MEMBER
REGISTER

numero verde gratuito

800 561720
ITA | ENG
ITA | ENG

PRIVACY POLICY

Information notice pursuant to Art. 13 of the Reg. UE 2016/679 (General Data Protection Regulation | GDPR)

ASSO DPO - Privacy policy

Pursuant to Reg. UE 2016/679 (General Data Protection Regulation) we provide you the deserved information concerning processing of collected personal data. The notice is not valid for external links; Data Controller is not to be considered responsible for third parties’ web pages.

The notice is drawn up pursuant to art. 13 Reg. UE 2016/679 (General Data Protection Regulation) and inspired to DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009 and to Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies – 8 may 2014 by Italian Data Protection Authority.

Personal data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).

Navigation data

Computer systems and procedures software preceded to the operation of this site, acquire, during their normal exercise, some personal data whose transmission is implicit using Internet communication protocols. This category includes: IP addresses, URI/URL (Uniform Resource Identifier/Locator), time of request, type of request, outgoing packet size, server status of response (received, error, etc…) and other parameters related to the operating system.

Data provided by data subject

The optional, explicit and voluntary dispatching of messages to contact-addresses, as well as compilation and forwarding of forms that are on the Data Controller’s website, involves the acquisition of sender’s personal data necessary to reply, as well as all the personal data included in messages themselves.

Detailed Notices

Detailed notices related to specific services or processing are available on specific pages of the site.

Cookies

Click here for more information about the cookie policy.

Asso DPO - Privacy Policy adesione

1. Who is the data controller? How to contact him?

Pursuant to art. 4 ad 24 Reg UE the Data Controller is Associazione Data Protection Officer (ASSO DPO), with registered office in 20121 Milano – P.le Principessa Clotilde n. 6, P.IVA 08258580961, C.F. 97656960156, in person of its Legal Representative Dott. Matteo Colombo.

contacts: email info@assodpo.it; telephone number: 800561720.

Asso DPO - Privacy Adesione 07

Purposes of processing, legal basis, data retention and nature of conferral

Purpose A)
Website browsing

  • LEGAL BASIS: Website browsing: Legitimate interest – art. 6 lett. f) and recital 47: processing is necessary for pursuing data controller’s (or third party) legitimate interest, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration his reasonable expectations based on the relationship with controller. Activities strictly necessary for site operation and platform browsing services;
  • DATA RETENTION: single session. For further information see the cookie policy;
  • NATURE OF CONFERRAL: mandatory in order to permit the website navigation.

Purpose B)
Eventual contact form filling

  • LEGAL BASIS: Processing aimed at fulfilling contractual and pre-contractual obligations (art. 6, lett. b GDPR) as well as upon data subject’s request;
  • DATA RETENTION: 1 year;
  • NATURE OF CONFERRAL: The conferral of the data is optional or mandatory depending on the specific purpose for which the data is processed. If you don’t confer the data marked with “requested”, it will be impossible for you to obtain what asked or to use the services of the data Controller.

Purpose C)

Signing-up to Associazione Data Protection Officer (specific policy available in the sign-up area) 

  • LEGAL BASIS: Processing aimed at fulfilling law obligations (art. 6, lett. c GDPR) and contractual obligations related to the registration (art. 6, lett. b GDPR).
  • DATA RETENTION: for the entire membership period and 10 years after its termination.
  • NATURE OF CONFERRAL: The conferral of personal data is mandatory or optional depending on the purpose for which the data is processed. Whether data marked with an * or with the wording (requested) are not conferred, it will be impossible to sign up. 

Purpose D)

Data disclosure, images included (photo, video, audio), for promotional activities aimed at advertise the activity, the services and the organization of the data Controller. The data diffusion will occur through data publication (images included), through different communication channels as, magazines, brochures, presentations, websites, social networks.

