Privacy policy | General

Information notice pursuant to Art. 13 of the Reg. UE 2016/679 (General Data Protection Regulation | GDPR)

Pursuant to Reg. UE 2016/679 (General Data Protection Regulation) we provide you the deserved information concerning the processing of collected personal data. The notice is not valid for external links; Data Controller is not to be considered responsible for third parties’ web pages.

The notice is drawn up pursuant to art. 13 Reg. UE 2016/679 (General Data Protection Regulation) and inspired to DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL and to Italian Data Protection Authority’ provision on Cookies – 08.04.2014.

Personal data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).

Navigation data

IT systems and procedures preceded to the operation of this site, acquire, during their normal exercise, some personal data whose transmission is implicit using Internet communication protocols. This category includes: IP addresses, URI/URL (Uniform Resource Identifier/Locator), time of request, type of request, outgoing packet size, server status of response (received, error, etc…) and other parameters related to the operating system.

Data provided by data subject

The optional, explicit and voluntary dispatching of messages to contact-addresses, as well as compilation and forwarding of forms , involves the acquisition of sender’s personal data necessary to reply, as well as all the personal data included in messages themselves.

Detailed Notices

Detailed notices related to single services or processings are available on specific pages of the site.

Cookies

Click here for more information about the cookie policy.

1. Who is the data controller? How can I contact him?

Pursuant to art. 4 ad 24 Reg UE the Data Controller is Associazione Data Protection Officer (ASSODPO) with registered office in 20121 Milano - P.le Principessa Clotilde n. 6, P.IVA 08258580961, C.F. 97656960156 in person of its Legal Representative Dott. Matteo Colombo.

Contacts: Tel. 800.561.720; E-Mail: info@assodpo.it

2. Purpose of processing, legal basis, data retention and nature of conferral

Purpose A)
Website browsing

LEGAL BASIS: Legitimate interest (art. 6, lett. f) and recital 47 GDPR: processing is necessary for pursuing data controller’s (or third party’s) legitimate interest, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, considering his reasonable expectations based on the relationship with controller. Activities strictly necessary to website operation and browsing services.
DATA RETENTION: Single session. See cookie policy
NATURE OF CONFERRAL: mandatory in order to permit website navigation

Purpose B)
Contact form filling

LEGAL BASIS: Processing aimed at fulfilling contractual and pre-contractual obligations (art. 6, lett. b GDPR) as well as upon data subject’s request.
DATA RETENTION: 1 Year
NATURE OF CONFERRAL: The provision of personal data is mandatory or optional depending on the purpose for which the data is processed. Whether data marked with an * or with the wording “requested” are not provided, the data controller won’t be able to supply his service.

Purpose C)
Signin-up to Associazione Data Protection Officer (specific policy available in the sign-up area)

LEGAL BASIS: Processing aimed at fulfilling law obligations (art. 6, lett. c GDPR) and contractual obligations related to the registration (art. 6, lett. b GDPR).
DATA RETENTION: For the entire membership period and 10 years more after its termination.
NATURE OF CONFERRAL: The provision of personal data is mandatory or optional depending on the purpose for which the data is processed. Whether data marked with an * or with the wording “requested” are not provided, the data processor won’t be able to supply his service.

Purpose D)
Data disclosure, Photos and videos included, with promotional aims relating data controller’s activity. Images could be collected during the ordinary organization’ activities. Diffusion will be performed by means of magazines, brochures, websites, social networks.

LEGAL BASIS: Consent (art. 6, lett. a GDPR): the data subject has provided consent to the processing of his personal data for one or more specific purposes;
DATA RETENTION: Data will be retained until opposition (opt out/consent withdrawal). Hard copies will be diffused up to exhaustion and your image won’t be reproduced anymore.
NATURE OF CONFERRAL: Data conferral for purpose D) is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose E)
Direct marketing

Whether the data subject fills any forms ment to collect data related to Direct Marketing purposes: prior consent and until opposition for direct marketing, market research, direct sales, surveys on satisfaction degree, newsletters and promotionals, commercial and advertising material or regarding events and initiatives, through automated means of E-Mail, telefax, messages, SMS, MMS or other types, as well as operator-phone calls, paper mail or other information pack.

The Data Controller does make use of reports relating to newsletters and promotional communication, aimed at comparing and possibly improving results. Thanks to reports, the Data Controller will be able to discover, for example: the number of readers, single openings, unique "clickers" and clicks; devices and operating systems employed to read the communication; user’s detailed activity; details of sent, delivered and forwarded emails; All these data are employed with the purpose of comparing, and possibly improving, the result of communication.

