1. Privacy Policy
This privacy notice is provided pursuant to Regulation (EU) 2016/679 (“GDPR”) and applicable national legislation. It describes the methods for processing the personal data of users who consult the website, request information, or register for events organized or managed by MZ Events s.r.l. This notice is provided solely for this website and not for any other websites that the user may consult via our links.
Last updated: 01/05/2026
1.1 Data Controller MZ Events S.r.l.
- Registered office: Via Carlo Farini 81, 20159 Milan
- Tax Code/VAT No.: 05106600157
- Privacy e-mail: gdpr@MZevents.it
- Certified e-mail (PEC): amministrazione@pec.mzevents.it
- Telephone: +39 66802333
MZ Events also operates through the business units MZ Association, MZ Education, Heartbeataly, and MZ Virtual, and coordinates MZ Travel S.r.l. and VET International S.r.l. within the limits necessary for providing the requested services.
1.2 Independent Data Controller receiving data for its own purposes
Data of the independent data controller:
- ALISEI – National Technological Cluster for Life Sciences Association
- Registered office: Piazza Città di Lombardia n. 1, 20124 Milan
- Tax Code: 97703670154
- E-mail: segreteria@clusteralisei.it
- Certified e-mail (PEC): ctn@pec.clusteralisei.it
- Telephone: +39 02 82950723
If the data subject provides a free, specific, informed, optional, and separate consent compared to other processing activities, their data will be communicated to ALISEI, which will process them as an independent data controller for its own informational, promotional, and networking purposes in accordance with its own privacy policy.
1.3 Scope of application of the privacy notice
- browsing the website;
- sending requests via forms, e-mail, telephone, or other contact channels;
- registering for events and managing the related organizational, administrative, and logistical activities;
- sending newsletters and promotional communications from MZ Events, subject to prior consent where required;
- potential light profiling/segmentation of interests and preferences, subject to prior consent where required;
- communication of data to ALISEI, subject to separate consent;
- managing photographic, audio, and video recordings related to the events, as indicated in the specific notice or in this policy.
1.4 Categories of data processed
- identifying and personal data: name, surname, date and place of birth, where requested;
- contact data: e-mail, telephone, postal address;
- professional data: organization/company of belonging, role, qualification, sector of activity, city, country;
- administrative, fiscal, and accounting data, where necessary for registrations, invoicing, fees, refunds, or related procedures;
- event-related data: registration, badge, participation, selected sessions, organizational preferences, logistical requests;
- data voluntarily provided in messages, forms, or communications with MZ Events;
- browsing data and technical data of the website;
- images, audio, and video potentially collected during the events;
- any data necessary for managing CME (ECM) credits, educational grants, hospitality, travel, accommodation, or sponsorships, if applicable.
1.5 Source of the data
- directly from the data subject, via website, e-mail, telephone, registration platforms, or paper/digital forms;
- from third parties involved in organizing the event, to the extent necessary and lawful (e.g., promoting entity, sponsor, scientific secretariat, organizational partner);
- from technical providers or platforms used for managing registrations, in compliance with applicable regulations.
