This information is provided, pursuant to Article 13 GDPR 679/2016 - "European Regulation on Personal Data Protection", to non-members and non-volunteers of Aps Vajne.
Identity of the Data Controller
The Data Controller of any processing carried out by Aps Vajne with:
- registered office at Via Baldissero, 21 in Vidracco (TO);
- operational headquarters at Via Pramarzo, 3 in Baldissero canavese (TO) where secretarial activities and the organization and management of institutional and commercial activities are carried out;
- locations where the institutional and commercial activities of Aps Vajne are carried out, i.e., the places where events such as Rites, festivals, markets, shows, conventions, thematic meetings and other activities covered by the association's bylaws are organized;
is the President pro-tempore of Aps Vajne, as the legal representative.
The Data Controller guarantees the security, confidentiality and protection of the personal data in its possession, at any stage of the data processing process.
A Data Protection Officer has not been appointed.
Data Source.
The personal data processed are those provided by the data subject when:
◦ requests for information, including by e-mail, filling out contact forms on websites traceable to Aps Vajne or social-network;
◦ subscription to newsletters and registration to websites traceable to Aps Vajne;
◦ visits to association offices or as part of cultural, artistic events, performances, fairs, festivals, conventions, markets, etc;
◦ previous transactions.
Purposes of processing.
Personal data of data subjects are processed by A.p.s. Vajne to pursue the following purposes:
1) to forward to those who have expressed interest to join Aps Vajne, become a volunteer, benefit from services, participate in activities or events and the other proposed initiatives, communications of various kinds and by different means of communication (telephone, cell phone, email, social networks, etc.);
2) promote the activities, initiatives, products and services of Aps Vajne and its members;
3) to make requests or process requests received;
4) exchange information aimed at the execution of business transactions or contractual relationships of various kinds, including pre- and post-contractual activities;
5) Carry out operations necessary for the fulfillment of orders and other requests;
6) carry out information and awareness campaigns.
Legal basis for processing
The legal basis legitimizing the processing is:
- Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the same, for the purposes referred to in points 1), 4) and 5);
- pursuit of the legitimate interest of the Data Controller in the processing, for the purposes referred to in points 1) when it does not fall under the previous point, 2), 3) and 6).
Recipients of the data
The personal data processed by the Data Controller will not be disseminated, i.e. they will not be given to unspecified subjects, in any possible form, including making them available or mere consultation. They may, however, be communicated to workers (employees, collaborators or volunteers) who collaborate with Aps Vajne, entrusted with the processing by the Owner. They may also be communicated, to the extent strictly necessary, to subjects who, for the purpose of processing requests or services related to institutional or commercial activities, must provide goods and/or perform services or services on assignment. Finally, they may be communicated to subjects entitled to access them by virtue of provisions of the law, regulations, and EU regulations.
In particular, on the basis of the roles and work duties performed, some workers (employees, collaborators or volunteers) have been legitimized to process personal data, within the limits of their skills and in accordance with the instructions given to them by the Data Controller.
Examples include but are not limited to:
- professionals, or service companies, for the administration and management of the association to which they have been entrusted or mandated to operate;
- Rspp in fulfillment of occupational health and safety obligations;
- insurance companies and credit institutions.
Data Transfer
Where the Data Controller transfers personal data to third countries or to international organizations, as part of the above purposes, you will be informed whether or not there is an EU Commission adequacy decision.
The Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 GDPR 679/16.
Data Retention.
The Data Controller will retain and process personal data for the time necessary to fulfill the stated purposes. Thereafter, personal data will be retained, and not further processed, for the time stipulated by the current civil and tax regulations.
Rights of the data subject
With reference to Art. 7 of Legislative Decree 196/2003 and Art. 15 - right of access, 16 - right to rectification, 17 - right to erasure, 18 - right to restriction of processing, 20 - right to portability, 21 - right to object, 22 - right to object to automated decision making of the GDPR 679/16, the data subject may exercise his/her rights by writing to Aps Vajne at the above address, or by email to apsvajne@damanhur.org specifying the subject of his/her request, the right he/she intends to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.
Revocation of consent
With reference to Article 6 paragraph 1 letter b of GDPR 679/16, the data subject may revoke any consent given at any time.
However, the processing that is the subject of this notice is lawful and permitted, even in the absence of consent, insofar as it is necessary for the performance of a contract to which the data subject is a party (the association relationship) or for the fulfillment of his/her requests or the pursuit of the legitimate interest of the Data Controller in the processing.
Proposition of complaint
The data subject has the right to lodge a complaint with the supervisory authority of the state of residence.
Refusal to provide data
Data subjects who make purchases of products or services cannot refuse to provide personal data necessary to comply with legal regulations governing commercial transactions and taxation.
The provision of additional personal data from them may be necessary to improve the quality and efficiency of the transaction.
Therefore, refusal to provide the data required by Law will prevent the fulfillment of orders; while the provision of additional data may affect all or part of the fulfillment of other requests and the quality and efficiency of the transaction itself.
Automated decision-making processes
The Data Controller does not carry out processing that consists of automated decision-making processes on the data of data subjects.
