Privacy Policy and Personal Data Protection (GDPR)

The Creative Industries Association processes personal data with responsibility, prioritizing transparency, security, and confidentiality. In this regard, we are committed to protecting and using the personal information of data subjects (“personal data”) strictly in accordance with EU Regulation 2016/679 on the protection of natural persons regarding the processing of personal data.

1. Data Controller and Contact Information

The data controller is Creative Industries Association (“Controller”), email: contact@asociatiaindustriicreative.com. For any questions or requests regarding the processing of your personal data, you can contact us at this email address.

2. Categories of Collected and Processed Personal Data

Depending on the established purposes, we may process the following categories of personal data:

  • Basic personal information: name, surname, date of birth, gender, nationality, address.
  • Contact information: phone number, email address, residence.
  • Administrative and financial information: personal identification number, banking data (IBAN, account number), income, supporting documents (e.g., certificates).
  • Photo-video data: images captured at our events, with the prior consent of the data subject, used for promotional, documentation, and reporting purposes.
  • Health data: medical information necessary solely for the provision of certain services, such as social services or other assistance benefits.
  • Identification data for access control: images and/or vehicle registration numbers collected via our video surveillance systems.

3. Purposes and Legal Grounds for Processing Personal Data

We will process your personal data for the following purposes and based on the following legal grounds:

  • Contract execution: Processing personal data for concluding, executing, and managing contractual relationships, including providing social services, organizing events, and granting benefits from the Creative Industries Association.
  • Legal obligations: Compliance with applicable legal obligations, such as record-keeping, document archiving, compliance with health and safety regulations, and anti-money laundering regulations.
  • Legitimate interests: In justified cases, to protect the safety of employees, premises, and organizational assets, we process data such as surveillance footage or access control data.
  • Explicit consent: If we request your consent for specific data processing (e.g., using photo-video materials for promotional campaigns), data will be processed only for the specified purpose and within the limits of your given consent. Withdrawal of consent does not affect the lawfulness of prior processing.

4. Recipients of Personal Data

Your personal data may be shared, as necessary, with the following recipients:

  • External collaborators and service providers: including accounting services, human resources, IT support, audit or legal firms, security companies, and data storage providers (e.g., cloud services).
  • Contractual partners: for carrying out specific activities, including social and medical service providers, psychological counseling services, and volunteers involved in our events or projects.
  • Public authorities: for compliance with legal obligations and official requests (e.g., tax authorities, judicial authorities, public health institutions, and other regulatory bodies).

5. Data Transfers to Third Countries or International Organizations

In principle, we do not transfer your data to countries outside the European Union (EU) or the European Economic Area (EEA). If such a transfer is necessary, we will implement additional protection measures to ensure the security and confidentiality of your data, including standard contractual clauses or other GDPR-compliant safeguards.

6. Data Retention Period

We will retain your data only for the period necessary to fulfill the purposes for which it was collected or as long as required by law. Typical retention periods include:

  • Data collected for contract execution: stored for the contract duration and subsequently in accordance with legal obligations.
  • Surveillance footage: retained for a maximum of 30 days, except when required for incident investigations.
  • Data for which consent was withdrawn: erased without undue delay unless another legal basis justifies processing.

7. Rights of Data Subjects

Under GDPR, data subjects have the following rights:

  • Right of access: Request information about the personal data we hold, processing purposes, and recipients.
  • Right to rectification: Request correction of inaccurate data or completion of incomplete information.
  • Right to erasure (“right to be forgotten”): Request the deletion of personal data that is no longer necessary for the purposes collected, except where retention is legally required.
  • Right to restrict processing: In certain cases, request the restriction of data processing (e.g., while contesting data accuracy).
  • Right to data portability: Receive your data in a structured, commonly used, and machine-readable format or request its transfer to another controller, where technically feasible.
  • Right to object to processing: Object to data processing based on specific circumstances.
  • Right to withdraw consent: If you have provided consent for certain processing, you may withdraw it at any time, and we will cease processing, unless another legal basis justifies it.

To exercise your rights, you may contact us via the details provided in Section 1. We will respond to your request within one month, in compliance with GDPR provisions.

8. Security Measures for Data Protection

Protecting your data is essential to us. We have implemented technical and organizational measures to safeguard against unauthorized access, modification, destruction, or accidental loss of data. These include:

  • Access control to personal data.
  • Employee training on data protection policies.
  • Data anonymization where possible.

9. Changes to This Privacy Notice

We may update this privacy notice due to legislative changes or modifications to our internal data protection policies. The latest version will be published on our website, and we will inform you of any significant changes.

Facebook Youtube Instagram Linkedin Tiktok

By subscribing to newsletters, you express your consent to the processing of personal data in accordance with the provisions of Regulation (EU) 2016/679. You also agree to receive emails from the organizers. You can unsubscribe at any time.

Cookie Policy   |   Privacy Policy