as a participant or registrant in the event (hereinafter also only “subject being filmed” or “data subject”)
TO THE SENSES
also Articles 10 and 320 of the Civil Code and Articles 96 and 97 of Law No. 633 of 22.04.1941 on Copyright,
AUTHORISE
Penny Market S.r.l. a s. u. subject to the management and coordination of Rewe Zentralfinanz eG, with registered office in Strada Padana Superiore 11 n. 2/B, 20063, Cernusco sul Naviglio (MI), also with its collaborators, employees or freelancers authorised to do it (hereinafter, also jointly referred to as, “Organiser/s” or “Data Controller”)
TO CARRY OUT THE FOLLOWING ACTIVITIES
– photographic and video recordings of its image made on the day December 17th, 2023, at Centro Pavesi FIPAV, during the event PENNY VOLLEY CHAMPIONS LEAGUE (hereinafter referred to as the ‘Event’);
– publication, sharing and dissemination of its image, including live, via the social media of PENNY Italy and via the channels of all international PENNY who will participate in the event: for instance external channels, such as Instagram, Facebook, LinkedIn, Youtube (for example, PENNY Italia and PENNY Live) and internal channels, such as internal Newsletter, TEAM PENNY APP, PENNY VOLLEY CUP website, comunicazione@penny.it, etc., as deemed appropriate;
– publication of its image on the Controller’s and on the other international PENNY’s internal material;
– storage of said footage in the relevant archives provided by the Organiser until this release is revoked, without prejudice to any obligations arising from the law.
The undersigned, who is represented in the photographic and video recordings, declares that he/she is aware that the Organiser may use the image to the extent that it does not jeopardise the personal dignity, honour, decorum and safety of the subject being filmed.
This release is issued free of charge and without time limit and may be revoked at any time by sending an e-mail to eserciziodirittiprivacy@penny.it. The revocation will have future effects, without prejudice to uses already in place.
The undersigned hereby declares:
– that nothing shall be claimed in connection with the subject matter of this release;
– to waive any mention on the occasion of such use of his image;
– to exonerate the Organiser from all financial obligations and any form of liability in any way connected with and/or arising from the incorrect use of the images by third party (users).
PRIVACY POLICY
FOR THE USE OF PERSONAL IMAGES
Pursuant to Art. 13 of Regulation 2016/679 (also known as GDPR) on the protection of personal data and in relation to your personal data, your personal data will be processed by Penny Market S.r.l. a s. u. subject to the management and coordination of Rewe Zentralfinanz eG in accordance with the principles of fairness, lawfulness and transparency, as well as the protection of your privacy and the protection of your rights. In this connection we inform you of the following.
§ Identity and contact details of the data controller
The data controller is Penny Market S.r.l. a s. u. subject to the direction and coordination of Rewe Zentralfinanz eG, with registered office in Strada Padana Superiore 11, 2/b, 20063 Cernusco sul Naviglio (MI), Tax Code: 01737790186, VAT No.: 12619750156 (hereinafter “Penny Market” or “Data Controller” or “Organiser”).
§ Contact details of the Data Protection Officer (DPO)
The Controller has appointed a Data Protection Officer (DPO) whom you may contact for all matters relating to the processing of your personal data. The DPO’s contact details are as follows: dpo-penny@kinast.eu.
§ Principles and Definitions
For the purposes of the GDPR, this means:
Processing (ex-Article 4(1)(2) GDPR) ‘any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’;
Personal data (ex-Art. 4(1)(1) GDPR ‘any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity’;
Basis of lawfulness (Legal basis) (ex-Art. 6 GDPR and Recital 40) ‘for the processing of personal data to be lawful, it should be based on the consent of the data subject or on another lawful basis provided for by … Regulation (GDPR) or by Union or Member State law, …, taking into account the need to comply with a legal obligation to which the controller is subject or the need to perform a contract to which the data subject is party or the performance of pre-contractual measures taken at the request of the data subject’.
Consent of the data subject shall mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes, whereby the data subject indicates his/her assent, by means of a statement or unambiguous affirmative action, to personal data relating to him/her being processed.
§ 4. Processing of personal images portrayed in photos/videos during the PENNY VOLLEY CHAMPIONS LEAGUE (hereinafter referred to as the ‘Event’)
I. Managing photos/videos that reproduce your image
Scope and purpose of processing
Your personal data, collected at the time of the photographic and video recording of your image, will be processed for the following purposes:
– publication, sharing and dissemination of its image, including live, via the social media of PENNY Italy and via the channels of all international PENNY who will participate in the event: for instance external channels, such as Instagram, Facebook, LinkedIn, Youtube (for example, PENNY Italia and PENNY Live) and internal channels, such as internal Newsletter, TEAM PENNY APP, PENNY VOLLEY CUP website, comunicazione@penny.it, etc., as deemed appropriate;
– publication of its image on the Controller’s and on the other international PENNY’s internal material;
– storage of said footage in the relevant archives provided by the Data Controller until this release is revoked, without prejudice to any obligations arising from the law.
Legal basis for processing
The legal basis for the processing is the Consent of the data subject (Art. 6(1)(a) GDPR).
Consent, as the legal basis of the processing, implies that the data will be processed by the Controller for these purposes only after having obtained your consent to do so. You will have the right to revoke your consent at any time by following the procedure described in the paragraph of this policy dedicated to the exercise of your rights. The revocation of your consent shall not affect the lawfulness of the processing based on the consent given prior to the revocation (Art. 6(1)(a) GDPR) (Art. 7(3) GDPR).
