Privacy Policy

It is essential for us to protect your privacy, which is why we are committed to treating your data transparently and in accordance with the European General Data Protection Regulation (EU Regulation No. 2016/679, hereinafter only “GDPR”). In this notice you will find all the information expressly stipulated in Article 13 of the GDPR.

In accordance with the provisions of the GDPR, legal persons do not fall under the category of “data subject” and from the scope of the GDPR. However, in the event that personal data relating to a natural person is included during the collection of business information, that person will be considered a data subject and consequently the GDPR will be applied.

1. Data Controller

The GDPR (Art. 4 No. 7) defines data controller as the one who determines the purposes and means of personal data processing. Its responsibilities are identified in Art. 24 GDPR.

The data controller is Tech4Fem (C.F. 96614900585) in the person of its legal representative pro tempore Valeria Leuti (C.F. LTEVLR83C59H501R) (hereinafter, ‘Data Controller’).

You can contact the Controller at the following addresses:

Email: info@tech4fem.it

PEC: tech4fem@legalmail.it

Address: Via Fonte Buono, 110 – Rome

2. The data we process

If you decide to use one or more of the services offered by the site, biographical data, contact information, and some optional information such as that regarding education and professional experience may be collected. This data will always be entered by you independently in order to access the services offered as the site does not collect any personal data automatically.

The processing operations that are carried out are: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, restriction, deletion or destruction.

3. The treatments carried out

Below you will find listed all the purposes of the processing carried out with the relevant legal basis applied for collection as well as the expected retention times.

3.1 Registering for and attending Tech4Fem events and sending communications regarding booked events

  • Purpose of processing: to enable proper registration and participation in the event.
  • Applied Legal Basis: the performance of a contract to which the data subject is a party.
  • Retention time: for as long as necessary to fulfill contractual obligations, as well as possible management of reimbursement in case of a paid event. In the case of requests from authorities or for the protection and defense of rights, including judicial and tax office, the data will be kept for as long as necessary to fulfill such requests or to protect the rights of the Owner.
  • Additional information: the provision of data indicated as necessary is mandatory to provide the requested service, otherwise the owner will not be able to achieve the indicated purpose.

3.2 Access to communities

  • Purpose of processing: to allow proper registration and access to the Tech4Fem community (also on other platforms e.g. Slack).
  • Applied Legal Basis: the performance of a contract to which the data subject is a party.
  • Retention times: We will process the data for the maximum time the service is used and for the next 12 months. Data obsolescence check is done every 12 months.
  • Additional information: the provision of data indicated as necessary is mandatory to provide the requested service, otherwise the Holder will not be able to achieve the indicated purpose. The additional data optionally entered, may be used to improve the service of the Holder.

3.3 Contact us

  • Purpose of processing: to enable us to send you the requested information.
  • Applied Legal Basis: execution of pre-contractual measures carried out at the request of the Data Subject.
  • Retention times: we will process data for as long as necessary to respond to requests and then delete it. Verification of data obsolescence is done every 12 months.
  • Additional information: you have full freedom to release the requested and optional data, as there is no legal obligation to provide them. However, if you choose not to provide the data marked as essential, the Controller will not be able to fulfill the stated purpose.

3.5 Newsletter and DEM

  • Purpose of processing: to enable the sending of newsletters and DEM (an acronym for Direct Email Marketing).
  • Applied Legal Basis: the legal basis is the consent of the data subject. Limited to the case in which you purchase one of the services offered by the site, we will export your data to a CRM aimed at sending commercial information for products or services similar to those purchased under art. 130 co. 4 D. Lgs 196/03 (c.d. softspam), or concerning events similar and/or analogous to those in which you participated. In this case, your consent is not necessary but you can exercise your opt-out at any time.
  • Retention times: data will be processed until consent is revoked. Otherwise, they will be kept for up to 5 years after the last submission.
  • Additional information: for subscription to the newsletter the email address is necessary, otherwise it will not be possible to achieve the stated purpose. In case of purchase, the provision is automatic.