LEGAL BASIS: Consent (art. 6, let. a GDPR): the data subject has provided consent to the processing of his personal data for one or more specific purposes;
DATA RETENTION: Data will be retained until opposition (opt out/consent withdrawal).
NATURE OF CONFERRAL: Data conferral for purpose D) is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose F)
Data communication to third parties (partners and Sponsors of data Controller) for marketing purposes, in order to receive promotionals and marketing/commercial communication from third parties acting in the following fields: insurance for the professional liability of Data Protection Officers, certification bodies, consultancy and trading firms, Universities.

LEGAL BASIS: Consent (art. 6, lett. a GDPR): the data subject has provided consent to the processing of his or her personal data for one or more specific purposes;
DATA RETENTION: Data will be retained until opposition (opt out/consent withdrawal).
NATURE OF CONFERRAL: Data conferral for purpose E) is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose G)
Subscription to ASSODPO congress, management of the related administrative or accounting activities and for any communication concerning the Congress through E-Mails (specific policy available in the congress sign-up page)

LEGAL BASIS: Processing aimed at fulfilling contractual and pre-contractual obligations (art. 6, lett. b GDPR) for congress-related administrative and accounting purposes. | Legitimate interest (art. 6, lett. f GDPR) | Law obligations (art. 6, lett. c GDPR);
DATA RETENTION: 10 years or otherwise stated by law;
NATURE OF CONFERRAL: Mandatory; tightly essential to give execution to contractual and law obligations. In case of denial, the data Controller won’t be able to proceed with the registration to the Congress

Purpose H)
Insertion of the provided personal data (name, surname, company name) into participants’ list that will be delivered on the day of the event, together with the brochure, to all the attendees (specific policy available on the congress sign-up page)

LEGAL BASIS: Consent (art. 6, let. a GDPR): the data subject has provided consent to the processing of his or her personal data for one or more specific purposes;
DATA RETENTION: Data will be retained until opposition (opt out/consent withdrawal).
NATURE OF CONFERRAL: Data conferral for purpose F) is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

3. Who the collected data will be disclosed to?

Provided data will be shared with recipients who will treat them as data processors (art. 28 Reg. UE 2016/679) and/or as natural person acting under the controller’s or processor’s authority (art. 29 Reg. UE 2016/679) for former purposes.

Namely, data will be disclosed to:

  • Subjects providing services for the information system and network management (including E-mail boxes, newsletter services, among which freelancers, offices or companies in the context of assistance and consultancy;
  • Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request;

The list of data processors is constantly updated and available at the headquarter of ASSODPO or writing to: info@assodpo.it

4. Does ASSODPO transfer data to a third country and/or to international organizations?

Personal data will be transferred to countries within or outside the UE, notably in Switzerland, in order to fulfill contractual obligations and purposes within limits and under the conditions provided by art. 44 (General principle for transfers); art. 45 (Transfers on the basis of an adequacy decision).

Data subject can obtain information regarding data transfer guarantees at the headquarter of ASSODPO or sending an E-Mail to info@assodpo.it.

5. Are personal data processed by an automated mean?

We do not process data by automated mean, including profiling.

6. Which rights am I entitled to? How can I exercise them?

You may freely exercise your rights, at any time, under Reg. EU 2016/679 – GDPR pursuant to artt. 15, 16, 17, 18, 19, 20, 21, 22 sending an E-Mail to info@assodpo.it. You have the right, at any time, to obtain from the Data Controller the access to your personal data, request their rectification, erasure or processing restriction. Furthermore you have the right to object anytime to personal data processing based upon consent or legitimate interest.

To unsubscribe from direct marketing updates (eg. E-Mail or sms), please write to info@assodpo.it (subject: “cancellazione da automatizzato”) or use our automated unsubscribing tools.

To unsubscribe from traditional direct marketing communication (eg. Operators’ phone calls, traditional mail), please write to info@assodpo.it (subject: “cancellazione da tradizionale”).

Without prejudice to any other administrative or judicial remedy, in case you consider the processing conflicting with Reg. UE 2016/679, pursuant to article 15 lett. f) you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it). In case of data portability requests, the Controller will provide them in a standard and digital format (except from what stated in art. 20.3 and 20.4 GDPR)

7. More information

Data controller retains the right to modify, update, add or remove parts of this statement at his own discretion, in any moment.

Date of review: 14.10.2019