*privacy policy English - hip hop protection

Information pursuant to and for the purposes of art. 13 of D.lgs. 101/2018 transposing EU Regulation n. 679/2016 of 27 April 2016, “relating to the protection of individuals with regard to the processing of personal data”

Introduction With this statement, made pursuant to art. 13 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, as well as the free movement of such data and repealing Directive 95/46/EC – General Data Protection Regulation”, we provide information about the processing of personal data.

This information is intended for all those who visit and interact with the website www.hiphoprotection.it owned by the Hip Hop Protection Committee, which has as its objective the candidacy of HIP HOP culture in the list of intangible cultural heritage of UNESCO (specifically in the list Representative of Intangible Cultural Heritage) acting both in Italy and around the world.

The European Regulation requires that the processing of personal data is based on the principles of fairness, lawfulness, transparency and protects the confidentiality and rights of the individual concerned. For a correct understanding of the following terms, please consult the information page of guarantor for the Protection of the personal data: https://www.garanteprivacy.it/regolamentoue. This privacy policy also applies to any online activity of this site and is valid for visitors/users of the site. The Hip Hop Protection Committee intends to inform the data subject, to whom the personal data relate, on which data are processed and on certain elements characterizing the processing, which must always take place with fairness, lawfulness and transparency, for protecting the confidentiality and rights of the data subject. Users of the website and those interested in associating should carefully read this Privacy Policy before communicating any type of information/personal data and/or filling out any form. Some definitions of the most important items of the European Regulation.

«personal data» means any information relating to an identified or identifiable natural person (such as: name, surname, email, telephone number of the person concerned); «treatment»: means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, «consent of the data subject»: Unequivocal and explicit positive act expressing the willingness of the data subject to give his consent to the processing of his personal data, after he has been informed in advance about the purposes, the modalities and any other aspect through the information. The consent must be provided for each processing purpose, otherwise it is not valid. «data controller» means the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data; «person responsible for the treatmen»: the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller; «recipient» means any natural or legal person, public authority, service or other body receiving communication of personal data, whether or not they are third parties; «the data subject» to the processing of data is, in a nutshell, the natural person to whom the personal data subject to processing refers; «Data Protection Office»:also called RPD is the data protection officer (DPO or RPD) that ensures compliance with the Regulation. He cooperates with the authority, for this reason, when he is appointed, his name must be communicated to the Guarantor; «Appointed»: is the data processor. It’s a physical person, that is, who – inside the organization or outside – has the task of managing data daily; «User»:is the natural person who navigates and uses this Site; «Usage Data»: this is the information that this site automatically collects without directly identifying users. In particular, data relating to the use of this site are: the IP addresses or domain names of the computers used by the user connecting to this Site; addresses in Uniform Resource Identifier (URI) notation; the time of the user’s request; the method used to submit the request to the server; the user’s country of origin the browser and operating system characteristics used by the user; the duration of the user’s visit on the pages of this site; the user’s visit path within the Site, with particular reference to the sequence of pages consulted, the parameters related to the operating system and the User’s computing environment; «Cookies»: are a fragment’s piece of code that collects data within the device used by the user for navigation; «Notice»: the communication that provides all the useful information that the data subject needs to know when he decides to give his consent to the processing of personal data. Data’s Controller and how to contact him: The data controller is the Hip Hop Protection Committee, based in Anguillara Sabazia (RM) 00061, Rome, Via Cavour n.18C, fiscal code 96521560589. The contact data are:

E mail: comitatopromotore@hiphoprotection.com PEC: veronica.benanti@timpec.it This website: www.hiphoprotection.com is owned by the Hip Hop Protection Committee

data protection responsabile (c.d. “RPD-DPO)

The Committee has conferred the assignment of DPO (data protection officer), pursuant to art. 37 and ss. of the GDPR, in the person of the avv. Maurizio Nestonni. You can contact the DPO at: E-mail: privacy@hiphoprotection.com

legal basis of processing The legal basis for the processing of personal data for the purposes indicated in this Policy are the following legal bases: Consent: consent is required to use data, for updates on our content, for sending information about our services and for profiling (that is to analyze the interests and behaviors of visitors to our site and to improve our marketing campaigns). Contractual scope: the need to execute the contract and/or the contracts or the execution of pre-contractual measures. Legal obligations: when strictly necessary, personal data will be processed to comply with a legal obligation, an order imposed by the supervisory authority, a tax assessment, etc. 6. What types of personal data we process a. Data provided at the time of registration – first name and surname, – e-mail address; – place and date of birth, – address of residence.

b. Data provided on the use of the Site.

