Pursuant to Reg. UE 2016/679 (General Data Protection Regulation) we provide you the deserved information concerning processing of collected personal data. The notice is not valid for external links; Data Controller is not to be considered responsible for third parties’ web pages.
The notice is drawn up pursuant to art. 13 Reg. UE 2016/679 (General Data Protection Regulation), inspired to DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009, and to Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies – 8 may 2014 by Italian Data Protection Authority, considering the EDPB Guidelines 05/2020 on consent under Regulation 2016/679.
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).
Computer systems and procedures software preceded to the operation of this site, acquire, during their normal exercise, some personal data whose transmission is implicit using Internet communication protocols. This category includes: IP addresses, URI/URL (Uniform Resource Identifier/Locator), time of request, type of request, outgoing packet size, server status of response (received, error, etc…) and other parameters related to the operating system (for further information see Cookies policy of this site).
Data provided by data subject
The optional, explicit and voluntary dispatching of messages to contact-addresses, as well as compilation and forwarding of forms that are on the Data Controller’s website, involves the acquisition of sender’s personal data necessary to reply, as well as all the personal data included in messages themselves.
Detailed notices related to specific services or processing are available on specific pages of the site.
Click here for more information about the cookie policy.
Pursuant to art. 4 ad 24 Reg UE the Data Controller is Associazione Data Protection Officer (ASSO DPO), with registered office in 20121 Milano - P.le Principessa Clotilde n. 6, P.IVA 08258580961, C.F. 97656960156, in person of its Legal Representative Dott. Matteo Colombo.
Data Controller’s contact details: email info@assodpo.it; telephone number: 800561720.
Purpose A)
Website browsing.
Purpose B)
Eventual contact form filling (see the policy in the contact area).
Purpose C)
Signing-up to Associazione Data Protection Officer and diffusion of identification data through the publication of the "Register of Members" (specific policy available in the sign-up area).
In any case, all categories of members, at the time of registration, may also freely choose whether to give, upon consent, further identifying information to be included in this list (such as, for example, the province of residence).
Purpose D)
Filling in forms to send your application to join the working groups / scientific committee of the Association Data Protection Officer ASSO DPO (see specific information in the Request for membership of work groups / scientific committee).
Purpose E)
Filling in of forms to use the “Sportello del Consumatore” services (art. 2, comma 4, l. 4/2013): to obtain information about the professional activity in general and the quality standards required from members, as well as to report any complaints in case of litigation with individual professionals, with the commitment of the professional association for the agreed resolution of the dispute reported by the consumer (see specific information notice in sportello del consumatore area).
Purpose F)
Registration to “Area Riservata” of the website in order to consult and download documents and information reserved to associated.
Purpose G)
Registration to ASSO DPO’S LIVE EVENTS in webinar mode; management of administrative-accounting activities related to the event; use of the e-mail contact to inform those interested about the event and to send communications related to the service. The processing operations carried out for administrative-accounting purposes are those related to the performance of activities of an organizational, administrative, financial and accounting nature, regardless of the nature of the data processed which, in the case of subjects already associated are: name, surname, email address and ASSO DPO card no.; while in the case of subjects not associated are: name, surname, email address, bank details (for the collection of the transfer). In the context of the webinar, no additional information will be collected with respect to the purposes pursued: the tool used, in fact, does not track or monitor in any way the behavior of the participants on the platform (see specific notice for ASSO DPO’S live events).
Purpose H)
Newsletter service. The association, in pursuing the fundamental aims of the Statute, including "promoting research and the spread of knowledge"; "promoting the valorization of the role of the DPO and fostering its professional growth", offers a newsletter service. This activity is carried out through the e-mail coordinates provided directly by the interested party during the registration phase or through the free filling in of forms on the website. The interested party will receive, through this channel, institutional communications, news about the association and, more generally, notifications regarding, for example, events such as the Congress, new webinars, new articles published on the site and on the others official channels of the association.
The data controller, in order to compare and possibly improve the results of communications, uses systems for sending newsletters and communications with reports. Thanks to reports, the Data Controller will be able to discover, for example: the number of readers, single openings, unique "clickers" and clicks; devices and operating systems employed to read the communication; details of email sent, delivered or not. All these data are employed with the purpose of comparing, and possibly improving, the communication results (see specific policy for subscribing to the newsletter).
Purpose I)
Disclosure of personal data, including the image (photo/video/audio), for promotional and informative activities aimed at publicizing the activity, the services of the Association. Personal data may be collected during events organized by ASSO DPO (e.g. congresses, seminars, training, etc.), also in webinar mode or remotely through the recording of the event. The disclosure will take place through the publication of personal data (including images) through different tools and communication channels such as magazines, brochures, presentations, websites, social networks.
Purpose L)
Transfer of data to third parties (partners and sponsors of the Data Controller) for marketing purposes, i.e. to receive promotional material and commercial/informative communications from third parties, who operate, for example, in the following areas: insurance companies for professional liability policies of the Data Protection Officer, certification bodies, consulting and training companies, universities, software houses and, in general, third parties affiliated to ASSO DPO. The list of these third parties and active agreements is available at the following link: https://www.assodpo.it/convenzioni/.
3. Who the collected data will be communicated to?
Provided data will be shared with recipients who will treat them as data Processors (art. 28 Reg. UE 2016/679) and/or as natural person acting under the controller’s or processor’s authority (art. 29 Reg. UE 2016/679) for former purposes.
Namely, data will be shared with:
The list of the data Processors is constantly updated and available writing to info@assodpo.it or sending a traditional mail to the Data Controller registered office.
4. Does Asso DPO transfer data to a third country and/or to international organisations?
Personal data may be transferred only with prior consent of the data subject and, in this case, they will be transferred to countries outside the EU exclusively for the purpose of transmission on social platforms; such transfer will then be managed as established in the general conditions and in the privacy policies of the related social networks. If it should be necessary to transfer your data to non-EU countries, this will be done in compliance with the limits and conditions of the articles 44 and ss. of EU Reg. 2016/679. The data subject may obtain information about the guarantees for data transfer writing an email to the address info@assodpo.it or at the registered office of the Data Controller.
5. Are personal data processed by an automated mean?
We do not process data by automated mean, profiling included.
6. Which rights am I entitled to? How can I exercise them?
You can exercise your rights, as required by art. 15 and subsequent of the General Data Protection Regulation UE 2016/679 (GDPR) contacting the data Controller at the email address: info@assodpo.it. You have the right, at any time, to obtain from the data Controller the access to your personal data, request their rectification, erasure or processing restriction and, if applicable, data portability. Furthermore, you have the right to object anytime to your personal data processing based upon legitimate interest. Where applicable, you have the right to withdraw consent without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
To unsubscribe from newsletter service (E-Mail), please write to info@assodpo.it (object: “cancellazione da automatizzato”) or use our automated unsubscribing tools.
Without prejudice to any other administrative or judicial remedy, in case you consider the processing conflicting with Reg. UE 2016/679, pursuant to article 15 lett. f) you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it).
In case of request for data portability, the Data Controller will provide your personal data in a structured format, commonly used and readable by automatic device.
7. More information
Data controller retains the right to modify, update, add or remove parts of this statement at his own discretion, in any moment. In order to facilitate such verification, the information notice will include the date of update.
Date of review: 18/01/2021