DISCLOSURE FOR THE PROCESSING OF PERSONAL DATA
MangiaSiediAma of Francesca Citarella with headquarters in Bristo (United Kingdom), in the person of its legal representative, (hereinafter, “Owner”), as the data controller, informs you pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 (hereinafter “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter “GDPR”) that your data will be processed in the manner and for the purposes indicated below.
1. Object of the treatment
The Data Controller processes personal data (name, surname, address, telephone, e-mail, as well as any other common data necessary for the association’s activities), sensitive (racial and ethnic origin, religious, philosophical or other convictions, adhesion to associations or organizations of a religious, philosophical, political or trade union nature), as well as suitable for disclosing the state of health communicated by you when joining the services offered by the Owner.
2. Purpose of the treatment
Your personal data are processed, in accordance with art. 24 Privacy Code, by the non-profit body, in reference to subjects who have regular or adherent contacts, for the pursuit of specific and legitimate purposes identified by the articles of association or the statute.
More specifically, the data you provide is used by the Data Controller to provide the Membresia service for the training activity that the Data Controller offers.
3. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 no. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, blocking, communication, cancellation of data, both in paper and electronic form.
The data you provide is processed, without the need for express consent (Article 24 of the Privacy Code and Article 6 of the GDPR), for the following purposes: – adhering to the services offered by the Data Controller; – fulfill the pre-contractual, contractual and tax obligations deriving from the activity carried out by the Data Controller in relation to the services rendered; – fulfill the obligations established by law, by regulations, by community legislation or by an order of the Authority; – exercise the Owner’s own rights.
4. Disclosure of data
Your data are not disclosed or communicated to third parties except with your explicit consent, except for legal obligations and the order of the Authority.
Communication to third parties takes place exclusively to allow the correct performance of the services rendered by the Data Controller, limiting it to the minimum necessary.
Sensitive data will be processed and communicated exclusively to safeguard the health status of the interested party, for the execution of legal obligations, in the context of the management of insurance policies concerning civil liability, to avoid and prevent the occurrence of diseases, intoxications, allergies.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 1 year from the termination of the service for which the data were provided.
6. Mandatory treatment
The provision of data for the purposes specified above is mandatory, since, in their absence, the services offered by the Data Controller cannot be provided.
7. Rights of the interested party
In your capacity as an interested party, you have the rights referred to in art. 7 Privacy Code and art. 15 GDPR and precisely the rights of:
7.1 obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
7.2 get the indication:
a) the origin of personal data;
b) the purposes and methods of treatment;
c) the logic applied in case of treatment carried out with the aid of electronic instruments;
the identity of the owner, manager, and the representative appointed pursuant to art. 5,
paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR;
d) the subjects or categories of subjects to whom the personal data may be communicated or who can
become aware of it as appointed representative in the State, managers or
a) updating, rectification or, when interested, integration of data;
b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) certification that the operations referred to in letters a) and b) have been carried out to.