With the entry into force of the Regulation (EU) 2016/679 (hereafter, “GDPR”), the Associazione Italiana di Economia Agraria (AIEAA) – Viale Fanin, 50, Bologna, Italy, in its quality of data controller (hereafter, “Controller”), provides the required additional information on the processing of personal data stored in its archives and collected on the occasion of participation in AIEAA’s institutional initiatives or when registering for the newsletter.
Data subjected to the processing
The data that will be processed are personal data (first name and last name), affiliation, role (when available) and email address.
Personal data source
Personal data are generally collected from the data subjects.
Purpose of the processing
The processing of personal data is necessary in order to send information on AIEAA and on its institutional activities (e.g.: invitation to events, newsletters and other initiatives).
Processing method and legal basis of the processing
The data will be processed mainly by electronic means and the contact activities may occur via email. The legal basis of the processing is consent of the data subjects.
Personal data retention time
For this purpose, data will be retained until the data subject withdraws its consent or objects to processing, in which case personal data will be deleted.
Categories of recipients to whom personal data may be communicated
For the abovementioned purpose, the Controller transmits some data to:
- persons who are authorised to process personal data, employees and contractors who collaborate for the aforementioned purposes, subjects involved in the organization of events, institutional and communication activities, web services, information systems and data security and secretariats;
- Email sending service companies, to send information about events, newsletter and other AIEAA initiatives. To this aim, we use the services provided by MailChimp, which declares to agree to the Privacy Shield.
Moreover, data can be communicated to:
- Public administrations, institutions and bodies internal to the Controller in the performance of their duties, also in the event of audits and inspections;
- subjects who can access Your data by virtue of provisions laid down by law, or by secondary or community legislation.
The recipients are indicated only by category, as they are subject to frequent updates and modifications. Therefore, You can request the updated list of recipient by contacting the Controller at the following email address: firstname.lastname@example.org.
The Controller ensures the utmost care in order that the communication of Your personal data to the aforementioned recipients, only concerns the data necessary to achieve the specific purposes for which they are intended.
Your personal data will be processed exclusively by authorized employees and contractors. They will be provided with specific instructions on the methods and purposes of the processing.
Transfer of personal data to third countries or international organizations
Your data are not transmitted abroad, except when they are managed by the provider MailChimp (USA). Your data are not disclosed.
Rights of the data subject and method of exercise
Pursuant to articles 15-22 of the GDPR, by sending an email to email@example.com the data subject will be entitled to exercise its right to access, consult, rectification, erasure (right to be forgotten) and restriction to the processing of personal data. The data subject will also be entitled to have its personal data transmitted to another controller (data portability), and to object – for legitimate reason – to processing of personal data or withdraw its consent. In the same way, the data subject has the right to object at any time, and without giving any reason, to the processing of personal data for the information purposes above-mentioned.
In particular, the following rights are illustrated:
a) Right of access
Pursuant to art. 15 of the GDPR, You shall have the right to obtain from the Controller confirmation as to whether or not Your personal data are being processed, and, where that is the case, access to Your personal data and, among others, to the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipient to whom Your personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the right to lodge a complaint with a supervisory authority (vi) whether Your personal data have been collected in relation to the offer of information society services.
b) Right to rectification and erasure (“right to be forgotten”)
Pursuant to art. 16 and 17 of the GDPR, You shall have the right to obtain from the Controller the rectification of inaccurate personal data of Your concern, as well as, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement. Moreover, You shall have the right to obtain from the Controller the erasure of personal data of Your concern where one of the following grounds applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the personal data have been unlawfully processed; (iii) You withdraw consent on which the processing is based, and where there is no other legal ground for the processing; (iv) You object to the processing and there are no overriding legitimate grounds for the processing; (v) the personal data have to be erased for compliance with a legal obligation. However, AIEAA has the right to disregard the exercise of the aforesaid rights to data erasure to comply with a legal obligation or to defend its own rights in courts.
c) Right to data portability
Pursuant to art. 20 of the GDPR, upon the occurrence of the conditions provided for by the law, You shall have the right to receive Your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller.
d) Right to restriction of processing
Pursuant to art. 18 of the GDPR, You shall have the right to obtain from the Controller restriction of processing where one of the following applies: (i) You have contested the accuracy of Your personal data, for a period enabling the Controller to verify the accuracy of Your the personal data; (ii) the processing is unlawful; (iii) the Controller no longer needs the personal data for the purposes of the processing, but they are required by You for the establishment, exercise or defense of legal claims; (iv) You have objected to processing, for a period enabling the verification whether the legitimate grounds of the Controller override Yours.
e) Right to lodge a complaint
Pursuant to art. 77 of the GDPR, You shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of Your habitual residence, place of work or place of the alleged infringement if You consider that the processing of Your personal data infringes the GDPR. In case the Member State is Italy, You shall lodge Your complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).