Dear member or aspiring member,
Pursuant to art. 13 and 14 of EU regulation 2016/679 on personal data protection (“GDPR”) we would like to inform you of the following.
Purposes of processing and legal basis. The Association processes your personal data exclusively to perform its institutional activity, specifically:
- to manage the associative relationship (to send correspondence, convene meetings, complete internal administrative procedures) and for the organisation and delivery of the service;
- to fulfil legal obligations (e.g. tax, insurance, etc.) in relation to the members of the Association;
- to send (via mail, e-mail, newsletter or cell phone number or other electronic means) correspondence related to the activities and initiatives of the Association;
- in relation to the images/videos, to post them on the Association’s website, on the Association’s social network or on newsletters or printed material promoting the institutional activities of the Association with your explicit prior consent;
- in relation to your personal photo, to put it on your I.D. badge;
- for the participation of members in courses, seminars and initiatives and to organise and manage courses;
- for statistical analyses, also in aggregate form;
The legal basis of processing is represented by the request to agree to the associative contract (art. 6 paragraph 1 lett. b GDPR), by consent to processing (art. 6 paragraph 1 lett. a – art. 9 paragraph 2 lett. a GDPR), by regular contracts with the Association (art. 9 paragraph 2 lett. d GDPR), by the Association’s legal obligations (art. 6 paragraph 1 lett. c GDPR).
Processing method and principles. Processing is conducted in compliance with the GDPR and Lgs.D. No. 196/03 (“Personal Data Protection Code”), as well as the principles of lawfulness, fairness and transparency, adequacy and pertinence, through printed and electronic means, by people authorised by the Association and implementing adequate protection measures, so as to guarantee the security and confidentiality of the data. No automated decision-making process shall be carried out.
Requirement to provide data. Demographic and contact data is necessary when strictly linked to managing the associative relationship. Consent to the use of images/videos and sharing the data on the institutional website and in the other manners described above is optional. Communicating data and transferring data abroad. Data can be sent to other members for the purposes of the organisation and to perform the service. The data can be shared with subjects appointed to perform the activity that the Association is required to complete by law (accountant, insurance agent, IT tech, etc.) and with all of those persons, natural and/or legal, public and/or private when communication is necessary or functional to performing the institutional activity (instructors, Local Bodies, computer maintenance companies, course-organising companies, etc.). The data can be transferred to receivers located outside of the EU who have signed direct agreements to ensure a suitable protection level of the personal data, or nevertheless upon ensuring that the receiver guarantees adequate protection measures. Where necessary or due, the subjects being sent the data to perform activities on behalf of the Association will be called Data Processors (external) pursuant to art. 28 of the GDPR.
Data retention period. The data will be used by the Association until the associative relationship ceases. After that date, the data will be retained for archive purposes, legal or accounting or tax purposes or for reasons safeguarding the Association, with the exclusion of communication to third parties and disclosure in any case applying the principles of proportionality and minimisation.
Data subject’s rights. As the data subject, all of the rights specified in art. 15 - 20 GDPR are guaranteed, including the right to access, rectification and erasure of your data, the right to limitation and objection to processing, the right to withdraw consent to processing (without prejudice to the lawfulness of processing based on consent acquired prior to withdrawal), as well as lodge a complaint with the Personal Data Protection Authority if you believe that the processing of your data violates the GDPR or Italian regulation. The aforementioned rights can be exercised in writing through e-mail, certified e-mail or fax, or by Registered Mail to the address of the Association.
Data controller. The data controller is the “le Olivastre” association, with address in Passignano sul Trasimeno, tel. 075-8296432 – e-mail info@leolivastre.org