Information on the processing of personal data pursuant to art. 13 of EU regulation 2016/679.
www.mtmagazine.it
Last update: 02.01.2024.
To Be Srl, owner of the website www.mtmagazine.it, intends to provide information on the management methods of the website and the pages connected to it (jointly, hereinafter, the “Site”) in relation to the processing and protection of personal data (“data”) of the subjects who navigate it (hereinafter “users” or “interested parties”) and in relation to the management of photographic and video recordings during the events organised.
This document represents a Notice pursuant to art. 13 of the European Regulation of 27 April 2016 n. 679 (hereinafter “GDPR”). The Notice may undergo changes following the introduction of new regulations or following changes to the Site, for which we invite users to periodically visit this section.
This information does not exclude that further information on the processing of personal data may be given to the interested parties also in different ways, for example through specific information following the request for a specific service or following the use of a specific section of the Site.
1 – Data controller
The data controller is:
To Be Srl
Lungo Dora Voghera, 34 – 10153 Turin
VAT: IT10052800017
PAID-UP SHARE CAPITAL: €18,000
COMPANY REGISTRATION NUMBER: TO-1101709
E-mail: info@tobevents.it | PEC: tobevents@pec.it
Any communication relating to the processing of personal data must be sent in written form, on paper or electronically, to the above addresses.
2 – Purpose and legal basis of the processing
The personal data collected through the Site are processed for the following purposes:
We also inform you that: in relation to the purposes referred to in the previous letter a), the legal basis lies in the legitimate interest of the Data Controller (art. 6.1 letter f) GDPR) to guarantee the correct functioning of the Site and its improvement; in relation to the purposes referred to in the previous letter b), the legal basis lies, depending on the case: in the need to execute pre-contractual measures adopted at the request of the interested party - for example request for a quote - (art. 6.1 letter b) GDPR) or in the legitimate interest of the Data Controller (art. 6.1 letter f) GDPR) consisting in the need to respond to the requests of the interested party, taking into account his reasonable expectations.
3 – Nature of the provision of data and consequences of refusal
The provision of data for the purposes referred to in the previous letters a), b) and c) is necessary, respectively, for the correct functioning of the Site and to process the requests of the interested party (e.g.: obtaining information on products or services, participation in events, etc.). The refusal to provide data in relation to the aforementioned purposes could therefore entail, respectively, the impossibility of navigating the Site, viewing all its contents and accessing the related services and fulfilling the requests of the interested party.
4 – Type of data processed
In pursuing the purposes indicated above, the Data Controller will process the following information and categories of data:
Browsing data: the computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. This data is used for the sole purpose of obtaining anonymous aggregate statistical information on the use of the Site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or other users, only upon request of the competent supervisory bodies. The above information can be collected automatically through cookies and other similar technologies. For more information and to customize your browsing choices, we invite you to consult our Cookie Policy.
Data provided by the user: such as, for example, identification data (name, surname), contact data (telephone number, e-mail address, etc.) and/or identification data of the requesting legal person (VAT number, sector of belonging, physical address) or other personal data voluntarily provided in the compilation of data collection forms and/or through the voluntary sending of e-mails will be processed according to the principles of correctness, lawfulness and transparency, as well as in compliance with the principle of "minimization", i.e. by acquiring and processing the data limited to what is necessary with respect to the purposes pursued listed in point 2.
Audio, photographic and video recordings: During the events organized, audio, photo and video recordings may be made in order to provide promotional communication after the event itself. The participant in the event therefore authorizes To Be Srl to use free of charge such recordings containing his/her image on the following means of diffusion: website, social channels (Facebook, Instagram, X, Tik Tok, Linkedin, Theads) and press media such as periodicals, newspapers or other press media.
5 – Processing Methods
The processing of your personal data will be carried out using paper and computer tools, in compliance with the provisions on the protection of personal data and, in particular, the appropriate technical and organizational measures referred to in art. 32.1 GDPR, as well as with the observance of any precautionary measure that guarantees its integrity, confidentiality and availability. The processing referred to in this Policy is not subject to automated decision-making processes.
