PERSONAL DATA PROCESSING POLICY – registration for the Festival Cartoons on the Bay pursuant to art. 13 of Regulation (EU) 679/2016 and current privacy legislation
RAI COM S.p.A., with registered office in Via Umberto Novaro 18 – 00195 Rome (RM), FC and VAT 12865250158, (hereinafter, “RAI COM“) – as the Data Controller – performs all processing activities of the personal data (“Data“) of the data subject (the “Data Subject“), in compliance with the principles of lawfulness, fairness and transparency and in accordance with the provisions set out to protect the fundamental rights and freedoms of natural persons, pursuant to Regulation (EU) no. 2016/679 (hereinafter, “GDPR“) and Legislative Decree of 30 June 2003 no. 196 as amended by Legislative Decree of 10 August 2018 no. 101 (“privacy regulations”).
Purpose of processing, legal basis and nature of conferment
The Data communicated through online registration by completing the “Registration Form” on the website www.cartoonsbay.rai.it, “Contest” section, of the Cartoons on the Bay Festival (the “Festival“) will be processed for the registration of works in animation to the sections in the contest as part of theFestival as well as for purposes strictly connected and instrumental to the management of the registration and to ensure the proper execution of the contest and the Festival in accordance with the regulation (the “Regulation“) governing it, including but not limited to: activation of the access credentials to the File Portal platform for the filing of the contest materials, performance of all activities related to the uploading and viewing of the submitted content, sending of communications concerning the contest, publication of the outcome of the selections on the Festival website and awards.
The legal basis for the processing is, therefore, the performance of a contract to which the data subject is party or the performance of pre-contractual measures taken at the data subject’s request (art. 6.1(b) of the GDPR).
The collection of the Data – through the Registration Form – is necessary to allow participation in the Contest and failure to provide such Data shall result in the impossibility for the Controller to allow the data subject to participate in the Contest.
Categories of Data communicated
By filling in the form, in compliance with the principle of data minimisation pursuant to art. 5(c) of the GDPR, data subjects shall transmit only the personal contact data requested, referring to themselves and/or to the work they intend to enter in the Contest (name and surname/company name of the company to which they belong, fiscal code, place and date of birth, telephone and e-mail contacts, name and surname of the authors of the work, telephone and e-mail contacts of any representatives/referents of the legal persons indicated in the form, as well as all further data communicated in responding to the fields describing the work, and in describing its synopsis). No data belonging to special categories (e.g. data relating to religion, political address, etc.) shall be disclosed or otherwise made known in the free fields of the registration form.
Processing methods and data retention periods
The Processing of Data is carried out by means of the operations indicated in art. 4 no. 2) GDPR and provided for by the privacy legislation in force and in particular through the operations of: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Processing is mainly carried out with the aid of electronic instruments, which are suitable for protecting the confidentiality and rights of the data subject at all times, and occasionally on paper in compliance with the provisions of current legislation.
The Data collected shall be retained, in accordance with the provisions of article 5(e) of the GDPR and the applicable privacy regulations, for a maximum period of 5 years and in any case for no longer than is necessary to achieve the purposes for which they are processed. Appropriate security measures are observed to prevent loss, destruction or damage of Data, unlawful or incorrect use and unauthorised access.
In any case, RAI COM shall take every care to avoid the indefinite use of such Data, proceeding periodically to verify in an appropriate manner the continued interest in the processing of such Data.
Data communication and transfer
The Data communicated may be processed, in the performance of the website management activities, by RAI – Radiotelevisione italiana S.p.A. and by the companies appointed by Rai Com (e.g. for the performance of activities related to the management of Festival registrations, for the updating of the internal Filemaker database, for the management of Data within the RAI Group IT systems) that act as Data Processors pursuant to art. 28 of the GDPR. The Data shall be used exclusively within the Italian territory, for the purposes indicated and shall in no way be communicated to other third parties, disseminated and/or in any case further transferred. For activities related to the maintenance and/or management of the technological part of the Filemaker database, the Data communicated may be processed by each Data Processor. To obtain an up-to-date list of the Data Processors appointed by Rai Com, please send a request to the following address: privacy.raicom@rai.it.
Personal Data may also be disclosed to members of juries referred to in the Regulation for the evaluation of works and employees and collaborators of the Data Controller and/or the Data Processors who need it due to their job or hierarchical position and who have been given adequate operational instructions in order to prevent the loss, destruction, unauthorised access or unauthorised processing of the Data.
Rights of data subjects
Pursuant to articles 15 et seq. of the GDPR and the applicable privacy legislation, the Data Subject has the right, at any time, to request access to the Data and to verify its accuracy and/or to request its integration, updating, rectification, deletion, limitation, portability, including the right to object to its processing.
The GDPR confers the exercise of the following specific rights:
- confirmation as to whether or not your personal data are being processed and, if so, to obtain access to them (right of access);
- rectification of inaccurate personal data, or supplementation of incomplete personal data (right of rectification);
- deletion of the data if one of the grounds provided for in the Regulation applies (right to be forgotten);
- limitation of processing when one of the cases provided for in the Regulation occurs (right of limitation);
- receipt, in a structured, commonly used and machine-readable format, of personal data provided by you to the controller and the transmission of such data to another controller (right to portability);
- Opposition in whole or in part, for legitimate reasons, to the processing of personal data, even if pertinent to the purpose of collection.
In order to exercise the applicable rights or to obtain information on the Data, you may make an express written request to be sent to RAI COM S.P.A., sending a request:
- to the e-mail address: privacy.raicom@rai.it;
- or by post, to: RAI COM S.p.A., with registered office in Via Umberto Novaro 18 – 00195 Roma (RM)
Without prejudice to any other administrative or jurisdictional appeal, Data Subjects have the right to lodge a complaint with the Italian Data Protection Authority based in Piazza Venezia 11, 00187 – Rome (http://www.garanteprivacy.it,if they consider that the processing violates the GDPR and/or applicable privacy legislation.
Data Controller and Data Processor
The Data Controller is RAI COM S.p.A., with registered office in Rome (Italy), Via Umberto Novaro 18, 00195, e-mail address: privacy.raicom@rai.it.
The Data Protection Officer appointed by the Controller may be contacted at the following address: dporaicom@rai.it.
In the event of technical issues, please send an e-mail to: privacy.raicom@rai.it.