Privacy Policy
This Privacy Policy describes how personal data is collected, processed, and protected when using the website naiv.events (the “Website”) in connection with registration and participation in the NAIV – Next‑gen Advertising Innovation Vision event (the “Event”). This Policy is provided in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) and applicable Italian data protection laws.

1. Data Controller
The Data Controller is Bio Fresh di Fabio Folcarelli, with its registered office at Via Giovanni Garau, 19 – 00121 Rome (RM), VAT No. 16930861006 (hereinafter “Controller” or “Organizer”).
For any questions regarding personal data processing or to exercise any rights, please contact the Controller at info@naiv.events (or other contact details provided on the Website).

2. Personal Data Collected
The Controller collects and processes the following categories of personal data provided directly by the data subject during registration and Event participation:

Registration Data: First name, last name, email address, telephone number, and any other information provided during the online registration on the Website. These details are required to complete the registration and allow participation in the Event.

Payment Data: Information related to the transaction (e.g., amount paid, payment method used, and transaction details). Note: The Controller does not store the full credit card details or bank account credentials; these data are processed by external payment service providers acting independently or as data processors.

Navigation Data: Technical data automatically collected during Website usage (e.g., IP addresses, browser type, access timestamps, referring pages). These data are collected in aggregated or anonymized form and are used solely for statistical purposes and ensuring the Website's proper functioning.

Cookies and Tracking Tools: The Website uses cookies (including Google Analytics) to collect information on the usage of the Website. Further details can be found in Section 7 below and in the Website’s Cookie Policy.

3. Purposes of Data Processing and Legal Basis
The personal data is collected and processed for the following purposes:

a) Registration and Event Management: To process the Event registration, issue the ticket, manage participation, and provide necessary operational communications (e.g., registration confirmations, pre-event updates, or event changes).
Legal Basis: Performance of a contract to which the data subject is party (Article 6(1)(b) GDPR).

b) Legal and Administrative Obligations: To comply with legal, regulatory, and fiscal obligations (e.g., accounting and tax requirements related to the event fee).
Legal Basis: Legal obligation (Article 6(1)(c) GDPR).

c) Website Security and Fraud Prevention: To monitor the proper functioning of the Website, prevent unauthorized access, misuse, or fraudulent activity (using automated log systems or similar tools).
Legal Basis: Legitimate interest of the Controller for IT security and the protection of its rights (Article 6(1)(f) GDPR), balanced with the rights of data subjects.

d) Traffic Analysis and Statistics: To collect anonymous or aggregated information regarding Website usage (e.g., most visited pages, visitor counts, traffic sources) via analytical tools such as Google Analytics.
Legal Basis: Consent of the data subject (Article 6(1)(a) GDPR) obtained through a cookie banner, which can be managed or withdrawn at any time.

Additional processing (e.g., marketing communications for future events) will be carried out only after obtaining the data subject’s explicit and informed consent. Without such consent, the data will not be used for any purposes beyond those described above.

4. Methods of Processing and Data Retention
Personal data is processed primarily by electronic means using appropriate systems and software to ensure security and confidentiality. Technical and organizational measures are in place to prevent unauthorized access, disclosure, modification, or destruction of data.

Data will be retained only for the period necessary for the achievement of the purposes for which they were collected:

Registration data (first name, contact details, etc.) will be retained for the duration of the Event management and for an additional 24 months afterward for any post-event inquiries, disputes, or communications. Some data may be retained longer if required by law (e.g., financial records for up to 10 years).

Payment data will be processed as long as necessary to complete the transaction and retained for the period required by accounting and tax legislation (generally, 10 years).

Navigation data (technical logs) will be kept for 12 months, except in cases where longer retention is needed for investigating cyber incidents.

Data collected via cookies is retained according to the specifications in the Cookie Policy. In particular, data collected through Google Analytics is kept for a maximum of 14 months in aggregated form.

After these retention periods, the data will either be deleted or rendered permanently anonymous in such a way that recovery is impossible, unless further retention is required by law or for the protection of legal rights.

