DATA PROTECTION INFORMATION SHEET FOR PARTICIPANTS TO EVENTS

AIM Portugal, having its registered office at Av Conde Valbom 6, 5º, 1050-068 Lisboa, Portugal registered in the Lisbon Commercial Registration Office under number 504565826 (hence, the “Controller” or “AIM”), in its quality of Data Processing Controller, as per section 13 of the EU Regulation n. 679/2016 (hence, the “Data Protection Regulation”), and subsequent modifications and integrations, collects and subsequently processes personal data^[1] of the participants (hence, the ’“Data Subject”) – including as teachers or learner – to the congress and/or other scientific or training event (hence, the ’“Event”).

1.  Scopes and ways of processing.

The personal data of Data Subjects are processed in the context of AIM’s commercial activity, for the following scopes:

1. subscription and participation to the Event;
2. fiscal, administrative and accounting duties strictly connected to above participation;
3. execution of specific duties prescribed by law, regulation or EU norms (such as administration of credits for Continuing Medical Education);
4. distribution free of charge of documentation relating to the Event;
5. use of the image and/or voice of the Data Subject as recorded during the Event, in videos, audio recordings and/or photographs of the Event published on the web-site and social networks of AIM Group as well as on the web-site and the social networks of the Events, if any.

The processing of the personal data is executed, under authority of the Controller, by entities specifically commissioned, authorized and instructed for the processing as per sections of the Data Protection Regulation, by means of manual, automated or telecom tools, with logics strictly connected to the scopes and in any case in such a way as to guarantee confidentiality and security of the personal data.

Without prejudice to the legal norms, the personal data will be kept for a period of time defined on the basis of criteria related to the nature and duration of the Event, as well as on further needs of the Data Subject.

2.  Juridical basis for processing, nature of transfer and consequences of denial, consent by Data Subject.

With reference to the scopes listed at preceding section 1, items 1., 2., 3., 4. e 5., transfer of the personal data is mandatory and represents a necessary condition to the subscription and subsequent participation to the Event; indeed, failure to transfer will determine impossibility of subscribing the Data Subject to the Event and of involving him/her in any initiative of the Event; thus, the juridical base of the related processing is the full participation to the Event, as per section 6, paragraph 1, letter b) of the Data Protection Regulation.

3.  Entities and categories of entities to which the personal data may be communicated and context of communication.

With regards to the scopes of the processing as indicated above, and within the strict boundaries of pertinence to these scopes, the personal data of the Data Subject will be communicated in Portugal, in the European Union or beyond the European Union, to the following entities, for the scope of subscription and subsequent participation to the Event:

(i) to fiscal Authorities and other public Authorities, where mandatory by law or upon their request;

(ii) to financial institutions for the execution of payments related to the subscription;

(iii) to the structures and/or external companies that AIM uses for the scope of executing connected activities, instrumental or consequent to subscription and subsequent participation to the Event (such as press services, data processing and IT consultancies, promotional activities by companies participating to the Event, mailing of the event’s program, credits for Continuing Medical Education, hotel reservations etc.);

(iv) to external consultants (e.g. for management of fiscal duties) if not designated Processors in writing;

(v) taking into account the fact that AIM is part of an international Group: to controlling, controlled or connected companies, for administrative and accounting scopes.

Above entities, to whom the personal data of the Data Subject will be or may be communicated (insofar as not being designated Processors), will treat the personal data as Controllers according to the Privacy Law, in full autonomy, being completely separated from the original processing executed by AIM.

Without the consent to communication of the personal data and to related processing, in those cases where it is foreseen as by Privacy Law, the operations which require the communication might not be executed, with consequences known to the Data Subject.

A detailed and constantly updated list of these entities, including their respective offices, is always available at AIM’s legal offices.

As mentioned before, the image or the voice of the Data Subject recorded over the course of the Event may be used in videos, audio recordings and/or photographs of the Event, published on the web-site and the social media of AIM Group, as well as on the web-site and the social media of the Event itself, if any.

Whenever necessary for the execution of the contract, the personal data of the Data Subject may be transferred to countries within the European Union and/or to countries outside the European Union, in full compliance with the norms of the Privacy Law, the Data Protection Regulation, the rulings and decisions of the related data protection authority as well as the EU regulations.

In particular, where necessary, AIM commits to complying with the norms defined by, respectively, decisions 2001/497/CE, 2004/915/CE and 2010/87/EU (according to the specific case), which oblige to the signing of so-called “typical contractual clauses” between the juridical entities involved in data processing outside of the European Union.

4.  Rights of the Data Subject.

Sections 15 and following of the Data Protection Regulation grant the Data Subject the right to obtain:

• confirmation or denial of existence of personal data related to the Data Subject, even if not yet registered and their communication in an understandable format;
• indication of the origin of the personal data, of their scopes and of their ways of processing, of the logic applied in case of processing by means of electronic tools and of the identifying details of the Controller;
• update, rectification, integration, cancellation, transformation into anonymous data or blocking of data treated in violation of the law – including data for which conservation is not necessary for the scopes for which they were collected and subsequently processed. Documentation of these operations, also pertaining to their content, is brought to the attention of the Data Subjects whose data have been communicated or published, except for the case in which this duty is impossible to perform or requires the use of tools which are obviously disproportionate in relationship to the granted right.

Moreover, the Data Subject has the right to:

• oppose, partially or completely, for legitimate reasons, to processing of his/her personal data, even if coherent with the scope of collection;
• propose a complaint to the Data Protection Authority as foreseen by the Data Protection Regulation.

In order to know the detailed and constantly updated list of the entities to whom personal data of the Data Subject may be communicated and to exercise the rights granted by sections 15 and following of the Data Protection Regulation, the Data Subject may contact the Data Processing Controller at the following addresses:

AIM PORTUGAL

Av Conde Valbom 6 – 5º

1050-068 Lisbon, Portugal

Phone: +351 21 324 50 40

Email: lisbon@aimgroup.eu

5. Duration of the processing.

Except for legal obligations, the personal data of the Data Subject will be conserved only for the Event’s duration. Notwithstanding the above, AIM may conserve some personal data of the Data Subject also after the termination of processing, exclusively for the scope of defending or safeguarding its rights, or in those cased as defined by law or by order of a judicial or government authority.

[1] As per section 4 of the Data Protection Regulation, “personal data” means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.