Skip to main content
AssistantLogin
Lucca Comics and Games
Molto più di un festival!
Vai al Sito Brand
Lucca Comics and Games
Loghi organizzazione, collaborazione, patrocinio e main media partner
Lucca Comics and Games

Privacy Policy Chatbot

Lucca Comics & Games Assistant app Privacy Policy

Information regarding the processing of personal data drafted and provided by Lucca Crea s.r.l. as Data Controller, pursuant to Articles 13 and 14 of the EU Regulation 2016/679 on the protection of personal data of natural persons (hereinafter also "Regulation" or "GDPR"), to users (i.e. interested parties) using the "Lucca Comics & Games Assistant" app.

  1. Personal data controller and contact information
    Lucca Crea s.r.l., with registered office in Lucca in Corso Garibaldi 53, e-mail: info@luccacrea.it, tel: 0583.401711 VAT number: 01966320465.

  2. Person responsible for the processing of personal data or Data Protection Officer
    The Data Controller has appointed its own Data Protection Officer, whom the data subject may contact at the e-mail address dpo@ext.luccacrea.it.

  3. Methods of processing personal data
    The Data Controller processes the personal data provided and/or collected by the users by means of analogue, computerised, and/or telematic tools, adopting appropriate security measures aimed at preventing unauthorised access to its systems and, therefore, reducing the risk that they may be modified, disclosed, or destroyed. 
    Personal data may also be processed in aggregate form, with organisational methods and logic strictly suitable for the purposes indicated in this information notice.
    On some occasions, data may be processed by categories of subjects authorised by the Data Controller, involved in the organisation of the provision of services connected to the application, or even by external subjects (third-party technical service providers, hosting providers) who have been appointed as Data Processors. The updated list of Data Processors and authorised subjects can always be requested by the data subject and is available at the registered office of the Data Controller.
    Personal data are processed at the operating offices of the Data Controller and the Data Processors, as well as at any other place where the parties involved in the processing are located. 

  4. Purposes of the processing
    The purpose of the processing of personal data collected through the application is set out below, together with the categories of personal data collected, the categories of data subjects, the conditions of lawfulness, the legal bases, where these need to be indicated, and the duration of their processing. 

    Creation of user groups
    Users may create a group of friends, provided that they are registered with the application, in order to organise participation in trade fair events.
    Categories of data subjects: users of the application.
    Categories of data processed: user UID, user group name, user group UID.
    Conditions of lawfulness: performance of a contract or pre-contractual measures.
    Duration of processing: Data are processed and stored on the application's online database for twenty-four months following their collection and then deleted.

    Sending communications of public interest via push notifications
    Users can receive traffic information via push notifications during the event.
    Categories of data subjects: users of the application.
    Categories of data processed: User UID.
    Conditions of lawfulness: Performance of a contract or pre-contractual measures.
    Duration of processing: Event registration data enabling event notifications to be sent is saved on the database. The data is only and exclusively processed during the event and stored for twenty-four months after its collection.

    Event organisation
    Users can filter events according to their preferences and organise them on a personal agenda.
    Categories of data subjects: users of the application.
    Categories of data processed: User UID.
    Conditions of lawfulness: performance of a contract or pre-contractual measures.
    Duration of processing: Data is processed and stored on the application's online database for twenty-four months after collection and then deleted.

    Booking and management of events via Eventbrite
    Users can associate their Eventbrite account with the application in order to book and manage events.
    Categories of data subjects: users of the application.
    Categories of data processed: User UID, event UDID, tickets purchased to attend events.
    Conditions of lawfulness: Performance of a contract or pre-contractual measures.
    Duration of processing: All data is processed and stored locally on the user's device, and, therefore, the Data Controller cannot access and process it in any way.

    User registration
    Users may register with the application in order to consult the event programme and take advantage of the services made available to them.
    Categories of interested parties: users of the application.
    Categories of data collected: email address, registration provider (Apple ID, Google Account...), user name, date of account creation, date of last account access, user UID.
    Conditions of lawfulness: execution of a contract or pre-contractual measures.
    Duration of processing: Data are processed and stored for twelve months after their collection and then anonymized.

    The data controller also specifies that for statistical purposes, data are processed anonymously and, therefore, there is no processing of personal data, since only the number of participants in events is relevant and not their identity.

    Lastly, the data controller reserves the right to retain users' data for ten years after their collection for the possible exercise of the right of defence.
     

  5. Transfer of data
    The Data Controller does not transfer the collected data to countries outside the European Union.
    Should such a transfer ever be deemed necessary, the Data Controller will collect from users prior consent to their transfer pursuant to Articles 44 et seq. of the GDPR.

  6. Rights of Data Subjects
    Users, as data subjects, may exercise the rights recognised to them by the GDPR, namely:

    1. the right of access;
    2. the right to the rectification of data
    3. the right to erasure and forgetting;
    4. the right to restriction of processing;
    5. the right to object to processing;
    6. the right to data portability.

    The rights may be exercised by submitting an informal request to the Data Controller, who will reply within thirty (30) days of receipt. This period may be extended by a further sixty (60) days if compliance with the request is particularly burdensome for the Controller.
    The Data Controller informs users that if a response is not given within the specified timeframe, or if the response does not satisfy them, or if they believe that their rights have been violated, they may lodge a complaint with the Guarantor for the Protection of Personal Data in accordance with the procedures indicated on the Guarantor’s website, which can be accessed at: http://www.gpdp.it.​​​​​​​

  7. Changes to this privacy policy
    The Data Controller reserves the right to make any changes to this extended privacy policy by giving notice on this same page.
    The date of the last modification will be marked at the bottom of this page to allow the changes to be tracked. A copy of each version of this information notice is available to interested parties at the registered office of the Data Controller.
    In the event that the interested party does not accept the changes made, he can ask the Data Controller to remove his personal data.