Privacy App 2023
PRIVACY NOTICE RESERVED AREA
“Meeting Rimini”
In accordance with Article 13-14 of EU Regulation No. 679/2016, we would like to provide you with a simple and clear privacy notice on how we will process the personal data you provide us directly when using this APP.
The Data Controller for the data processing is Fondazione Meeting per l’Amicizia tra i Popoli ETS, with registered office at Via Flaminia, 18, 47923, RIMINI (RN), Italy.
Email contact: meeting@meetingrimini.org
Phone contact: +39.0541.783100
The Data Protection Officer
Although not required by current regulations, Fondazione Meeting per l’Amicizia tra i Popoli ETS has deemed it appropriate, in order to ensure compliance with current regulations and to protect the rights of data subjects, to appoint a Data Protection Officer (DPO).
Email contact: dpo@meetingrimini.org
Each information point is structured as follows:
- What personal data we process
- Why we process it (purpose and legal basis)
- What happens if we cannot process the data
- How long we retain the data
- Who may have access to my data?
WHAT IS THE LIFE CYCLE OF PERSONAL DATA?
PERSONAL DATA SUBJECT TO PROCESSING, PURPOSE, AND LEGAL BASIS OF PROCESSING
CREATION OF ACCESS CREDENTIALS: MANDATORY DATA
We use your data to create your account for using the App.
- Within the APP, we process the following personal data: User ID, First Name, Last Name, Date of Birth, Email Address, Password, logs, and information related to activities, consents, and authorizations provided.
- The above-mentioned data is collected for the purpose of creating the user account necessary for using the app. The processing of data is necessary to fulfill the service requested by the user. In accordance with Article 8 of the GDPR and Article 2-quinquies of Legislative Decree No. 196/2003, minors who have reached the age of 14 may give consent for the creation of access credentials.
- Providing the data is mandatory since, due to the nature of the APP itself, registration and assignment of access credentials are not possible without it.
- The data is processed for the entire period of activation of the access credentials. In case your account is deactivated, all your personal data, access credentials, and generated tickets will be deleted. If there is no access for a period of 24 months, the account will be deactivated. For the legitimate interest of the Data Controller, all personal data and information that allows documenting the authorizations and consents given by the data subject and verifying their identity will be retained even after deactivation and deletion of the account.
- The data will not be communicated or disclosed without your consent. Access credentials are confidential.
CREATION OF ACCESS CREDENTIALS: OPTIONAL DATA FOR ORGANIZATIONAL AND STATISTICAL PURPOSES
We use your data for statistical purposes and to improve the organization and logistics of events.
- Within the APP, we process the following personal data: Gender, Province of Residence, City, Country, Education Level, Profession
- The data is collected during the user account creation process, which is necessary for using the app. The processing of data is based on consent. The data will be used for statistical analysis, including improving the organization and logistics of events.
- Providing the data is optional, as it is still possible to create access credentials for using the app without providing them.
- The data is processed for a period limited to the necessary analysis activities to extract statistical data, but not exceeding 24 months. Aggregated data that cannot identify individuals will be stored by the data controller without time limits.
- The data will not be communicated or disclosed without your consent.
CONTACTS AND INFORMATION
If you send us an email or use a contact form, we will use your data to provide you with the requested information.
- Within the APP, we process the following personal data as provided during registration.
- The processing is based on the consent of the data subject to respond to their information requests and clarifications about the services provided by the data controller.
- Failure to provide the data makes it impossible to forward the requests and respond to the data subjects.
- The data is processed for the time strictly necessary to respond to the information and contact requests.
RECEIVE OUR NEWSLETTERS
Stay updated and receive invitations to new activities and events of the Rimini Meeting.
- Within the APP, we process the following personal data as provided during registration.
- By subscribing to our newsletter, you will receive email messages to stay updated on our events, initiatives, news, and receive invitations to them.
- You can enjoy all our products or services even without giving consent to receive newsletter or marketing messages.
- We process the data for marketing purposes until you revoke your consent or exercise your right to object to the processing.
GENERATE A TICKET: BOOK ENTRY DATE OR SIGN UP FOR AN EVENT
Generate your Ticket to book access to the Meeting and sign up for scheduled events.
- Within the APP, we process the following personal data: Account Credentials, First Name and Last Name, Event of Registration.
- You can book the access to the Meeting or sign up for a scheduled event using the App and generating a Ticket. The data will be processed for the execution of the requested service. Only adults can request the generation of an entry and booking Ticket.
