PRIVACY POLICY – JOIN ASSOCIATION ASSO DPO

Information notice pursuant to Art. 13 of the Reg. UE 2016/679 (General Data Protection Regulation | GDPR)

Asso DPO - Privacy Policy adesione

1. Who is the data controller? How to contact him?
Pursuant to art. 4 ad 24 Reg UE the Data Controller is Associazione Data Protection Officer (ASSO DPO), with registered office in 20121 Milano – P.le Principessa Clotilde n. 6, P.IVA 08258580961, C.F. 97656960156, in person of its Legal Representative Dott. Matteo Colombo.
Data Controller’s contact details: email info@assodpo.it; telephone number: 800561720

Asso DPO - Privacy Adesione 07

2. Purposes of processing, legal basis, data retention and nature of conferral (complete list of the Data Controller’s purposes of processing available in the privacy policy web in the footer of the website)

Purpose A)
Signing-up to Associazione Data Protection Officer and diffusion of identification data through the publication of the “Register of Members”.

• LEGAL BASIS: with regard to registration with the association, the legal basis is the fulfilment of contractual obligations (art. 6, par. 1 letter b GDPR). With regard to the disclosure of identification data, the legal basis varies depending on the type of member: it may be the legal obligation (art. 6, par. 1 letter c GDPR and LAW 14 January 2013, n. 4, art. 4 c. 1 and art. 5 c. 2 letter b)) which requires the Association to prepare and publish the list of members Soci Effettivi – Persone Fisiche updated annually; or the consent, if other types of members, such as Educational, wish to appear on the list (“Register of Members”).
In any case, all categories of members, at the time of registration, may also freely choose whether to give, upon consent, further identifying information to be included in this list (such as, for example, the province of residence).
• DATA STORAGE PERIOD: duration of registration and, after termination, 10 years. With regard to the disclosure on the “Register of Members” of personal data NOT of members Soci Effettivi – Persone Fisiche and additional data, the person concerned is always free to revoke the consent given.
• NATURE OF CONFERENCE: the provision of data is optional or mandatory depending on the specific purpose for which the data is processed. Failure to provide the data marked with the symbol* or indication (required), will make it impossible to register. The provision of data without * is optional and will not preclude the completion of the registration.

Purpose B)
Newsletter service. The association, in pursuing the fundamental aims of the Statute, including “promoting research and the spread of knowledge”; “promoting the valorization of the role of the DPO and fostering its professional growth”, offers a newsletter service. This activity is carried out through the e-mail coordinates provided directly by the interested party during the registration phase. The interested party will receive, through this channel, institutional communications, news about the association and, more generally, notifications regarding, for example, events such as the Congress, new webinars, new articles published on the site and on the others official channels of the association.
The data controller, in order to compare and possibly improve the results of communications, uses systems for sending newsletters and communications with reports. Thanks to reports, the Data Controller will be able to discover, for example: the number of readers, single openings, unique “clickers” and clicks; devices and operating systems employed to read the communication; details of email sent, delivered or not. All these data are employed with the purpose of comparing, and possibly improving, the communication results.

• LEGAL BASIS: the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, as long as the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail. The legitimate interest of the data controller is to pursue the institutional information purposes pursued by the Association (art. 6 par. 1 letter f) GDPR and recital 47). As required by the Opinion 6/2014 of the Working Group Art. 29 – WP29 – on the concept of legitimate interest, the Data Controller conducted a “LIA” (Legitimate Interests Assessment), balancing the interests of the parties and the rights at stake. The interested party may oppose the legitimate interest of the Data Controller both at the time of joining the Association and afterwards.
• DATA RETENTION: the data subject may object to the processing based on legitimate interest in an easy way and free of charge (each communication made will contain the link to exercise the opt-out).
• NATURE OF CONFERRAL: the provision of data for this purpose is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Purpose C)

Disclosure of personal data, including the image (photo/video/audio), for promotional and informative activities aimed at publicizing the activity, the services of the Association. Personal data may be collected during events organized by ASSO DPO (e.g. congresses, seminars, training, etc.), also in webinar mode or remotely through the recording of the event. The disclosure will take place through the publication of personal data (including images) through different tools and communication channels such as magazines, brochures, presentations, websites, social networks.

