Treviso Antitrust Conference

PRIVACY POLICY

Pursuant to Article 13 of Regulation (EU) 2016/679, containing provisions on the protection of natural persons with regard to the processing of personal data protection and on the free movement of such data (hereafter also only the “GDPR”), we wish to inform you that the personal data of users and/or of visitors (hereafter also only the “User”or, jointly, the “Users”) who consult and/or visit and/or register with the website “http://www.trevisoantitrustconference.com” (hereafter also only the ”Website”) to use the services related to the edition no. XV of the Treviso Antitrust Conference (hereafter also only the “Treviso Conference”) - will be processed in compliance with the rules safeguarding personal data and the confidentiality of such data which strictly govern our activities, for the purposes and procedures described in greater detail in this Privacy Policy.

We also wish to inform you that this Privacy Policy applies only to the Website and not to other websites that may be consulted by the User using links from this Website.

This Privacy Policy can be easily consulted as it is accessible from the home page of the Website and by clicking on links from any other page of said Website, in which personal data are collected. In order to enjoy special services provided at the User's request, specific information will be provided and, if necessary, specific consent to the processing of personal data.

1. Data Controller

The data controller for the processing of the User’s personal data is Studio Legale Rucellai & Raffaelli (VAT code 07478470151), with registered office in 20121 Milano, Via Monte Napoleone n. 18; e-mail address: privacy@rucellaieraffaelli.it, in the person of the pro-tempore legal representative (hereafter also only the “Data Controller” or the “Firm”).

2. Categories of personal data processed

2.1. Personal data provided directly by the User

The optional, explicit and voluntary sending of e-mails to the addresses indicated on the Site entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the communication itself.

By using the "Contacts" section of the Site, the User is asked to provide personal data such as name, surname, e-mail address, together with any further information voluntarily provided in the subject and body/content of the message.

2.2 Data collected by the Firm through the use of the Website

During their normal operation, the computer systems and software procedures used to operate this Website acquire personal data, whose transmission is implicit in the use of internet communication protocols and the related browsing.

Such information is not collected in order to be associated with identified data subjects, but could by its very nature lead to users being identified by means of processing operations and by association with data held by third parties. This category includes the IP addresses or domain names of computers used by Users who connect with the Website, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time when the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the User's operating system and computer environment.

2.3 Personal data of third parties

Should the Law Firm process personal data of third parties communicated directly by the User, the User acknowledges that in such case the Law Firm is the controller of the personal data of such third parties. Therefore, by submitting such personal data of third parties to the Firm, the User warrants that : i) the personal data communicated by the User to the Firm have been processed by the User in compliance with the provisions in force on data privacy; and ii) the aforesaid third parties have been previously and duly informed by the User in relation to the modalities and purposes of such processing and have authorized the User to that effect.

The User shall remain solely and exclusively responsible for the communication of information and data relating to third parties without their consent or for their possible incorrect or unlawful use.

3. Purposes of the data processing and legal basis

The User's personal data is collected and processed by the Firm for the purposes strictly associated with the use of the Website for the participation at the Treviso Conference.

3.1. Response to requests and communications received

The personal data referred to in paragraphs 2.1, and 2.3 above shall be processed for the purpose of responding to communications and requests for information received by the Firm at the Firm's contact details, as well as through the use of the "Contacts" section of the Site.

The legal basis for the processing of personal data for the purposes set out in paragraph 3.1 above is the business relationship to which the User is a party.

3.2. Allowing navigation of the Site

The personal data referred to in paragraphs 2.1 and 2.2 above will be processed in order to

• enable the User's browsing of the Website;
• the fulfilment of legal obligations incumbent on the Firm under civil, tax and accounting laws as well as for the possible assessment of liability in the event of hypothetical computer crimes.

The legal basis for the processing of personal data for the purposes set out in paragraph 3.2 above is the business relationship to which the User is a party.

Any purpose for the processing different from the specific one for which the personal data have been provided will be pursued by the Firm only after an eventual specific prior notice and acquisition, if needed, of the express consent of the User.

4. Obligatory or optional nature of the provision of the User’s personal data - consequences of any refusal

The provision to the Firm of the User's personal data that requested through the Website in the various data-collection occasions may be necessary for the purposes identified in this Privacy Policy, or optional.

