PERSONAL DATA PROCESSING POLICY
PERSONAL DATA PROCESSING POLICY – Registration for Cartoons on the Bay Festival
pursuant to Art. 13 of (EU) Regulation 679/2016 and Art. 13 of Italian Legislative Decree 196/2003 as amended
RAI COM S.p.A., with registered office in Via Umberto Novaro, no. 18 – 00195 Rome (RM), tax code and VAT no. 12865250158, (hereinafter “RAI COM”) – as Data Controller – processes all personal data (“Data”) in compliance with the principles of lawfulness, fairness and transparency, and in accordance with the provisions of (EU) Regulation no. 2016/679 (hereinafter “GDPR”) and of Italian Legislative Decree no. 196 of 30 June 2003 amended by Italian Legislative Decree no. 101 of 10 August 2018.
Legal basis and Purposes of the processing
The Registration for Cartoons on the Bay Festival permits both the access to Cartoons on the Bay event and the possibility to upload and/or view the content of the “Pitch Me!” contest that allows creative Italian young people to present, for the first time, a number of innovative animation projects (hereinafter for the sake of brevity “Content”) to an audience of professionals. The Data collection – through the registration form – is necessary to allow the use of the requested service.
By filling in the form, the data subject (hereinafter “the Data Subject”) authorises RAI COM to process the Data provided and agrees to the purposes of the data processing described herein, including activation of access credentials and all activities related to the upload and viewing of the Content. No other data is necessary in order to carry out the service.
Processing methods and Data storage term
The Data are processed performing the operations specified under Art. 4 of Italian Legislative Decree 196/2003 and Art. 4, no. 2) of the GDPR, and particularly performing operations to: collect, record, organise, store, consult, process, modify, select, extract, compare, use, interconnect, block, disclose, delete and destroy data. The processing is carried out with the aid of electronic tools capable of protecting, at all times, the confidentiality and the rights of the Data Subject, according to the provisions of current legislation.
In compliance with the provisions of Art. 5, letter e) of the GDPR and the domestic law in force, the collected Data will be stored for a period of max. 10 years and/or for a storage term in any case not exceeding the term necessary for fulfilling the data processing purposes. Appropriate security measures are taken to prevent the loss of Data, illegal and improper use and unauthorised accesses.
In any case, RAI COM will take each and every care to avoid the use of Data for an indefinite time, and it will periodically verify in an appropriate manner if there is still an interest in the processing of such Data.
Communication of the Data
The Data provided might be accessed by RAI – Radiotelevisione italiana S.p.A. in the activities related to the management of the website and by Cosa S.r.l. (in charge for updating database). Both parties act as appointed Data Processors. The Data are used only in the territory of Italy, for the purposes specified, and shall in no way be disclosed to third parties, communicated and/or in any case subsequently transferred.
The updated list of the Data Processors can be obtained by sending a request to: email@example.com.
Rights of the Data Subjects
Pursuant to Art. 15 et seq. of the GDPR, the Data Subject is at any time entitled to request access to the Data and to verify their accuracy and/or to request their integration, update, correction, deletion, restriction of processing, including the right to object to processing for marketing purposes and for sending commercial notifications. The Data Subject also has the right to revoke his/her consent to the processing of his/her data at any time, without jeopardising the lawfulness of the processing based on the consent given prior to the revocation.
The GDPR allows the following specific rights to be exercised:
- confirmation of whether or not your personal data are being processed and, if so, to obtain access to them (right of access):
- correction of inaccurate personal data, or integration of incomplete personal data (right of correction);
- deletion of the data if one of the reasons envisaged by the Regulation exists (right to be forgotten);
- restriction of processing when one of the cases envisaged by the Regulation occurs (right of restriction);
- receiving, in a structured, commonly used and machine-readable format, the personal data you have provided to the Controller and sending said data to another Controller (right to portability).
To exercise the rights or to obtain information about the Data, you may send a specific request in writing to Focal Point Privacy of RAI COM S.P.A., to the following addresses:
- to the email address: firstname.lastname@example.org;
- or by post to Focal Point Privacy of RAI COM S.p.A., located in Via Umberto Novaro, no. 18 – 00195 Rome (RM), Italy
Without prejudice to all other administrative or jurisdictional actions, the Data Subject has the right to lodge a complaint with the Italian Data Protection Authority should he/she believe that the processing violates the GDPR.
Data Controller and Data Processor
The Data Controller is RAI COM S.p.A., which is located in Rome (Italy) in Via Umberto Novaro, no. 18, 00195, email address: email@example.com.
For those activities related to the maintenance and/or management of the technological part of the Videolibrary, an appointed Processor may process the Data provided. In the case of technical issues, please send a report by email to: firstname.lastname@example.org.