The data controller, pursuant to Articles 4 and 24 of EU Regulation 2016/679, is the Association Data Protection Officer (ASSO DPO), headquartered at Viale Monza, 44- 20127 - Milan, VAT number 08258580961, Tax code 97656960156, represented by its President and legal representative pro-tempore, Dr. Matteo Colombo.
To contact the data controller: email info@assodpo.it or toll-free number 800561720
Purpose A)
Disclosure – with prior consent – of identifying data, through their publication in the "Members Register" (applicable only to the categories of "Educational Members", as defined within the Bylaws).
Purpose B)
Disclosure of additional personal information in the "Members Register": all categories of members, upon registration, may also freely choose to provide, with consent, further identifying information to be included in such a list (such as, for example, name, surname, and province of residence).
If individuals do not consent to such processing, their identifier in the "Members Register" will be reported with the "membership number" linked to pseudonymized personal data (instead of full name and surname, only initials followed by an asterisk will be reported).
Purpose C)
Disclosure of personal data, including images (photos/videos/audio), for promotional and educational activities aimed at advertising the activities and services of the Association.
Personal data may be collected during events organized by ASSO DPO (e.g., conferences, seminars, training, etc.), also through webinars or remote events via event registration. The dissemination will occur through the publication of personal data (including images) through various communication tools and channels such as magazines, brochures, presentations, websites, and social networks.
Purpose D)
Transfer of data to third parties (partners and sponsors of the Controller) for marketing purposes,
namely to receive promotional material and commercial/informational communications from third-party entities, which operate, for example, in the following sectors: insurance companies for Data Protection Officer professional liability policies, certification bodies, consulting and training companies, universities, software houses, and in general, third parties affiliated with ASSO DPO.
The list of the aforementioned third parties and active agreements is available at the following link: https://www.assodpo.it/convenzioni/.
Purpose E)
Registration for membership in the Association Data Protection Officer and pursuit of all purposes related to membership and the achievement of the Association's objectives,
including, in particular:
Purpose F)
Release of professional certificates upon request by the Members and subject to verification of the presence of all necessary requirements as provided by law.
Purpose G)
Dissemination of identifying data through the publication of the 'Members Registry'.
Purpose H)
Newsletter service. In pursuing the fundamental purposes provided by the Bylaws, including 'promoting research and dissemination of knowledge'; 'promoting the enhancement of the DPO role and fostering theirprofessional growth,' the association offers a newsletter service.
This activity is conducted through the email addresses provided directly by the data subject during the association's registration phase. The data subject will receive, through this channel, institutional communications, news about the association, and more generally, notifications regarding events such as the Congress, new webinars, new articles published on the website, and on the Association's official channels.
The Data Controller, to compare and potentially improve communication results, uses newsletter delivery systems with reports. Through these reports, the Data Controller will be able to know, for example: the number of readers, openings, unique “clickers”, and clicks; the devices and operating systems used to read the communication; the details of emails sent, delivered and undelivered. All this data are used for the purpose of comparing and, if necessary, improving communication results.
The personal data will be disclosed to entities who will process the data as independent data controllers, or data processors (art. 28 GDPR) and processed by individuals (art. 29 GDPR) acting under the authority of the Controller and Data Processors on the basis of specific instructions provided regarding the purposes and methods of processing. The data will be disclosed to recipients belonging to the following categories:
Personal data will also be transferred to countries located outside the European Economic Area (EEA), if the data subjects consent to dissemination for promotional and informational activities conducted by the Association, also through the use of social media platforms. Such transfer will then be managed as established in the terms and conditions and privacy policies of those platforms. In particular, reference is made to the following policies:
The data subject will be able to obtain information concerning guarantees for the transfer of data by writing to info@assodpo.it or at the Data Controller’s registered office.
Personal data will be subject to traditional manual, electronic, and automated processing. It is specified that no fully automated decision-making processes are carried out.
The data subjects may enforce their rights as expressed in articles 15 and following of the GDPR by contacting the Data Controller at the email address: info@assodpo.it, or by writing to the above-mentioned contacts. The data controller ensures data subjects the possibility to request, at any time, access to their personal data (art. 15), rectification (art. 16), erasure of the same (art. 17), and restriction of processing (art. 18). The data controller communicates (art. 19) to each recipient to whom the personal data have been disclosed any rectifications, erasures, or restrictions of processing carried out. The data controller informs the data subjects who request it about such recipients.
The data controller ensures the right to data portability (art. 20) and, in the event of requests under art. 20, will provide data subjects with the data in a structured, commonly used format, readable with an automatic device.
Data subjects are recognized the right to object (art. 21), at any time, to the processing of data based on legitimate interest, by writing to the contacts listed above with the subject 'objection'. In the event of exercising the right to object to processing based on legitimate interest, the controller acknowledges to data subjects the possibility of obtaining, upon request, information about the balancing test performed.
To unsubscribe from the newsletter service (email), data subjects are invited to write an email to the address info@assodpo.it with the subject 'unsubscribe from automated' or to use our automatic unsubscribe systems within the communication emails.
In cases provided for, data subjects have the right to withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal.
If data subjects believe that the processing of personal data carried out by the Data Controller violates the provisions of Regulation (EU) 2016/679, they are free to lodge a complaint with the national supervisory authority, particularly in the Member State where they habitually reside or work, or where the alleged violation of the Regulation occurred (Italian Data Protection Authority - https://www.garanteprivacy.it/), or to seek judicial remedies.
The Data Controller may change, modify, add, or remove any part of this Privacy Policy. In order to facilitate the verification of any changes, the policy will include the indication of the update date.
Date of review: 02/04/2024