Privacy policy – accreditation

PERSONAL DATA PROCESSING POLICY – accreditation for admission to the Festival Cartoons on the Bay pursuant to art. 13 of Regulation (EU) 679/2016 and current privacy legislation

RAI COM S.p.A., with registered office in Via Umberto Novaro 18 – 00195 Rome (RM), FC and VAT 12865250158, (hereinafter, “RAI COM“) – as the Data Controller – performs all processing activities of the personal data (“Data“) of the data subject (the “Data Subject“), in compliance with the principles of lawfulness, fairness and transparency and in accordance with the provisions set out to protect the fundamental rights and freedoms of natural persons, pursuant to Regulation (EU) no. 2016/679 (hereinafter, “GDPR“) and Legislative Decree of 30 June 2003 no. 196 as amended by Legislative Decree of 10 August 2018 no. 101 (“privacy regulations“).

Purpose of processing, legal basis and nature of conferment

The Data provided by the Data Subject by filling in the “Accreditation Form” on the Cartoons on the Bay 2024 Festival website ( (“Festival), will be processed to manage exclusively the request for accreditation to the Festival as well as for the purposes strictly connected and instrumental to the management of admissions and the execution of the Festival.

The processing carried out is, therefore, lawful insofar as it is necessary to allow the Controller:

  • the execution of the Data Subject’s request for access to the Festival (art. 6(1)(b) of the GDPR);
  • the fulfilment of legal obligations to which the Controller is subject (e.g. health and safety) (art. 6(1)(c) GDPR)

Any refusal to provide and process the Data will result in the inability to access the Festival.

Categories of Data communicated

By filling in the form, in compliance with the principle of minimisation under art. 5( 1)(c) of the GDPR, the Data Subject shall only transmit the personal contact data required for accreditation purposes (name and surname/company name, contact details, e-mail, professional role). No data belonging to special categories (e.g. data relating to religion, political affiliation, etc.) shall be communicated or otherwise made known.

Processing methods and data retention periods

The Processing of Data is carried out by means of the operations indicated in art. 4 no. 2) GDPR and provided for by the privacy legislation in force and in particular through the operations of: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Processing is mainly carried out with the aid of electronic instruments, which are suitable for protecting the confidentiality and rights of the data subject at all times, and occasionally on paper in compliance with the provisions of current legislation.

The Data collected shall be retained, in accordance with the provisions of article 5(e) of the GDPR and the applicable privacy regulations, for a maximum period of 5 years and in any case for no longer than is necessary to achieve the purposes for which they are processed and for information regarding the Festival. Appropriate security measures are observed to prevent loss, destruction or damage of Data, unlawful or incorrect use and unauthorised access.

In any case, RAI COM shall take every care to avoid the indefinite use of such Data, proceeding periodically to verify in an appropriate manner the continued interest in the processing of such Data.

Data communication and transfer

The Data communicated may be processed, in the performance of the website management activities, by RAI – Radiotelevisione italiana S.p.A. and by the companies appointed by Rai Com (e.g. for the performance of activities related to the management of Festival accreditations, for the updating of the internal Filemaker database, for the management of Data within the RAI Group IT systems) that act as Data Processors pursuant to art. 28 of the GDPR. The Data shall be used exclusively within the Italian territory, for the purposes indicated and shall in no way be communicated to other third parties, disseminated and/or in any case further transferred. For activities related to the maintenance and/or management of the technological part of the Filemaker database, the Data communicated may be processed by each Data Processor. To obtain an up-to-date list of the Data Processors appointed by Rai Com, please send a request to the following address:

Personal Data may also be disclosed to employees and collaborators of the Data Controller and/or the Data Processors who need it due to their job or hierarchical position and who have been given adequate operational instructions in order to prevent the loss, destruction, unauthorised access or unauthorised processing of the Data.

Rights of data subjects

Pursuant to articles 15 et seq. of the GDPR and the applicable privacy legislation, the Data Subject has the right, at any time, to request access to the Data and to verify its accuracy and/or to request its integration, updating, rectification, deletion, limitation, portability, including the right to object to its processing.

The GDPR confers the exercise of the following specific rights:

  1. confirmation as to whether or not your personal data are being processed and, if so, to obtain access to them (right of access);
  2. rectification of inaccurate personal data, or supplementation of incomplete personal data (right of rectification);
  3. deletion of the data if one of the grounds provided for in the Regulation applies (right to be forgotten);
  4. limitation of processing when one of the cases provided for in the Regulation occurs (right of limitation);
  5. receipt, in a structured, commonly used and machine-readable format, of personal data provided by you to the controller and the transmission of such data to another controller (right to portability).
  6. Opposition in whole or in part, for legitimate reasons, to the processing of personal data, even if pertinent to the purpose of collection.

In order to exercise the applicable rights or to obtain information on the Data, you may make an express written request to be sent to RAI COM S.P.A., sending a request:

  • to the e-mail address:;
  • or by post, to: RAI COM S.p.A., with registered office in Via Umberto Novaro 18 – 00195 Roma (RM)

Without prejudice to any other administrative or jurisdictional appeal, Data Subjects have the right to lodge a complaint with the Italian Data Protection Authority based in Piazza Venezia 11, 00187 – Rome (, if they consider that the processing violates the GDPR and/or applicable privacy legislation.

Data Controller and Data Processor
The Data Controller is RAI COM S.p.A., with registered office in Rome (Italy), Via Umberto Novaro 18, 00195, e-mail address:

The Data Protection Officer appointed by the Data Controller may be contacted at the following address:

In the event of technical issues, please send an e-mail to: