In compliance with the current legislation on the protection of personal data (EU Regulation no. 679 of 2016), we wish to inform you that the processing of your personal data will be carried out with fairness and transparency, for lawful purposes and to protect your privacy and rights.
Pursuant to articles 13 and 14 of EU Regulation no. 679/2016 and according to the provisions of article 13 of the aforementioned EU Regulation, we wish to inform you of the following: The processing of your information will be based on principles of correctness, lawfulness and transparency and by protecting your privacy and rights.
1. Purpose of the data processing, nature of the data, obligation to provide them, consequences and storage period:
The data may be collected because they have been communicated by the customer companies within the framework of a contract or because they have been received from the data subject (art. 6, paragraph 1, letter a) GDPR – General Data Protection Regulation), because they have been collected within the framework of a contractual relationship (art. 6, paragraph 1, letter b) GDPR), as well as according to the criterion of legitimate interest (art. 6, paragraph 1, letter f) GDPR).
The personal data processing concerns those data which have been communicated by the Participants during training events or by their Teachers and/or speakers or similar professionals through the registration to the training events carried out directly or through the organizational secretariats and customer companies. If legitimately requested by the customer and in line with the purposes of the service, information concerning the users’ health may be collected, always provided directly by the data subjects and at their discretion.
Data processing is also carried out with the aid of computerised means for the following purposes:
These services may include your participation in an event organised by BTCongress. The data processed are: your particulars: name, surname, contact details, taxpayer’s code number and/or VAT number, date and place of birth, list of services and products requested and/or booked or purchased. We also need to know your email address in order to contact and help you in case of problems related to your registration.
For this data processing we require your consent. If you refuse to provide your personal data, we will not be able to confirm your booking or provide the services you requested.
The data processing will cease at the termination of the contract but some of your personal data may or must continue to be processed for the purposes and in the manners indicated in the following paragraphs;
In fact, the data processing is necessary for the definition of the contractual agreement and its subsequent implementation. The data processed are: name, surname, room type, date of arrival and departure. In some cases special data, the so-called “sensitive data”, may be given (e.g. for information on particular needs related to your health). For this data processing we require your consent. If you refuse to provide your personal data, we will not be able to confirm your booking or provide the services that you requested. The data processing will cease upon your departure, but some of your personal data may or must continue to be processed for the purposes and in the manners indicated in the following paragraphs;
The data processed are: name, surname, contact details, taxpayer’s code number and/or VAT number, unique code, services and products purchased. For these purposes, the data processing is carried out without the need to obtain your consent.
The data are processed by us and by our employees and they are disclosed to the outside only in compliance with legal obligations. If you refuse to provide the data necessary for the fulfillment of the above, we will not be able to provide the services that you requested. The data collected for such purposes are stored by us for the period of time required by the respective regulations (10 years, and even longer in case of tax assessments);
The data processed are: name, surname, contact details, date and place of birth, taxpayer’s code number and/or VAT number, unique code, email address, services and products purchased. For this purpose, after obtaining your consent, which is revocable at any time, your data will be kept for a maximum period of 10 years, and when you are our customer again they will be processed for the purposes referred to in the preceding paragraphs;
The data processed are: your particulars:
name, surname and contact details: email address, mobile number, address of residence. For this purpose, after obtaining your consent, your data will be kept for marketing
purposes for a maximum period of 24 months and they will not be disclosed to third parties. You may revoke your consent at any time;
Free sending of documents related to the event
The data collected are, for instance, your name and surname, date and place of
birth, permanent address of residence and/or domicile, email address, mobile number, education, academic training, skills, work experience, profession, employer, job position.
For this purpose, the data are processed without the need to obtain your consent, as they are required to obtain potential training credits. Your data will be kept for a maximum
period of 10 years and in case of accreditation they will be disclosed to the relevant institutions.
2. Legal basis for the the data processing
The legal basis for the data processing is the EU Regulation 2016/679 and the cases provided for in the new regulation. In this particular case, the legal basis is the contract
concluded with you, the legal obligations, the consent that you freely choose to give when we ask for it as well as the criterion of legitimate interest (Art. 6, paragraph 1, letter
f) GDPR).
3. Nature of the data, procedure and logic of the processing
The personal data necessary to enjoy our services are non-sensitive personal data. In some cases sensitive data are processed in order to provide you with a better service or because you have special health needs and you require a specific service among the accommodation services related to the participation in the event: (room for people with disabilities, possible allergies or intolerances).
The personal data processing is carried out by means of the operations listed in art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, restriction, disclosure by transmission, erasure and destruction of data. Your personal data are processed both on paper and electronically and the most appropriate security measures to ensure privacy are implemented.
There is no automated decision-making process that can produce significant effects on the data subject but the data are processed after verification by an operator.
4. Intention of the Data Controller
The Data Controller does not wish to transfer your personal data to a third country. If this happens for particular types of processing, the transfer of personal data to third countries or international organizations occurs in compliance with the rules laid down in the EU Regulation for the transfer of data to non-EU countries.
5. Data recipients i.e. the people to whom the personal data of the data subject may be disclosed
Without prejudice to the disclosures and diffusions made in compliance with legal obligations, your data may be disclosed to the following people:
- Customer companies requiring the training service, the consultancy service, the CME (continuing medical education) service or external service providers (including external consultants, IT consultants and the technical assistance staff who carry out tests and development activities on IT systems);
- Scientific Associations or Companies requiring the event;
- Our operators who are duly responsible, in charge and authorized to the processing;
- Professional companies/offices that provide assistance, consultancy or collaboration to the Data Controller in accounting, administrative, fiscal, legal, tax and financial matters, to public administrations for the performance of their institutional functions within the limits established by law or by regulations and to third party service providers who need the data for the fulfilment of contractual services.
- Partners of the company or partners of the companies that may host you to provide additional services, such as companies that organize transfers to and from the airport, companies that organize specific tours, etc.
- Your personal data are not subject to dissemination and marketing.
We also inform you that – without prejudice to the request for your consent when it is required by law – the aforementioned personal data processing may be carried out by subjects who are given the right to access your personal data by law provisions or by regulatory or community regulations.
6. Exercise of rights
In any case we can confirm that we process your personal data, you have the right to access/rectify/request the erasure of your data in certain cases as well as request their restriction, oppose their processing or exercise the right to data portability by requesting a copy of them via email to: biomedicalsede@tin.it.
You have the right to request the immediate erasure of your data after making a request. You have the right to access your personal data and rectify any inaccuracy or incompleteness. You have the right to lodge a complaint with the Data Protection Authority if you consider that the processing does not comply with the principles of the EU Regulation 2016/679;
7. The Data Controller
The Data Controller is Biomedical Technologies srl in the person of its legal representative – Registered Office: 1, Via Cugia – Cagliari. You can contact our Company by sending an emailThis version of the information regarding personal data processing has been updated on the 25th of November 2019.