1.6 Purposes of processing, legal bases, and retention periods
| Purpose | Legal basis | Data processed | Indicative retention period |
| Management of contact requests, demos, quotes, and information | Art. 6, par. 1, let. b) GDPR (pre-contractual measures requested by the data subject) | Identifying data, contact data, and content of the request | For the time necessary to manage the request and in any case no longer than 24 months, unless a further relationship is established |
| Registration, organization, and management of the event | Art. 6, par. 1, let. b) GDPR; where necessary Art. 6, par. 1, let. c) | Personal, professional, organizational, logistical, and administrative data | For the duration of the event and subsequently for the time necessary for administrative, organizational, and legal defense management |
| Fiscal, accounting, administrative compliance, CME (ECM), and requests from authorities/entities | Art. 6, par. 1, let. c) GDPR | Identifying, professional, administrative data and those required by regulation | For the terms provided by law and, if necessary, until the statute of limitations for rights expires |
| Protection of the controller’s rights, prevention of abuse, security, dispute management | Art. 6, par. 1, let. f) GDPR (legitimate interest) | Data relevant to the specific case, logs, correspondence, contractual information | For the time necessary to protect the controller and manage the litigation |
| Sending newsletters and informational/promotional communications from MZ Events | Art. 6, par. 1, let. a) GDPR (consent), unless another applicable condition applies | Name, surname, e-mail, role, belonging organization, basic professional interests | Up to 24 months from the collection of consent, unless revoked earlier |
| Light profiling/segmentation to customize content and invitations | Art. 6, par. 1, let. a) GDPR (consent) | Professional interests, participation history, expressed preferences | Up to 12 months from the collection of consent, unless revoked earlier |
| Communication of data to ALISEI for its own informational, promotional, and networking purposes | Art. 6, par. 1, let. a) GDPR (separate and specific consent) | Name, surname, e-mail, telephone, organization, role, city, country, and other data indicated in the form | MZ Events retains proof of consent; ALISEI retains data according to its own privacy notice |
| Management of photos and videos of the events for documentation and institutional/promotional communication | Legitimate interest and/or consent, depending on the context and the material used | Images, audio/video recordings, potentially associated identifying data | For a period consistent with documentary/promotional purposes and with the internal media policy |
Failure to provide the data necessary for contractual or legal purposes may make it impossible to follow up on the request, registration, or participation in the event. Failure to provide optional consent does not, as a rule, affect the enjoyment of the main services.
1.7 Browsing data and website operation
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This data may include, by way of example, IP addresses, URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, numerical codes indicating the status of the server’s response, and other parameters related to the user’s operating system and computer environment. These data are processed for technical needs, security, diagnostics, and correct provision of the website, as well as, where permitted, for aggregated statistics.
1.8 Processing methods
The processing is carried out using paper, computer, and electronic tools. Data are processed according to the principles of lawfulness, fairness, transparency, minimization, accuracy, storage limitation, integrity, and confidentiality. MZ Events adopts appropriate technical and organizational measures pursuant to Art. 32 GDPR. Data are processed by authorized personnel and by suppliers appointed as data processors, where necessary. No solely automated decisions are made that produce significant legal effects on the data subject, except as potentially indicated in specific service notices.
1.9 Recipients and categories of recipients
Personal data may be communicated, within the limits of what is strictly necessary, to subjects involved in organizing and managing the events, such as scientific associations, promoting entities, universities, public or private bodies, logistics service providers, accommodation structures, travel agencies, carriers, IT providers, registration platforms, e-mail providers, and other entities providing services instrumental to the purposes indicated above.
Data may also be communicated to authorities, public administrations, regulatory bodies, CME (ECM) bodies, or other subjects to whom communication is required by statutory provisions or is necessary for the establishment, exercise, or defense of a legal claim.
The aforementioned subjects operate, depending on the case, as data processors appointed by MZ Events pursuant to Art. 28 GDPR or as independent data controllers.
The communication of data to Alisei for future promotional purposes constitutes an independent, optional, and separate communication with respect to the management of the single event, and is carried out exclusively in the presence of specific and documented consent from the data subject.
1.10 Specifications for sponsored events, educational grants, and mono-sponsor events
When an event includes sponsors, educational grants, or mono-sponsor formulas, MZ Events may communicate personal data to the involved subjects only within the limits declared in the privacy notice or registration form of the specific event and based on the correct legal ground.
- Educational grants: data may be communicated in a global/aggregated form or according to the rules applicable to the single grant scheme, also pursuant to industry codes of ethics.
- Events sponsored by multiple sponsors: data may be shared within the limits declared to the data subject and strictly necessary for the purposes related to the event.
- Mono-sponsor events: any communication to the sole sponsor must be clearly made known before the data collection and consistent with the identified legal basis.
