The Italian Design Institute Association based in Milan, in Via Mauro Macchi, 8, CF 93422440722 (hereinafter "Holder"), as data controller, informs you pursuant to art. 13 EU Regulation n. 2016 / 679 (hereinafter, "GDPR") that your data will be processed in the manner and for the following purposes:
1. Object of the treatment
The Data Controller processes personal, identifying and non-sensitive data (in particular, name, surname, tax code, VAT number, email address, telephone number, educational qualification - later, "personal data" or even "data") from you communicated during the signing of the contract.
2.Typology of data processed and purposes.
The data provided and processed by the company are: data related to customer records (name surname e-mail address telephone number) for administrative and accounting purposes; data relating to customer records including email and telephone number for purposes related to the availability for the execution of the contract; data relating to customer records including email and phone number for purposes related to commercial promotion operations. The knowledge of your data is a necessary requirement for the execution of the contract and it will not be possible to proceed with its stipulation in the absence of them (Art. 13 c.2 letter e). Please inform me that according to the law on copyright (633 22 April 1943 law) is required, subject to specific exceptions, a release on the subject of the right to the image by the subjects portrayed. In case of failure to provide personal data and failure to issue the release for the right to the image will not be possible to conclude the procedure in question. Personal data will be processed with / without electronic tools only by authorized parties in compliance with privacy regulations and company regulations on the protection of personal data. The data provided anonymised can also be used for internal statistical surveys; marketing activities by sending promotional and advertising material relating to products or services similar to those in the current commercial relationship.
3. Method of treatment
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing. The Data are processed and stored for the time required by the purposes for which they were collected.
- Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of the contract is completed.
- Personal Data collected for purposes related to the legitimate interest of the owner will be retained until the satisfaction of this interest. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Data Controller.
The Data Controller may retain the Personal Data for a longer period until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or an order of an authority.
At the end of the retention period the Personal Data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
4. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the Owner in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
5. Scope of communication and dissemination of data
Your data will not be disclosed.
Your data may be disclosed:
-a all the subjects to whom the right of access to such data is recognized by virtue of regulatory provisions;
- to our collaborators, employees, as part of their duties;
- to all those natural and / or legal persons, public and / or private when the communication is necessary or functional to the performance of our activity and in the manner and for the purposes described above.
Without your express consent (pursuant to Article 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said purposes.
6. Data transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Data Controller. The data will not be transferred to outside the European Union.
7. Mode and duration of personal data retention
The treatment will be carried out in an automated and / or manual way, with methods and tools, in compliance with the security measures set forth in art. 32 of the GDPR 2016 / 679 by persons specifically appointed, in compliance with the provisions of art. 29 GDPR 2016 / 679.
Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016 / 679, we will store your data in a form that allows the identification of the same for a period of time not exceeding the achievement of the purposes for which the data were collected; they will therefore be kept until the existence of the contractual relationship in place and no later than 5 years from the termination of the contract (art 2048 Civil Code on prescription). The data strictly necessary for the fiscal and accounting obligations, having failed the purpose for which they were collected, will be kept for a period of 10 years as required by the relevant regulations.
8. Nature of providing data and consequences of refusing to answer
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we can not guarantee the services of the art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters. In any case you will continue to be entitled to the Services referred to in art. 2.A).
9. Rights of the interested party
In your capacity as an interested party, you have the rights set forth in art. 15 GDPR and precisely the rights of:
I. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
II. obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the owner, the managers and the designated representative pursuant to art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;
III. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;
IV. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
10. How to exercise rights
You can exercise your rights at any time by sending:
- a registered letter to the Italian Design Institute Association - Via Mauro Macchi, 8 - 20124 MILANO "
- an e-mail to firstname.lastname@example.org
11. Owner, manager and agents
The Data Controller is Associazione Italian Design Institute, in the person of the President, Daniela Vilardi.
The updated list of data processors and data processors is kept at the Data Controller's headquarters.
12. Changes to this Information
This information may change. It is therefore advisable to regularly check this information and refer to the latest version.