This communication is made available to you – in order to the article 13 of the European Regulation on the protection of personal data (“GDPR”) 679/2016, to the Italian Legislative Decree 30/06/2003 n. 196 (“Privacy Code”) and subsequent amendments and addition, – by Italia Solare (also called “Association”).
The purpose of this information notice is to inform the user about the methods of processing personal data.
The Data Controller is Italia Solare Association with legal address in Via Passerini 2, 20900 Monza (MB), E-mail firstname.lastname@example.org .
The Data Protection Officer is the Lorenzo Lanzoni of Assiteca Consulting s.r.l., email email@example.com .
Type of data processed
The website offers informative and, sometimes, interactive content. During the navigation on the site of the Association will be able, therefore, to acquire information on the visitor, in the following ways:
The computer systems and software procedures, preceded to the operation of this website, acquire, during their normal operation, some personal data whose transmission is implicit in the use of the internet communication protocols. This category of data includes: the IP address, the type of browser used, the operating system, the name of domain and the addresses from which the access has been affected, information on pages visited by users inside the site, the access time, the permanence on the single page, the internal path analysis and other parameters relating to the operating system and to the computer environment of the customer.
Further categories of data
Are the personal data provided by the visitor through the site, for example:
- join with the Association;
- filling out a form through which to request information on the services offered and / or a contact request;
- writing to the e-mail addresses indicates on our site to request information;
- by accessing a reserved area and / or a service;
- filling out a form to receive our newsletter and marketing communications;
- filling out a form to register for one of the initiatives of the Association (conferences, seminars, workshops, events).
Purpose of the treatment
The data provided are processed for the following purposes:
- to join the Association;
- to process requests forwarded by the user;
- to register and participate in events organized by the Association;
- to recognize the experience of use of our platforms and services that we offer and to ensure the proper functioning of the web pages and their contents. The processing, set in to be for these purposes, are based on a legitimate interest of the Data Controller;
- to send information on the activities of the Association also through the newsletter service, sent by e-mail, post or sms. This treatment is based on the consent freely expressed by the User;
- to send, always with explicit consent, informative and promotional material from sponsoring companies and/or media partners.
Sharing and transfer of personal data
- Association staff;
- Service provider (etc. IT system providers, cloud service providers, database vendors and consultants)
- Public Administration for law purposes;
- Every public and/or private subject to whom it is necessary to communicate your personal data in relation to the purposes indicated above.
The updated list of Processors is available at controller’s legal address and it will be provided with a prior written application.
The Association may need to transfer personal data to countries outside the European Union/European Economic Area (EEA), so called “third-country”. These transfers to third countries can include all the activities indicated above.
Protection of personal data
The Data Controller have implemented appropriate technical and organizational measures to provide an appropriate level of security and privacy to personal data.
These measures concerning:
- the state of technology;
- the implementation costs;
- the nature of the data;
- the risk of treatment.
The aim is to protect them from accidental or unlawful destruction, accidental loss, unauthorized disclosure/access and other form of illegal processing. Furthermore, the processing of personal data must be
adequate, relevant and not excessive and the Controller must ensure that such data remain up-to-date and accurate.
Data Retention time
The Association will maintain your personal data for the time strictly necessary to achieve the purposes for which they were processed or, alternatively, for the time required by applicable law or regulatory requirements, except your right to object to data processing or the right to be forgotten.
When this period will expire, your personal data will be removed from active system of the Association
Your rights are:
- RIGHT TO RECTIFICATION. You have the right to obtain from the Association the rectification of personal data concerning you. The Data Controller shall make reasonable efforts to ensure that the personal data it holds are accurate, complete current and relevant.
- RIGHT TO RESTRICTION TO THE PROCESSING. You can obtain a restriction to the processing your personal data, where:
- the accuracy of the personal data is contested by the data subject, during the period when the Association must verify the accuracy of the personal data;
- the processing is unlawful and you require the erasure of personal data or the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by you to establishment, exercise or defend of legal claims;
- you have objected to the processing, while the Association checks whether your legitimate reasons prevail over your own.
- RIGHT TO ACCESS. You have the right to obtain from the Data Controller information about your personal data, and also information on which categories of personal data the Association owns or controls, for what purpose they are used, where they have been collected and to whom they may have been communicated.
- RIGHT TO DATA PORTABILITY. As a result of your application, the Association will transmit the data to another Controller on condition that the processing is based on your consent or is necessary for the execution of a contract.
- RIGHT TO ERASURE. Unless the processing of data is necessary for compliance with a legal obligation or to establishment, exercise or defend of legal claims, you have the right to obtain from the Data Controller the erasure of personal data if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you objected to the processing of your personal data;
- the personal data have been unlawfully processed.
- RIGHT TO OBJECT. You object at any time to the processing of your personal data, on the condition that the data processing is not based on your consent but on the legitimate interest of , the Association or third party. The Data Controller shall no longer process the personal data, unless the Controller demonstrates mandatory and legitimate reasons for the processing, an overriding interest in treatment, or the exercise or defend of legal claims. When you object to processing, specify if you’re going to erasure your personal data or limiting the processing.
- RIGHT TO LODGE A COMPLAINT. You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place where the alleged infringement took place.
Any future changes or additions to the processing of personal data as described in this privacy notice will be notified in advance through an individual notification, through the usual communication channels used by the Association (etc. e-mail or through the internet).