1. Who is the data controller?
How to contact
him?
Pursuant
to art. 4 ad 24 Reg UE the Data
Controller is Associazione Data
Protection Officer (ASSO DPO), with
registered office in 20121 Milano
– P.le Principessa Clotilde n. 6,
P.IVA 08258580961, C.F. 97656960156, in
person of its Legal Representative Dott.
Matteo Colombo.
Data Controller’s contact details: email info@assodpo.it;
telephone number: 800561720
2. Purposes of processing, legal basis, data retention and nature of conferral (complete list of the Data Controller’s purposes of processing available in the privacy policy web in the footer of the website)
Purpose A)
Signing-up to
Associazione Data Protection Officer
and diffusion of identification data
through the publication of the
“Register of
Members”.
• LEGAL BASIS: with regard to
registration with the association, the
legal basis is the fulfilment of
contractual obligations (art. 6, par. 1
letter b GDPR). With regard to the
disclosure of identification data, the
legal basis varies depending on the type
of member: it may be the legal
obligation (art. 6, par. 1 letter c GDPR
and LAW 14 January 2013, n. 4, art. 4 c.
1 and art. 5 c. 2 letter b)) which
requires the Association to prepare and
publish the list of members Soci
Effettivi – Persone Fisiche updated
annually; or the consent, if other types
of members, such as Educational, wish to
appear on the list (“Register of
Members”).
In any case, all
categories of members, at the time of
registration, may also freely choose
whether to give, upon consent, further
identifying information to be included
in this list (such as, for example, the
province of residence).
• DATA
STORAGE PERIOD: duration of registration
and, after termination, 10 years. With
regard to the disclosure on the
“Register of Members” of
personal data NOT of members Soci
Effettivi – Persone Fisiche and
additional data, the person concerned is
always free to revoke the consent
given.
• NATURE OF CONFERENCE: the
provision of data is optional or
mandatory depending on the specific
purpose for which the data is processed.
Failure to provide the data marked with
the symbol* or indication (required),
will make it impossible to register. The
provision of data without * is optional
and will not preclude the completion of
the registration.
Purpose B)
Newsletter
service. The association, in
pursuing the fundamental aims of the
Statute, including “promoting
research and the spread of
knowledge”; “promoting
the valorization of the role of the
DPO and fostering its professional
growth”, offers a newsletter
service. This activity is
carried out through the e-mail
coordinates provided directly by the
interested party during the registration
phase. The interested
party will receive, through this
channel, institutional communications,
news about the association and, more
generally, notifications regarding, for
example, events such as the Congress,
new webinars, new articles published on
the site and on the others official
channels of the association.
The
data controller, in order to compare and
possibly improve the results of
communications, uses systems for sending
newsletters and communications with
reports. Thanks to reports, the Data
Controller will be able to discover, for
example: the number of readers, single
openings, unique “clickers”
and clicks; devices and operating
systems employed to read the
communication; details of email sent,
delivered or not. All these data are
employed with the purpose of comparing,
and possibly improving, the
communication results.
• LEGAL BASIS: the processing is
necessary for the pursuit of the
legitimate interest of the data
controller or third parties, as long as
the interests or fundamental rights and
freedoms of the data subject which
require the protection of personal data
do not prevail. The legitimate interest
of the data controller is to pursue the
institutional information purposes
pursued by the Association (art. 6 par.
1 letter f) GDPR and recital 47). As
required by the Opinion 6/2014 of the
Working Group Art. 29 – WP29
– on the concept of legitimate
interest, the Data Controller conducted
a “LIA” (Legitimate
Interests Assessment), balancing the
interests of the parties and the rights
at stake. The interested party may
oppose the legitimate interest of the
Data Controller both at the time of
joining the Association and
afterwards.
• DATA RETENTION: the
data subject may object to the
processing based on legitimate interest
in an easy way and free of charge (each
communication made will contain the link
to exercise the opt-out).
• NATURE
OF CONFERRAL: the provision of data for
this purpose is optional and, where
lacking, personal data won’t be
processed for such purpose; the denial
of conferral will not undermine benefits
from other purposes.
