PRIVACY POLICY

Purposes of processing, legal basis, data retention and nature of conferral

Purpose A)

Website browsing.

• LEGAL BASIS: legitimate interest (art. 6 par. 1 lett. f) and recital 47 GDPR): processing is necessary for pursuing data controller’s (or third party) legitimate interest, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration his reasonable expectations based on the relationship with controller. Activities strictly necessary for site operation and platform browsing services.
• DATA RETENTION: single session. For further information see the Cookies policy.
• NATURE OF CONFERRAL: mandatory in order to permit the website navigation.

Purpose B)

Eventual contact form filling (see the policy in the contact area).

• LEGAL BASIS: legitimate interest | answering data subject requests (art. 6 par. 1 lett. f) and recital 47 GDPR).
• DATA RETENTION: for the time necessary to reply to the request and in any case no longer than 1 year.
• NATURE OF CONFERRAL: the provision of data is necessary to allow the Data Controller to provide feedback to the requests received through the form. Failure to provide the data marked with the symbol* or the indication (required), will make it impossible to obtain the information requested.

Purpose C)

Signing-up to Associazione Data Protection Officer and diffusion of identification data through the publication of the "Register of Members" (specific policy available in the sign-up area).

• LEGAL BASIS: with regard to registration with the association, the legal basis is the fulfilment of contractual obligations (art. 6, par. 1 letter b GDPR). With regard to the disclosure of identification data, the legal basis varies depending on the type of member: it may be the legal obligation (art. 6, par. 1 letter c GDPR and LAW 14 January 2013, n. 4, art. 4 c. 1 and art. 5 c. 2 letter b)) which requires the Association to prepare and publish the list of members Soci Effettivi – Persone Fisiche updated annually; or the consent, if other types of members, such as Educational, wish to appear on the list ("Register of Members").

In any case, all categories of members, at the time of registration, may also freely choose whether to give, upon consent, further identifying information to be included in this list (such as, for example, the province of residence).

• DATA STORAGE PERIOD: duration of registration and, after termination, 10 years. With regard to the disclosure on the "Register of Members" of personal data NOT of members Soci Effettivi – Persone Fisiche and additional data, the person concerned is always free to revoke the consent given.
• NATURE OF CONFERENCE: the provision of data is optional or mandatory depending on the specific purpose for which the data is processed. Failure to provide the data marked with the symbol* or indication (required), will make it impossible to register. The provision of data without * is optional and will not preclude the completion of the registration.

Purpose D)

Filling in forms to send your application to join the working groups / scientific committee of the Association Data Protection Officer ASSO DPO (see specific information in the Request for membership of work groups / scientific committee).

• LEGAL BASIS: legitimate interest | request of the data subject (art. 6 par. 1 lett. f) and recital 47: for the constitution of the working groups / scientific committee necessary for the pursuit of the aims of the association itself, minding also the relationship existing between the data subject (associate) and the Data Controller.

Purpose E)

Filling in of forms to use the “Sportello del Consumatore” services (art. 2, comma 4, l. 4/2013): to obtain information about the professional activity in general and the quality standards required from members, as well as to report any complaints in case of litigation with individual professionals, with the commitment of the professional association for the agreed resolution of the dispute reported by the consumer (see specific information notice in sportello del consumatore area).

• LEGAL BASIS: law obligations (art. 6, lett. c GDPR), the Association must promote forms of guarantee to protect the user in case of litigation with individual professionals, as well as provide feedback in case of requests relating to the professional activity in general and the quality standards required from members (art. 2, paragraph 4 Law 4/2013).
• DATA RETENTION: in the case of a simple request for information regarding the professional activity in general and the quality standards required from members, for the time necessary to respond to the request and in any case no longer than 1 year. In case of reports and for the management of cases of litigation with individual professionals, for the period necessary for the management and resolution of the dispute.
• NATURE OF CONFERRAL: the provision of data is mandatory to use the services of the "Sportello del consumatore". Failure to provide the data marked with the symbol* or wording (required), will make it impossible to use the services referred to in this point.

Purpose F)

Registration to “Area Riservata” of the website in order to consult and download documents and information reserved to associated.

• LEGAL BASIS: fulfilment of contractual obligations deriving from registration to the Association (art. 6, par. 1 lett. b) GDPR).
• DATA RETENTION: for the duration of the registration.
• NATURE OF CONFERRAL: the conferral of data is mandatory in order to access the Reserved Area. In case of non-conferment, you cannot access this area of the website.

