In relation to the provisions of the EU Reg. 2016/679 (European Regulation for the protection of personal data) we hereby communicate the necessary information regarding the processing of provided personal data.
This information is provided pursuant to art. 13 of EU Reg. 2016/679 (European Regulation for the protection of personal data) and pursuant to art. 13 D.Lgs. 30.6.2003 n. 196 (Privacy Code).
For further information: European Commission - Data Protection.
Pursuant to articles 4 and 24 of EU Reg. 2016/679 the holder of the treatment is the Association: Circolo Ricreativo Culturale Tassisti Genovesi.
All members who are actively involved in the management and our employees have been informed and comply with these rules and regulations.
The holder of the treatment processes the personal identification data (for example, name, surname, company name, address, telephone, e-mail, bank and payment details), communicated by the interested party on the occasion of joining the association, registration on the association's website and in carrying out the managing, administrative, financial and accounting activities of the association.
Furthermore, the computer systems and software procedures used to operate the association's website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication.
This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, can allow users identification.
This category of data includes IP addresses, identifiers of mobile devices, operating system, browser type or other software, hardware details; or other technical details provided by your web browser, etc.
The personal data provided will be processed in compliance with the conditions of lawfulness pursuant to art. 6 lett. b of the EU Reg. 2016/679, or for the adhesion and participation in the association and the carrying out of the activities proposed in favour of the members, and in particular:
- registration in the members register;
- participation in the life of the association;
- information on the activities and other proposed initiatives;
- possible filling of data collection form for sending an information request to the data holder of the treatment;
- other activities related to the use of the association's website.
- fulfil the contractual obligations of law and administrative-accounting procedures. For the purposes of the application of the provisions regarding the protection of personal data, the processing carried out for administrative-accounting purposes are those related to the performance of organisation activities, administrative, financial and accounting nature, regardless of the nature of the data processed;
- fulfil the obligations established by law, by a regulation, by EU legislation or by an order of the Authority (such as for anti-money laundering);
- exercise the rights of the holder, for example, the right to defence in court;
The personal data provided may be disclosed to recipients, named ex art. 28 of EU Reg. 2016/679, which will process the data as managers and/or as individuals acting under the authority of the Data Holder and the Data Processor in charge, in order to comply with the contracts or related purposes. Precisely, the data may be disclosed to recipients belonging to the following categories:
- subjects that provide services for the management of the IT system and of the communication networks of the Data Holder;
- consulting firm or companies in the context of assistance and consultancy relationships;
- competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request;
The subjects belonging to the aforesaid categories perform the function of Data Processing individual in charge or operate in complete autonomy as separate Data Holders.
Personal data provided by the data subject may be transferred abroad within or outside the European Union to subjects who provide services for the management of the information system and of the communication networks of the Data Holder and in any case to subjects that are compliant in the management of such data according to the regulation in question (EU Reg. 2016/679).
The processing of personal data of the interested party is carried out by means of the operations indicated in art. 4 n. 2) GDPR of EU Reg. 2016/679 and precisely: collection, registration, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and/or automated processing.
All information that is collected and processed is stored on secure servers of trusted partners who adopt rigorous technological and procedural measures to keep the data secure. Furthermore, always for security reasons, archives are backed up. These backups are stored on separate and secure servers.
The treatment will be carried out in an automated and/or manual way, with methods and instruments aimed at guaranteeing maximum security and confidentiality, by individuals specifically appointed to do so.
In compliance with the provisions of art. 5 paragraph 1 letter e) of Reg. UE 2016/679 the personal data collected will be stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.
The provision of personal data for the purposes referred to in paragraph 3 of this information document is necessary to follow up the membership of the association, registration on the association's website and the managing, administrative, financial and accounting activities of the association. Failure to provide personal data may make it impossible to obtain such membership.
The interested subject has the right at any time to:
- obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form;
- obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the holder, the individuals in charge and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Law and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;
- obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfilment is it proved impossible or involves a use of means clearly disproportionate to the protected right;
- to block, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail.
Where applicable, the interested party also has the rights set forth in articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition),
Without prejudice to any other administrative and judicial appeal, if the data subject considers that the processing of data concerning him/her violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, has the right to lodge a complaint with the Guarantor for the protection of personal data and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), has the right to revoke the consent given at any time.
In the case of a request for data portability by the data subject, the Data Holder will provide personal data concerning him in a common and legible format, without prejudice to paragraphs 3 and 4 of the art. 20 of the EU Reg. 2016/679.
This policy on personal data treatment may be subject to changes for legal reasons or to reflect changes in our services. If and when this happens, you will be notified by email.