tools. In addition to ensuring a juvenile-friendly online environment, these tools can prevent the disclosure of personal information by children or teens who do not
Have the consent of their parents. - The Controller does not process any personal data of minors under the age of sixteen (16) years or minors whose age makes it unlawful to process their Data or requires parental consent to process the same under other local laws without the consent of their parents (hereinafter, the “Age Limit”).
- Only users over the Age Limit are allowed to register for the Sites.
- The Holder, moreover, encourages the registration on the Site of the parents of registered minor users: in this way, parents have the opportunity to use the Services and to be always aware of the initiatives that the Holder makes available to their children, and thus to check their compliance with their own expectations and educational models and paths.
- In connection with the provision of certain Services, the Owner does not require users to disclose their age, and/or is not in a position to learn of users’ ages.
- Therefore, the Owner invites all users who are under the Age Limit not to disclose their personal data under any circumstances without the authorization of a parent, reserving the right to inhibit access to the Services and/or exclude from the Sites any user who has concealed his or her minor age or who has otherwise disclosed his or her personal data in the absence of the
consent of their parents while being below the Age Limit.
K. YOUR RIGHTS.
- Please note that you can exercise your rights under Articles 15 to 22 of the GDPR at any time, including the right to:
- to obtain from the Data Controller confirmation as to whether or not Data concerning you is being processed and, if so, to obtain access to the Data, to know the purposes of the processing, the categories of Data processed, the recipients or categories of recipients to whom the Data has been or will be disclosed, the period of retention of the Data (if this is not possible, the criteria used to determine the period of retention), if the Data is not collected from the data subject, all available information on its origin, the existence of automated decision-making, including profiling (Article 15 of the GDPR, c.d. right
of access); - Obtain the rectification or integration of inaccurate Data concerning you (Article 16 of the GDPR, so-called right of rectification);
- Obtain the deletion of Data about you in the following cases: (a) the Data are no longer needed for the purposes for which they were collected; (b) You have withdrawn Your consent to the processing of Data if it is processed on the basis of Your consent; (c) You have objected to the processing of Data about you where it is processed for a legitimate interest of the Data Controller; or (d) the processing of Your Data does not comply with the law. However, we would like to point out that the retention of Data by the Data Controller is lawful if it is necessary to enable you to fulfill a legal obligation or to establish, exercise or defend a right in court (Article 17 of the GDRP, so-called right of erasure);
- To obtain that the Data concerning you be only retained without any other use of them in the following cases: (a) challenges the accuracy of the Data, for the period necessary to enable us to verify the accuracy of such Data; (b) the processing is unlawful but You still object to the deletion of the Data by the Data Controller; (c) the Data to You are necessary for the assessment,
the exercise or defense of a right in a court of law; (d) You have objected to the processing and verification is pending as to whether the Controller’s legitimate grounds for processing outweigh those of the data subject (Article 18 of the GDPR, so-called right of limitation); - Receive in a commonly used, machine-readable and interoperable format the Data concerning You processed by automated means, if they are processed by virtue of registration to the Sites or on the basis of Your consent (Article 20 of the GDPR, so-called right of portability);
- Obtain the cessation of processing in cases where Your Data are processed for direct marketing and/or profiling purposes, including in relation to products or services identical to those already purchased from the Data Controller and/or provided through the Site (Article 22 of the GDPR, so-called right to object).
- to obtain from the Data Controller confirmation as to whether or not Data concerning you is being processed and, if so, to obtain access to the Data, to know the purposes of the processing, the categories of Data processed, the recipients or categories of recipients to whom the Data has been or will be disclosed, the period of retention of the Data (if this is not possible, the criteria used to determine the period of retention), if the Data is not collected from the data subject, all available information on its origin, the existence of automated decision-making, including profiling (Article 15 of the GDPR, c.d. right
- Finally, we remind you that you have the right to appeal to the Guarantor for the Protection of Personal Data in 00187 – Rome (RM), Piazza Venezia, no. 11, to bring complaints and/or assert Your rights in relation to the processing of Your Data.
L. CONTACT INFORMATION FOR ASSERTING YOUR RIGHTS
- Requests to exercise the rights under Article 30 above should be addressed by writing to the e-mail “info@tramediluce.it.”
- Requests regarding the exercise of rights will be processed without undue delay and, in any case, within one month of the request. This deadline may be extended by a maximum of 2 (two) months, if necessary, taking into account the complexity and number of requests. In such a case, the Data Controller will inform the data subject of the extension, the reasons for the delay, within one month of the
receipt of the request. If the Data Controller fails to comply with the User’s request, the Data Controller will inform You without delay, and at the latest within 1 (one) month after receipt of the request, of the reasons for non-compliance and of the possibility of filing a complaint with a supervisory authority and seeking judicial remedy.
M. AMENDMENTS TO THIS POLICY
- Without prejudice to the fact that the Owner in any case does not proceed with processing operations other than those expressly authorized and/or requested by each user, this notice may be subject to changes to comply with new legal provisions, changed policies of
processing of personal data by the Owner and/or as a result of changes in the features of the Site and/or Services. - Any updated version of this policy will be made available on the Site in the dedicated section: therefore, the Owner invites all users to periodically consult the Site in order to be always informed of the latest version published.