3.6 Navigation data

  • Purpose of processing: to enable site security.
  • Legal Basis Applied: we will process data based on the company’s legitimate interest in cybersecurity and fulfillment of legal obligations. The legal basis for processing cookies other than necessary cookies is consent.
  • Storage time: data will be processed for 24 months.
  • Additional information: please refer to the appropriate policy on cookies.

Only in the event of any dispute or litigation, the data may be held longer to enable us to exercise or defend a related right by applying the legal basis of the data controller’s legitimate interest.

4. Methods of processing

We will always process your personal data lawfully, impartially and with the highest degree of confidentiality. We will strictly adhere to current regulations, ensuring that all appropriate security measures are taken as outlined in current legislation. The management of your data will be carried out exclusively through digital and analog tools.

We assure that there will be no automated decision-making processes, including profiling, applied to users without their explicit consent. This applies in particular to the use of cookies or other tracking systems, for which there is a detailed information section governing their use.

5. Who can access the data

The processing of your data will be carried out by the Data Controller.
The Data Controller may disclose the data to any person to whom the disclosure is obligatory for the fulfillment of the purposes prescribed by law.

The Data Controller may use collaborators, companies and/or IT tools that will process your data in the sole interest of the Data Controller for specific cases and/or activities or to improve the quality and efficiency of the services offered. Each of them will be appropriately appointed as data controller in accordance with Article 28 GDPR. The data will, in addition, be disclosed to payment gateways as autonomous data controllers.

The list of data processors can be found at the office.

6. Place of storage

Storage and management of personal data will take place on servers located in Europe. The data controller ensures that the transfer of personal data is carried out in compliance with the regulations of the GDPR.

7. The rights you can exercise

As a data subject, you have the rights under Art. 15 et seq. of the Regulation as set out in the paragraphs below.

7.1 Right of Access (Art. 15 GDPR)

The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet recorded, and its communication in intelligible form.

7.2 Right of rectification (Art. 16 GDPR)

The data subject has the right to obtain the rectification of inaccurate personal data concerning him/her, as well as the integration of incomplete data.

7.3 Right of cancellation (Art. 17 GDPR)

The data subject has the right to obtain the deletion of personal data for particular reasons such as revocation of consent, objection to processing or if the data are no longer necessary for the purposes for which they were collected and processed or in the event of unlawful processing. It will not always be possible to proceed to deletion, but it will certainly be the burden of the data controller to provide adequate justification.

7.4 Right to restriction of processing (Art. 18 GDPR)

The data subject has the right to obtain restriction of processing in special cases such as, for example, in the case of a request for rectification or opposition during the time of assessment of requests.

7.5 Right to portability (Art. 20 GDPR)

If the processing is based on consent or contract and is carried out by automated means, the data subject may receive them in a structured, commonly used and machine-readable format or request that they be transmitted to another data controller.

7.6 Right to object (Art. 21 GDPR)

The data subject has the right to object, in whole or in part:

a) per motivi legittimi al trattamento dei dati personali che lo riguardano, ancorché pertinenti allo scopo della raccolta;

b) al trattamento di dati personali che lo riguardano per il perseguimento di finalità non contemplate dall’art. 2.

The user may make a request to object to the processing of his or her personal data pursuant to Article 21 of the GDPR in which he or she must give evidence of the reasons justifying the objection: the Data Controller reserves the right to assess the request, which would not be accepted in the event of the existence of compelling legitimate grounds for processing that prevail over the user’s interests, rights and freedoms.

7.7 Right to withdraw consent (Art. 7 GDPR)

In the event that data processing is based on consent, you have the right to revoke your previously given consent at any time. In this case, withdrawal of consent will not affect the processing carried out as long as consent was validly given.

7.8 Right to complain

The data subject has the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if he or she considers that the processing of his or her data is contrary to the legislation in force.

7.9 Right to take legal action

If you consider that your rights have been violated as a result of processing, you can take legal action in the competent courts.

8. How to exercise your rights

You can exercise your rights at any time by contacting the data controller at the above addresses.