Data collection and consent to the processing of personal data
For the purposes of your participation in the Rebreather Forum 4 event, in accordance with Article 13 of Regulation 2016/679 (also known as GDPR) on the protection of personal data and in relation to your personal data, we inform you that your personal data will be processed by DAN EUROPE FOUNDATION and Michael Menduno, as joint Data Controllers. The processing will be based on the principles of fairness, lawfulness and transparency, as well as the protection of your privacy and rights. In relation to this we inform you of the following, and invite you in case of doubts to get in touch at the contact details provided below.
A) who are the Data Controllers?
The joint Data Controllers of the personal data you provided are:
DAN EUROPE FOUNDATION, headquartered at Sir Ugo Mifsud Street Ta’Xbiex, XBX 1431 – Malta, operational headquarters at C/da Padune, 11 – 64026 Roseto degli Abruzzi – Italy, Tel +39-085-893-0333, Fax +39-085-893-0050;
MICHAEL MEDUNO, born 14/01/1952 in Highland Park, IL, USA
B) Who is the DPO I can contact?
The Data Protection Officer – DPO is:
Attorney Diletta Simonetti – [email protected]
C) On what basis and for what purposes do we process your data?
Pursuing the goal of inviting you to the Rebreather Forum 4 event and having you participate in it, as well as involving you in future initiatives, the processing to which your personal data will be subjected will be carried out for the following purposes:
- Invite you to the Rebreather Forum 4 event, collect your registration request for participation in the organized event, manage your participation in the same event, provide feedback to your requests for more information regarding the organized event and other upcoming events, received through the optional, explicit or spontaneous sending of messages, e-mails or by telephone;
- During the event you may be filmed and the images may be disseminated on the web, social profiles and websites;
- Provide information through newsletters and communications services related to the promoted initiatives, as jointly organized by the Data Controllers identified in the foreword, ensuring fruition of information of your interest conveyed through our web portal;
- Send you communications about further activities individually promoted by the Data Controllers in an autonomous form.
The processing referred to in point 1) is legitimately carried out as such processing is necessary for the performance of a contract to which you are a party, or to the execution of pre-contractual measures taken at your request (art. 6, par. 1, lett. b) gdpr). The provision of personal data is not mandatory, however it is necessary for participation in the event. In the partial or total absence of such conferment, the relationship cannot be initiated. The processing referred to in point 2) is carried out only following your consent as well as the processing referred to in points 3) and 4) (art. 6, par. 1, lett. a) GDPR). In the latter 3 cases, exercise at any time the right to object, by which the processing will be interrupted, leaving however unaffected and lawful the processing carried out until your request for interruption.
Data could be processed to fulfill legal or regulatory obligations and/or in execution of an order received from a public authority.
Finally, the data could be processed in execution of legitimate interest of one or both of the Data Controllers, for example in case the processing of some of your data is necessary for defense in court of one of the Data Controllers or of third parties whose rights are affected.
D) How is data processed and for how long?
The processing may take place with the aid of paper or electronic instruments, including automated ones, and will be handled by specially appointed and instructed personnel; it will be carried out in compliance with the modalities and data requirements provided for in Article 5 of the GDPR and will include all the operations or set of operations provided for in Article 4 paragraph 1, no. 2), of said GDPR, necessary for the processing in question, including communication to third parties who are identified, determined and who present suitable guarantees. The data will not be subject to dissemination and will not be processed outside the European Union.
Data will be retained according to the following schedule:
|Data in relation to purpose||Term held|
|Data held for participation in the event||Deleted at the end of the event and closely related operations|
|Data related to audio-video footage||Deleted upon request|
|Joint marketing data by both Data Controllers||24 months starting from the acquisition of consent (unless right of objection is exercised)|
|Marketing data exercised by the autonomous Data Controller||24 months starting from the acquisition of consent (unless exercising right to object).|
E) What data do we process?
The Data Controllers undertake to collect and process only your common personal data (hence, no particular ones as of Art. 9 of GDPR), relating to the following categories:
- Identifying personal data
- Contact data
- Data related to the sports organization/association to which you belong
- Audio and video footage
The collection of these data is carried out exclusively through information provided directly by you, including through the use of computerized services made available by the Data Controllers .
F) To whom do we communicate your data?
Personal data relating to the processing in question, for purposes referred to in the preceding point, may be communicated or made known: 1. To those belonging to the organization of the Data Controllers, including companies or associations of the group located in the European Union, who need it for the realization of the purposes indicated above; 2. Entities with which the Data Controllers have statutory relationships; 3. Subjects participating in the organization and management of the event; 4. To third parties to which the Data Controllers could outsource certain activities and which consequently provide the writer with certain instrumental services, always related to the processing and the purposes described above, such as administrative services, management of the information system, attendance management, document filing, or contact center. These third parties will carry out processing on behalf of the Data Controllers and are authorized to process them as Data Processors, in accordance with the provisions of Article 28 of the GDPR.
G) What are your rights?
We grant you the following rights in relation to your personal data, which you may exercise within the limits and in accordance with the provisions of the regulations with respect to both Data Controllers: 1. Right of access to your personal data (Art. 15); 2. Right to rectification (Art. 16); 3. Right to erasure (right to be forgotten) (Art. 17); 4. Right to restriction of processing (Art. 18); 5. Right to data portability (Art. 20); 6. Right to object (Art. 21); 7. Right to object to a decision based solely on automated processing (Art. 22); 8. The right to revoke, at any time, the consent given, without prejudice to the lawfulness of the processing based on the consent given prior to revocation; you may achieve this by sending a written request addressed to the Data Controllers at the postal address or by e-mail, as indicated in point A) above. 9. The right to lodge a complaint with the Data Protection Authority if you believe that the processing of your data is contrary to the legislation in force: Home 10. To exercise the above rights as well as to request any further information regarding the processing of data, you can write to [email protected]
Notwithstanding the fact that you may contact both Data Controllers for clarification, to receive information and to exercise your rights, we share with you the following contact details:
DAN Europe Foundation, Registered Office Sir Ugo Mifsud Street Ta’Xbiex, XBX 1431 – Malta
[email protected] – Tel +39-085-893-0333 / +356 2016 1600;
The contact details of the Data Protection Officer (DPO), to whom the data subject may refer to in matters relating to the processing of his/her personal data, are:
Mrs. Diletta Simonetti, Lawyer ([email protected] – [email protected] )
For the joint management of your data by the Data Controllers, a legally binding act has been entered in accordance with Art. 26 GDPR. The agreement will be at your disposal, and you may request it from us by means of the contact details provided above.