Information on processing of personal data
Associazione Milano & Partners, with registered office in Milan, Piazza della Scala 2, VAT number 11016320969, as the data controller (hereinafter, "Holder"), Informs you pursuant to Regulation (EU) 2016/679 (" GDPR ") and the current national legislation on the protection of personal data that your data will be processed in the manner and for the following purposes.
- Subject of the processing
The Data Controller processes personal, identifying and non-particular / sensitive data (hereinafter,
"Personal data" or also "Data"), Communicated by you during your navigation on the website
www.conventionbureaumilano.com (afterwards, "Website"). Particularly:
-
navigation data, such as IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. This information is also collected through the cookies described
in the
Cookie Policy
of the website, to which reference is made.
- data collected through the cookies described in the Cookie Policy, to which reference should be made for more information;
- data provided by the user when filling in online forms, such as name, surname, e-mail address, telephone.
- Purpose and legal basis of the processing
Your Personal Data are processed, without your prior consent for the following purposes:
the execution of the contract and / or the fulfillment of pre-contractual commitments, in particular for:
- manage and maintain the Site and allow you to browse the Site;
- respond to requests sent to the Milano & Partners Association through the Data Controller's contacts on the Site;
the fulfillment by the Owner of legal obligations, such as:
- compliance with the obligations established by laws, regulations or national and community legislation or imposed by the competent authorities;
the pursuit of a legitimate interest of the Data Controller, in particular:
- prevent or discover fraudulent activities or abuses harmful to the Site, as well as exercise the rights of the Owner in court and the management of litigation: the interest of the Owner corresponds to the general legitimate, real and current interest in not suffering damage as a result of illegal conduct others, as well as the constitutionally guaranteed right of action (Article 24 of the Constitution) and, as such, is socially recognized as prevailing over the interests of the individual concerned;
- manage and maintain the Site: the interest of the Data Controller refers to the general interest of a company in guaranteeing business operations, also through the operation of the Site, and possible efficiency improvements in the service offered.
- Method of treatment
The processing of your Personal Data is carried out, both in paper and computerized form, by means of the operations of collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation. and data destruction.
Your personal data are subjected to electronic and possibly automated processing. Your personal data are protected in such a way as to minimize the risk of destruction, loss (including accidental loss), unauthorized access / use or use incompatible with the initial purpose of the collection. This is achieved with the technical and organizational security measures implemented by the Data Controller.
- Data Retention
The Data Controller processes the navigation data and the data collected through cookies for the time indicated in the
Cookie Policy.
Personal data conferred by filling in contact forms or by writing to the Controller's e-mail addresses present on the Site will be processed for the time necessary to process the request and in any case no later than 1 year from the conferment.
- Providing data
The provision of navigation data is, in general, necessary to allow you to browse the site. If you decide not to provide the data, we will not be able to guarantee navigation.
The provision of Data through the contact form in compulsory only for the Data indicates with "*". If you decide not to provide the Data, you cannot complete the operation.
- Access to Data
Your data may be made accessible for the aforementioned purposes to:
- employees and / or collaborators of the Data Controller, in their capacity as persons in charge of the processing and / or internal managers of the processing and / or system administrators;
- third parties (for example, IT suppliers, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
- Data Communication
Your data may be disclosed, even without your consent, to supervisory bodies, law enforcement agencies, judicial authorities and other competent authorities, upon their express request which will process them as independent data controllers for institutional purposes and / or in force of law in the course of investigations and checks. Your data may also be disclosed to third parties (for example, partners, freelancers, etc.), as independent data controllers, for the performance of activities instrumental to the aforementioned purposes.
- Data transfer
The data provided will not be transferred outside the territory of the European Union or the European economic area, with the exception of data processed through cookies, as reported in the
Cookie Policy.
- Rights of the interested party
The Data Controller informs you that, as an interested party, if the limitations provided for by law do not apply, you have the right to:
- obtain confirmation of the existence or not of your Personal Data, even if not yet registered, and that such data be made available to you in an intelligible form;
- obtain indication and, if necessary, a copy of: a) the origin and category of personal data; b) of the logic applied in case of treatment carried out with the aid of electronic instruments; c) the purposes and methods of the processing; d) the identity of the owner and managers; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them, in particular if they are recipients of third countries or international organizations; e) when possible, of the data retention period or the criteria used to determine this period;
- obtain, without undue delay, the updating and correction of inaccurate data or, when interested, the integration of incomplete data;
- withdraw consent at any time, if given in relation to processing having consent as a legal basis, easily, without impediments, using, if possible, the same channels used to provide them;
- obtain the cancellation, transformation into anonymous form or blocking of data: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of revocation of the consent on which the treatment is based and in case there is no other legal basis, d) if you have opposed the treatment and there is no legitimate overriding reason to continue the treatment; e) in case of fulfillment of a legal obligation; f) in the case of data referring to minors. The Data Controller may refuse cancellation only in the case of: a) exercise of the right to freedom of expression and information; b) fulfillment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in court;
- obtain the limitation of processing in the case of: a) dispute of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent its cancellation; c) exercise of your right in court; d) verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party;
- receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and legible format, the personal data concerning you to transmit them to another holder or - if technically feasible - to obtain direct transmission by the Data Controller to another owner;
- object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
- propose a complaint to the Personal Data Protection Authority.
In the cases mentioned above, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of the rights by you, with the exception of specific cases (eg when this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right).
- Transfer of data outside the European Union
The Data Controller generally does not transfer Personal Data outside the European Union. The servers used for the management and storage of Personal Data are located in Europe. However, some activities carried out (for example, periodic backups) can be managed by companies established outside the EU (point 2 of the table below), however able to offer guarantees in line with Privacy Shield agreements.
- How to exercise rights
You can exercise these rights at any time:
- by sending a registered letter to the address of the Data Controller;
-
by sending an email to info@yesmilano.it.
- Owner, data protection officer and data processor
The data controller is the Milano & Partners Association, with registered office in Piazza della Scala n. 2, 20121 Milan (MI), VAT number 11016320969.
The Data Controller has also appointed a Data Protection Officer (Data Protection Officer) who will monitor the measures taken to protect your data and who can be contacted by writing to dpo@yesmilano.it.
The updated list of data processors, data processors and system administrators is instead kept at the headquarters of the Data Controller.
Milan, 02/03/2022
Milan & Partners Association