A) Purpose of the processing
The Data Controller processes the personal, identification and non-sensitive data (e.g.: name, surname, company name, address, telephone, fax, e-mail - hereinafter, "personal data" or also "data") you provide when registering on the Data Controller's website www.italy.apave.com (hereinafter, "website"), when participating in opinion and satisfaction surveys, when filling in registration forms through the website for events or webinars organised by the Data Controller, when requesting clarifications/information or support requests online and when sending newsletters.
B) Purposes of processing
Your personal data are processed
1. without your express consent (art. 24 lett. a, b, c, Privacy Code and art. 6 lett. b, e, GDPR, for the following purposes:
- to manage and maintain the site;
- to allow you to benefit from the services you may have requested;
- to participate through the site in initiatives organised by the Data Controller;
- to process a contact request;
- to fulfil the obligations provided for by the law, by a regulation, by Community legislation or by an order of the Authority
- prevent or discover fraudulent activities or abuses harmful to the site;
- exercise the rights of the Data Controller in court.
In the above cases, the legal basis for the processing of your personal data is the performance of a contract with you or the provision of a service that you have specifically requested or the fulfilment of a legal obligation or the protection of our legitimate interests.
2. Only with your specific and distinct consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR), for the following other activities:
Sending you via e-mail opinion and approval surveys, newsletters and/or invitations to events or registering you for events to which the Data Controller is a party or which it organises.
C) Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n. 2 GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is processed both on paper and electronically and/or automatically.
D) Storage time of processed data
The Data Controller shall process personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Service Purposes.
E) Security measures
The Data Controller has adopted a wide variety of security measures to protect your data against the risk of loss, misuse or alteration. In particular: it has adopted the measures set out in Articles 32-34 of the Privacy Code and Article 32 GDPR; it uses data encryption technology and protected data transmission protocols.
F) Access to data
Your data may be made accessible for the purposes listed in points B.1 and B.2:
to employees and collaborators of the Data Controller, in their capacity as appointees and/or internal data processors;
to third party companies or other entities that perform outsourcing activities on behalf of the Controller, in their capacity as data processors.
G) Data communications
Without your express consent (ex. Art. 24 lett. a, b, d, Privacy Code and art. 6 lett. b and c, GDPR) the Controller may communicate your data for the purposes referred to in point B.1 to: Supervisory bodies, Judicial Authorities as well as to all other entities to which communication is mandatory by law for the fulfilment of the aforementioned purposes. Your data will not be disclosed.
H) Data transfer
The management and storage of personal data will take place in Europe, on servers located in Italy of the Data Controller and/or companies of the Apave Group and/or third party companies appointed and duly designated as Data Processors.
I) Nature of the provision of data and consequences of refusal to answer
The provision of data for the purposes set forth in point B.1 is mandatory. Without it, we will not be able to guarantee registration or the services of point B.1. The provision of data for the purposes of point B.2 is optional. You may therefore decide not to provide any data or to deny the possibility of processing data already provided: in this case, you will not be able to receive e-mail invitations to events, newsletters and opinion and satisfaction surveys. In any case, you will continue to be entitled to the services referred to in point B.1.
J) Rights of the data subject
In your capacity as data subject, you have the rights set forth in art. 7 Privacy Code and art. 15 GDPR and specifically the rights to:
1. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
2. to obtain indication of:
- the origin of the personal data
- the purposes and methods of the processing
- the logic applied in the event of processing carried out with the aid of electronic instruments;
- the identity of the data controller, data processors and the representative designated pursuant to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
- the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, managers or appointees;
- the updating, rectification or, when you are interested, the integration of data;
- the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- certification to the effect that the operations as per letters a and b have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
4. oppose, in whole or in part
- on legitimate grounds, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection;
- to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for the conception of market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. Please note that the data subject's right to object, as set out in point b above, for the purposes of direct marketing using automated methods is extended to traditional methods and that, in any case, the data subject may exercise his/her right to object in whole or in part. Therefore, you may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication. Where applicable, you also have the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Supervisory Authority.
K) How to exercise your rights
You may at any time exercise the rights referred to in point J above by sending
a registered letter with return receipt to: APAVE Italia CPM srl, Via Artigiani n. 63, 25040 - Bienno (BS);
an e-mail to the address: firstname.lastname@example.org.
a PEC to the address: email@example.com.
This site and the services of the Owner are not intended for minors under 18 years of age and the Owner does not intentionally collect personal information referring to minors. In the event that information on minors is involuntarily recorded, the Owner will delete it in a timely manner, at the request of users.
M) Data Controller, Data Processor and Persons in Charge
The Data Controller is APAVE Italia CPM srl, with registered office in: Via Artigiani n. 63, 25040 Bienno (BS), CF 01575040983, E-mail: firstname.lastname@example.org. The updated list of data processors and persons in charge of processing is kept at the Data Controller's head office.
N) Amendments to this informative note
Last updated on 11 June 2018.