Privacy Policy

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH AND FOR THE EFFECTS OF ART. 13 of the EU Regulation 2016/679 (GDPR)

Personal Data are defined by art. 4 n. 1) of the GDPR as “any information concerning an identified or identifiable natural person (Interested); the natural person who can be identified is considered identifiable, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an identifier online or to one or more characteristic elements of his physical identity, physiological, genetics, psychic, economic, cultural or social ” (hereinafter the "Personal Data").

This Privacy Policy explains how we collect, we use and protect the Personal Data of all users (the "Users" or "Interested") who access the Website https://www.upprivacy.org (hereinafter the "Site").

The processing of Personal Data will be based on lawfulness, correctness, transparency, purpose limitation, Data minimization, accuracy, limitation of conservation, integrity, confidentiality and accountability according to the general principles defined by art. 5 GDPR.

  1. Holder of the treatment

The data controller is the U.P.P.. - PRIVACY PROFESSIONAL UNION - ETS - C.F.. 96492990583, in the person of its pro tempore legal representative, based in Via Flavia n. 47, 00187 Roma (RM), email info@upprivacy.org (hereinafter also only the "Owner" or the "Association").

  1. Personal data being processed

We collect Personal Data when Users browse the Site and when they use the services therein such as sending a contact request, subscribing to the newsletter or sending the registration request to the Association.

In particular, among the Personal Data collected, there are Personal Data provided voluntarily by Users and Site usage data collected automatically.

The Personal Data provided voluntarily by Users include:

  • Personal Data provided to send the online application for membership of the Association and to manage the same registration with U.P.P. (Name, surname, e-mail, telephone number, date of birth, birth place, fiscal Code, profession, address, City of residence).
  • Personal Data relating to the processing of the payment of the membership fee or renewal of the Association.
  • The e-mail address to respond to User requests and receive our newsletter.

Personal Data collected automatically includes:

  • Personal Data derived from the use of the Site each time Users interact with it such as the IP address used to connect to the Internet with the computer or mobile phone, information such as internet connection, the type of browser, the version, the operating system and device type.
  • Personal Data derived from "Cookies" or other tracking tools: the owner uses its own cookies and those of third parties to make navigation easier for its users, for statistical and profiling purposes (please read our Cookie Policy).
  1. Purpose of the processing and legal basis

Personal Data are processed by the Data Controller for the following purposes.

  1. Pre-contractual and contractual purposes for fulfilling requests for membership or renewal of membership in the Association. The legal basis of this treatment is constituted by art. 6 through. 1 became. b) GDPR, pursuant to which the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same.
  2. Purpose of fulfilling legal obligations, by EU regulations or legislation such as, for example, obligations under administrative legislation, accounting and tax. The processing of Personal Data for this purpose finds its legal basis in’ art. 6 through. 1 became. c) GDPR, pursuant to which the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
  3. Purpose of defense in court of a right or interest of the Data Controller before any competent authority or body. The processing of Personal Data for this purpose finds its legal basis in art. 6 through. 1 became. f) of the GDPR for which the processing is necessary for the pursuit of the legitimate interest of the Data Controller.
  4. Purpose of subscription and management of the newsletter for those who explicitly request it by entering their e-mail address in the appropriate data collection form. This service consists in sending, by e-mail, communications of an informative nature relating to initiatives, articles, regulatory updates regarding the Association's scope of activity. The processing of Personal Data for this purpose finds its legal basis in’ art. 6 became. a) GDPR, pursuant to which "the interested party has given consent to the processing of their personal data for one or more specific purposes" and is therefore based on consent.
  1. Recipients and any categories of recipients of Personal Data

The Personal Data provided by the User may be disclosed by the Owner to the categories of recipients indicated below. The subjects to whom the Data Controller communicates the Data act, according to the legal requirements, as independent owners when they determine the purposes and means of the processing, data processors pursuant to art. 28 GDPR when processing Personal Data on behalf of the Data Controller or subjects authorized for processing pursuant to art. 29 GDPR when they act within the structure under the control and direction of the Data Controller.

Personal Data may be shared with the following subjects.

  1. Subjects who provide functional activities for the management and implementation of the Association's institutional services.
  2. Subjects who collaborate in various ways with the Data Controller, for carrying out administration activities, accounting and IT support.
  3. Society, consultants or professionals possibly in charge of the installation, maintenance, of the update and, in general, the management of the Controller's hardware and software.
  4. All those subjects, including public authorities, who have access to the Data by virtue of regulatory or administrative provisions.

In any case, Personal Data will be disclosed only to subjects who are committed to confidentiality or have an adequate legal obligation of confidentiality.. Personal data will not be disseminated.

