Pursuant to Article 13 of European Regulation 2016/679

Fandango Club Creators S.R.L. informs you that the personal data collected during the registration phase for the purchase of tickets to participate as a Visitor at the Be Comics! Event and on this website will be processed in compliance with personal data protection regulations.
Pursuant to Article 13 of European Regulation 2016/679 (“GDPR”), Fandango Club Creators S.r.l. provides the following information:

1. CONTACT INFORMATION OF THE DATA CONTROLLER

The Data Controller is Fandango Club Creators S.r.l., headquartered at Via Vincenzo Monti, 4, 20123, Milan, VAT No. 09709640966 , e-mail: [email protected] (hereinafter also referred to as the “Controller”).

2. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

a) The data provided by the Visitor, hereinafter also referred to as the “Data Subject” (name, surname, phone number, e-mail address, personal information such as residence, etc., credit card data, and data related to other payment methods, e.g., PayPal), will be processed to enable ticket purchase for entry to the “Be Comics!” Event and to offer and manage the services related to this purchase (e.g., responding to information requests, payment management, communications in case of emergencies, etc.). The legal basis for this processing is the performance of a contract to which the Data Subject is a party and compliance with legal obligations related to the requested services connected to ticket purchase (Art. 6 para. 1(b) and (c) of the GDPR).

b) Should the Visitor wish to stay in contact with the Controller to receive information about promotional initiatives (promotions, discounts, contests, surveys, and other marketing activities), including those related to the Be Comics! Event, they must provide their email address and any other required data, which will be used for this purpose. The Visitor retains the right to unsubscribe from such communications at any time. The legal basis for this processing is the explicit consent expressed by the Visitor (Art. 6 para. 1(a) of the GDPR).

c) Only with the Visitor's consent, their personal data may be shared with third-party partners of the Event so that these parties can contact the Visitor for marketing purposes. In this case, the legal basis for the processing is the Visitor’s explicit consent (Art. 6 para. 1(a) of the GDPR).

d) Personal data may also be processed to respond to any requests made by the Visitor through the email addresses or phone numbers indicated on the website, as well as through specific sections of this website. The processing is based on the legitimate interest of the company to respond to Visitor requests (Art. 6 para. 1(f) of the GDPR).

e) Lastly, we inform the Visitor that the IT systems and software procedures used to operate this website acquire, during their normal use, certain personal data, the transmission of which is implicit in the use of internet communication protocols. This category includes IP addresses or domain names of the Visitor's devices, URIs/URLs (Uniform Resource Identifier/Locator) of requested resources, request timestamps, request methods, size of response files, numerical codes indicating server responses (success, error, etc.), and other parameters regarding the Visitor’s operating system and computing environment. This processing is based on the company’s legitimate interest in ensuring the website's proper functioning (Art. 6 para. 1(f) of the GDPR).

3. RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED

Data may be disclosed to third parties operating on behalf of and in support of the Controller solely for the purposes outlined above and for contractual and legal obligations. Personal data may be accessible to IT providers and other entities collaborating with the Controller to organize the Event or to whom the transfer of data is necessary to respond to Visitor requests.

It should be noted that the entity responsible for ticket issuance via this sales channel is PG Italia s.r.l., based in via Morimondo, 26, 20143 Milano (MI), acting as the Data Processor. This company manages the technological infrastructure for ticket acquisition and data processing through these tools.

A complete list of Data Processors is available at the Controller's headquarters. As previously described, data provided for marketing purposes may also be disclosed or transferred to third-party partners of the Event to enable them to send their own commercial communications, subject to the Visitor’s specific consent.

4. DATA RETENTION PERIOD OR CRITERIA USED TO DETERMINE SUCH PERIOD

Data will be retained in a format allowing identification of the Data Subjects for a period not exceeding the purposes of the processing, in compliance with other legal obligations and the Controller's data retention procedure.

5. VISITOR RIGHTS

As provided in Art. 13 of the GDPR, the Visitor may exercise the following rights at any time:

a) Right of access, rectification, erasure, restriction, and objection: The Visitor may access their data at any time, request correction if incorrect, request the erasure of excessive data not required by law, and limit data processing for certain purposes.

b) Right to data portability: The Visitor has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller, under the conditions set forth in Art. 20 of the GDPR.

c) Right to lodge a complaint with a supervisory authority for personal data protection. For more information, visit www.garanteprivacy.it.

d) For marketing purposes under paragraphs 2(b) and 2(c), the Visitor may revoke their consent at any time without affecting the lawfulness of processing prior to the revocation. The Controller remains obligated to retain personal data if required to comply with legal obligations or perform a public interest task.

Visitors may exercise their rights (or request information) by writing to [email protected].

6. MANDATORY OR OPTIONAL NATURE OF DATA PROVISION

Providing data marked with an asterisk is mandatory due to the contractual relationship established between the Visitor and the Data Controller regarding the requested services, including ticket purchase.

The provision of voluntarily supplied data is necessary to respond to Visitor requests.

Data provision for marketing purposes is optional.

7. CONSEQUENCES OF REFUSAL TO PROVIDE DATA

If the Visitor refuses to provide the mandatory data necessary for the requested services, including ticket purchase, the Controller will be unable to fulfill its obligations.

Refusal to provide personal data may also result in the inability to respond effectively to Visitor requests.

However, no consequences arise from the refusal to provide optional data, except for the inability to receive promotional communications.