Any refusal to communicate personal data that is identified as necessary will make it impossible to achieve the purposes of the specific data collection.

In particular:

- the provision of personal data by the User for the purposes set out in paragraph 3.1 is optional, however, failure to provide such data will make it impossible for the Firm to transmit any requests and to receive consequent response from the Firm;

- the provision of the User's personal data for the purposes set out in paragraph 3.2 is optional, however failure to provide such data will make it impossible for the User to navigate on the Site and to use the services offered therein;

5. Data processing methods

The process of data subject’s personal data will be conduct lawfully, fairly and transparently for specified, explicit and legitimate purposes and in compliance with the laws, regulations and provisions on data privacy.

The process of data subject’s personal data will be mainly carried out by electronic tools and, in some cases, by analogical tools.

The personal data provided by data subject will not be subject to solely automated decision-making processes.

6. Recipients of personal data

The recipients of the Users' personal data and therefore the subjects who come to know the Users' personal data are:

(i) subjects entrusted with the processing by the Firm and given specific instructions in writing, i.e. employees and collaborators of the Firm;

(ii) subjects providing services for the Firm and appointed by the latter in writing as external data processors:

- company managing the website: Sezione Creativa;

(iii) other third parties who process personal data as autonomous data controllers:

- Public Authorities that have access to personal data by virtue of regulatory or administrative measures/decisions;

- social channels: Instagram/Linkedin

For a complete and up-to-date list of personal data recipients, the User may write to the Firm at the addresses indicated in Section 10 below "Contact detailsto exercise the data subject’s rights and for further information ".

7. Personal data retention times

7.1 For the purposes set out in paragraph 3.1, personal data shall be retained for the period strictly necessary to process the User's request, except for the need to fulfil legal obligations or protect the legitimate interests of the Data Controller.

7.2 For the purposes referred to in paragraph 3.2, the personal data will be stored for 180 days.

8. Transfer of personal data to extra-EU countries

8.1 Your personal data will not be transferred to countries outside the EU. Should the personal data be transferred to a country outside the EU, in the absence of an adequacy decision under article 45 of the GDPR, the Data Controller will take the appropriate safeguards under the GDPR.

9. Exercise of rights by the data subject

9.1 Pursuant to articles 13, paragraph 2, letters b), c) and d), as well as articles 15 and following of the GDPR, the User may exercise the following rights:

a) The right to request access their personal data together with indications relating to the purpose of the processing, the category of the personal data being processed, the subjects or categories of subjects to whom they have been or will be communicated (with indication on whether such subjects are located in third countries or are international organizations), when possible, the retention period of personal data or the criteria used to determine such period, the existence of their rights to rectification and / or cancellation of personal data, to limit the processing and object to it, their right to lodge a complaint with a data protection authority, the source of the data, the existence and the logic applied in the case of an automated decision-making process. If you exercise this right and except for your indications to the contrary, you will receive an electronic copy of your personal data that is being processed.

b) the right to obtain:

i. the rectification of their personal data, if they are inaccurate or incomplete;

ii. the cancellation of their personal data, when there is one of the grounds listed in art. 17 of GDPR (for example: the User’s personal data are no longer necessary in relation to the purposes for which they have been collected; the User decides to withdraw the consent to the processing - when it constitutes its legal basis – and there is no other legal ground for said processing, the User object to the processing and there are no other overriding legitimate interests of the Data Controller, the personal data are being processed illegally);

iii. the limitation of the processing of the User’s personal data: 1) for a period enabling the Firm to verify the accuracy of the User’s personal data (if the User contested it); or 2) if the processing of personal data is unlawful and the User asks, instead of the cancellation of their personal data, for the limitation of the related processing; or 3) when the Firm no longer needs the User’s personal data, but the User needs them to ascertain, exercise or defend a right in a court of law; or, finally, 4) for the time necessary to evaluate the possible prevalence of the legitimate reasons of the Data Controller with respect to the User’s, if the User has objected to the processing of their personal data pursuant to point c) below;

iv. the User’s personal data in a structured format, commonly used and readable by an automatic device, also in order to transmit them to another holder, if the processing is based on consent or on a contract and is carried out through automated means (so-called right todata portability). If the User is interested, he/she can ask the Firm to transfer the personal data directly to the other controller, if this is technically feasible.