6 – Categories of data recipients
The data provided by you may be transferred to third parties for promotional and commercial purposes deemed to be of potential interest to you. The aforementioned sharing will take place with companies acting as sponsors/partners of the events in which the Subject participates.
7 – Transfer of personal data to third countries
The Data Controller does not intend to transfer data to countries outside the European Union/EEA Area. In any case, the Data Controller ensures that any such transfers will take place in compliance with specific standard contractual clauses approved by the European Commission pursuant to art. 46 GDPR or to countries that the European Commission has deemed to guarantee an adequate level of protection, in compliance with the provisions of art. 44 et seq. GDPR. Any exceptions to the above will only take place in compliance with art. 49 GDPR.
8 – Retention period
Personal data collected in order to respond to requests for information will be retained for the time necessary to provide the response to the interested party and in any case no longer than 24 months from the processing of the request.
Please be advised that, at the end of this period, the data will be subject to irreversible cancellation or anonymization. A longer period of data retention may be determined by requests made by the Public Administration or by another judicial, governmental or regulatory body or by the Company's participation in judicial procedures that imply the processing of personal data.
9 – Rights recognized to the interested party
The interested party may exercise the rights granted to him by the GDPR at any time, in the manner described in the previous paragraph 1). In particular, the interested party is entitled to:
Right of access: The data subject may ask us whether or not we process any of his or her data and, if so, he or she may obtain from us access to such data in the form of a copy. When the data subject makes a request for access, we also provide him or her with additional information, such as the purposes of the processing, the categories of personal data concerned and any other information necessary for the data subject to exercise this right.
Right to rectification: The interested party has the right to rectify his/her data in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data and, taking into account the purposes of the processing, complete incomplete data.
Right to erasure: The interested party has the right to have his/her personal data deleted. The deletion of personal data can only occur in certain cases, listed in Article 17 of the GDPR. This includes situations in which the personal data of the interested party are no longer necessary in relation to the initial purposes for which they were processed, as well as situations in which they were processed unlawfully. In relation to the ways in which we provide some services, we inform you that it may take some time before the backup copies are deleted. We also inform you that the Data Controller will, within the limits of the state of the art, delete the personal data of the interested party, unless the retention of the same is required by law.
Right to restriction of processing: The data subject has the right to obtain the restriction of the processing of his or her personal data, which means that we suspend the processing of the data subject's data for a certain period of time. The circumstances that may give rise to this right (art. 18 GDPR) include situations where the accuracy of the personal data has been contested, but it is necessary to take some time to verify their (in)accuracy. If the data subject has obtained the restriction of the processing of your data, we will inform him or her before the restriction is lifted.
Right to object: The interested party has the right to object to the processing of his/her personal data, which means that he/she can ask us to no longer process his/her personal data for certain purposes (e.g. direct marketing). We inform you that this right is recognized to the interested party only in particular circumstances (art. 21 GDPR) and, in particular, in the event that the legal basis of the processing is constituted by the legitimate interest of the Owner.
Right to data portability: The right to data portability means that the data subject can ask us to provide him or her with his or her personal data in a structured, commonly used and machine-readable format and to ask us to transmit those data directly to another data controller, where this is technically feasible.
Right to withdraw consent: The interested party has the right to withdraw consent to the processing of personal data at any time, if the processing is based on his/her consent. In any case, the withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal. The withdrawal of consent may lead to the suspension of the services provided (for example, suspension of the reserved area).
10 – Right to lodge a complaint with the supervisory authority
The interested party also has the right to lodge a complaint with the supervisory authority, if he/she believes that a processing concerning him/her violates the GDPR and/or the current legislation on the processing of personal data. Please note that in Italy this Authority is represented by the Garante per la Protezione dei Da Personali, with headquarters in Rome.
The Interested Party not resident in Italy may lodge a complaint with the Supervisory Authority designated in his/her country of residence.