Registration to events
Information to be provided ex art. 13, GDPR
Identity and contacts of the Controller
1MED SA – Via Campagna 13 – 6982 Agno – Switzerland (CH), VAT CHE-345.019.233, phone +41 (0)91 605 40 50, e-mail firstname.lastname@example.org (hereinafter: “Controller” or “1MED”).
Source of data and purposes of processing
Personal data are provided directly by the data subject (participant) and consist of name, surname, e-mail, phone number, company and position in the company. They are processed for the following purposes:
- To register the user to the event, congress or webinar of interest
- To contact you for direct marketing purposes on our services and products, for surveys and market research
- To carry out statistics on the participants.
- To send newsletters
Means of data processing
- Personal data are processed by the Controller with manual, electronic and telematic means and stored in its filing system. Appropriate security measures are applied to prevent data from loss or alteration – even if accidental – unlawful or improper uses or unauthorised access.
- All processing will be carried out with criteria which take into account the purposes for which data have been collected and in accordance with the security measures in force.
- Statistical analysis referred to in point 3., “Source of data and purposes of processing” will be carried out elaborating data relating to the data subject and have as an outcome anonymous data which cannot be matched to the data subject any more.
Legal basis of the processing
Depending on the purpose of processing, the legal bases of the processing are:
- for the purpose referred to in point 1), paragraph “Source of data and purposes of processing”, the legal basis is article 6, par. 1, letter b), GDPR, since the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. In the present case, to allow the user to register to the event, webinar or congress of interest
- for the purpose referred to in point 2), paragraph “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f), GDPR, Recital 47, GDPR and Opinion 6/2014 of Working Party 29, par. III.3.1.) pursued by 1MED in keeping in touch with the user who has voluntarily requested to participate in the event, congress or webinar organised by us, in doing so, the user has expressed interest in and appreciation to our business activity and subjects in medical and pharmaceutical sector. This legitimate interest is pursued informing the data subject on other events, webinars, or congresses, so that the data subject can get to know these chances and decide, if wished, to take advantage of them; and the legal basis is the user’s consent (art. 6, par. 1, letter a), GDPR, since the data subject has given consent to the processing of his or her personal data for one or more specific purposes for direct marketing purposes on our services and products, for surveys and market research
- for the purpose referred to in point 3., paragraph “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f, GDPR, Recital 47, GDPR and Opinion 6/2014 Working Party 29, par. III.3.1.) pursued by the Controller in studying the characteristics of the participants so that 1MED can propose other events, webinars and congresses of general interest for experts in medical and pharmaceutical sector.
- for the purposes referred to in point 4., paragraph “Source of data and purposes of processing”, the legal basis is the user’s consent (art. 6, par. 1, letter a), GDPR, since the data subject has given consent to the processing of his or her personal data for one or more specific purposes
Processors, persons authorised to process personal data, autonomous controllers
- Data will be processed by the persons authorised for the processing and acting under the authority of the data controller and in charge of communication and institutional activities, business activities, organisation of event, webinar and congresses, and information technology and data security.
- Data will be processed by processors engaged by the Controller for the management of the website and for the elaboration of data for statistical purposes.
- Personal data may be processed by autonomous controllers (e.g.: Internet Provider) to carry out activities connected to the management of the accesses to the Internet and to this website and, if not here described, they shall provide the user with information ex art. 13, GDPR.
Communication and dissemination of personal data
- Data are not communicated to associations, companies or bodies, unless the data subject gives consent. In particular, data will be communicated to the Controller’s Affiliates if the user has given his / her consent.
- Data can be communicated to the owner of the location where the event, webinar or congress takes place and this does not imply the data subject’s consent because it is instrumental to the organisation of the event.
- Data may be communicated to supervisory authorities and judiciary or public bodies for their institutional tasks on their request or to assert, exercise, defend a right in judiciary by 1MED or by a third party.
- Data are not and will not be disseminated without the data subject’s consent.
Period of data storage
Data will be stored depending on the purposes of their processing. The period for which data will be stored is determined by the Controller as follows:
- for the purpose referred to in point 1), “Source of data and purposes of processing”, data will be stored for the period necessary to register and organise the event, congress or webinar of the user’s interest, included communications on the event (e.g.: change of date and location, sending material about the event). Afterwards, data will be erased unless otherwise provided for by supervisory authorities, law enforcement or judiciary as well as to exercise, enforce or defend rights of 1MED or of third parties in court.
- for the purpose referred to in point 2 and point 4).,“Source of data and purposes of processing”, data will be stored in our filing system until the duration of purposes or until revocation of consent.
- for the purpose referred to in point 3), “Source of data and purposes of processing”, data will be stored in our filing system for the period necessary to elaborate them to create statistical reports. In so doing, the outcome does not allow to trace the identity of the person, but anonymous data are useful to improve and adjust our offers of information and subjects to be dealt with in our events, webinars and congresses. Identification data will be, therefore, destroyed, unless otherwise provided by supervisory authorities, law enforcement or judiciary as well as to exercise, enforce or defend rights of the Controller or of third parties in court.
Where data are processed and transfers of personal data to third Countries
Processing takes place at 1MED’s headquarter and are performed by the persons authorised to processing. If need be, personal data can be processed by companies which are in charge of the technological management of the website (data processors designated pursuant to art. 28, GDPR), at their offices. It is understood that, if need be, the Controller will have the right to transfer personal data to third Countries or international organisations. In this case, the Controller assures that the transfer will take place in accordance with provisions laid down in articles 45, 46, 47 and 49, GDPR.
Data subjects’ rights
Pursuant to articles 15-22, GDPR, writing to the data controller at the postal address of the Controller or by e-mail email@example.com you may request the list of data processors and the list of third parties to which data can be communicated (e.g.: our Affiliates) and exercise your right of access, rectification, right to be forgotten, restriction of processing, data portability, and you can object to the processing of your data on legitimate grounds or for the sending of institutional and informational communications.
How to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Roma (RM – Italy) – www.garanteprivacy.it, e-mail firstname.lastname@example.org, format https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw ) to exercise and defend the right of data protection.
Data Protection Officer
Our Data Protection Officer can be contacted by e-mail email@example.com, for information on data processing.