Option or obligation to provide data and consequences of failure to provide data
The provision of personal data, for which consent is required, is entirely optional and without consequences in the event of refusal; in the absence thereof, however, it will not be possible to process them and, therefore, it will not be possible to use them for the intended purposes.
Data Deletion and Retention Period
The photos and videos used by the Data Controller and stored in its archives will be deleted at the end of their use, subject to any further legal requirements.
§ Recipients or categories of recipients of personal data
Personal data relating to the processing in question, for the above-mentioned purposes, may be communicated or disclosed:
to those persons within the Controller’s organisation, including companies of the business group located in the European Union, who need it due to their task or hierarchical position. Such persons are those authorised to process data under the direct authority of the Controller (hereinafter referred to as “Authorised Persons”), whose number will be limited to a maximum, in relation to their task, they will only have access to the data relevant to that task, i.e. all Authorised Persons will not have free access to all its data, and they will be appropriately instructed in order to avoid loss, destruction, unauthorised access or unauthorised processing;
to third parties to whom our company may outsource certain activities and who consequently provide the undersigned with certain instrumental services, however related, to the processing and purposes described above, such as services that deal with the management of our websites and/or our social pages, the information system, the photo/video shooting service for Penny Market. These parties may receive or otherwise have access to the personal data of data subjects in whole or in part, depending on their roles and purposes aimed at facilitating and improving our services. They therefore carry out processing on behalf of our company and are authorised to process the data as Data Processors in accordance with Article 28 GDPR;
to the security, inspection, judicial and police authorities and, in general, to those subjects to whom the right to access the data is recognised by specific legal provisions or by a provision issued by an authority empowered to do so by law. In other words, to all those subjects to whom the transfer of data is necessary for the fulfilment of obligations provided for by laws or regulations.
These parties will process the data as autonomous data controllers;
to companies belonging to the REWE corporate group of which Penny Market is part (these companies may also be located abroad, however, within the European Union) that are authorised to process them for internal administrative purposes.
§ 6. Your rights
The GDPR grants the data subject the following rights in relation to his or her personal data, which he or she may exercise within the limits and in accordance with the provisions of the legislation.
Pursuant to Article 15 GDPR, you may request information on your personal data processed by us. In particular, you may obtain information regarding the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the expected storage period, the existence of the right of access, rectification, erasure, restriction or objection, the right to lodge a complaint with a supervisory authority, if the data is not collected from the data subject all available information on its origin, transfers to third parties or international organisations and the existence of automatic decision-making processes, including profiling and, where applicable, meaningful information on the logic used. In this regard, you may contact Penny at www.penny.it in the appropriate section, which can be reached at https://eserciziodirittiprivacy.penny.it.
Pursuant to Article 16 GDPR, you may request the immediate correction of inaccurate data, or the integration of your personal data stored with us via www.penny.it in the appropriate section, which can be reached at https://eserciziodirittiprivacy.penny.it.
Pursuant to Article 17 GDPR, you may request the deletion of your personal data held by us, provided that the processing is not necessary for the exercise of your right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the establishment, exercise or defence of a legal claim. You can request the deletion of your data at www.penny.it in the appropriate section at https://eserciziodirittiprivacy.penny.it.
Pursuant to Article 18 GDPR, you may request a restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if, although the data controller no longer needs the data for the purposes of processing, the personal data are necessary for the data subject to establish, exercise or defend a legal claim. Furthermore, pursuant to Article 18 GDPR, the data subject has the right to obtain the restriction of the processing if he or she has objected to the processing pursuant to Article 21(1) GDPR. You may request the restriction of processing by e-mail (eserciziodirittiprivacy@penny.it) or, alternatively, by post (Penny Market S.r.l., Strada Padana Superiore 11 n. 2/B, 20063, Cernusco sul Naviglio – MI -).
Pursuant to Article 20 GDPR, you may request that the personal data you have provided be received by you in a structured, commonly used and machine-readable format, or you may request that they be transferred to another data controller. You can exercise this right via www.penny.it in the appropriate section, which can be reached at https://eserciziodirittiprivacy.penny.it.
Right of opposition
In accordance with Article 21 of the GDPR, you have the right to object at any time to the processing of personal data concerning you pursuant to Article 6(1)(f) of the GDPR.
Under Article 22 of the GDPR, you have the right to object to a decision based solely on automated processing.
You may exercise this right by e-mail (eserciziodirittiprivacy@penny.it) or, alternatively, by post (Penny Market S.r.l., Strada Padana Superiore 11 n. 2/B, 20063, Cernusco sul Naviglio – MI -).
Withdrawal of consent
Pursuant to Article 7(3) GDPR, you may revoke your consent at any time, without prejudice to the lawfulness of the processing based on the consent given before revocation. This right may be exercised by e-mail (eserciziodirittiprivacy@penny.it) or, alternatively, by post (Penny Market S.r.l., Strada Padana Superiore 11 n. 2/B, 20063, Cernusco sul Naviglio – MI -).
Complaint
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. He/she may contact the supervisory authority of the place where he/she usually resides, works, or where the alleged breach occurred.
In addition:
You have the right to contact the Data Protection Officer (DPO) for all matters relating to the
processing of your personal data. The DPO can be contacted as indicated in the section on the Data Protection Officer.