Privacy policy

Privacy notice for the processing of personal data

Information notice pursuant to Art. 13 of the Regulation (EU) 2016/769 -GDPR


Associazione Data Protection Officer (ASSODPO) P.le Principessa Clotilde, 6 | 20121 Milano | P.IVA 08258580961
C.F. 97656960156, in person of its legal representative pro-tempore Matteo Colombo

Processing purposes and data retention  

  1. Navigation data on this web site
    Legal basis: Please see cookies policy
    Data retention: Please see cookies policy
  2. Contact or information request
    Legal basis: Legitimate interest | Data subject request
    Data retention: up to 1 year
  3. Membership application to Data Protection Officer Association (please see privacy policy in registration form)
    Legal basis: Need to comply with a legal obbligation to which the Association is subject Data retention: Duration of service and after termination 10 years
  4. ASSO DPO’s newsletter subscription by e-mailing list, by filling the form
  • Legal basis: Consent
  • Data retention: Duration of service | opt out
  1. Administrative-accounting activities in general, i.e., processing of data connected with the performance of organisational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, these purposes are pursued by internal organizational activities, those functional to membership of the Association, the management of conference registrations.
  • Legal basis: Legitimate interest/ management of membership data and enrolled in couses
  • Data retention: 10 years /Art.2220 Italian Civil Code

Categories of processed data

With exception of what above specified concerning navigation data, the user is free to provide personal data. The provision of data is necessary or optional and discretionary although it may be necessary for some specified purposes. Failure to provide the data marked with the symbol* will make it impossible to obtain what has been requested or to use the services of the data controller.

Recpient or categories of recipients

Provided personal data will be shared with companies contractually linked to Associazione Data Protection Officer, within or outside the European Union, pursuant to art. 44 EU Regulation 2016/679 in order to comply with the related purposes indicated above. Data shall be transferred to third Countries outside EU, in particular in Switzerland, a Country considered safe by the European Data Protection Supervisor, within the limits set forth art.45 EU Regulation 2016/679. Namely, data will be shared with:

– entities that provide services for the management of the information system used by Assiciazione Data Protection Officer e and the telecommunications networks;- firms or companies which provide assistance and advice;

– third parties who provide services for the management of the activities indicated above in the purposes (third parties for communication, printing brochures, flyers, websites, videos); -operators of platforms for the services listed above (hosting sites, youtube); -Commercial Partners, only with prior consent; -authorities competent to fulfill obligations of laws and / or provisions of public bodies, on request; -other members.

Subjects belonging to the aforesaid categories act as Data Processors or in complete autonomy as separate Data Controllers. The list of potential Data processors is constantly updated and it is available at Associazione Data Protection Officer (ASSODPO) headquarters.

If at the time of registration online, you have given consent for the diffusion of your data through publication on the institutional website of the Association, your data will be diffused. Any further communication or data diffusion will take place only with your explicit prior consent.

Data subjects’ rights

You may free exercise your rights according to articles 15, 16, 17, 18, 19, 20, 21, 22 UE  Regulation 2016/679, by contacting the Data Controller – Associazione Data Protection Officer (ASSODPO) – at the following telephone number 800 561720, or by sending an email to You shall have the right, at any time, to obtain from the Data Controller the access to your personal data, request their rectification, erasure as well as the restriction of their processing. Furthermore you have the right to object anytime to your personal data processing (automated meaning included , in ex. profiling). Without prejudice to any other administrative or judicial remedy, in case you consider your data processing in contrast with Reg. UE 2016/679, pursuant to article 15 lett. f) you have the right to lodge a complaint with a supervisory authority and, pursuant to article 6 paragraph no. 1, lett. a) (consent) and article 9, paragraph no. 2, lett. a) (single purpose consent on particular data processing), you have the right to revoke your expressed consent at any time. In exercising your right to data portability, the Data Controller may provide your personal data in a structured, commonly used and machine-readable format, without prejudice to paragraphs 3 and 4 of Article 20 of EU Reg. 2016/679. 

Changes to the Privacy Statement

The Data Controller reserves the right to modify, update, add or remove portions of the current Privacy Policy at his discretion and at any time. We encourage you to periodically review this page for the latest in formation on our privacy practices. 

Upgrade date: September 6th, 2018