art. 13 GDPR EU Regulation n.2016/679
ApritiCielo Association (hereinafter, the “Controller”) deems the protection of users’ personal data (hereinafter, “Users”) of great importance and guarantees that the processing of personal data is in compliance with the rights of the User, especially as for confidentiality, protection of personal identity and the right to the protection of personal data (hereinafter, “Data”), in compliance with the provisions of European Regulation no. 679/2016 (hereinafter, the “GDPR”) and other national and Community provisions of reference.
1. Data Controller
The Data Controller is the ApritiCielo Association (the Association hereafter) –Registered Office and operational headquarters in Via Osservatorio 30 – Pino Torinese (TO) – Italy. The complete and updated list of the people in charge is available upon request to the Data Controller.
2. Personal data
Personal Data (name, surname, identification document and copy of the same, telephone, email address, origin, age, sex, interests) supplied at the time of membership application according to the type of activity or service requested. Personal Data provided are subject to: i) treatment related to the institutional role of the Association, concerning the registration to events, data collection for statistical and marketing purposes, identification required to receive gadgets or promotions; ii) mailing of newsletters, holiday greetings and promotional communication to members- with prior consent in writing; iii) processing required in managing the Association’s life iv) processing to provide and organize services; v) processing for correspondence and traceability; vi) processing for the fulfillment of insurance and legal obligations.
3. Data Storage: Methods and Place
Modalities of treatment
The Data Controller shall adopt the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out by means of computer and/or other ITC tools, following methods and paths strictly related to the purposes indicated. In some cases, in addition to the Data Controller other members of the organization involved in the requested service (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, computer companies, communication agencies) may have access to the Data. If necessary, the Data Controller may appoint such people as representatives, known as Data Processors. The updated list of Data Processors can be requested from the Data Controller.
Legal basis of Processing
The Personal Data herein referred to are processed by the Data Controller as part of the tasks and purposes of public interest and scientific dissemination including that of improving the site navigation and gathering useful information. The Data Controller processes Personal Data relating to a User if one of the following conditions is met:
a) the User has granted consent for one or more specific purposes;
b) processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
c) processing is required to fulfill a legal obligation to which the Controller has to meet;
d) processing is required to fulfill a public interest duty or for the exercise of public authority vested in the Controller;
e) processing is necessary for the pursuit of the Controller’s or Third Party’s legitimate interests.
Location Data are processed at the Data Controller’s offices, on servers located within the European Union or, if required, also using servers not in the EU. In this case, the Data Controller ensures that the transfer of data outside the EU will take place consistently with the relevant and applicable legal provisions. For further information, please contact the controller at email@example.com.
Storage period The Data storage period will depend to the relevant purposes and/or to the law.
4. Users’ Rights
Users may exercise certain rights with reference to the Data processed by the Data Controller. In case of higher levels of protection, Users may exercise all the rights listed below. In any other case, Users may contact the Data Controller to find out which rights apply and how to exercise them. Specifically, Users retain the right to:
– revoke consent at any time.Users may revoke their previously granted consent to the processing of their Personal Data.
– object to the processing of their Data. Users may object to the processing of their Data when this has been done on a legal basis other than consent. Further details on the right to object are indicated in the section below.
– access their Data. Users retain the right to obtain information on the Data processed by the Data Controller, on steps of the processing and to receive a copy of the Data processed.
– verify and request correction. Users may verify the accurateness of their Data and request them to be updated and/or corrected.
– impose limits on processing. When certain conditions are met, Users may request limits on the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their storage.
– obtain the deletion or removal of their Personal Data. When certain conditions are met, Users may request the deletion of their Data by the Data Controller.
– receive their Data or have them transferred to another Data Controller. Users have the right to receive their Data in a structured, commonly used and readable format and, where technically feasible, to obtain a smooth transfer to another Data Controller. This provision is applicable when the Data are processed by automated means and the processing is based on Users’ consent, according to a contract which Users are party to, or on related contractual provisions.
– lodge a complaint. Users may lodge a complaint with the relevant data protection supervisory authority or take legal action.
Right of Opposition
When Personal Data are processed in the public interest, within the Data Controller’s remit of power in the exercise of public powers vested or to pursue a legitimate interest, Users have the right to object to the processing for reasons related to their specific situation. Should their Data be processed for direct marketing purposes, Users are reminded that they may object to the processing without giving any reasons. Users may refer to the respective sections of this document to ascertain whether the Data Controller processes data for direct marketing purposes.
How to exercise the above Right of Opposition
You may exercise your rights at any time by sending a request by e-mail to firstname.lastname@example.org. Requests are free of charge and processed by the Controller as soon as possible, and in any case no later than after one month.