As per section 13 of Italian Law Decree n. 196 dated June 30, 2003 (“Privacy Law”), section 13 of the European Regulation n. 679 dated 2016 (“Data Protection Regulation”), Ruling n. 229 dated 2014 of the Italian Personal Data Protection Authority as well as Recommendation n. 2 dated 2001 adopted as per section 29 of Directive n. 95/46/CE, AIM Italy S.r.l. (hence, the “Controller” or “AIM”) intends to inform its Users on the use of their personal data, of the log files and of the so-called cookies gathered by means of navigation of the Site http://www.ecers2019.org (hence the “Site of the Congress”) and the subscription to the related “keep me updated” service (hence, the “Keep me update Service”), which has the purpose of updating the Users on all initiatives held during the XVI ECerS Conference 2019 (hence the “Congress”).
1. Controller, Processor and Data Protection Officer
The controller of the personal data processing is AIM Italy S.r.l., with legal offices in Via Giuseppe Ripamonti n. 129, 20127 Milano, Italy, Italian fiscal code 00927270587, Italian VAT number 00943621003, phone +39 02 5660.1, email firstname.lastname@example.org
The updated list of Data Processors, where nominated, can be provided upon request by the Users.
In case a Data Protection Officer is nominated (as per section 37 of the Data Protection Regulation), his/her identity will be announced by means of publication of an integration to the current information sheet.
2. Information and data collected automatically by the Site of the Congress
Similarly to all web-sites, Site of the Congress uses log files in which information is automatically collected and preserved during the Users’ visits.
The collection information regards the following:
- internet protocol address (IP);
- type of browser and parameters used to create connection to the Site of the Congress;
- name of the internet service provider (ISP);
- date and time of the visit;
- web-page of provenance (referral) and destination after exit by the User;
- number of clicks, where applicable.
This information is processed automatically and collected exclusively in an aggregated way in order to monitor the correct functioning of the Site of the Congress.
The Site of the Congress makes use of so-called “technical”, “analytical” and “profiling” cookies; for a profound analysis of such cookies and of the possibility of blocking their use by denying permission, the Users may consult the following link http://web.aimgroupinternational.com/cookie-policy/cookie-policy.html.
3. Data voluntarily introduced by the Users: ways and purposes of use
For simple navigation of the Site of the Congress, there is no need to register, but, in order to be able to receive the Keep me update Service, we need to gather some information regarding the Users. In any case, AIM commits to using the personal data of Users exclusively in the ways, terms and for the purposes listed as follows. The Controller processes personal data of Users for the following purposes:
- executing the Keep me updated Service, updating the Users on all of AIM’s initiatives held during the Congress;
- performing administrative obligations related to the usage of Keep me updated Service (e.g. for information requests, complaints, etc.);
- performing legal obligations;
- executing technical management of the Site of the Congress;
- update the Users on all other projects, initiatives and future events organized by AIM in the same area of interest, by means of both automated tools (such as newsletters, e-mails, SMS’s, MMS’s, robocalls, etc.) and traditional communication tools (hardcopy mail and/or operator calls).
The Keep me updated Service will be provided by means of automated tools (such as, e-mail, SMS, MMS, robocalls, etc.).
The data provided by Users will be processed predominantly with information systems under the authority of the Controller, by third parties specifically commissioned, authorized and instructed to the processing as per section 30 of the Privacy Law and of sections 28 and 29 of the Data Protection Regulation. Appropriate security measures, also as per sections 5 and 32 of the Privacy Data Protection, will be adopted to prevent loss of data, illicit or inappropriate uses and unauthorized access.
4. Optional or mandatory nature of data transfer, consequences of denial and juridical basis of the processing
In order to provide the Keep me updated Service, as well as for the purposes listed at items (ii), (iii), (iv) and (v) of preceding section 3, transfer of the Users’ personal data is mandatory, as otherwise the Users could not be updated on all initiatives promoted and organized during the Congress and on other projects, initiatives and future events organized by AIM in the same area of interest.
Thus, with reference to the items (i), (ii), (iii), (iv) and (v) of preceding section 3, the juridical basis of the processing is the provision of the Keep me updated Service and of the update service on other projects, initiatives and future events organized by AIM in the same area of interest (as per section 6, paragraph 1, letter b) of the Data Protection Regulation).
5. To whom and in which context the Controller may transmit the Users’ personal data
The Users’ personal data may be communicated within the European Union, in full compliance of the provisions of the Privacy Law and the Data Protection Regulation, to the following entities:
- to public authorities, where this is mandated by law or required by the authorities;
- to the external structures/companies the Controller uses for the execution of activities related to the provision of the Keep me updated Service;
- to external consultants, if not nominated Data Processor;
Above entities, to whom the Users’ data can be communicated (if not nominated Data Processor or co-responsible), will treat the Users’ personal data in their quality of Controllers as per the applicable norms, in full autonomy, not being connected to the original processing executed by AIM.
6. Users’ rights
Individual Users can exercise their rights as per section 7 of the Privacy Law and subsequent modifications and integrations, as well as sections 15, 16, 17, 18, 20 and 21 of the Data Protection Regulation at any time, by sending a written note to the Controller’s addresses as listed in preceding section 1 and thus obtain:
- confirmation or denial of the existence of personal data of the User with indication of the related origin;
- access, rectification, cancellation of the personal data or their limitation of processing;
- cancellation, anonymization or blocking of personal data processed in violation of the law.
Individual Users may moreover oppose to the processing of the data that relate to them, as well as revoke at any time their consent to personal data processing (without prejudice to the legitimacy of the processing based on the consent conceded previously to revocation).
As any consent conceded by Users to be contacted by means of automated tools for the purpose listed at item (v) of preceding section 3 extends to traditional tools as well, the Users may contact AIM at any time at the addresses indicated above, to exercise their right of (partial) opposition with reference to one or another of the above mentioned modalities.
7. Duration of the processing
Except for legal obligations and for the Users’ updates on all other projects, initiatives and future events promoted by AIM, the Users’ personal data will be conserved for the mere duration of the Congress. In any case, the processing will not have a duration exceeding 5 years from the date of registration to the Keep me updated Service, as long as Users have not requested cancellation before. Notwithstanding the above, AIM may conserve some personal data of Users also after the request for termination of processing, exclusively for the scope of defending or safeguarding its rights, or in those cased as defined by law or by order of a judicial or government authority.
8. Security measures
By means of the Site of the Congress, the Users’ personal data are processed in respect of applicable law and adopting appropriate security measures, in compliance with the regulations in force, also as per sections 5 and 32 of the Data Protection Regulation.
In this regard, we confirm, among other things, the adoption of appropriate security measures with the scope of inhibiting unauthorized access, theft, publication, modification of unauthorized destruction of the Users’ data.
9. Modifications to the Privacy Information Sheet
The current Information Sheet is subject to modifications by the Controller; AIM will communicate the modifications to the Users by mail, with a prenotice period of at least 15 days with respect to the date in which the new Information Sheet will apply.