Read our Privacy Policy for information in how we handle your data and what your rights are.
By ticking this box I confirma that I have read and accept the Privacy Policy.
This document is drafted pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter "GDPR") and is intended to provide you, as the "Data Subject", with specific information on the processing of your personal data through the SharEvent Web Platform, which can also be used via tablet and smartphone through a specific App (hereinafter "App") at events, courses and workshops organised directly and/or in partnership with the Data Controller.
- DATA CONTROLLER
The data controller, who determines the purposes and means of the processing of personal data is z.one concept s.r.l.: with registered office in Malnate (VA), via Brodolini 30, P.IVA 02879900120 e-mail: privacy@Z-oneconcept.com
- DATA AND SOURCE
The categories of personal data processed, collected directly from the data subject, (hereinafter 'Data') are: (i) personal data and contact data; (ii) technical data collected through the use of the App: IP, location, information on the device used; (iii) images: photographic images and video footage.
- PURPOSES, LEGAL BASIS OF PROCESSING AND STORAGE PERIODS
PURPOSE OF PROCESSING | LEGAL BASIS OF PROCESSING | ENVISAGED PERIOD |
User registration via App Your data will be processed in order to follow up on the procedure for creating and managing the users authorized to access the App | The legal basis is the execution of the contract to which the data subject is part or the execution of pre-contractual measures upon data subject's request (Art. 6(1)(b) GDPR). | The Data will be stored for the duration of the services i.e. until you request the deletion of your account. |
Analysis and monitoring of App usage. Security and development The user's use of the App involves the processing of the user's personal data, aimed at verifying the correct functioning of the App and collecting information on its usage to ensure system security, initiate necessary maintenance operations, or improve it | The legal basis is the Pursuit of a legitimate interest of the Data Controller (Art. 6(1)(f) GDPR). | The data collected will be stored for a maximum of 6 months and subsequently deleted or anonymised. |
Other information collected by the App The use of the App may result in the collection of additional and specific data, in relation to the choices made by the user, for example, by activating or deactivating: (i) the location of the device used; (ii) the receipt of push notifications. It is understood that the deactivation of such features may result in the inability to use certain services or functions of the App (e.g. event locator; receipt of event alerts, etc.). | Consent of the data subject (Art. 6(1)(a) of the GDPR) given by activating or deactivating certain functionalities. | The data collected will be stored for a maximum of 6 months and subsequently deleted or anonymised. |
Administrative and organisational purposes The data will be processed to follow up on all activities related to your registration for our events, courses, workshops. These activities include registering your participation in the event to certify your presence and, where applicable, to issue a specific certificate. | The legal basis for this processing is the necessity to perform the contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR) | Data will be stored for ten years in order to ensure the retrievability of information relating to participation in an event and/or obtaining a certificate. |
Informative Communications The Controller, either directly through the App or through other contact channels provided by you at the time of registration, may send you informative communications such as: information regarding the organization of the event/course to which you are enrolled; notifications about the receipt of materials uploaded via the App; confirmation of successful participation, registration, or authentication for an event, course, or scouting activity | The legal basis is the pursuit of a legitimate interest of the Data Controller (Art. 6(1)(f) GDPR). | Data will be stored for as long as the service lasts, i.e. until you request cancellation of your account. |
Automated promotional communications This refers to the activity carried out using the contact data of the data subject, in order to send periodic promotional and commercial communications (e.g. newsletters, invitations to events, satisfaction questionnaires) also by means of automated systems. | Consent of the data subject (Art. 6(1)(a) GDPR. | Until the consent is revoked |
Collection and use of event images for promotional purposes Events and workshops organized directly by the Controller, which you decide to participate in, may be recorded. Your participation in the event may entail the collection of your photographic image and its publication on the website and social media channels associated with the Controller for promotional purposes of the event itself. | The legal basis is the pursuit of a legitimate interest of the Data Controller (Art. 6(1)(f) GDPR). Considering the total number of event participants and the challenge of accommodating individual preferences not to be recorded, while also evaluating the controller's right to promote the organized event/course, objections to this processing can be expressed by choosing not to participate in group photo or video recordings | The data subject to disclosure will no longer be in the possession of the Data Controller, who may proceed to delete exclusively the copy held or stored in their own archives. |
Collection and use of images of the data subject for promotional purposes Your photograph or video footage shall be used by the Controller for promotional and advertising purposes. Pursuing this objective may involve its publication on the website and social media channels associated with the Controller, or within printed brochures, training slides, or other methods specified by the Controller in the Image Release Form | Consent of the data subject (Art. 6(1)(a) of the GDPR. | The Material may be processed until the consent is revoked by the Data Subject, except for Material that was published prior to their revocation. Regarding the envisaged period of data shared through the social channels mentioned above, please refer to the data retention policies of those channels. |
Litigation or pre-litigation phases Data may be processed to enable us to prevent fraud against us or other customers, to interrupt a breach or to protect and defend us in any forum, including the courts | The legal basis is the pursuit of a legitimate interest of the Data Controller (Art. 6(1)(f) GDPR). | Data will be retained for the duration of the litigation or until the appeals deadline is expired. |
- METHODS OF TREATMENT
The Data shall be processed using IT tools, to pursue the aforementioned purposes. The Data shall be processed exclusively by persons authorised by the Data Controller or by third party Data Processors (such as the SharEvent platform provider) appointed to perform specific services on behalf of the Data Controller.
- RECIPIENTS
In addition to point 3, Data may be disclosed, due to the existence of specific assignments, to third parties such as photographers, videomakers and other professionals in charge of filming, studio assistants, hairstylists, make-up artists, fashion stylists, event organisers, trainers, customers (such as distributors, salon owners and collaborators), partners, employees, collaborators and possible external managers of the host location.
- SECURITY OF DATA PROCESSING AND DATA TRANSFER
Your personal data will be processed using automated tools in accordance with the principles of necessity and proportionality, except in cases where the processing of personal data can be performed using anonymous data or other methods. The Company has adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risk and to prevent the loss of personal data, unlawful or incorrect use and unauthorised access.
The Data will be processed within the European Union and will not be transferred to Third Countries (outside the European Union and/or the European Economic Area). However, should it become necessary to transfer the Data to Third Countries (for example, if the Data Controller uses IT service providers based in a Third Country), the Data Controller guarantees as of now that the transfer will comply with the provisions of Chapter V of Regulation (EU) 2016/679.
- DATA SUBJECTS RIGHTS AND HOW TO EXERCISE THEM
In relation to the processing of the aforementioned data, according to Art. 15 et seq. of the GDPR, you have the right to freely exercise the rights set out below at no cost: Right of Access; Right to Rectification; Right to Cancellation or "Right to be Forgotten"; Right to Restriction of Processing; Right to Receive Notification in case of rectification or cancellation of personal data or restriction; Data Portability; Right to Object. In order to exercise these rights you may contact the Data Controller using the contact details indicated in point 1. If you believe that the processing of your Personal Data is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Data Protection Authority (Art. 77 of the GDPR) or, alternatively, to take legal action (Art. 79 of the GDPR).
Z.One Concept S.r.l., in its capacity as Data Controller, hereby provides the following specific information on the management of its website (https://www.z-oneconcept.com) with regard to the processing of the personal data pertaining to the users consulting it. This is also a disclosure made pursuant to Article 13 of the EU Regulation 2016/679 (“GDPR” or “Regulation”).