- Personal data is necessary for the creation of the Ticket, for the proper management of reservations and physical access.
- The data related to the generated Tickets is necessary for the period related to the management of the reservation and the conduct of the event. The generated tickets will be deleted at the end of the edition for which they were generated. The data may be kept for an additional period if necessary for defense in case of non-judicial or judicial procedures.
- We do not communicate, disclose, or share the data with third parties. Within the organization, our volunteers or authorized personnel may access the information to provide you with assistance.
GENERATE A TICKET FOR A MINOR: BOOK THE DATE OF ENTRY OR SIGN UP FOR AN EVENT
As a parent or person exercising parental responsibility, you can generate a ticket on behalf of a minor who wants to access the Meeting and sign up for an event.
- Within the APP, we process the following personal data: Account credentials/email address, First and Last Name, Associated first and last name of the minor, Declared parent/guardian status, Event of registration.
- Minors cannot book dates for accessing the Meeting or sign up for scheduled events. In case of a request to generate a ticket, the minor must enter the email address of their parent/guardian, who will receive a notification to authorize the operation.
- The data will be processed for the execution of the requested service.
- Personal data is necessary for the creation of the ticket and for the proper management of reservations and physical access. The generated tickets will be deleted at the end of the edition for which they were generated. The data may be retained for a longer period if necessary for defense in non-judicial or judicial proceedings.
- We do not communicate, disclose, or share data with third parties. Within the organization, our volunteers or authorized personnel may access the information to provide assistance.
JOIN A GROUP
Join a group to facilitate reservations and registrations with your friends.
- Within the APP, we process the following personal data: First and Last Name, Event of registration.
- The user who creates a group as an administrator can invite other users to participate in order to facilitate booking and event registrations. Participation in the group is based on the consent expressed by accepting the invitation. In the case of minors, only their associated parents/guardians can add them to a group.
- Failure to accept the invitation prevents joining the group and allowing the administrator to make reservations and registrations on your behalf.
- The user can leave the group at any time. The administrator can delete the group at any time. Deleting the group does not result in the deletion of personal data from individual user accounts.
- Only the system administrator can see your data.
ARE YOU A GUEST?
We have received your data to help you participate in the Meeting.
- Within the APP, we process the following personal data: First and Last Name, Email Address, Date of Birth, Event of registration, Associated friend profile.
- For those who do not have an account in the Meeting Rimini app, it is possible to create a guest profile with the help of a friend who provides the data. We will send a notification (via email) of the data submission to allow the Guest to object, in order to remove the Ticket and delete their data. The processing is based on the legitimate interest of the Data Controller to create access procedures for participants who do not have the ability or do not intend to use the Meeting app, which is the preferred means for managing entries.
- Personal data is necessary for the creation of the ticket and for the proper management of reservations and physical access. In case of objection, we will delete the data and the Ticket.
- The data related to the generated Tickets is necessary for the period related to the reservation management and the conduct of the event. The generated tickets will be deleted after a short technical period necessary for their management. In case of objection, we will delete the data and the Ticket.
- We do not communicate, disclose, or share data with third parties. The Guest will be informed of the identity of the person who created the Ticket on their behalf.
- Your data for creating the Ticket has been provided by a third party who has declared their intention to help you access the Meeting.
PERSONALIZED MESSAGES
Meeting Rimini may propose, via email, content and invitations to events and initiatives similar to those I am registered for (consent to profiling).
- With your consent, we will analyze the events and other initiatives you have registered for using the app, or the requested and received content via email, to send you email messages with content, invitations, and proposals similar to your interests.
- Profiling is based on the consent of the data subject. No automated decision-making is applied, and your consent allows us, for example, to invite you to events similar to the ones you have visited, inform you about new editions of events you have participated in, or propose products and services that we think may interest you.
- The data subject has the right to object to the processing related to profiling.
STATISTICS AND FURTHER STORAGE
In order to improve our services, we perform statistical analysis. These analyses are carried out to extract aggregated data reports, without creating profiles on individuals.
- In the event of deactivation of your account, all your personal data, login credentials, or bookings made will be deleted. However, data related to consents given for the processing of personal data will be retained.
- Following the deactivation of accounts and the deletion of personal data, we retain the data in an anonymized form (not attributable to the data subject) for statistical purposes.
HOW ARE PERSONAL DATA PROCESSED?
- The collected data is processed using computer tools. Appropriate security measures are observed to prevent data loss, unauthorized or incorrect use, and unauthorized access.
- The Data Controller collects personal data through specific forms in the application or through permissions granted to access information on the mobile device used.
