INFORMATION CONCERNING PERSONAL DATA PROCESSING
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Dear member, within the meaning and for the purposes of the General Data Protection Regulation of the EU (GDPR 2016/679, art. 13 and 14), we inform you that:
- Data processing. Personal data provided on a voluntary basis will be subject to processing in compliance with current legislation in the field of personal data protection, given the EU Regulation, and with due regard for the principles of lawfulness, correctness and transparency, being the basis of LIMAV activities for the rights and obligations of the consequent law.
- Controllers. The data processing controller is LIMAV, its registered office being in Milan, at 11, G.B. Brocchi Street.
- Processing responsible. The responsible for processing is LIMAV.
- Purpose of the processing. Data processing is merely intended for a correct and complete conduct of the institutional activity and for the management of the associative relation, and in particular for:
- The traceability and the correspondence of members and volunteers and for the convening of assemblies;
- Membership payment, donations and insurance obligations;
- Any institutional communications to be sent by email or regular and/or registered mail;
- Information and sensitization campaigns on issues relating to the association;
- Petitions to be showed to institutions and aiming to achieve the goals of the association.
Data is going to be processed with paper and computerized forms.
- Recipients or categories of recipients of personal data. The data provided could be communicated to third parties for the sole purpose of a correct completion of institutional activities (bank details and/or credit cards to banks and/or credit institutions for membership payments and/or donations, lists to collaborators to send membership cards, the association’s information or to organize and coordinate specific initiatives promoted to raise awareness of the activities of the association) or in fulfilment of specific law obligations and, in particular, of competent authorities (Authority for Public Security, Judicial Authority or other competent institutions).
- Data conservation period. The conservation of provided personal data will take place for the full duration of the subscription to the association and it is in line with the relations with the association itself and for a period of no longer than the achievement of the purpose for which data has been collected, taking into account the law prescriptions.
- Data transferring obligation. The transfer of demanded data is mandatory for the purpose of the realization of associative activity, for the management of the associative relation and for the fulfilment of law obligations. The rejection by the person concerned to provide such data will lead to the impossibility of conducting the requested activity.
- Rights of the concerned person. In relation to data that is subject to processing, the person concerned is at any time granted the right of: Withdrawal of consensus at any time (art. 7, par. 3 EU Regulation 2016/679 – GDPR); Access (art. 15 GDPR); Amendment (art. 16 GDPR); Cancellation (art. 17 GDPR); Limitation (art. 18 GDPR); Notification (art. 19 GDPR); Portability (art. 20 GDPR); Opposition to processing (art. 21 GDPR); Suggest a complaint to the supervisory authority (art. 77 GDPR); Suggest an effective judicial remedy (art. 79 GDPR); Obtain compensation for damage (art. 82 GDPR).
For further information or to exercise the above-mentioned rights, you can address LIMAV via a written communication to be sent by certified mail to the following address: firstname.lastname@example.org or as a registered v.v mail to the following address: LIMAV – Via G.B. Brocchi 11 – 20131 Milan (Italy).
The holder and responsible for the processing implement all the measures to guarantee a security level adequate to the risk (art. 32 GDPR) and in case of violation of personal data, notify the violation to the supervising authority (art. 33 GDPR).