Privacy notice -

Privacy notice

Pursuant to art 13 of Regulation (EU) 2016/679 (hereinafter, the “GDPR”) we inform you that your data will be processed by the following means and for the following purposes:

1. Data controller

The data controller is RINA S.p.A., whose registered office is in Genoa (Italy), via Corsica 12, Tax code and VAT n° 03794120109 (hereinafter the “Controller”)
The Controller can be contacted via the e-mail address of the Data Protection Officer

2.Processing activity

The Data Controller processes personal data (name, surname) and contact details (telephone contact and e-mail address) that you have communicated by filling in the form available on the website section dedicated to registering for the event.
Moreover, in case of participation in the event, the Processor will process your images, as during the event videos and / or photographs will be taken to document the success of the initiative.

3. Purpose of processing

The controller processes the personal data for the following purposes:
a) administrative management of the attendance in the event;
b) execution of specific activities and sending of material related to the event;
c) sending further communications regarding events and future free similar initiatives with the same purposes;
d) Your images will also be processed to document the success of the event, with the possibility of publication on the web site, or on the company’s official social media channels, such as Facebook, Instagram, Linkedin, etc.

4. Processing method

The Controller will process personal data in accordance with the principles of lawfulness, fairness and transparency.

Your personal data are processed by means of the following operations: collection, recording, organisation, structuring, storage, consultation, adaptation or alteration, use, dissemination, disclosure by transmission, retrieval, alignment or combination, restriction, erasure or destruction of the data. Your personal data are subjected to both hard-copy and electronic processing.

The Controller will process the personal data for the time necessary to carry out the purposes indicated above and, in any case, for not more than 2 years from collecting data.

The Controller should have a documented need to store the data for a period longer than 2 years if the erasure could compromise its legitimate right to defence or in general, to safeguard its company assets. Such further storage shall take place, limiting access to said data to the head of the legal department only, in order to guarantee the legitimate exercising of the right of defence of the Controller.

5. Access to data

Your data may be made accessible for the purposes indicated in art 3 to the following recipients:

1. affiliate companies or subsidiaries of RINA Group, in Italy and abroad, to the extent to which this is necessary for processing;
2. companies or other third entities (credit institutions, professional firms, consultants, insurance companies for providing insurance services, auditing companies, supervisory institutions, etc.) who carry out activities on an outsourcing basis, on the Controller’s behalf, acting as a data Processor;
3. public entities, for fulfilling legal obligations.

Without requiring your explicit consent, the Controller may communicate your data for the purposes indicated in art 3.a to supervisory bodies, judicial authorities, insurance companies for providing insurance services, as well as to entities to which communication is mandatory in terms of the law, for carrying out said purposes.

6. Transfers of data

Personal data are stored on servers located within the European Union. In any case, it is understood that, should this be necessary, the Controller will have the right to move the servers even outside the EU. In such a case, the Controller hereby guarantees that transfers of data outside the EU will be done in accordance with the applicable laws, also by means of including standard contractual clauses provided for by the European Commission, and adopting binding corporate rules for intra-group transfers.

7. Legal basis of processing

The Controller processes your personal data collected in the context of the existing contractual relationship or in a specific activity carried out by the Controller also in order to pursue the legitimate interest related to the consolidation (or strengthening) of the relationship. The provision of your identification and contact data and the related processing for the purposes referred to in art. 3.a and 3.b are necessary to guarantee participation. In the case of failure to provide your data you will not able to participate in the event. The processing of your data for the purposes referred to in art. 3.c. it is optional and you will be able to object to this processing t at any time by writing to:

Finally, for the processing of your images for the purposes referred to in art. 3.d it is necessary to collect specific authorization consent, pursuant to art. 6 lett. a) GDPR and other data protection legislation. The consent is intended for the free use of images and video footage that could accidentally affect the participants first-hand or in group photos. By registering and participating in the event, you will express your consent to the processing of your images for the purposes set.

8. Rights of the data subject

As a data subject, you have the rights provided by the Regulation, exercisable asking to the data Controller by contacting the Data Protection Officer: access to personal data, indication of method, purposes and logic of processing and request for limitation, objection or portability, correction and deletion, within the limits and in the methods indicated in GDPR.

Where data processing is based on consent, you have the right to revoke it at any time.

Furthermore, it is always entitled to object to the sending of communications regarding events and future free initiatives of the same kind and purpose. Therefore, as a data subject you have the rights referred to in Articles 15 - 21GDPR, as well as the right to lodge a complaint with the competent Authority pursuant to art. 77 GDPR.

9. Procedure for excercising rights and communications

The Controller has appointed a Data Protection Officer, who can be contacted for all matters related to processing of your personal data and the exercising of related rights.
Therefore, you may contact the Data Protection Officer at any time, using the following procedure:

We wish to state that you have the right to withdraw the consent given at any time by writing to