Purpose G)

Registration to ASSO DPO’S LIVE EVENTS in webinar mode; management of administrative-accounting activities related to the event; use of the e-mail contact to inform those interested about the event and to send communications related to the service. The processing operations carried out for administrative-accounting purposes are those related to the performance of activities of an organizational, administrative, financial and accounting nature, regardless of the nature of the data processed which, in the case of subjects already associated are: name, surname, email address and ASSO DPO card no.; while in the case of subjects not associated are: name, surname, email address, bank details (for the collection of the transfer). In the context of the webinar, no additional information will be collected with respect to the purposes pursued: the tool used, in fact, does not track or monitor in any way the behavior of the participants on the platform (see specific notice for ASSO DPO’S live events).

• LEGAL BASIS: fulfilment of contractual and pre-contractual obligations related to registration to the event (art. 6, par. 1 letter b) GDPR); legal obligation (art. 6, par. 1 letter c) GDPR and LAW 14 January 2013, n. 4, art. 2 c. 3 "Professional associations promote, also through specific initiatives, the continuous professional formation of their members [...]").
• DATA RETENTION: 10 years or otherwise stated by law.
• NATURE OF CONFERRAL: mandatory, tightly essential to give execution to contractual and law obligations. In case of non-conferment, the data Controller won’t be able to proceed with the registration to the event.

Purpose H)

Newsletter service. The association, in pursuing the fundamental aims of the Statute, including "promoting research and the spread of knowledge"; "promoting the valorization of the role of the DPO and fostering its professional growth", offers a newsletter service. This activity is carried out through the e-mail coordinates provided directly by the interested party during the registration phase or through the free filling in of forms on the website. The interested party will receive, through this channel, institutional communications, news about the association and, more generally, notifications regarding, for example, events such as the Congress, new webinars, new articles published on the site and on the others official channels of the association.

The data controller, in order to compare and possibly improve the results of communications, uses systems for sending newsletters and communications with reports. Thanks to reports, the Data Controller will be able to discover, for example: the number of readers, single openings, unique "clickers" and clicks; devices and operating systems employed to read the communication; details of email sent, delivered or not. All these data are employed with the purpose of comparing, and possibly improving, the communication results (see specific policy for subscribing to the newsletter).

• LEGAL BASIS: the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, as long as the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail. The legitimate interest of the data controller is to pursue the institutional information purposes pursued by the Association (art. 6 par. 1 letter f) GDPR and recital 47). As required by the Opinion 6/2014 of the Working Group Art. 29 - WP29 - on the concept of legitimate interest, the Data Controller conducted a "LIA" (Legitimate Interests Assessment), balancing the interests of the parties and the rights at stake. The interested party may oppose the legitimate interest of the Data Controller both at the time of joining the Association and afterwards.
• DATA RETENTION: the data subject may object to the processing based on legitimate interest in an easy way and free of charge (each communication made will contain the link to exercise the opt-out).
• NATURE OF CONFERRAL: the provision of data for this purpose is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose I)

Disclosure of personal data, including the image (photo/video/audio), for promotional and informative activities aimed at publicizing the activity, the services of the Association. Personal data may be collected during events organized by ASSO DPO (e.g. congresses, seminars, training, etc.), also in webinar mode or remotely through the recording of the event. The disclosure will take place through the publication of personal data (including images) through different tools and communication channels such as magazines, brochures, presentations, websites, social networks.

• LEGAL BASIS: consent (art. 6, lett. a GDPR): the data subject has provided consent to the processing of his personal data.
• DATA RETENTION: data will be retained until opposition (opt out/consent withdrawal). Hard copies will be diffused up to exhaustion and your image won’t be reproduced anymore.
• NATURE OF CONFERRAL: data conferral for this purpose is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose L)

Transfer of data to third parties (partners and sponsors of the Data Controller) for marketing purposes, i.e. to receive promotional material and commercial/informative communications from third parties, who operate, for example, in the following areas: insurance companies for professional liability policies of the Data Protection Officer, certification bodies, consulting and training companies, universities, software houses and, in general, third parties affiliated to ASSO DPO. The list of these third parties and active agreements is available at the following link: https://www.assodpo.it/convenzioni/.

• LEGAL BASIS: consent (art. 6, lett. a GDPR): the data subject has provided his consent to process his or her personal data.
• DATA RETENTION: until opposition (opt out/consent withdrawal).
• NATURE OF CONFERRAL: data conferral for this purpose is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.