Privacy Policy

7th European Conference On Brain Stimulation In Mental Health

Dear Data Subject,

Pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter, the “GDPR”), we inform you that the processing of the data you provide will be carried out using methods and procedures aimed at ensuring that personal data are processed in compliance with fundamental rights and freedoms, as well as the dignity of the data subject, with particular regard to confidentiality and security, personal identity, and the right to the protection of personal data.

Data Controller

Summeet S.r.l.
Via Paolo Maspero, 5 – 21100 Varese (VA), Italy
Tax Code and VAT No. 03106080124
Email: info@summeet.it

The list of Data Processors is available at the premises of the Data Controller.

Scope of Processing

The data processed include:

  • personal and identification data, such as name, age, place and date of birth, telephone number, email address, tax code, IBAN code;

  • information relating to education and professional or employment background;

  • images and videos.

Special categories of personal data pursuant to Article 9 of the GDPR (data capable of revealing diseases or intolerances) may be processed for catering management purposes.

Legal Basis for Processing

The legal bases for the processing may alternatively be identified as follows:
(i) performance of obligations arising from a contract, pursuant to Article 6(1)(b) of the GDPR;
(ii) compliance with legal obligations, pursuant to Article 6(1)(c) of the GDPR, for example the State–Regions Agreement of 02/02/2017.

Source of Data

Personal data are collected directly from the data subject and, only where applicable, may originate from third parties, public registers or public lists. The Data Controller may also obtain personal data in fulfilling specific obligations related to the management of the medical-scientific consultancy relationship.

Purposes of Processing

Personal data and any changes you may communicate in the future to the Data Controller are collected and processed exclusively for the following purposes:

5.1 Purposes related to legal obligations or service management, based on a legal obligation to which the Data Controller is subject, and for the establishment, exercise or defense of a right in judicial proceedings:

  • fulfillment of accounting or tax obligations required by law;

  • fulfillment of obligations under Legislative Decree 81/08 on health and safety in the workplace;

  • fulfillment of obligations under the State–Regions Agreement of 02/02/2017 regarding ECM events: management of registration applications, management of evaluations of activities and levels of preparation, communications required for training credits, use of data and images and/or audio-video recordings for educational purposes, such as (by way of example) making the event available asynchronously, drafting reports, sending materials to participants, and delivery of the service for live and/or recorded events.

5.2 Additional purposes based on the data subject’s consent:

  • use of photographs or video recordings of the data subject for advertising and promotional purposes (e.g. on websites, newsletters, social networks);

  • sending commercial and/or marketing communications by the Data Controller, including via newsletters, SMS, or other digital tools, or for customer satisfaction surveys. The Data Controller reserves the right to send commercial communications regarding similar products and services until the data subject withdraws consent;

  • processing of special data concerning intolerances, allergies or dietary preferences for catering organization.

Methods of Processing

The processing of your personal data is carried out through the operations indicated in Article 4(2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. In particular:

  • data collection directly from the data subject through paper forms or company software applications;

  • recording and processing on computerized and paper media;

  • organization of archives mainly in automated form through company applications and computerized databases.

Your personal data are processed both in paper and electronic and/or automated form; in any case, processing is carried out using tools suitable to ensure confidentiality, integrity and availability. The data will not be disclosed.

For the purposes of this notice, “processing” means any operation or set of operations, whether or not performed by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Article 4 GDPR).

Data Retention

Data will be processed for the entire duration of the contractual relationship and thereafter for the fulfillment of legal obligations (e.g. 5 years pursuant to the State–Regions Agreement of 02/02/2017), as well as for the protection of legal rights. Processing of data for promotional purposes will continue until the data subject withdraws consent.

Access to Data

For the purposes referred to in section 5, data may be accessed by employees or collaborators, in their capacity as authorized persons, following appropriate appointment, and by third parties performing outsourced activities on behalf of the Data Controller, such as:

  • companies or entities that provide specific instrumental or support services on behalf of the Data Controller, duly appointed as Data Processors;

  • entities whose right to access personal data is recognized by law or secondary or EU legislation.

Data Communication

Data will not be communicated to unauthorized third parties nor disclosed in any manner. Processing is carried out using appropriate security measures to prevent unauthorized access by third parties and to ensure confidentiality.

Without the need for explicit consent, the Data Controller may communicate your data for the purposes referred to in section 5.1 to supervisory bodies, judicial authorities, control authorities, or other entities entitled to access such data by law or secondary or EU legislation.

These entities will process the data as independent Data Controllers.

Data Transfer

Personal data management and storage take place on servers located within the European Union. Data will not be transferred outside the European Union, except to countries deemed adequate by a specific decision of the European Commission pursuant to Article 45 of the GDPR, and except in the cases provided for by Article 49 of the GDPR.

Nature of Data Provision and Consequences of Refusal

Provision of data for the purposes referred to in section 5.1 is mandatory. Failure to provide such data will make it impossible to enter into and/or perform the employment contract. Provision of data for the purposes referred to in section 5.2 is optional.

Rights of the Data Subject

Pursuant to the GDPR, the data subject has the following rights with respect to the Data Controller:

  • to obtain confirmation as to whether or not personal data concerning them are being processed and, where that is the case, access to the personal data (Right of access – Article 15);

  • to obtain without undue delay the rectification of inaccurate personal data (Right to rectification – Article 16);

  • to obtain the erasure of personal data without undue delay where certain conditions apply (Right to erasure – Article 17);

  • to obtain restriction of processing in certain circumstances (Right to restriction of processing – Article 18);

  • to receive personal data in a structured, commonly used and machine-readable format and to transmit those data to another Data Controller without hindrance, in certain cases (Right to data portability – Article 20);

  • to object at any time, on grounds relating to their particular situation, to the processing of personal data (Right to object – Article 21);

  • to receive notification without undue delay of a personal data breach (Article 34);

  • to withdraw consent at any time (Conditions for consent – Article 7).

Where applicable, the data subject also has the rights set out in Articles 16–21 of the GDPR and the right to lodge a complaint with the Supervisory Authority.

How to Exercise Your Rights

You may exercise your rights at any time by sending:

  • a registered letter with acknowledgment of receipt to:
    Summeet S.r.l., Via Paolo Maspero, 5 – 21100 Varese (VA), Italy;

  • an email to: info@summeet.it

Data Protection Officer (DPO)

Summeet S.r.l. has appointed the following company as Data Protection Officer (DPO):

FRAREG S.R.L.
Viale Jenner, 38
20159 Milan, Italy
Tel. +39 02 69010030
dpo@frareg.com
frareg@legalmail.it

(Version 2.1 – 15 December 2021)