E.U. Regulation 2016/679 and implementing provisions

1. Foreword
   As a supplement to the information already provided, in implementation of the EU Regulation 679/2016 (hereinafter "Regulation") as well as its implementing provisions, this
   document contains guidance on the processing of personal data provided, for the purpose of compliance with the measures necessary for the prevention and containment of the Covid-19 virus (Coronavirus) in accordance with the provisions and in compliance with the regulations in force.
2. Data controller
   The data controller is BOELLA & SORRISI SRL telef. +39 011/2476333 e-mail boellaesorrisi@boella.it PEC boellasorrisi@pec.it (if any)
3. Data Protection Officer
   The Owner has appointed a Data Protection Officer in accordance with Articles 37 et seq. of the Regulations, whose contact details are as follows: Tel. 0112476333 E-mail elena@boella.it PEC boellasorrisi@pec.it
4. Data processed and purpose
   The data processed are as follows:
   • Common data (first name last name, social security number, address, email address, etc.)
   • Particular data pertaining to health and particularly those concerning symptoms potentially related to the virus
   • Data concerning any contacts or places of origin
   • Data concerning the possession and verification of the so-called "green pass" (common data; excluding the content of the document)
   • data related to the vaccination obligation, if required by the current regulations In particular: a) data pertaining to the body temperature; b) information regarding close contacts at high risk of exposure, in the last 14 days, with subjects suspected or tested positive for COVID-19; c) information regarding the origin, in the last 14 days, from areas at risk according to the indications of the authorities; d) the existence and verification of the c.so-called "green pass" (digital or paper certificate) in accordance with the Prime Minister's Decree 17.6.2021; e) the implementation of compulsory vaccination in accordance with the current regulations; f) verification. The processing of such data is aimed at fulfilling the obligations of laws and regulations as well as taking appropriate security measures in order to contain Covid-19.
5. Purposes and legal basis for processing
   Personal data will be processed exclusively for purposes of prevention from COVID-19 infection, in execution of national and/or regional legal and implementing provisions. Data regarding the possession or non-possession of a green pass or, if due, the vaccination requirement, will also be processed for organizational purposes of the work activity.
   The legal basis for the processing in question is the regulations issued and enacted for the containment of the virus, in particular for the implementation of anti-vaccination safety protocols in accordance with the aforementioned provisions and for the use of the green pass, as well as the legitimate interest of the event organizer in health safety as well as in cooperation in the protection of public health.
6. Recipients of the data
   We inform you that the personal data you provide or acquired before or during the event may be communicated to the competent authorities, health or public security, if requested or if due under legal or regulatory provisions. The data will not be disclosed or communicated to third parties outside the specific regulations or orders of the Authorities.
8. Data Retention Period
   Data will be retained for the period necessary for processing and in any case until the end of the state of emergency, unless otherwise provided by law. If no longer needed, also according to regulatory provisions, they will be anonymized or deleted. With reference to the measurement of body temperature, the Data Controller does not make any recording of the data. The identification of the data subject and the recording of the exceeding of the temperature threshold could take place only if it is necessary to document the reasons that prevented access. In that case, the data subject will be informed of the circumstance.
   With reference to the green pass, only data concerning the possession or non-possession of the document may be kept within the limits in question.
9. Compulsoriness
   we would like to point out that the provision of the above-mentioned data must be understood as compulsory for the purpose of access to the premises, the event or in any case to the perimeter of the event. Any refusal will result in the prohibition of access to the premises or areas or the request to implement appropriate behavior and in any case the request for removal from the premises.
10. Type of processing
    The data whose storage is permitted will be included in our archives and their processing, which may be carried out through automated and/or paper-based means, will include all the operations or set of operations provided for in Article 4 no. 2 of the Regulations and necessary for the processing in question, namely: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.
    In all cases, the confidentiality and dignity of the data subject shall be ensured, subject to what is specified in Section 6.
11. Persons authorized to process
    We have also appointed persons expressly authorized to process data.
12. Data transfer abroad
    No data transfer outside the E.U. is planned.
13. Rights of the Data Subject
    Data subjects have the right to obtain from the Data Controller, in the cases provided for, access to their personal data and the rectification or erasure thereof or the restriction of processing concerning them or to object to processing (Art. 15 et seq. of the Regulations). The appropriate application is submitted by contacting the Data Controller. Data subjects who believe that the processing of personal data relating to them carried out by the Data Controller is in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation).