LEGAL

GDPR & data rights.

Last updated · May 2026

1. Data controller

The data controller for personal data processed in connection with the Relations website and our programmes is Relations, operating between Torino (Italy) and Copenhagen (Denmark).

For any question or to exercise your rights, please write to info@relations.as.

2. Your rights under GDPR

Under the EU General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right to be informed
    Know what personal data we hold about you and how we use it.
  • Right of access
    Request a copy of the personal data we hold about you.
  • Right to rectification
    Have inaccurate or incomplete personal data corrected.
  • Right to erasure
    Request deletion of your personal data, subject to legal obligations.
  • Right to restrict processing
    Ask us to limit how we process your personal data.
  • Right to data portability
    Receive your data in a structured, machine-readable format.
  • Right to object
    Object to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent
    Withdraw consent at any time, where processing is based on consent.
  • Right to lodge a complaint
    Complain to your local data protection authority if you believe your rights have been infringed.

3. How we process your data

The table below summarises the purposes for which we process personal data, the categories of data involved, the legal basis, and how long we retain it.

Purpose
Responding to enquiries via email or our contact form.
Categories of data
Name, organisation, email address, message content.
Legal basis
Legitimate interest (Art. 6(1)(f) GDPR) — replying to your request.
Retention
Up to 24 months from last contact, unless a relationship is established.
Purpose
Designing, planning and delivering programmes for clients.
Categories of data
Name, role, organisation, contact details, dietary requirements, travel logistics.
Legal basis
Performance of a contract (Art. 6(1)(b) GDPR).
Retention
Duration of the engagement plus 5 years for accounting and audit purposes.
Purpose
Sending programme-related operational communications.
Categories of data
Name, email address, role.
Legal basis
Performance of a contract (Art. 6(1)(b) GDPR).
Retention
For the duration of the programme.
Purpose
Meeting accounting, tax and other legal obligations.
Categories of data
Billing details, invoices, contracts.
Legal basis
Legal obligation (Art. 6(1)(c) GDPR).
Retention
10 years, as required by applicable law.
Purpose
Operating the website (consent storage, basic security).
Categories of data
Consent preference, technical request data.
Legal basis
Legitimate interest (Art. 6(1)(f) GDPR) and consent (Art. 6(1)(a) GDPR) for optional analytics.
Retention
Consent record: 12 months. Server logs: up to 30 days.

4. Recipients & transfers

We share personal data only with trusted processors required to deliver our programmes (e.g. venues, hotels, transport providers, and software vendors), bound by confidentiality and data protection obligations. Where data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

5. Submit a GDPR request

Use the form below to submit a request relating to your personal data. We will respond within 30 days, as required by GDPR.

0 / 2000
Type the answer as a number. Use the “New question” button if you need a different one.
0/3 this hour

Prefer email? Write to info@relations.as.

6. Lodging a complaint

You have the right to lodge a complaint with your local data protection authority — for example, the Italian Garante per la protezione dei dati personali or the Danish Datatilsynet.