- In the event of uninstalling the application, your data and bookings will be retained as long as your login credentials and user profile are active.
- If you do not access your user profile using your credentials continuously for a maximum period of 24 months, your account will be deactivated, and all the data entered therein will be deleted, except for the data necessary to comply with legal obligations. Furthermore, for the legitimate interest of the Data Controller, all personal data and information that document the authorizations and consents given by the data subject and verify their identity will be retained even after deactivation and deletion of the account. The processing for which you have previously given consent remains valid.
- The Controller sends email messages to users who have given specific consent through a newsletter management service.
WHAT PERMISSIONS DO WE REQUEST AND WHAT DATA DO WE STORE ON YOUR DEVICE? INDIVIDUAL FUNCTIONALITIES
During installation and subsequently through system configurations, it is possible to manage the following device permissions.
- Read and write to the mobile device (private space of the app): to save user preferences, login session, data cache;
- User calendar (write only): to add events to the calendar upon explicit user request;
- Vibration: for feedback on certain actions;
- Internet connection: to access data;
- Network connection status control: to delay data reading/writing when offline;
- Camera: to take photos for use as avatars;
- Image gallery: to select a photo as an avatar and save the generated ticket.
SECURITY AND DEVICE INFORMATION
- Access logs and metadata are stored for information security purposes to protect the legitimate interest of the Data Controller in ensuring the security and protection of intellectual property.
- For technical needs related to the application development platform, some technical data related to the device used during the application usage may be processed, such as hardware or software technical components of the device.
- Technical data may include user ID, access IP address, device brand and model, operating system and its version, crash date and time, crash debug data, app version.
- More information about technical data collected by the provider: https://firebase.google.com/support/privacy
- Data is also processed after the potential account deletion to protect the legitimate interest of the data controller in documenting consents and authorizations received from the data subject, as well as for asset protection and security checks.
Personal data is processed exclusively within the European Union. In some cases, the use of certain features or the technical operation of the app may involve the transfer of some data outside the European Union. In these cases, the service providers (e.g., Microsoft, Google LLC for the United States of America) undertake to protect personal data based on Standard Contractual Clauses pursuant to Art. 46 of the GDPR.
WHO PROCESSES PERSONAL DATA?
Personal data is processed by authorized internal subjects who have received specific training and appointments, and who are bound by professional secrecy and utmost confidentiality. Personal data is processed by companies and professionals responsible for updating and maintaining the website or the app, or providing other services to the Data Controller, formally designated as data processors under Art. 28 of the GDPR and bound by technical and organizational security measures to ensure the protection of personal data of the data subjects. Among the data processors, there are some software component providers of the application who may request permissions to access data, device and application information, IP address, in order to provide necessary services for the proper functioning of the application or for additional purposes.
THE DATA SUBJECT HAS THE RIGHT TO REQUEST THE DATA CONTROLLER:
– Access to their personal data. The data subject can obtain confirmation of the ongoing processing of personal data concerning them and obtain more information about the processing and a copy of the personal data.
– Rectification of personal data. The data subject can request the rectification of personal data at any time to ensure the accuracy of the processed personal data.
– Erasure of personal data. The data subject can obtain the erasure of personal data in the cases provided for in Art. 17 of the GDPR.
– Restriction of processing concerning them. The data subject can request the restriction of processing by opposing the erasure if the data is necessary for the exercise or defense of a legal claim.
– With regard to personal data processed by automated means, the right to data portability. The data subject has the right to receive personal data in a structured, commonly used, and machine-readable format.
– The data subject can object to the processing of personal data
The data subject has the right to object at any time to the processing of their personal data.
WHEN THE PROCESSING IS BASED ON CONSENT, THE DATA SUBJECT HAS THE RIGHT TO WITHDRAW THEIR CONSENT AT ANY TIME.
If the data is deleted, the processing for which you have previously given consent remains valid. If you want to revoke your consent to receive newsletters, personalized messages, or for statistical purposes, or for other purposes mentioned in the information, use the appropriate function of the app before requesting the deletion of your account, or if you want to revoke consent after deletion, send a request to the contact point privacy@meetingrimini.org.
The data subject can request more information or exercise their rights provided for in Articles 12-22 of EU Regulation No. 679/2016 by contacting the contact point of the Data Controller by sending an email to privacy@meetingrimini.org or a simple letter addressed to the Data Controller’s office.
The data subject has the right to lodge a complaint with the Italian Data Protection Authority: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
Revision of this document: A3-20230628 of June 28, 2023