INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO EU REGULATION 2016/679
Giubilesi & Associati Srl, with legal headquarters at Via Rosa Massara de Capitani, 14 – 20158 Milan (MI), Tax ID/VAT number 13193430157, as the data controller (hereinafter, the “Controller“), informs you pursuant to EU Regulation 2016/679 on Personal Data Protection (hereinafter “GDPR“), that your data will be processed in the following ways and for the following purposes:
Subject of Processing
The Controller processes personal, identifying, and non-special category data (including but not limited to: name, surname, company name, address, telephone number, email), hereinafter “personal data” or simply “data,” that you provide when registering on the Controller’s website, www.giubilesiassociati.com (hereinafter the “Website“), when filling out registration forms for events organized by the Controller, when submitting online requests for clarification or support, when subscribing to newsletters, and when submitting job applications and CVs.
Finalità del trattamento: Purposes of Processing
Your personal data is processed:
A) without your explicit consent for the following service purposes:
- managing and maintaining the website;
- allowing you to use any services you may have requested;
- allowing you to participate in initiatives organized by the Controller through the website (e.g., events);
- processing a contact request;
- fulfilling obligations required by law, regulations, EU legislation, or an order from an Authority;
- preventing or detecting fraudulent activities or harmful abuse of the website;
- exercising the Controller’s rights, for example, in court.
B) Only with your specific and separate consent for the following other purposes:
- sending you newsletters and/or invitations to events via email, opinion polls, and satisfaction surveys, or registering you for events where the Controller is a partner or organizer.
Methods and duration of processing
The processing of your personal data is carried out by means of the operations indicated in Art. 4 of the GDPR and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is subject to both paper and electronic processing, through the use of a website hosted on a Cloud managed within the European Union. The Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 5 years for service purposes and no more than 2 years from the data collection for the other purposes.
Security
The Controller has adopted a wide variety of security measures to protect your data against the risk of loss, misuse, or alteration. In particular, it has adopted the measures referred to in Articles 32-34 of the Privacy Code and Article 32 of the GDPR; it also uses data encryption technology.
Access to data
Your data may be made accessible for the purposes referred to in articles 2.A) and 2.B):
- to employees and collaborators of the Controller, in their capacity as data processors and/or System Administrators;
Transfer of Processed Data
Please be informed that the data of the data subject and information related to their activities will not be transferred to third parties.
Nature of data provision and consequences of refusal to respond
The provision of data for the purposes outlined in **Article 2.A)** is **mandatory**. Without this data, we cannot guarantee your registration on the website or the services mentioned in Article 2.A).
The provision of data for the purposes in **Article 2.B)** is **optional**. You can choose not to provide any data or to subsequently deny the ability to process data you’ve already provided. In that case, you will not receive event invitations, newsletters, or opinion and satisfaction surveys via email. You will, however, still be entitled to the services mentioned in Article 2.A).
Rights of the Data Subject
In your capacity as a data subject, you have the rights outlined in Article 15 of the GDPR, specifically the rights to:
- Access: The right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access that data in accordance with Art. 15 of GDPR 2016/679.
- Rectification: The right to obtain the rectification of inaccurate personal data concerning you without undue delay, in accordance with Art. 16 of GDPR 2016/679.
- Erasure (“Right to be Forgotten”): The right to obtain the erasure of data concerning you without undue delay, in accordance with Art. 17 of GDPR 2016/679.
- Restriction of Processing: The right to obtain restriction of processing in accordance with Art. 18 of GDPR 2016/679.
- Complaint to a Supervisory Authority: The right to lodge a complaint with the Data Protection Authority for any alleged violation of the regulation, in accordance with Art. 77 of GDPR 2016/679.
- Data Portability: The right to receive personal data concerning you, if the data processing is automated, in a structured, commonly used, and machine-readable format, in accordance with Art. 20 of GDPR 2016/679.
- Objection: The right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, in accordance with Arts. 21 and 22 of the GDPR.
How to Exercise Your Rights
You can exercise these rights at any time by sending an email to info@giubilesiassociati.it
Changes to this Privacy Policy
This Privacy Policy may be subject to changes. We therefore recommend that you check this Policy regularly and refer to the most up-to-date version.