PRIVACY POLICY – Consumer Counter

Information notice pursuant to Art. 13 of the Reg. UE 2016/679 (General Data Protection Regulation | GDPR)

Asso DPO - Privacy Policy adesione

1. Who is the data controller? How to contact him?
Pursuant to art. 4 ad 24 Reg UE the Data Controller is Associazione Data Protection Officer (ASSO DPO), with registered office in 20121 Milano – P.le Principessa Clotilde n. 6, P.IVA 08258580961, C.F. 97656960156, in person of its Legal Representative Dott. Matteo Colombo.
Data Controller’s contact details: email; telephone number: 800561720.

Asso DPO - Privacy Adesione 07

2. Purposes of processing, legal basis, data retention and nature of conferral (complete list of the purposes of the Data Controller’s data processing activities is available in the web privacy policy in the footer of the site).

Purpose A)
Filling in of forms to use the “Sportello del Consumatore” services (art. 2, comma 4, l. 4/2013):
to obtain information about the professional activity in general and the quality standards required from members, as well as to report any complaints in case of litigation with individual professionals, with the commitment of the professional association for the agreed resolution of the dispute reported by the consumer.
• LEGAL BASIS: law obligations (art. 6, lett. c GDPR), the Association must promote forms of guarantee to protect the user in case of litigation with individual professionals, as well as provide feedback in case of requests relating to the professional activity in general and the quality standards required from members (art. 2, paragraph 4 Law 4/2013).
• DATA RETENTION: in the case of a simple request for information regarding the professional activity in general and the quality standards required from members, for the time necessary to respond to the request and in any case no longer than 1 year. In case of reports and for the management of cases of litigation with individual professionals, for the period necessary for the management and resolution of the dispute.
• NATURE OF CONFERRAL: the provision of data is mandatory to use the services of the “Sportello del consumatore”. Failure to provide the data marked with the symbol* or wording (required), will make it impossible to use the services referred to in this point.

Asso DPO - Privacy Adesione 02

3. Who the collected data will be communicated to?
Provided data will be shared with recipients who will treat them as data Processors (art. 28 Reg. UE 2016/679) and/or as natural person acting under the controller’s or processor’s authority (art. 29 Reg. UE 2016/679) for former purposes.
Namely, data will be shared with:
– companies contractually associated to the Data Protection Officer Association;
– subjects who provide services for the management of the information system used by the Data Protection Officer Association and telecommunications networks;
– professionals, studies or companies in the assistance and consultancy field;
– competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request;
The list of the data Processors is constantly updated and available writing to or sending a traditional mail to the Data Controller registered office.

Asso DPO - Privacy adesione 03

4. Does ASSO DPO transfer data to a third country and/or to international organisations?
Personal data provided by filling in of forms to use the “Sportello del Consumatore” services, will not be transferred to countries outside the European Economic Area (EEA).
If it should be necessary to transfer your data to non-EEA countries, this will be done in compliance with the limits and conditions of the articles 44 and ss. of EU Reg. 2016/679. The data subject may obtain information about the guarantees for data transfer writing an email to the address or at the registered office of the Data Controller.

Asso DPO - Privacy adesione 04

5. Are personal data processed by an automated mean?
We do not process data by automated mean, profiling included.

Asso DPO - Privacy adesione 05

6. Which rights am I entitled to? How can I exercise them?
You can exercise your rights, as required by art. 15 and subsequent of the General Data Protection Regulation UE 2016/679 (GDPR) contacting the data Controller at the email address: You have the right, at any time, to obtain from the data Controller the access to your personal data, request their rectification, erasure or processing restriction and, if applicable, data portability. Furthermore, you have the right to object anytime to your personal data processing based upon legitimate interest. Where applicable, you have the right to withdraw consent without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
Without prejudice to any other administrative or judicial remedy, in case you consider the processing conflicting with Reg. UE 2016/679, pursuant to article 15 lett. f) you have the right to lodge a complaint with a supervisory authority (
In case of request for data portability, the Data Controller will provide your personal data in a structured format, commonly used and readable by automatic device.

7. More information
Data controller retains the right to modify, update, add or remove parts of this statement at his own discretion, in any moment. In order to facilitate such verification, the information notice will include the date of update.

Date of review: 09.09.2020