  • LEGAL BASIS: Consent (art. 6, lett. a GDPR): the data subject has provided consent to the processing of his personal data for one or more specific purposes.
  • DATA RETENTION: Data will be retained until opposition (opt out/consent withdrawal). Hard copies will be diffused up to exhaustion and your image won’t be reproduced anymore.
  • NATURE OF CONFERRAL: Data conferral for purpose D) is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose E)

Data transfer to third parties (partners and sponsors of data Controller) for marketing purposes, namely to receive promotional and marketing/commercial communication from third parties acting in the following fields: insurance for the professional liability of Data Protection Officers, certification bodies, consultancy and trading firms, Universities, software house. The list of the predicted is available on demand.

  • LEGAL BASIS: Consent (art. 6, lett. a GDPR): the data subject has provided his consent to process his or her personal data.
  • DATA RETENTION: Until opposition (opt out/consent withdrawal).
  • NATURE OF CONFERRAL: Data conferral for purpose E) is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose F)

Direct marketing

Whether the data subject fills any forms for the data collection, in specific areas related to Direct Marketing purposes: prior consent and until opposition for direct marketing, market research, direct sales, surveys on satisfaction degree, newsletters and promotional, commercial and advertising material or regarding events and initiatives, through automated means of E-Mail, telefax, messages, SMS, MMS or other types, as well as operator-phone calls, paper mail or other information material.

The Data Controller does make use of reports relating to newsletters and promotional communication, aimed at comparing and possibly improving results. Thanks to reports, the Data Controller will be able to discover, for example: the number of readers, single openings, unique “clickers” and clicks; devices and operating systems employed to read the communication; user’s detailed activity; details of sent, delivered and forwarded emails; All these data are employed with the purpose of comparing, and possibly improving, the communication results.

  • LEGAL BASIS: Consent (art. 6, let. a GDPR): the data subject has provided the consent to process his personal data.
  • DATA RETENTION: Until opposition (opt out/consent withdrawal).
  • NATURE OF CONFERRAL: Data conferral for purpose D) is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose G)

Registration to “Area Riservata” of the website in order to consult and download documents and information reserved to associated

  • LEGAL BASIS: Fulfilment of contractual obligations deriving from registration to the Association (art. 6, par. 1 lett. b) GDPR).
  • DATA RETENTION: for the duration of the registration.
  • NATURE OF CONFERRAL: the conferral of data is mandatory in order to access the Reserved Area.  In case of non-conferment, you cannot access this area of ​​the website.

Purpose H)

Registration to ASSODPO Congress, management of the related administrative or accounting activities and use of an email contact for any communication concerning the Congress (specific policy available in the congress sign-up page)

  • LEGAL BASIS: Processing aimed at fulfilling contractual and pre-contractual obligations (art. 6, lett. b GDPR) | Legitimate interest (art. 6, lett. f GDPR) | Law obligations (art. 6, lett. c GDPR).
  • DATA RETENTION: 10 years or otherwise stated by law.
  • NATURE OF CONFERRAL: Mandatory; tightly essential to give execution to contractual and law obligations. In case of non-conferment, the data Controller won’t be able to proceed with the registration to the Congress.

Purpose I)

Insertion of the personal data of the registered at the Congress (name, surname, company name) in a list of the participants at the congress that will be delivered on the day of the event, together with the brochure, to all the attendees (specific policy available on the congress sign-up page)

  • LEGAL BASIS: Consent (art. 6, let. a GDPR): the data subject has provided consent to process his or her personal data.
  • DATA RETENTION: Until opposition (opt out/consent withdrawal).
  • NATURE OF CONFERRAL: Data conferral is optional and, where lacking, personal data won’t be processed for this purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose L)

Filling in of forms to use the “Sportello del Consumatore” services (art. 2, comma 4, l. 4/2013): obtaining information about the professional activity in general and about the quality standards required to the registered persons, as well as  report any complaints in case of litigious with the single professionals, with the commitment of the professional association for the agreed resolution of the disputes reported by the consumer (see specific information notice in the Sportello per il consumatore Area).

  • LEGAL BASIS: law obligations (art. 6, lett. c GDPR); legitimate interest | request of the data subject (art. 6 par. 1 lett. f) and Recital 47 GDPR): The Association must promote forms of guarantee to protect the user in case of a dispute with individual professionals, as well as to obtain information relating to the professional activity in general and the quality standards required of them by members (art. 2, comma 4 L. 4/2013).
  • DATA RETENTION: for the reporting period and then for 10 years.
  • NATURE OF CONFERRAL:  The conferral of personal data is mandatory or optional depending on the purpose for which the data is processed. Whether data marked with an * or with the wording (requested) are not conferred, it will be impossible to sign up.

