Information on Regulation (EU) no. 679/2016 ("GDPR")
AICUN, the Italian Association of University Communicators (hereinafter "AICUN"), protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. As required by the European Union Regulation no. 679/2016 ("GDPR") - and in particular in Article 13 - the information required by law related to the processing of personal data is provided below.
SECTION I - Who we are and what data we process (Article 13, paragraph 1 letter a; Article 15, letter b "GDPR")
"AICUN" based in Milan, Piazzale Luigi Cadorna, 10, operates as Data Controller and can be contacted at privacy@aicun.it and collects and / or receives information concerning the interested party, such as:
• personal data: name, surname, private address, province and municipality of residence, landline and / or mobile phone, tax code, VAT number, email addresses;
• photographs, CV, professional profile;
• telematic traffic data: log file, IP address of origin.
"AICUN" does not require the interested party to provide "particular" data, or, according to the provisions of the "GDPR" (Article 9), personal data revealing racial or ethnic origin, political opinions, religious beliefs or philosophical, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data related to the health or sexual life or sexual orientation of the person.
The owner has appointed a Data Protection Officer (DPO) who can be contacted for any information or request by writing to privacy@aicun.it.
SECTION II - Purpose of the data subject's data (Article 13, 1st paragraph "GDPR")
The data are used by the Data Controller to follow up on the request for registration to "AICUN", the newsletter, training courses, events and activities organized by the Association and for the related promotion, including online, to contact interested parties to carry out studies and research promoted by the Association or its partners, to fulfill the legal and regulatory obligations to which the Data Controller is required in relation to the activity exercised. In no case does "AICUN" resell or transfer the personal data of the interested party to third parties or use them for undeclared purposes.
a) Registration with the "AICUN" Association, the newsletter, training courses, events and activities organised by the Association and related promotion, including online activities
The registration to the Association and to all the activities offered to the members takes place through the MyAICUN. All members can login using the username and password they create opening the account on MyAICUN or through the credentials they use to login in the IT system of their university, if their universities are members of IDEM.
When access is via the University credentials, the information returned is the confirmation of the validity of the user's institutional e-mail, which for MyAICUN constitutes the username, as well as the user's name and surname.
The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the request for registration, to the management of requests for information and contact and / or to promote training courses / conferences / events, as well as for the fulfillment of any other obligation arising. The legal basis of these treatments is the fulfillment of the services related to the request for registration, information and compliance with legal obligations.
b) Management of the contractual relationship
The processing of the data subject's personal data takes place to carry out the preliminary activities and consequent to enrollment in training courses, the production of attendance certificates and / or justifies attendance and the shipment of the certificates; the related invoicing and payment management, as well as the fulfillment of any other obligation arising from the contract. The legal basis of these treatments is the fulfillment of the services inherent to the contractual relationship and compliance with legal obligations.
c) Promotional activities
The data controller, even without explicit consent, may use the contact details provided by the interested party with the purpose of promoting training courses / conferences / events, unless the interested party explicitly objects. The personal data of the interested party may also be processed for studies and research promoted by the "AICUN" Association. This processing can take place, in an automated way, by email and can be carried out if the interested party has not revoked his consent for the use of the data.
d) IT security
The data controller processes, also through its suppliers (third parties and / or recipients), the personal data of the interested party relating to traffic to an extent strictly necessary and proportionate to guarantee the security of networks and information, i.e. of a network. or an information system capable of withstanding, at a given level of security, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. The Data Controller will inform the interested parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to notifications of violation of personal data.
e) Profiling
This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, addresses in Uniform Resource Identifier (URI) notation. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes involving personal data.
Communication to third parties (Article 13, 1st paragraph "GDPR")
The communication of the personal data of the interested party takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities inherent to the relationship established and to respond to certain legal obligations, such as:
- Credit institutions and digital payment, banking / postal institutions Management of collections, payments or any refunds
- Professionals / Accountant Fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery
- Subjects formally delegated or with recognized legal title Legal representatives, delegates regional, guardians, curators etc.
SECTION III - The data, their storage and the rights of the interested party
What happens if the interested party does not provide his identification data as necessary for the performance of the requested service? (Article 13, paragraph 2, letter and "GDPR")
If the interested party does not provide the personal data expressly provided as necessary in the order form or the registration form, the Data Controller will not be able to process the processing related to the management of the requested services and / or the contract connected to them, nor to the obligations that depend on them.
How and where we process the data of the interested party (Article 32 "GDPR")
The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the data subject's personal data and imposes similar security measures on third party suppliers and Managers. The personal data of the interested party are stored in paper, computerized and telematic archives located in Italy, a country in which the "GDPR" (EU countries) is applied.
How long are the data of the interested party kept? (Article 13, paragraph 2, letter a "GDPR")
Unless they explicitly express their will to remove them, the personal data of the interested party will be kept as long as they are necessary with respect to the legitimate purposes for which they were collected. In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless the consent given is revoked. Regardless of the determination of the interested party to remove them, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) that remain even after the termination of the contract (Article 2220 of the Italian Civil Code); for these purposes, the Data Controller will only keep the data necessary for its continuation. The cases in which the rights deriving from the contract and / or from the registration in the registry are valid, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time indispensable to their continuation.
What are the rights of the interested party? (articles 15 - 20 "GDPR")
The interested party has the right to obtain from the Data Controller the following:
a) confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data to the following information:
1. the purposes of the processing;
2. the categories of personal data in question;
3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
4. when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
5. the existence of the right of the interested party to ask the Data Controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the interested party, all available information on their origins;
8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
b) The right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others. In the event of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs.
c) The right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay.
d) The right to obtain from the data controller the deletion of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by the law are always present; and in any case if the processing is not justified by another equally legitimate reason.
e) The right to obtain from the data controller the limitation of processing, in the cases provided for by art. 18 of the "GDPR", for example where you have contested its accuracy, for the period necessary for the Owner to verify its accuracy. The interested party must be informed, in a reasonable time, also of when the suspension period has been completed or the cause of the limitation of the processing has ceased, and therefore the limitation itself has been revoked.
f) The right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort.
g) The right to receive personal data concerning him in a structured format, commonly used and readable by an automatic device and the right to transmit such data to another data controller without impediments by the data controller to whom he provided them , in the cases provided for by art. 20 of the "GDPR", and the right to obtain the direct transmission of personal data from one data controller to the other, if technically feasible.
For any further information and in any case to send your request, you must contact the Data Controller at privacy@aicun.it.
In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.
How and when can the interested party oppose the processing of their personal data? (Art. 21 "GDPR")
For reasons relating to the particular situation of the interested party, the same may object at any time to the processing of his personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller at the address privacy@aicun.it.
The interested party has the right to have their personal data deleted if there is no legitimate overriding reason of the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.
Who can the interested party lodge a complaint with? (Art. 15 "GDPR")
Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one that carries out its duties and exercises its powers. in the Member State where the violation of the "GDPR" took place.
updated November 10, 2021