INFORMATION FORM “NEWSLETTER”

This information is provided to users who subscribe to the newsletter service offered by the website www.cittadinidellordine.com of Citizens of the Order, in accordance with Article 13 of the European Regulation (EU) 2016/679 on the protection of personal data (GDPR).

Data controller

The data controller (hereinafter “Controller”) is Cittadini dell’Ordine S.p.A., with registered office in Via Lancia 6/A – 39100 Bolzano (BZ) and administrative office in Via dell’Arrigoni, 60/120 – 47522 Cesena (FC) – Tax code and VAT number 02415990213. Data Protection Officer (DPO) is Uomo & Ambiente S.r.l. Benefit Society, whose contact person Ing. Gianluigi Carbone can be contacted at the e-mail address privacy@cittadinidellordine.com.

Source and Type of Data

Personal, identification and contact data (elements of personal identification, such as e-mail address) are given spontaneously by the person concerned through the form (form) offered by the website.

Purpose of processing

The personal data of the data subjects, users who fill in the “newsletter” form, are collected and processed exclusively for the purpose of activating the requested service in order to send by e-mail our newsletter (the user’s e-mail address is automatically included in a list of contacts to whom a newsletter is sent periodically) as well as to enable them, in case of deactivation of the service, to have it ceased to be sent or to unsubscribe from the list of recipients.

Legal Basis

The legal basis for the processing of personal data is the receipt of a request from the user who intends to subscribe to the newsletter service. The personal data of the interested party, spontaneously provided by filling in the form (form), are in fact legitimately collected and processed to activate the newsletter service (by e-mail) at the request of the same.

Mandatory or optional nature of providing data

The interested party may refuse to provide the Holder with his/her personal data since the provision of such data is optional. However, completion of the indicated fields (e-mail address) is essential in order to activate the service and receive the requested newsletter. Any refusal to provide the data will therefore prejudice the successful completion of the registration and will not allow the aforementioned service to be used. Similarly, the interested party may, at any time, decide to deactivate this service: simply click on the appropriate link “I wish to unsubscribe from the newsletter service” or “I wish to unsubscribe from the mailing list” located in the footer of the newsletter itself.

Mode of treatment

Personal data will be processed by electronic means, including automated means, in accordance with the principles of lawfulness, necessity and relevance, taking safeguards to identify adequate security measures at any stage of the processing, having regard to the specific purposes of processing. In this regard, the anonymization of personal data and the removal of identifying data is carried out if there is no need to process the data in an identifiable form for the aforementioned processing purposes and, in any case, upon expiry of the retention period indicated in the following paragraph. The Data Controller does not carry out processing that consists of automated decision-making processes (such as profiling) on the data of users who intend to use this service. Personal data will be processed by individuals expressly authorized and trained in personal data protection. Data may be accidentally accessed by ICT personnel and computer technicians (including outsourced) who oversee the operation of the computer system.

Data retention

The Data Controller will retain personal data for as long as necessary to pursue the purposes stated in this policy and, in any case, until any request for restriction and/or opposition by the data subject or, in this case, in the event of deactivation of the service (unsubscription from the newsletter service or deletion from the mailing list) until revocation by the data subject.

Data recipients

Personal data processed by the Data Controller will not be disseminated, i.e., it will not be disclosed to unspecified parties, in any possible form, including making it available or mere consultation. Personal data may, on the other hand, be disclosed to third parties (where required by laws or EU regulations) and, to the extent strictly necessary to perform on our behalf performance or services, to third parties (we mention, by way of example, companies specializing in the management, development and maintenance of websites, companies that provide computer services, companies specializing in the management of electronic communications services, etc..) that we use exclusively for the provision of services related to the purpose pursued, which our organization, in order to ensure greater protection, has from time to time appointed as Data Processors (art. 28 of the GDPR) of the processing operations implemented by them. The full list of data processors, identified and appointed in writing, is available from the Data Controller. In all cases, these subjects will process data in accordance with the instructions received from the Data Controller, according to operational profiles attributed to them in relation to the functions performed, limited to what is necessary and instrumental for the execution of specific operations within the scope of the services requested. Personal data may, finally, be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations.

Data Transfer

There are no plans to transfer personal data to a third country or international organization (Art. 13(1)(f) GDPR) outside the European Union (or the European Economic Area). However, the Data Controller reserves the option to use cloud services, in which case, service providers will be chosen from those companies that can provide specific third-country adequacy guarantees recognized through a decision of the European Commission or, in the absence thereof, suitable contractual or covenant-based guarantees provided by the data controllers involved (including Binding Corporate Rules “BCRs” and Standard Contractual Clauses “SCCs”).

Rights of the data subject

The data subject, to whom the personal data refer, is entitled to exercise his or her rights (under Articles 15-22 of the GDPR) at any time in order to obtain:

  • confirmation as to whether or not personal data concerning him or her are being processed, as well as access to the data and the following information (purpose of processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be disclosed, storage period);
  • rectification of inaccurate personal data concerning him/her and/or supplementation of incomplete personal data, including by providing a supplementary statement;
  • The deletion of personal data or the restriction of the processing of personal data (as a means of reacting to unlawful or improper processing) in the cases provided for by current legislation;
  • The opposition to the processing (c.d. “opt out”) of the processing of personal data (as a manifestation of willingness to have a given data processing cease) in the cases provided for by the regulations in force (it is understood that this right does not exist where the legitimacy of the processing is based on consent since in this case the right to revocation prevails); it may extend to the processing of one’s own data for purposes related to marketing activities carried out by automated contact or through traditional means, being able to be exercised in whole or in part (e.g., to e-mail or telephone communications only or by objecting only to the sending of promotional communications carried out by automated means, etc.) or to processing that consists of automated decision-making processes (such as profiling, insofar as it is related to direct marketing purposes);
  • the portability of data, pertaining to the data subject and provided by the data subject, in order, in particular, to request from the data controller the personal data concerning him/her and/or to request from the data controller the direct transmission of his/her data to another data controller (it is understood that this right applies only if the processing is based on contract or consent and is carried out through electronic processing) in the cases provided for by the applicable legislation.

Regarding the exercise of his or her rights, the data subject may address his or her requests through specific communication by mail addressed to the Data Controller (at the above address) or by sending communication to the e-mail address privacy@cittadinidellordine.com, specifying the subject of his or her request and the right he or she legitimately intends to exercise.

Right of complaint

Data subjects who believe that the processing of personal data relating to them occurs in violation of the provisions of the Regulations, have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) in the manner provided on the website www.garanteprivacy.it (pursuant to Article 77) or to take appropriate legal action pursuant to Article 79 of the Regulations themselves (GDPR).

Chiedi un preventivo 
gratuito

I nostri Security Manager sono a tua disposizione
1. Compila il modulo 2. Fissa il tuo appuntamento 3. Ricevi un preventivo di sicurezza personalizzato
INVIA UNA RICHIESTA
close-link
Powered by Convert Plus

VUOI INFORMAZIONI? CHIAMA IL NUMERO VERDE GRATUITO

Rispondiamo dal Lunedì al Venerdì 9-13 e 14-17
800 010 298
You can unsubscribe anytime.
close-link
Click Me
Scroll to Top