The processing of personal data will be carried out lawfully, fairly, and transparently with respect to the data subject.
By processing personal data, we mean any operation or set of operations, carried out with or without the aid of electronic tools, concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion, and destruction of data, even if not recorded in a database.
Data Controller
Barzanò & Zanardo S.p.A. (Tax Code: 05051840584 / VAT: 01347741009), represented by its legal representative pro tempore, with registered office at Via Piemonte 26, 00187 Rome, Italy.
Contact details:
- Email: privacy@barzano-zanardo.com
- PEC: b-zmilano@pec.barzano-zanardo.com
- Tel: +39 06 421771
Data Protection Officer (DPO)
Attorney Clementina Baroni (VAT 02001880356 – Tax Code BRNCMN73T50L826B), appointed as DPO, with registered office at Via Domenico Francesco Cecati, 1/1, 42123 Reggio Emilia (RE), Italy.
Contact details:
- Email: dpo@studiolegaleavvbaroni.it
- PEC: clementina.baroni@ordineavvocatireggioemilia.it
- Tel: +39 0522 506307
Categories of Data Processed
The data processed may include:
- Personal identifying data such as name, surname, phone number, email address, company name, and any accounting-related data.
Purpose of Processing and Legal Basis
A. Management of Pre-Contractual Activities
This includes the organization of events, courses, conferences, as well as feedback collection through surveys, questionnaires, etc.
Legal basis: performance of a contract to which you are a party (Art. 6(1)(b) GDPR)
Recipients: authorized personnel of the Controller, processors under Art. 28 GDPR, IT/system administrators, independent controllers.
The updated list of persons in charge and data processors is kept at the Controller’s registered office, and you may access it at any time by submitting a specific request to the addresses indicated below.
Retention: data collected for event registration will be kept for the duration of event management, and in any case not longer than 1 year, after which they will be deleted unless extended by legal obligations or legitimate interests (e.g., legal defense).
Failure to provide data: without it, the Controller cannot fulfill legal or contractual obligations, making it impossible to provide requested services.
B. Compliance with Legal Obligations
This includes administrative, accounting, and tax obligations arising from event registration.
Legal basis: compliance with legal obligations (Art. 6(1)(c) GDPR)
Recipients: public authorities, private entities as required by law, processors under Art. 28 GDPR, authorized personnel of the Controller.
The updated list of persons in charge and data processors is kept at the Controller’s registered office, and you may access it at any time by submitting a specific request to the addresses indicated below.
Retention: for the time required by law or the statute of limitations for related rights.
Failure to provide data: mandatory; refusal prevents continuation of the relationship.
Processing Methods: Data will be processed electronically, via IT systems, or on paper in compliance with confidentiality and security regulations.
Data Transfer Abroad: Data will not be transferred outside the EU. The Controller may use cloud services, selecting providers who provide adequate guarantees in compliance with Art. 46 GDPR.
Automated Decision-Making: Data will not be subject to automated decision-making, including profiling.
Data Subject Rights
Under GDPR, you have the right to:
- Access your personal data (Art. 15)
- Request rectification (Art. 16)
- Request erasure when data are no longer necessary (Art. 17)
- Request restriction of processing (Art. 18)
- Request data portability (Art. 20)
- Object to processing for reasons related to your situation (Art. 21)
- Not be subject to automated decision-making, including profiling (Art. 22)
You also have the right to lodge a complaint with the Data Protection Authority (Art. 77 GDPR).
How to Exercise Your Rights
You can exercise your rights at any time by contacting:
The Controller:
- Registered mail: Barzanò & Zanardo S.p.A., Via Piemonte 26, 00187 Rome, Italy
- Email: privacy@barzano-zanardo.com
- PEC: b-zmilano@pec.barzano-zanardo.com
The DPO:
- Registered mail: Avv. Clementina Baroni, Via Domenico Francesco Cecati, 1/1, 42123 Reggio Emilia (RE), Italy
- Email: dpo@studiolegaleavvbaroni.it
- PEC: clementina.baroni@ordineavvocatireggioemilia.it
Reference Clause
For all matters not expressly covered in this notice, reference is made to applicable laws, including Regulation 2016/679, Legislative Decree no. 196/2003 as amended by Legislative Decree 101/2018, and any subsequent provisions.