– The Hip Hop Protection Committee collects information about how you have used the Site, including, for example, the pages of the Site or other content you view, your searches, third-party applications on the Site that are used by the user (for example, the map and other features of Google Maps in the “contact” section).

b. navigation data The computer systems and software procedures responsible for the operation of the Hip Hop Protection Committee website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but that by their very nature could, through processing and association with data held by third parties, allow to identify users. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to the operating system and the computer environment of the user. These data, necessary for the use of web services, are also processed for the purpose of: – obtain statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.) – to check the proper functioning of the services offered. The data could be used to ascertain liability in case of hypothetical computer crimes against the site: save this eventuality, Web contact data persists for no longer than is necessary for the purposes for which they are collected and subsequently processed.

c. Data communicated by Users: data for professional applications as curriculum The data will be stored for a maximum of 36 months from the date of receipt of the curriculum vitae. The data will be processed by employees and collaborators of the Hip Hop Protection Committee, the data collected are: name, surname, date of birth, e-mail, telephone, profession, as well as any data contained in Curriculum Vitae.

d. Data communicated by Users to get in touch with the Company: personal data, contact data and other personal data transmitted voluntarily

Data provided through information’s request e-mail enquiries. If the user, to request information, uses the information request form (on the Site in the “contact” section), the Hip Hop Protection Committee acquires the name, surname, address and-the user’s e-mail address and any other personal data included in the electronic communication.

c. Data provided directly during events on paper form or registration on our website by filling out the form The deposit of the signature, in support of the Promoting Committee Hip Hop Protection, is aimed at promoting the candidacy of Hip Hop culture to the list of intangible heritage of UNESCO, by means of a special paper registration form or by means of a specific online registration. The User assumes responsibility for the personal data of third parties published or shared by filling in the Questionnaire and guarantees to have the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties. The User also assumes responsibility for the veracity of the data and information provided in filling out the questionnaire and registering for the service. purpose of the processing The personal data made available to the Committee may be used for the following possible purposes: enable participation in the Committee’s initiatives; to promote the candidacy of Hip Hop culture to the list of intangible heritage of UNESCO; manage any requests for information submitted; enable the use of services, as well as the performance of activities reserved by virtue of membership of the Committee and participate in community activities/initiatives; for the fulfilment of legal obligations; subject to the consent, and without prejudice to the legitimate interest of the Committee, send personalized communications by any means (including email, sms, social networks, mobile applications, fax, post and telephone), relating to the initiatives, changes, changes in the organization, as well as invitations to attend meetings, assemblies, meetings; for information purposes (only following a possible, optional and specific consent), such as: the sending of commercial communications by the Committee and by other parties sending communications on behalf of the Committee itself; We remind you that the lack or inaccurate provision of data, only when it is mandatory would prevent membership/ registration to the Committee.

