Q&A Privacy

Information Notice pursuant to Italian Legislative Decree no. 196/2003

Pursuant to and for the purposes of Italian Legislative Decree dated 30 June 2003, no. 196 (Personal Data Protection Code), we hereby inform you that the personal data provided voluntarily by you to Associazione Italiana per la Sicurezza Informatica (hereafter also “CLUSIT”) and Associazione Utilizzatori Sistemi E tecnologie  dell’informazione (hereafter also “AUSED”) will be subject to processing in compliance with existing regulations in relation to personal data protection.

1. Processing purposes
The personal data (only e-mail) provided by you to CLUSIT and AUSED (hereafter also “Joint Controllers”) may be used to allow the inclusion of questions in the section ” Question & Answer ” of the website.
Personal data processing for the purpose identified above does not require your consent in accordance with article 24, paragraph 1 of the Italian Legislative Decree no. 196/2003.
2. Processing Methods
The processing of your personal data will be performed using appropriate paper, electronic and/or computer tools with logic strictly related to the purposes set out above and, in any case, so as to ensure the data is kept secure and confidential.

3. Provision of data and consequences of any refusal
With reference to the purposes set out at point 1 the provision of your personal data is necessary.
Any refusal by you and/or provision of inaccurate and/or incomplete data may prevent you from registering on the website.

4. Communication of data and its transfer abroad
Persons in charge of the processing and data processors – internal and/or external – appointed by Joint Controllers may come to know of your personal data.
Your personal data may be communicated to any individuals or entities that provide to the Joint Controllers performances or services instrumental to the purposes identified at point 1 above (such as, merely by way of example, suppliers, contractors, subcontractors, partners of Joint Controllers) who perform on behalf of Joint Controllers the management and/or maintenance of internet websites and electronic and/or computer tools;
The list identifying them is constantly updated and is available upon request by sending a letter to: AUSED e-mail: infoprivacy@blog.europrivacy.org

Your personal data may also be communicated also to any other entity to which the data must be communicated on the basis of an express legal requirement.

5. Dissemination of data
Your personal data will not be subject to dissemination.

6. Rights of the data subject
In relation to the aforementioned processing, you may exercise the rights set out by Art. 7 of the Italian Legislative Decree 30 June 2003, no. 196 which, for your convenience, we reproduce in full at the bottom of this information notice.
In particular you have the right to object, in whole or in part to the processing of personal data concerning you, where it is carried out for the purpose of sending advertising materials or direct selling or commercial communication or else for the performance of market surveys performed through automated (e-mail) contact means.

7. Data Controller and Data processor
The Data Controller are:
* Associazione Italiana per la Sicurezza Informatica., with registered headquarters in Milan, Via Comelico 39, 20135 MILANO Italy
* Associazione Utilizzatori Sistemi E tecnologie Dell’informazione, with registered headquarters in Milan, Viale Umbria, 49 20135 – Milano

It is the responsibility of Joint Controllers to deal with any request from the data subject in relation to exercising the rights identified above; any request relating to personal data processed by Joint Controllers should therefore be sent by writing to: AUSED – email; or by telephoning no +39 025464747

Art. 7 Italian Legislative Decree no. 196/2003. Rights Granted to You.
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed:
a. of the source of the personal data;
b. of the purposes and methods of processing;
c. of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d. of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
e. of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. A data subject shall have the right to obtain:
a. updating, rectification or, where interested therein, integration of the data;
b. erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part,
a. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b. to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or commercial communication or else for the performance of market surveys.

Last updated: November 2015