c) The right to object to the processing of their personal data, if such processing is carried out pursuant to art. 6.1 lett. e) (i.e. for carrying out a public task or a task connected with the exercise of public powers vested in the Data Controller) or lett. f) (i.e. to pursue a legitimate interest of the Data Controller) of the GDPR, unless there are compelling legitimate reasons for the data Controller to proceed with the processing, pursuant to art. 21 of the GDPR.

d) The right to withdraw the consent given at any time , without affecting the lawfulness of the processing of the User’s personal data based on consent before its withdrawal.

e) If carried out, the User has the right not to be subject to a decision based solely on the automated processing , including profiling, which produces legal effects concerning you or similarly significantly affecting you, and the right to obtain human intervention on the part of the Data Controller, to express your opinion and to contest the decision.

f) If you are not satisfied with the processing of your personal data carried out by the Firm, you can lodge a complaint to the Italian Data Protection Authority, following the procedures and the indications published on the official website of this authority (www.garanteprivacy.it).

g) Any corrections or cancellations of the User’s personal data or limitations on the processing performed upon the User’s request - unless this proves impossible or involves a disproportionate effort - will be communicated by the Firm to each of the recipients to whom your personal data may have been transmitted, in compliance with the present notice.

9.2 The exercise of the preceding rights is not subject to any form requirement and is free of charge. The data controller can only ask the User to verify their identity before undertaking further action following their request.

10. Contact details to exercise the data subject’s rights and for further information

10.1 To exercise the rights and / or to obtain any information regarding this privacy notice, the User can send a written communication to: Studio Legale Rucellai & Raffaelli (VAT code 07478470151), with registered office in 20121 Milano, Via Monte Napoleone n. 18, or an e-mail to: privacy@rucellaieraffaelli.it .

11. Cookies

The Data Controller uses cookies so that the Website can be safely and efficiently explored. For further information on cookies and their use on the Website, please consult the Cookie Policy page, which is an integral part of this Privacy Policy.

12. Social sharing buttons

The Website also includes social sharing buttons. These are “buttons” which depict social network icons e.g. Instagram, and allow Users to reach and interact with the relevant social network simply by clicking on the icon. With the support of these tools, the User can, for instance, share content or recommend the Website's products on social networks.

After clicking on the social sharing buttons, the social network is able to collect data on the User's visit to the Website. As mentioned in the introduction, this privacy statement does not involve the processing of the User's personal data by the social network, therefore the User should refer exclusively to the dedicated privacy policy of the social network itself.

Apart from cases when the User, of his/her own accord, shares his or her browsing data with the selected social networks by clicking on social buttons/widgets, the Data Controller does not share or circulate any personal data of the User with the social network.

13. Links to other websites

The Website contains links or connects to other websites which may not be associated with the Firm in any way.

The Data Controller neither controls nor monitors those websites or their contents. The Data Controller will not be held liable for the contents of those websites and for the rules adopted by them, also in relation to the protection and processing of the User’s personal data during the browsing.

This Privacy Policy does not apply to third party websites. The Website provides links to these sites solely to assist the User in searching and browsing and to facilitate hypertext links to other sites on the web. The activation of links does not imply any recommendation to access and navigate on those websites, nor any guarantee as to their contents, services or goods provided by those sites and sold to Internet users.

14. Use of the Website by minors

The Website is intended for use and consultation by adults only. Requests by minors will not, therefore, be entertained.

15. Applicable Law

This Privacy Policy is governed by Italian law and, in particular, by applicable data protection rules, including the GDPR, the Personal Data Protection Code, measures, authorisations and guidelines issued by the Italian Data Protection Authority, which regulate the processing of personal data, when applicable.

16. Changes and updates to the Privacy Policy

The Data Controller may amend or simply update all or part of the Privacy Policy of the Website, also to incorporate any changes in the applicable legislative or regulatory provisions on the matter. Changes and updates to the Privacy Policy will be notified to Users on the Home Page as soon as adopted, and they will be binding as soon as published on the Website and will be included and accessible on the Website. It is recommended, therefore, to consult this section regularly in order to examine the most recently published Privacy Policy update.

Last update: march 2024