Privacy Policy

Privacy Policy

This page describes how to manage the site in relation to the processing of personal data of the users who consult it. This privacy policy is provided in accordance with the fundamental principles on the subject, as defined by the Federal Data Protection Act (hereinafter referred to as the DPA) decreed by the Federal Assembly of the Swiss Confederation on 19/06/2019 (updated on 01/03/2019) and in compliance with the provisions of EU Regulation 2016/679, applicable from 25 May 2018 – General Regulation for the Protection of Personal Data (hereinafter referred to as the GDPR), to those who interact with web services accessible electronically from the address:
https://www.ehmalugano2020.com
The privacy policy is provided only for the https://www.ehmalugano2020.com website and not for other websites that may be consulted by the user through links. It complies with Recommendation No. 2/2001 on minimum requirements for online data collection in the European Union, adopted on 17 May 2001 by the Article 29 Workgroup.

DATA CONTROLLERS
The Data Controller of the processing of your personal data acquired through the website in question, or, in this case, the legal person that determines the purposes and means of processing, is the Association EHMA Lugano 2020 with headquarters at the Hotel Splendide Royal Lugano (Riva Antonio Caccia 7 – 6900 Lugano, Switzerland). As part of the management of the event, “47th EHMA Annual General Meeting 2020”, the EHMA Lugano 2020 Association is responsible for the processing of the personal data of EHMA (European Hotel Managers Association) members to manage the participation fee and the related accounting, tax and administrative requirements.
The Data Controller for the organisation, management and development of the event, “47th EHMA Annual General Meeting 2020”, is the EHMA association based at the Hotel Quirinale in Rome located at Via Nazionale, 7 – 00184 Rome.
DATA CONTROLLERS
If, in order to organise, manage and carry out the event, “47th EHMA Annual General Meeting 2020”, or in order to provide a specific service to the data subject, the Data Controller has to resort to an external party, the latter will be formally identified as the Data Controller.
Xdeers Sagl, with registered office at Via San Salvatore 10 – 6900 Lugano Switzerland, was given the official mandate to manage the website.
The updated list of responsible parties may be requested at any time from the Data Controller, without prejudice to the fact that the key players involved in the management of personal data, by area of pertinence, processed through the website in question, are listed in the “scope of disclosure of personal data” section.
PLACE OF DATA PROCESSING
The processing operations connected to the web services of this site take place at the head office of the Data Controllers or, where appropriate, of the Data Protection Officer and are only handled by the technical staff of the service in charge of processing.
Where third-party cookies are used, processing may also take place outside of Switzerland and the European Community. In this regard, please refer to the relevant Cookie Policy.
The personal data provided by users who request the dispatch of informative material is only used to perform the service or provision requested.
The personal data requested in the registration form is necessary to complete the registration process and its provision is required when marked with an asterisk. Failure to provide this data will not allow the data subject to register for the event.

TYPES OF DATA PROCESSED
Browser data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, though by its very nature it could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment. This data is only used to obtain anonymous statistical information on the use of the site and to check its proper functioning. It is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, the data on web contacts is not currently stored for more than thirty days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the messages. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
In any case, no special categories of data or personal data worthy of particular attention will be processed (e.g. health, intimate sphere, membership of a race, administrative and criminal procedures or sanctions). If sent voluntarily by the user, who is however asked not to transmit these categories of data, this information will be deleted by the Data Controller of the processing.

PROCESSING METHODS
Personal data is processed by computerised tools for the time necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.