Purpose M)
Filling in forms to send your application to join the working groups / scientific committee of the Association Data Protection Officer ASSO DPO (see specific information in the Request for membership of work groups / scientific committee)

  • LEGAL BASIS: Legitimate interest | request of the data subject (art. 6 par. 1 lett. f) and recital 47: for the constitution of the working groups / scientific committee necessary for the pursuit of the aims of the association itself, minding also the relationship existing between the data subject (associate) and the Data Controller.
  • DATA RETENTION: in case of non-selection of the data subject – 12 months; in case of selection of the data subject – duration of the mandate of the working group / scientific committee and after the termination 10 years.
  • NATURE OF CONFERRAL: The conferral of personal data is mandatory or optional depending on the purpose for which the data is processed. Whether data marked with an * or with the wording (requested) are not conferred, it will be impossible to sign up.
Asso DPO - Privacy Adesione 02

3. Who the collected data will be communicated to?

Provided data will be shared with recipients who will treat them as data Processors (art. 28 Reg. UE 2016/679) and/or as natural person acting under the controller’s or processor’s authority (art. 29 Reg. UE 2016/679) for former purposes.

Namely, data will be shared with: companies contractually associated to the Data Protection Officer Association; – subjects who provide services for the management of the information system used by the Data Protection Officer Association and telecommunications networks; – professionals, studies or companies in the assistance and consultancy field; – subjects who provide services for the management of the activities indicated above in the purposes (subjects for communication, printing brochures, flyers, websites, videos); – platform managers for the services listed above (site hosting, YouTube); – Commercial Partners, with prior consent;- Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request; -other associated.

The list of the data Processors is constantly updated and available writing to info@assodpo.it or sending a traditional mail to the Data Controller registered office.

Asso DPO - Privacy adesione 03

4. Does Asso DPO transfer data to a third country and/or to international organisations?

Personal data may be transferred only with prior consent of the data subject and, in this case, they will be transferred to countries outside the EU exclusively for the purpose of transmission on social platforms; such transfer will then be managed as established in the general conditions and in the privacy policies of the related social networks. If it should be necessary to transfer your data to non-EU countries, this will be done in compliance with the limits and conditions of the articles 44 and s.s. of EU Reg. 2016/679. The data subject may obtain information about the guarantees for data transfer writing an email to the address info@assodpo.it or at the registered office of the Data Controller.

Asso DPO - Privacy adesione 04

5. Are personal data processed by an automated mean?

We do not process data by automated mean, profiling included.

Asso DPO - Privacy adesione 05

6. Which rights am I entitled to? How can I exercise them?

You can exercise your rights, as required by art. 15, 16, 17, 18, 19, 20, 21 of the General Data Protection Regulation UE 2016/679 (GDPR) contacting the data Controller at the email address: info@assodpo.it.

You have the right, at any time, to obtain from the data Controller the access to your personal data, request their rectification, erasure or processing restriction. Furthermore, you have the right to object anytime to your personal data processing as well as to data portability.

You have the right to oppose to the processing based upon consent and/or legitimate interest.

To unsubscribe from direct marketing updates (E-Mail or sms), please write to info@assodpo.it (object: “cancellazione da automatizzato”) or use our automated unsubscribing tools.

To unsubscribe from traditional direct marketing updates (operator phone calls), please write to info@assodpo.it  (object: “cancellazione da tradizionale”).

Without prejudice to any other administrative or judicial remedy, in case you consider the processing conflicting with Reg. UE 2016/679, pursuant to article 15 lett. f) you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it).

In case of request for data portability, the Data Controller will provide you with a structured format, commonly used and readable, by automatic device, the personal data concerning you, without prejudice to paragraphs 3 and 4 of the art. 20 of Reg. (EU) 2016/679.

7. More information
Data controller retains the right to modify, update, add or remove parts of this statement at his own discretion, in any moment.

Date of review: 28/11/2019