5. Data Disclosure and Recipients
Personal data may be disclosed to third parties involved in organizing and managing the Event or operating the Website, insofar as such disclosure is necessary for the purposes specified above. These third parties act either as Data Processors under the instructions of the Controller or as independent Data Controllers. Recipients may include:

Payment service providers (e.g., banks, credit card operators, online payment platforms, or cryptocurrency processors) involved in processing the event fee.

IT service providers (hosting, email communication services, Website maintenance) that support the Website.

Partners or collaborators assisting in the Event management (e.g., event management companies or on-site support staff) with access limited to the data necessary to perform their functions.

Legal, fiscal, or administrative consultants assisting the Controller in fulfilling legal obligations and safeguarding its rights.

Public authorities or regulatory bodies as required by law.

Under no circumstances will personal data be disclosed to third parties for purposes beyond those expressly stated without obtaining the data subject’s consent.

6. International Data Transfers
The Controller will, where possible, use infrastructure and services located within the European Economic Area (EEA). However, some personal data may be transferred to third countries (e.g., as part of cloud service usage or when using tools such as Google Analytics, whose servers may be located outside the EEA).

In such cases, the Controller ensures that transfers comply with Articles 44 and following of the GDPR, namely:

To countries providing an adequate level of protection as determined by the European Commission,

Or based on adequate safeguards, such as the Standard Contractual Clauses approved by the European Commission, together with any necessary supplementary measures,

Or based on one of the derogations provided in Article 49 of the GDPR (e.g., explicit consent of the data subject, necessity for performance of a contract, etc.).

Data subjects may request further information regarding the international transfers and the applied safeguards by contacting the Controller.

7. Cookies and Google Analytics
The Website uses cookies and similar tracking technologies, specifically:

Technical Cookies: Essential for the operation of the Website and enabling navigation. These do not require consent.

Functionality Cookies: Used to remember user preferences (e.g., language) to optimize the experience.

Third-Party Analytical Cookies (Google Analytics): Employed to collect aggregated statistical data on Website usage (e.g., visited pages, time spent on site, traffic sources). The Website uses Google Analytics with IP anonymization activated so that Google truncates the last octet of users' IP addresses within EU member states.

The use of third-party analytical cookies is conducted only after obtaining the user’s consent through the cookie banner on first access. Users may manage or withdraw their consent regarding non-essential cookies at any time using the available settings.

For further details on cookie usage or how to disable cookies, please consult the Website’s Cookie Policy.

8. Rights of the Data Subjects
Data subjects may exercise the rights provided under Articles 15-22 of the GDPR, including:

Right of Access: Request confirmation of whether their personal data is being processed, and if so, obtain a copy and details about the processing.

Right to Rectification: Request correction or completion of inaccurate or incomplete personal data.

Right to Erasure: Request deletion of their personal data under conditions such as data no longer being necessary, or if the consent is withdrawn (in accordance with Article 17 GDPR).

Right to Restrict Processing: Request that data be processed only for storage purposes (under the conditions provided in Article 18 GDPR).

Right to Data Portability: Obtain their personal data in a structured, commonly used, and machine-readable format and request its transfer to another controller, where technically feasible.

Right to Object: Object at any time, on grounds relating to their particular situation, to processing based on the Controller’s legitimate interests. Additionally, data subjects may object at any time to the processing of their data for direct marketing purposes (including any profiling linked to such marketing).

Right to Withdraw Consent: For processing based on consent, data subjects may withdraw consent at any time without affecting the lawfulness of the processing prior to withdrawal.

Right to Lodge a Complaint: Should data subjects consider that their data is being processed in violation of the applicable laws, they have the right to lodge a complaint with the relevant Data Protection Authority.

These rights can be exercised by contacting the Controller using the details provided in Section 1. The Controller will respond within the statutory period (usually within 1 month, extendable by 2 months for particularly complex requests).

9. Updates to This Privacy Policy
This Privacy Policy may be updated or revised from time to time, particularly to reflect legislative changes or modifications in our data processing practices. Data subjects are encouraged to review this page periodically. In the event of substantial changes, the Controller may notify data subjects via the Website or through other appropriate channels. The revised version of the Policy, with its updated effective date, will be clearly published on the Website.

Effective Date: 09/04/2025