Privacy notice for the processing of personal data

With this document, we inform you that your data will be processed in the following ways and for the following purposes:

Joint Controllers and Data Protection Officer

The companies of the RINA Group (hereinafter the "Joint Controllers" or "RINA") are the Joint Controllers of the processing and can be reached through the contacts indicated on the website www.rina.org. The Data Protection Officer can be contacted at the email address rina.dpo@rina.org.

The Joint Controllers have defined an agreement within which their respective roles and relationships have been identified. In summary, the Joint Controllers undertake to carry out all the obligations provided for by the personal data protection regulations, in full compliance with the guidelines, the code of ethics, and the Group's procedures. Personal data is processed according to the principles of legality, fairness, and minimization, ensuring confidentiality and privacy. The agreement provides that the contact point for the exercise of the rights of the data subjects is the email address: rina.dpo@rina.org.

1. Applicability of the notice and types of personal data processed

RINA processes your personal data (hereinafter also "data") if you have participated in initiatives such as conferences, webinars, interviews, events, fairs, training activities organized by the Joint Controllers.

If in your relationship with RINA it is necessary to provide personal data of third parties, do not forget to inform these subjects of the communication of their personal data and invite them to read this notice. RINA will also inform them where possible.

The types of personal data processed for the purposes of this notice are:

• identification, personal, and contact data (e.g., name, surname, email address);
• photographic and audiovisual images.

2. Purposes and legal bases of the processing

With the processing of the above data, the following purposes will be pursued:

• collect and store the release through which the use and publication of your photographic, video, and audio images are authorized;
• manage the organization of the initiative;

Any refusal to provide the data will result in the impossibility of participating in the initiative itself.

The legal basis that legitimizes the processing of the aforementioned data lies in the execution of a contract of which you are a part or in the execution of pre-contractual measures adopted at your request as well as in the execution of any applicable legal obligations.

• carry out promotion, dissemination, and communication activities both internally and externally of the RINA Group's activities.

The legal basis for such processing is your consent; you will always be free to revoke it in the manner indicated in paragraph 6 of this notice. The refusal of consent to the processing will have the sole consequence of the impossibility of receiving newsletters, commercial material, or engagements in collaborative initiatives.

3. Methods of processing and data storage

Personal data is processed by RINA in compliance with the principles of lawfulness, fairness, and transparency.

By giving your consent, you agree to the recording and reproduction of your image in any way or form, as well as, by way of example but not limited to, the editing, adaptation, processing, and reduction of the same.

At the same time, you authorize its publication, distribution, projection, transmission, and dissemination through any internal and external communication channel adopted by RINA (such as intranet, company website, social networks, blogs, etc.) in Italy and abroad.

In any case, the adoption of all appropriate technical and organizational measures to ensure the security of personal data pursuant to EU Regulation 679/2016 is ensured.

RINA will store the images using any technological support for the above purposes for a period not exceeding 10 years. After 10 years from the collection of the data, the data will be deleted from the Joint Controllers' archives.

4. Data recipients

Your data may be made accessible for the purposes referred to in paragraph 2 to subjects authorized to process by RINA and, if you have given your consent, disseminated by the Joint Controllers through any internal and external communication channel adopted by the RINA Group (such as intranet, company website, social networks, blogs, etc.) in Italy and abroad.

5. Data transfer

Personal data is stored on servers located within the European Union. It is understood that RINA, if necessary, will have the right to transfer personal data to non-EU countries. In this case, the transfer of data outside the EU will take place in accordance with the applicable legal provisions, including through the provision of standard contractual clauses provided by the European Commission and the adoption of binding corporate rules for intra-group transfers.

6. Data subject rights

As a data subject, you have the right to:

• i. obtain confirmation of the existence or otherwise of processing of your personal data, as well as a copy of such data;
• ii. obtain details of: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in cases of electronic processing; d) RINA's identification details, the data processors, and the data protection officer; e) the entities or categories of entities to whom personal data may be communicated or who may become aware of it as designated representatives within the state, data processors, or individuals in charge;
• iii. obtain: a) the updating, correction, or integration of data; b) the deletion, anonymization, or blocking of data processed unlawfully; c) certification that the operations referred to in a) and b) have been notified, including as regards their content, to those to whom the data has been communicated or disseminated, unless this proves impossible or involves a disproportionate effort; d) obtain from RINA, in a structured, commonly used, and intelligible format, the personal data concerning you and, where technically feasible, obtain the direct transmission of such data from one controller to another;
• iv. object: a) to the processing of your personal data, even if relevant to the purpose of collection; b) to the processing of your personal data for sending advertising material or commercial communications via e-mail;
• v. withdraw consent previously given.

As a data subject, you also have the right to file a complaint with the competent supervisory authority.

7. Exercising rights and communications

RINA Group has appointed a Data Protection Officer who can be contacted at any time for all matters relating to the processing of personal data and the exercise of related rights by sending an email to rina.dpo@rina.org.

Please note that you have the right to withdraw consent at any time by writing to rina.dpo@rina.org.

Privacy notice update

This notice was updated in January 2025.

RINA reserves the right to further update this notice to reflect changes in applicable privacy regulations and internal data protection procedures. RINA encourages to periodically consult the website www.rina.org for information on any changes.