  • LEGAL BASIS: consent (art. 6, lett. a GDPR): the data subject has provided consent to the processing of his personal data.
  • DATA RETENTION: data will be retained until opposition (opt out/consent withdrawal). Hard copies will be diffused up to exhaustion and your image won’t be reproduced anymore.
  • NATURE OF CONFERRAL: data conferral for this purpose is optional and, where lacking, personal data won’t be processed for such purpose. The denial of conferral will not undermine benefits from other purposes.

Purpose D)
Transfer of data to third parties (partners and sponsors of the Data Controller) for marketing purposes
, i.e. to receive promotional material and commercial/informative communications from third parties, who operate, for example, in the following areas: insurance companies for professional liability policies of the Data Protection Officer, certification bodies, consulting and training companies, universities, software houses and, in general, third parties affiliated to ASSO DPO. The list of these third parties and active agreements is available at the following link: https://www.assodpo.it/convenzioni/.

• LEGAL BASIS: consent (art. 6, lett. a GDPR): the data subject has provided his consent to process his or her personal data.
• DATA RETENTION: until opposition (opt out/consent withdrawal).
• NATURE OF CONFERRAL: data conferral for this purpose is optional and, where lacking, personal data won’t be processed for such purpose; the denial of conferral will not undermine benefits from other purposes.

Asso DPO - Privacy Adesione 02

3. Who the collected data will be communicated to?

Provided data will be shared with recipients who will treat them as data Processors (art. 28 Reg. UE 2016/679) and/or as natural person acting under the controller’s or processor’s authority (art. 29 Reg. UE 2016/679) for former purposes.
Namely, data will be shared with:
– companies contractually associated to the Data Protection Officer Association;
– subjects who provide services for the management of the information system used by the Data Protection Officer Association and telecommunications networks;
– professionals, studies or companies in the assistance and consultancy field;
– subjects who provide services for the management of the activities indicated above in the purposes (subjects for communication, printing brochures, flyers, websites, videos) with prior consent;
– platform managers for the services listed above (site hosting, YouTube);
– commercial Partners, with prior consent;
– competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request;
– other associated, upon request.
The list of the data Processors is constantly updated and available writing to info@assodpo.it or sending a traditional mail to the Data Controller registered office.

Asso DPO - Privacy adesione 03

4. Does Asso DPO transfer data to a third country and/or to international organisations?

Personal data may be transferred only with prior consent of the data subject and, in this case, they will be transferred to countries outside the European Economic Area (EEA), exclusively for the purpose of transmission on social platforms. Such transfer will then be managed as established in the general conditions and in the privacy policies of the related social networks. If it should be necessary to transfer your data to non-EEA countries, this will be done in compliance with the limits and conditions of the articles 44 and ss. of EU Reg. 2016/679. The data subject may obtain information about the guarantees for data transfer writing an email to the address info@assodpo.it or at the registered office of the Data Controller.

Asso DPO - Privacy adesione 04

5. Are personal data processed by an automated mean?
We do not process data by automated mean, profiling included.

Asso DPO - Privacy adesione 05

6. Which rights am I entitled to? How can I exercise them?

You can exercise your rights, as required by art. 15 and subsequent of the General Data Protection Regulation UE 2016/679 (GDPR) contacting the data Controller at the email address: info@assodpo.it. You have the right, at any time, to obtain from the data Controller the access to your personal data, request their rectification, erasure or processing restriction and, if applicable, data portability. In case of request for data portability, the Data Controller will provide your personal data in a structured format, commonly used and readable by automatic device. Furthermore, you have the right to object anytime to your personal data processing based upon legitimate interest. Where applicable, you have the right to withdraw consent without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
To unsubscribe from newsletter service (E-Mail), please write to info@assodpo.it (object: “cancellazione da automatizzato”) or use our automated unsubscribing tools.
Without prejudice to any other administrative or judicial remedy, in case you consider the processing conflicting with Reg. UE 2016/679, pursuant to article 15 lett. f) you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it).

More information
Data controller retains the right to modify, update, add or remove parts of this statement at his own discretion, in any moment. In order to facilitate such verification, the information notice will include the date of update.

Date of review: 31/03/2021