1.11 Data transfers to non-EEA countries
If, for technical or organizational needs, data must be transferred to countries outside the European Economic Area, the transfer will take place in compliance with Articles 44 et seq. of the GDPR, on the basis of an adequacy decision, standard contractual clauses, or other appropriate instruments provided by applicable regulations. Further information can be requested at gdpr@MZevents.it.
1.12 Photos, videos, and multimedia content of events
During the events, photographic, audio, or video recordings may be made for documentation, communication, and institutional promotion purposes of the initiative. In contexts where it is appropriate or necessary, MZ Events will provide dedicated information notices, on-site signage, disclaimers on registration pages, or will collect specific consents. In required cases, a channel will be made available to exercise potential opposition or request the limitation of the use of the image, within limits compatible with the material already disseminated and with the context of the event.
1.13 Rights of the data subject
Within the limits and under the conditions provided by law, the controller is obliged to respond to the requests of the data subject regarding personal data concerning them. In particular, based on current legislation, the data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them are being processed, and if so, to obtain:
- access to personal data;
- rectification of inaccurate data or completion of incomplete ones;
- erasure in the cases provided by law;
- restriction of processing;
- data portability, where applicable;
- objection to processing, in the cases provided for by Art. 21 GDPR;
- withdrawal of consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal;
- objection at any time to direct marketing.
`Requests can be sent to gdpr@MZevents.it.` If the data have been communicated to ALISEI, the data subject may also exercise their rights directly against ALISEI for subsequent processing carried out by the latter as an independent controller.
1.14 Complaint to the supervisory authority
The data subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), as well as to take legal action before the competent judicial authorities, if they believe that the processing violates the applicable regulations.
1.15 Cookies and tracking tools
Information regarding cookies and other tracking tools used by the website is contained in a specific cookie policy, to which reference is made. The use of cookies and similar tools will take place in accordance with applicable regulations and the preferences expressed by the user through the consent management tools implemented on the website, if any.
1.16 Updates to this privacy notice
MZ Events reserves the right to update this privacy notice, also in consideration of any regulatory, organizational, or technical changes. The updated version will be made available on the website with an indication of the last updated date.
2. Cookie Policy
This Cookie Policy describes the categories of cookies and other tracking tools used on the MZ Events website, the purposes pursued, the legal bases, the methods for managing preferences, and the rights of users.
2.1 What are cookies and tracking tools
Cookies refer to a text element that is placed on a computer’s hard drive. Cookies function to streamline web traffic analysis or to signal when a specific website is visited, and they allow web applications to send information to individual users. The definition also includes other equivalent identifiers or tracking tools, including third-party ones, such as pixels, SDKs, local storage, tags, or similar technologies, where employed for purposes related to storing or accessing information on the user’s device.
2.2 Categories usable on the website
- Technical or strictly necessary cookies: these allow the website to function, ensuring security, session management, load balancing, essential preferences, and the provision of the requested services.
- Analytical cookies: these measure website traffic, usage, and performance. If they are not adequately anonymized or if they allow data identification/enrichment, they require consent.
- Functionality cookies: these store preferences that are not strictly necessary and improve the user experience.
- Profiling or marketing cookies: these track browsing for advertising purposes, retargeting, campaign measurement, or commercial customization and require consent.
- Third-party cookies: these are installed by external services integrated into the website, such as videos, maps, social plugins, marketing automation tools, or analytics.
2.3 Legal basis
- technical/necessary cookies: execution of the requested service and legitimate interest of the controller in the operation and security of the website;
- non-technical analytical cookies, advanced functionality, profiling, and marketing cookies: user consent collected via CMP/banner before deployment, except in cases where regulations consider them equivalent to technical cookies.
2.4 Consent management
Upon accessing the website, the user can manage their preferences via a specific cookie banner, selecting and verifying the categories of cookies they intend to accept. Preferences can still be modified at any time through the “Manage Cookies” link in the website footer, if implemented.
2.5 List of cookies