INFORMATION ON THE PROCESSING OF PERSONAL DATA
FOR USERS WHO PARTICIPATE IN EVENTS OR ARE INTERESTED IN BEING INFORMED ABOUT THE ACTIVITIES CARRIED OUT AT THE MuSA

WHY THIS INFORMATION
Legislation on the protection of personal data (EU Regulation 679/2016, henceforth GDPR) aims to make transparent the use of personal data by public and private subjects in order to increase the trust of the people to whom such data belongs.
One of the tools provided is the information with which those who process the personal data of natural persons (i.e. data controllers) explain to them (i.e. data subjects) how the data collected is used.

WHO PROCESSES USERS’ DATA
Lucca Innovazione e Tecnologia S.r.l. (henceforth Lucca InTec), a company that manages activities at MuSA, is the controller of user data in the sense that it is the subject that establishes the means and purpose of the use or processing of data.

In the event that the user expresses consent to receive information on activities, the data will be entered on the MailChimp platform that acts as an independent controller. Use of the MailChimp platform by Lucca InTec involves the transfer of common personal data to countries outside the EU because the servers of The Rocket Science Group LLC d/b/a MailChimp are located in the USA. The transfer is in compliance with Regulation 679/2016 as the The Rocket Science Group LLC d/b/a MailChimp has adhered to the Privacy Shield authorised by the European Commission through decision of 27 October 2016, published in the Gazzetta Ufficiale (Official Journal) No. 237 of 22/11/2016.

In the event of online registration, Lucense s.c.r.l. that hosts the MuSA website is responsible pursuant to Article 28 of EU Regulation 679/2016.

THE DATA PROTECTION OFFICER OR PERSON RESPONSIBLE FOR DATA PROTECTION
Lucca InTec is not required to appoint a Data Protection Officer (DPO)

WHICH DATA IS PROCESSED AND FOR WHAT PURPOSES
Lucca InTec processes common personal data (name, surname, various addresses) that are used for the following purposes:
• to register participation at events organised at the MuSA
• to allow, by entering the data collected in the ” MailChimp platform, the sending of newsletters and information on events organised by Lucca InTec or by other entities, associations etc. within the MuSA space

WHY L UCCA INTEC CAN STATE THAT IT PROCESSES THE DATA LAWFULLY
The GDPR allows the processing of data if certain hypotheses defined as “Legal Basis of the Processing” (Article 6) occur. For the two purposes described above, the processing is based on the consent of the data subject.

In the event of registration to events, consent is considered acquired at the time the user provides the data. For registration to newsletters and information on activities, consent is acquired by filling out the relative online form. You can withdraw the consent initially provided at any time.

HOW THE DATA IS PROCESSED
Lucca InTec processes the data in compliance with the principles of the GDPR (lawfulness, correctness, transparency, for specific purposes, in an appropriate and pertinent way for the purposes) and in order to ensure confidentiality, security and integrity.

Personal data is processed both on paper and by electronic means without performing any kind of profiling or other automatic decision-making process.

TO WHOM THE DATA IS COMMUNICATED
Recipients of the data collected are the persons appointed by the Data Controller as Processors pursuant to Article 28 of EU Regulation 679/2016 and indicated previously.

The data entered by users can be communicated to the Chamber of Commerce of Lucca as sole shareholder of Lucca InTec and to other public institutions in order to comply with the regulations governing the activity of Lucca InTec.
What the DATA SUBJECT can do to protect their data
In addition to transparency, the GDPR aims to increase the trust of the data subjects in the way in which their data are processed, providing them with rights that allow them to maintain and/ or recover control over who uses their personal data, for what reasons and how.
In summary, the rights are the following:
• right to access
• right of rectification
• right to erasure or right to be forgotten
• right to restriction of processing
• right to data portability
• right to object

For more details, please consult the page of the Italian Data Protection Authority www.garanteprivacy.it/home/diritti

The data subject can exercise these rights by sending a request to the certified email address of Lucca InTec (luccaintec@legalmail.camcom.it), specifying in the object the right to be exercised, for what purpose he/she knows or assumes that their data have been collected by Lucca inTec. and attaching, if the request does not come from the certified email box belonging to the data subject, an ID document.

LODGING A COMPLAINT WITH THE DATA PROTECTION AUTHORITY
The data subject also has the right to lodge a complaint with the Data Protection Authority by using the forms available on the Data Protection Authority’s website:
www.garanteprivacy.it
www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524