Purpose C)
Disclosure of personal data, including the image (photo/video/audio), for promotional and informative activities aimed at publicizing the activity, the services of the Association. Personal data may be collected during events organized by ASSO DPO (e.g. congresses, seminars, training, etc.), also in webinar mode or remotely through the recording of the event. The disclosure will take place through the publication of personal data (including images) through different tools and communication channels such as magazines, brochures, presentations, websites, social networks.
Purpose D)
Transfer of data to
third parties (partners and sponsors
of the Data Controller) for
marketing purposes, i.e. to
receive promotional material and
commercial/informative communications
from third parties, who operate, for
example, in the following areas:
insurance companies for professional
liability policies of the Data
Protection Officer, certification
bodies, consulting and training
companies, universities, software houses
and, in general, third parties
affiliated to ASSO DPO. The list of
these third parties and active
agreements is available at the following
link:
https://www.assodpo.it/convenzioni/.
• LEGAL BASIS: consent (art. 6, lett. a
GDPR): the data subject has provided his
consent to process his or her personal
data.
• DATA RETENTION: until
opposition (opt out/consent
withdrawal).
• NATURE OF CONFERRAL:
data conferral for this purpose is
optional and, where lacking, personal
data won’t be processed for such
purpose; the denial of conferral will
not undermine benefits from other
purposes.
3. Who the collected data will be communicated to?
Provided data will be shared with
recipients who will treat them as data
Processors (art. 28 Reg. UE 2016/679)
and/or as natural person acting under
the controller’s or processor’s
authority (art. 29 Reg. UE 2016/679) for
former purposes.
Namely, data will
be shared with:
– companies
contractually associated to the Data
Protection Officer
Association;
– subjects who
provide services for the management of
the information system used by the Data
Protection Officer Association and
telecommunications
networks;
– professionals,
studies or companies in the assistance
and consultancy field;
–
subjects who provide services for the
management of the activities indicated
above in the purposes (subjects for
communication, printing brochures,
flyers, websites, videos) with prior
consent;
– platform managers
for the services listed above (site
hosting, YouTube);
–
commercial Partners, with prior
consent;
– competent
authorities for compliance with legal
obligations and / or provisions of
public bodies, upon
request;
– other associated,
upon request.
The list of the data
Processors is constantly updated and
available writing to info@assodpo.it
or sending a traditional mail to the
Data Controller registered office.
4. Does Asso DPO transfer data to a third country and/or to international organisations?
Personal data may be transferred only with prior consent of the data subject and, in this case, they will be transferred to countries outside the European Economic Area (EEA), exclusively for the purpose of transmission on social platforms. Such transfer will then be managed as established in the general conditions and in the privacy policies of the related social networks. If it should be necessary to transfer your data to non-EEA countries, this will be done in compliance with the limits and conditions of the articles 44 and ss. of EU Reg. 2016/679. The data subject may obtain information about the guarantees for data transfer writing an email to the address info@assodpo.it or at the registered office of the Data Controller.
5. Are personal data processed by an
automated mean?
We do not
process data by automated mean,
profiling included.
6. Which rights am I entitled to? How can I exercise them?
You can exercise your rights, as required
by art. 15 and subsequent of the General
Data Protection Regulation UE 2016/679
(GDPR) contacting the data Controller at
the email address: info@assodpo.it.
You have the right, at any time, to
obtain from the data Controller the
access to your personal data, request
their rectification, erasure or
processing restriction and, if
applicable, data portability. In case of request for data portability, the Data Controller will provide your personal data in a structured format, commonly used and readable by automatic device.
Furthermore, you have the right to
object anytime to your personal data
processing based upon legitimate
interest. Where applicable, you have the
right to withdraw consent without
prejudice to the lawfulness of the
processing based on the consent given
before the withdrawal.
To
unsubscribe from newsletter service
(E-Mail), please write to info@assodpo.it
(object: “cancellazione da
automatizzato”) or use our automated
unsubscribing tools.
Without
prejudice to any other administrative or
judicial remedy, in case you consider
the processing conflicting with Reg. UE
2016/679, pursuant to article 15 lett.
f) you have the right to lodge a
complaint with a supervisory authority
(www.garanteprivacy.it).
More information
Data
controller retains the right to modify,
update, add or remove parts of this
statement at his own discretion, in any
moment. In order to facilitate such verification, the information notice will include the date of update.
Date of review: 31/03/2021