PURPOSE AND CONDITIONS OF LAWFULNESS FOR THE PROCESSING
The Personal Data you provide through the site will be processed by the Data Controller for the following purposes strictly related to the participation of the data subject in the event, “47th EHMA Annual General Meeting 2020”:
a) purposes related to the execution of a contract to which you are a party or the execution of pre-contractual measures taken at your request (e.g.: request for information in the “Contact Us” section, Registration and adhesion to the event indicated, etc). For this purpose, consent is not necessary;
b) accounting, tax and administrative purposes for managing the payment of membership fees to the event by credit card;
c) purposes related to the forwarding by email of promotional and commercial material as registered as our data subject and depending on the acquisition of a specific consent or, alternatively, having previously established a relationship based on contact details, or registrations to site newsletters. In this case, the conditions of lawfulness are found in the consent or in the legitimate interest of the Data Controller (so-called soft spam);
d) purposes of research and statistical analysis on anonymous aggregate data, aimed at measuring the operation of the site, measuring traffic and evaluating usability and interest to make it more functional and performing; consent is not necessary as it does not involve the processing of personal data;
e) purposes related to compliance with laws and regulations. For this purpose, consent is not necessary;
f) purposes necessary for the establishment, exercise or defence of rights in judicial proceedings or whenever the courts exercise their judicial functions. For this purpose, consent is not necessary.

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
Some of the Personal Data of data subjects is transferred to recipients who may be located outside the European Community. The Data Controller guarantees that the electronic and paper processing of your personal data by the Recipients is carried out in compliance with the Applicable Law, with a legal scope of application outside the EU.
Otherwise, the transfers are based alternatively on an adequacy decision or on the Standard Model Clauses approved by the European Commission, as well as in compliance with the principles of the Privacy Shield in the case of transfers to the United States.

DATA STORAGE
The Data Controller will process your personal data for the time strictly necessary to achieve the purposes indicated in this privacy policy.
By way of example and non-exhaustively, the Data Controller will process personal data for the newsletter service until the conclusion of the event.
More information about the storage period of personal data and the criteria used to determine this period can be requested by writing to the Data Controller for the processing.

SECURITY REGISTRATION AND PAYMENT SYSTEM
The completion of the registration form is done using the WordPress platform of the company Automattic Inc in accordance with the Privacy Shield.
SIX Payment Services complies with the highest security standards for online credit card payments, having also obtained PCI Data Security Standard v3.2 certification.

SCOPE OF DISCLOSURE OF PERSONAL DATA
Personal data acquired through this website may be disclosed to:
• the web agency Xdeers Sagl with head office at Via San Salvatore 10 – 6900 Lugano Switzerland;
• the data centre of the company Seeweb Srl with head office at C.so Lazio 9/a – 03100 Frosinone – Italy (https://www.seeweb.it/privacy);
• SIX Payment Services Marketing & Communication, with head office at Pfingstweidstrasse 110 – 8021 Zurich, Switzerland, for the management of credit card payments;
• the company Automattic Inc. with head office at 60 29th Street #343 – San Francisco, CA 94110 for the registration of data in registration forms through the WordPress platform;
• to Public Bodies or Offices for legal and/or contractual obligations;
• third-party hotels to manage hospitality for the participants of the event;
• the event Organising Committee (https://www.ehmalugano2020.com/organising-committee/);
• the European Hotel Managers Association (EHMA) with head office at the Hotel Quirinale in Rome, located at Via Nazionale, 7 – 00184 Rome, responsible for the management and organisation of the event.

AUTOMATED PROCESSING
The Data Controller shall not carry out processing operations based on an automated decision-making process, including profiling, which produce legal effects or which are likely to have a significant effect on the Data Controller.

RIGHTS OF DATA SUBJECTS
In accordance with the relevant legislation, the data subject has the right, at any time, to obtain confirmation of the existence or otherwise of its personal data, know the content and origin thereof, verify its accuracy or request its integration or updating. The data subject also has the right to request access to its personal data, to rectify or cancel the same, to oppose it being processed, to limit the processing, as well as to obtain any data concerning it in a structured format, commonly used and readable by automatic device. It also has the right to oppose profiling and to lodge a complaint with the relevant supervisory authority if it resides within or is a citizen of an EU Member State.
Where the processing is based on consent, the data subject shall have the right to withdraw consent at any time without prejudice to the lawfulness of the processing prior to withdrawal.
Requests may be sent by email to the email address of the Data Controller specified above.

UPDATING AND REVISION
The Privacy Policy was updated on 09/11/2019 and may be subject to future revisions.