PRIVACY POLICY - WEBSITE

Information notice pursuant to Art. 13 of the Reg. UE 2016/679

ASSO DPO - Privacy policy

WHY ARE YOU GIVEN THIS INFORMATION?

In accordance with Regulation (EU) 2016/679 (hereinafter referred to as 'GDPR'), this page describes the methods of processing personal data. This is a privacy policy provided pursuant to art. 13 of the GDPR. The privacy policy is not valid for other third-party websites that may be accessed through links on this website, for which no responsibility is assumed.


Personal data that can be processed

  • Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Recital 26, 27, 30 of the GDPR).
  • Browsing data: The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
    This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL addresses (Uniform Resource Identifier/Locator) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and computer environment.
  • Voluntarily communicated data: The optional, explicit, and voluntary sending of messages to the contact addresses indicated on this website and/or the compiling of data collection forms entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data provided.

Specific privacy policies
Specific privacy policies are provided on the website pages relating to particular services or processing of the provided data.

Asso DPO - Privacy Policy adesione

COOKIES AND OTHER TRACKING SYSTEMS. WHAT ARE THEY? WHAT ARE THEY USED FOR?

For Cookies and other tracking systems, please see the cookie policy listed in the footer of the website and in the following link.

Asso DPO - Privacy Policy adesione

1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT THEM?

The Data Controller, in accordance with Articles 4 and 24 of Regulation (EU) 2016/679, is the Association Data Protection Officer (ASSO DPO), with registered office at Via Monza 44, 20127 - Milan, VAT number 08258580961, Tax Code 97656960156, represented by the President and legal representative, currently Dr. Matteo Colombo.
To contact the Data Controller: email info@assodpo.it or toll-free number 800561720.

Asso DPO - Privacy Adesione 07

2. PURPOSES OF THE PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD, NATURE OF PROVIDING

Purpose A) – Website browsing

The data necessary for the use of web services are also processed for the purpose of:

  • obtaining statistical information on the use of services (most visited pages, number of visitors per hourly or daily time frame, geographical areas of origin, etc.).
  • checking the proper functioning of the services offered.

The data will be used to ascertain responsibility in case of hypothetical computer crimes against the website.

  • LEGAL BASIS: (Art. 6, para. 1 lett. f) and Recital 47 of the GDPR) The processing is necessary for the pursuit of the legitimate interests of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject and the activities strictly necessary for the functioning of the website and browsing itself. Data subjects are guaranteed the possibility to obtain, upon request, information about the balancing test conducted.
  • DATA RETENTION PERIOD: Browsing data will be retained for the duration of the browsing session. In any case, they will not persist for more than seven days (unless necessary for investigation of crimes by the Judicial Authority).
  • NATURE OF THE PROVISION: The provision of data is necessary for browsing the website.

Purpose B) - Use of cookies and similar technologies.

Please refer to the cookie policy in the footer of the website.

Asso DPO - Privacy Adesione 02

3. TO WHOM WILL THE PERSONAL DATA BE DISCLOSED? DATA RECIPIENTS

Personal data will be disclosed to entities who will process the data as independent data controllers or data processors (art. 28 GDPR) and processed by individuals (art. 29 GDPR) acting under the authority of the Data Controller and Data Processors based on specific instructions provided regarding the purposes and methods of processing. The data will be disclosed to recipients belonging to the following categories:

  • companies, based in Italy, contractually bound to the Association Data Protection Officer.
  • entities, based in Italy, providing services for the website and communication networks, including email, hosting, and website management.
  • entities, based in Italy, providing services for the management of the information system used by the Association Data Protection Officer and telecommunications networks.
  • Competent authorities for compliance with legal obligations and/or provisions of public bodies.

The list of Data Processors is constantly updated and available by writing to info@assodpo.it or using the other contact details provided above.

Asso DPO - Privacy adesione 03

4. DOES ASSO DPO TRANSFER THE DATA TO COUNTRIES OUTSIDE THE EEA?

Personal data processed for the purpose of website browsing will not be disclosed or transferred to countries outside the European Economic Area (EEA). The servers connected to the Association's website are located in Europe (specifically, in Belgium).
If it becomes necessary to transfer personal data of data subjects to countries located outside the EEA, this will be done in compliance with the limits and conditions specified in Articles 44 and following of Regulation (EU) 2016/679. Data subjects can obtain information about the guarantees for data transfers by writing an email to info@assodpo.it or contacting the Data Controller's registered office.

Asso DPO - Privacy adesione 04

5. IS THERE AN AUTOMATED PROCESS?

The personal data will be subject to traditional, electronic, and automated processing. It is specified that no fully automated decision-making processes are carried out.

Asso DPO - Privacy adesione 05

6. WHAT ARE THE RIGHTS OF DATA SUBJECTS? HOW TO EXERCISE THEM?

Data subjects may exercise their rights as expressed in Articles 15 and following of the GDPR by contacting the Data Controller at the email address info@assodpo.it or by writing to the above-mentioned contacts. The controller ensures data subjects the possibility to request, at any time, access to their personal data (art. 15), rectification (art. 16), erasure (art. 17), and restriction of processing (art.18). The data controller communicates (art. 19) to each recipient to whom the personal data have been disclosed any rectifications, erasures, or restrictions of processing carried out. The data controller also informs the data subjects who request it about such recipients.

Data subjects are recognized the right to object (art. 21), at any time, to the processing of data based on legitimate interest by writing to the above-mentioned contacts. In the event of exercising the right to object to processing based on legitimate interest, the controller acknowledges to data subjects the possibility to obtain, upon request, information about the balancing test conducted.

In case data subjects believe that the processing of personal data carried out by the Controller violates the provisions of Regulation (EU) 2016/679, they are free to lodge a complaint with the national supervisory authority, particularly in the Member State where they habitually reside or work, or where the alleged violation of the Regulation occurred (Italian Data Protection Authority - Garante Privacy https://www.garanteprivacy.it/), or to seek appropriate judicial remedies.

7. AMENDMENTS TO THE PRIVACY POLICY

The controller may change, modify, add, or remove any part of this Privacy Policy. In order to facilitate the verification of any changes, the policy will include the indication of the update date.

Date of review: 21/02/2024