  1. Data retention period

Personal Data are kept only for the period necessary for the purpose for which they are processed or within the terms established by law, applicable national and community rules and regulations.

For the pursuit of the purposes referred to in art. 3 became. a), b) and c) Personal Data may be kept for the entire duration of the contractual relationship with the Association as well as for subsequent ones 10 years in order to verify any pending and to comply with any legal obligation.

In relation to the purposes referred to in art. 3 became. d) the data collected will be kept until the Customer requests to revoke his subscription from the newsletter service by means of a communication to be sent to the e-mail address info@upprivacy.org or directly upon receipt of the newsletter using the cancellation command inserted in the e-mails received.

  1. Transfer of Personal Data outside the European Union

The Personal Data collected will not be transferred to countries outside the European Union. Any transfer of the User's Personal Data to countries located outside the European Union will take place, anyhow, in compliance with the appropriate and appropriate guarantees for the purposes of the transfer itself pursuant to the applicable legislation and in particular in compliance with the general principle for the transfer referred to in art. 44 GDPR, of the existence of an adequacy decision by the European Commission pursuant to art. 45 GDPR, adequate guarantees pursuant to art. 46 GDPR – including the standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in the article 93, paragraph 2 GDPR – and in the presence of one of the specific situations of exception referred to in art. 49 GDPR including explicit consent to the transfer by the interested party.

  1. Consequences of failure to communicate Personal Data

For the pursuit of the purposes referred to in art. 3 became. a), b), and c) the Owner is under no obligation to acquire specific consent to the processing of User Data. Where the interested party does not intend to provide the Personal Data requested on the basis of the foregoing, being the provision of Personal Data necessary for everything required by legal and / or contractual obligations, the consequence would be that of the impossibility of proceeding with the requests received from the interested parties.

For the pursuit of the purpose of sending the newsletter, the processing is based on the User's consent. The User always has the right to withdraw consent at any time to no longer receive the newsletter sent by the Data Controller by writing to the following e-mail address info@upprivacy.org or requesting cancellation upon receipt of the newsletter using the cancellation command entered. in the e-mails received without prejudice to the lawfulness of the processing based on the consent given before the revocation. Where the User does not intend to provide the Personal Data and issue the consent required based on the foregoing, being the provision of Personal Data necessary for the aforementioned purpose, any refusal to provide them will make it impossible to send the newsletter.

  1. Methods of processing

The processing of Personal Data is carried out using paper tools, IT and / or telematics, with organizational methods and with logic strictly related to the purposes indicated.

The Data Controller undertakes to use adequate security measures in order to minimize the risks of loss or destruction of the Data, of unauthorized access or unauthorized processing without however being able to guarantee that the measures adopted exclude any risk of unauthorized access or dissemination of the Data. Users are therefore advised to use appropriate security precautions such as access points equipped with anti-virus software or systems for protected browsing on the network..

  1. Data rights

Pursuant to art. 15 e ss. of the REG. ME 2016/679 the Customer can exercise the following rights: (1) request access to their Personal Data pursuant to art. 15 GDPR, (2) obtain the correction and / or integration of the Data pursuant to art. 16 GDPR, (3) request and obtain the deletion of data pursuant to and within the limits of art. 17 of the GDPR unless one of the exceptions referred to in paragraph 3 of the same art. 17, (4) request and obtain the limitation of processing pursuant to art. 18 GDPR, (5) obtain data portability pursuant to and within the limits of art. 19 of the GDPR which allows the User to receive the Personal Data provided to the Owner in a structured format, commonly used and readable by an automatic device e – under certain conditions – transmit them to another data controller without hindrance, (6) oppose, in whole or in part, to certain types of processing pursuant to art. 21 GDPR, including processing for marketing purposes, (7) withdraw consent pursuant to art. 7, comma 3 of the GDPR without prejudice to the lawfulness of the processing based on the consent given before the revocation, (8) propose a complaint to the Supervisory Authority (Privacy Guarantor), (9) receive clear information, transparent and easily understandable on how to use Personal Data and the exercise of rights, reason why the owner provides the information contained in this document (art. 13 GDPR).

The exercise of rights is not subject to any formal constraints and is free. All rights can be exercised by sending a specific request to the Data Controller at the following e-mail address: info@upprivacy.org.

  1. Amendment of the Privacy Policy

The owner may have the need, in consideration of regulatory changes or changes to their services to update this information by inserting the modified version of the same on the Site. We therefore invite Users to periodically view the Site for verification and knowledge of the updates made firm, where necessary, direct communication to Users of the changes made.