methods of processing The Data Controller processes the personal data of Users by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The data will be processed both by paper and electronic means. The Committee also uses social networks (e.g. Facebook, Instagram), any personal data communicated through those channels will be subject to the terms and conditions of use of the social network itself. Personal data are processed with the support of computer and/ or paper tools and are protected through appropriate security measures to ensure confidentiality and security. Place of processing and transfer The processing related to the web services of the above mentioned site, takes place both at the headquarters of the Hip Hop Protection Committee, both at the company headquarters and/ or at the headquarters of the hosting company and/ or management of the website and are handled only by technical staff of the Office in charge of processing, or by any person in charge of occasional maintenance operations. Personal data will be stored at the headquarters of the Committee on servers located in the European Union. For strictly operational needs related to the management of marketing services, identification data will also be communicated to suppliers in third countries. Others possibles transfer of Datas abroad will take place, if to countries that do not benefit from an adequacy decision of the European Commission and that, therefore, do not offer an adequate level of protection to personal data, only (i) before the adoption of appropriate guarantees such as, by way of example, the signing of the standard clauses approved by the European Commission, or (ii) recourse to a derogation from the prohibition of transfers outside the European Union and, therefore, always by way of example, after obtaining the explicit and informed consent of the User, or only to the extent necessary for the performance of a contract concluded between the User and the Company, or between the Company and a third party for the benefit of the User, or for the execution of pre-contractual measures taken at the request of the User. The transfer Extra UE countries, in addition to cases where this is ensured by adequacy decisions of the European Commission, will be carried out in such a way as to provide adequate and suitable guarantees in accordance with Articles 46, 47 or 49 of the Regulation. Conservation Personal data will be stored only and only for the needs related to each of the purposes indicated in paragraph 7 and in compliance with the principle of minimisation of processing. We may need data to defend our rights or those of Users, as well as to comply with the obligations of maintaining accounting records Therefore, we keep this data for as long as necessary and in any case no longer than 10 years. Also: for communications of events and/or services of the Committee and/or companies that are part of our network, through automated and traditional means, (legal basis Consent art.6.1 to GDPR) the retention time is 24 months from the collection of consent, unless revoked or opposed, always possible. The data category is: name, surname, e-mail address (…) for the transfer of your data to third parties for marketing purposes, through automated and traditional means (legal basis Consent art.6.1 to GDPR) the retention time is 24 months from the collection of consent, unless revocation of the same or opposition, always possible. The data category is: name, surname, e-mail address (…) profiling based on automated decision-making (legal basis Consent art.6.1 to GDPR), the storage time is 12 months from the collection of consent, unless revocation of the same or opposition always possible. The data category is: IP address, purchase history, favorite products, expressed preferences (…). To whom we communicate personal data It is possible that personal data may be communicated to our suppliers for the needs related to the provision of the service, acting as independent data controllers or data processors. Suppliers include delivery partners, IT companies, legal advisors, payment processors, accountants, marketing and analytics companies (such as PayPal for payment service management and Sendinblue for newsletter management.) The list of Data Processors pursuant to Article 28 GDPR is located at the Committee’s registered office and may be requested at any time from the Data Controller. Subjects and categories of subjects to whom personal data may be disclosed. The data may be communicated: to the employee and/or collaborators of the data controller that is subjects acting under the authority of the Data Controller pursuant to art. 29 of the GDPR (for exemple administrative, and technical staff); to Public Bodies or Offices according to legal obligations; to subjects that provide consultancy services strictly connected and instrumental to the management of the contractual relationship and the provision of the good and/or the service requested by the user; to Data processors, appointed as: consultancy firms, law firms, IT consulting companies etc.

spread Your personal data will not be subject to disclosure.

Data’s comunication The User’s Personal Data may be used for the defense by the Data Controller in court or in the preparatory stages to its possible establishment, from abuse in the use of the same or related services by the User. The User declares to be aware that the Data Controller may be required to disclose the data at the request of public authorities. The data will be stored for longer periods of time where necessary to comply with obligations of the Statute and/or legal obligations, as well as to ensure judicial protection of the rights of the Company, in compliance with the ordinary limitation periods. 15. Exercise of rights by Usersi Pursuant to art. 15-22 GDPR, interested parties may ask: the access (art. 15); the rectification (art. 16); cancellation (art. 17), the Data Controller prepare ensure the cancellation of the personal data of the data subject without inadequate delay if: the personal data are no longer necessary for the purposes for which they were collected or processed; the data subject withdraws consent; the data subject objects to the processing and there is no overriding legitimate reason to proceed with the processing; the personal data have been processed unlawfully; limitation (art. 18) at the request of the data subject, the Data Controller shall limit the processing when: the data subject disputes the accuracy of the data; the processing is illegal and the data subject opposes the deletion of the data but asks for the limitation of the processing; the data are no longer necessary for the purposes of processing, but are necessary for the verification, exercise, defense of a right in court; the data subject has opposed the processing and is waiting for the prevalence of the legitimate reasons of the Data Controller compared to those of the data subject; data portability (Art. 20), understood as the right to obtain data in a structured format of common use and readable by automatic device to transmit them to another data controller without hindrance; opposition to processing (Art. 21): the data subject has the right to object at any time to the processing of personal data concerning him; profiling (Art.22) the right not to be subject to a decision based solely on automated treatment of profiling and lodge a complaint with the competent supervisory authority (Data Protection Authority). The User has the right to revoke the consent at any time, pursuant to article 7 of the Regulation; it is specified that the revocation of the consent does not affect in any case the lawfulness of the processing based on the consent prior to the revocation. The exercise of these rights may be exercised by written communication to be sent through: e-mail to privacy@hiphoprotection.com; PEC at veronica.benanti@timpec.it; registered letter to/r at the following address: Comitato Hip Hop Protection with registered office Anguillara Sabazia (RM) 00061, Via Cavour n.18C.

changes to this Privacy Policy The Data Controller reserves the right to modify and update this information at any time, due to the entry into force of new industry regulations or the provision of new services or technological innovations. For this reason, please consult this page periodically. June 2022