PRIVACY NOTICE AND COOKIE POLICY PURSUANT TO ART. 13 EU REG. 679/2016

The following notice represents a compliance requirement established by Regulation (EU) 2016/679 (GDPR), which, pursuant to Article 13, requires the provision of information to data subjects regarding the processing of their personal data carried out within this website, in addition to what is already provided in the Privacy Policy of the “Aristea Online” platform.

Index:

• Data Controller
• Purposes and Methods of Processing
• Categories of Data Processed
• Recipients and Data Transfer
• Data Retention Period
• Rights of the Data Subject
• Cookie Policy

1. DATA CONTROLLER

The Data Controller is Aristea International Srl, represented by its legal representative pro tempore, Via Roma 10, 16121 Genoa, Tel. 010-553591, e-mail info@aristea.com, certified e-mail (PEC) genova@pec.aristeaonline.it, which may, within the limits of the law, use duly trained authorized personnel.

In the course of its activities, the Data Controller relies on internal staff duly instructed and authorized to process personal data.

The Data Controller has appointed a Data Protection Officer (DPO), who may be contacted by the Data Subject for any matter relating to the processing of personal data and the exercise of rights. Contact details: e-mail dpo@aristea.com.

For the performance of its activities, the Data Controller may rely on third parties providing sufficient guarantees to implement appropriate technical and organizational measures. Such entities are formally appointed as Data Processors pursuant to Article 28 of Regulation (EU) 2016/679 and operate under the direct authority of the Data Controller, on the basis of a specific legal act governing their duties and responsibilities. An updated list of Data Processors, if appointed, is available upon request to the Data Controller at the contact details above.

2 PURPOSES AND METHODS OF PROCESSING

This notice supplements and specifies, for purposes exclusively related to the present event, what is already provided in the general Privacy Policy of the “Aristea Online” platform, accepted by you when creating your “Aristea Pass” account. Your personal data, already provided via the “Aristea Online” platform, are processed for the following specific purposes related to this event:

• Management of your participation in the event, access to the platform, use of training content, and interaction during sessions:
  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR). Provision of data is necessary to participate.
• Issuance of the certificate of participation and management of training credits (if applicable):
  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Administrative, accounting, and legal compliance obligations:
  • Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).

For general management purposes of your “Aristea Pass” account, please refer to the full privacy notice available at: https://api.aristea.online/storage/docs/Aristea-A-Privacy-R-ITA.pdf

Processing Methods:

Data are processed with or without the aid of electronic tools, adopting appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. IT systems are equipped with security measures designed to prevent data loss, unlawful or incorrect use, and unauthorized access. Processing is carried out in compliance with the general principles of transparency, fairness, lawfulness, data minimization, and purpose limitation (Art. 5(1)(a), (b), (c), (f) GDPR).

3 CATEGORIES OF DATA PROCESSED

Common personal data (identification, contact, and professional data) provided by you on the “Aristea Online” platform are processed. Special categories of data (e.g. health-related data for dietary requirements) are processed only with your explicit consent (Art. 9(2)(a) GDPR).

4 RECIPIENTS AND DATA TRANSFER

Your personal data are processed exclusively for purposes related to the event and in compliance with applicable regulations. Data will not be disseminated. Your personal data may be disclosed, strictly within the limits of the purposes indicated above, to the following categories of recipients:

Authorized personnel of the Data Controller:

staff of Aristea International S.r.l. and affiliated companies involved in the organization and management of the event, duly authorized and instructed.

Data Processors (Art. 28 GDPR):

third parties processing personal data on behalf of the Data Controller under contractual agreements ensuring adequate technical and organizational measures. This includes, by way of example: IT service providers and digital platform management providers (e.g. FAD platforms); payment service providers; technical and organizational service providers related to event delivery.

Accreditation bodies and universities – independent Data Controllers:

your personal data may be communicated to national or international accreditation bodies, as well as universities or certification bodies involved in issuing participation certificates and/or training credits. These entities act as independent Data Controllers and process data in accordance with their own privacy notices.

Competent authorities:

public authorities, judicial or administrative bodies, where required by law.

Other independent Data Controllers:

banks, consultants, and professionals (e.g. accountants, auditors), limited to administrative and accounting purposes.

Data Transfers Outside the EEA

Where necessary, personal data may be transferred to countries outside the European Economic Area (EEA). In such cases, the Data Controller ensures compliance with Chapter V of GDPR, including: transfers to countries with an adequacy decision by the European Commission; or use of Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR). The Data Subject may request a copy of such safeguards from the Data Controller.

5 DATA RETENTION PERIOD

Personal data will be retained only for as long as necessary for the purposes for which they are processed, in accordance with the storage limitation principle (Art. 5(1)(e) GDPR). In particular:

• • Event management data (Purpose A): retained for 24 months after the event.
  • Accounting and administrative data (Purpose B): retained for 10 years as required by law.
  • Special data for ancillary services (Purpose C): deleted immediately after the event.
  • Marketing data (Purpose D): retained until consent is withdrawn.

6 RIGHTS OF THE DATA SUBJECT

You have the rights set out in Sections 2, 3, and 4 of Chapter III of Regulation (EU) 2016/679. In particular, you have the rights under Articles 15 (access), 16 (rectification), 17 (erasure), 18 (restriction), 20 (data portability), and 21 (objection), subject to Article 12 GDPR. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal. To exercise your rights, you may contact the Data Controller or the DPO using the contact details above. You also have the right to lodge a complaint with the supervisory authority (in Italy: Garante per la Protezione dei Dati Personali, www.gpdp.it).

7 COOKIE POLICY

This website uses only technical cookies necessary to ensure the proper functioning of basic features and optimal user navigation. This website uses only technical cookies necessary to ensure the proper functioning of basic features and optimal user navigation.

What are Cookies

Cookies are small text files sent by websites to users’ devices, where they are stored and then transmitted back to the same websites upon subsequent visits.

Consent Management

No consent is required for technical cookies as they are strictly necessary for website operation.

Types of Cookies Used

Session cookies: used to manage user sessions (e.g. login maintenance). Duration: until browser is closed.

Preference or functionality cookies: store user settings such as language or display preferences. Duration: up to 12–24 months.

How to Manage or Disable Cookies

Users may disable technical cookies via browser settings (e.g. Chrome, Firefox, Safari), although this may affect website functionality.