WHY THIS INFORMATION

Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes how we process personal data. This information is provided pursuant to Article 13 GDPR. The information does not apply to other third-party websites that may be consulted via links on this website, for which no liability is accepted.

Personal data that can be processed

Personal data: any information concerning an identified or identifiable natural person («concerned»); an identifiable person is a natural person who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of his physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30 GDPR).

Contractor/user data.

Navigation data

The computer systems and software procedures used to operate this site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers and terminals used by the users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

Data communicated voluntarily

The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the filling in of data collection forms entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data entered.

Information on the processing of personal data carried out through social media platforms

Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Controller, please refer to the information provided by them through their respective privacy policies. The Owner processes the personal data provided by users through the pages of the dedicated Social Media platforms, in order to manage interactions with users (comments, public posts, etc.) and in compliance with the regulations in force.

Specific information

Specific information may be present on the pages of the Site in relation to particular services or processing of the data provided.

 Cookies and other tracking systems. What are they? What are they used for?

For cookies and other tracking systems, see the cookies policy in the footer of the site and at link.

1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?

The data controller is AECIS - European Association for Culture Innovation Sustainability, with registered office in Piazza Marconi, 3 - 26100 Cremona, in the person of the pro-tempore President, who may be contacted for any information via:
mobile phone +39 327 0741668
e-mail: aecis.segreteria@gmail.com
PEC: aecis@legalmail.it

3. PURPOSE OF PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD AND NATURE OF PROVISION OF DATA

PURPOSE OF PROCESSING	LEGAL BASIS	RETENTION PERIOD	NATURE OF CONTRIBUTION
Navigation on this website. The data required for the use of web services are also processed for the purpose of: -obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.); -check the proper functioning of the services offered.	Processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject requiring the protection of personal data are not overridden, having regard to the reasonable expectations of the data subject and the activities strictly necessary for the operation of the site and navigation (Art. 6(1)(f) and C47 of the GDPR)	Browsing data will be stored for the duration of the browsing session	The provision of data is necessary for browsing the website.
Use of cookies and similar technologies. See the cookies policy in the footer of the site	For necessary non-technical cookies and similar technologies, processing is based on consent to the processing of personal data (Art. 6 para. 1 lit. a and C42, C43 GDPR). Consent is given through the site's banner and cookie policy	See the cookies policy in the footer of the site	See the cookies policy in the footer of the site

In addition to navigation, personal data will be processed for:

PURPOSE OF PROCESSING	LEGAL BASIS	RETENTION PERIOD	NATURE OF CONTRIBUTION
A) CONTACTS, sending contact requests, information	Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request; (C44) Article 6(1)(b) of the GDPR	Maximum 12 months	Conferment is necessary. Failure to provide the necessary data will result in the impossibility of being contacted and receiving information
(B) DIRECT MARKETING, for sending advertising or direct sales material or for carrying out market research, commercial and promotional communication, newsletters, by automated means (e-mail). Communications may contain promotional activities and/or logos of third party partners. There will be no transfer of personal data. In order to compare and possibly improve the results of automated communications, the Controller uses systems with reports. Thanks to the reports, the owner will be able to find out, for example: the number of readers, openings, unique “clickers” and “clicks”; the devices and operating systems used to read the communication; details of the activity of individual users; details of e-mails sent, e-mails delivered and not delivered, and e-mails forwarded; All this data is used for the purpose of comparing, and possibly improving, the results of communications.	processing is based on consent to the processing of personal data (C42, C43) Article 6(1)(a) of the GDPR	Until revocation of consent (or opt-out)	Providing it is optional. Failure to provide the necessary data will result in the impossibility of receiving direct marketing communications
C) HANDLING OF YOUR REQUESTS and requests from other data subjects, pursuant to Art. 15 et seq. of the GDPR (rights of the data subject)	Processing is necessary for compliance with a legal obligation to which the controller is subject (C45) Art. 6(1)(c) of the GDPR	5 years from the closing of the application, subject to litigation	The provision of personal data is compulsory, as it is indispensable in order to fulfil legal obligations.

4. TO WHOM WILL PERSONAL DATA BE DISCLOSED? RECIPIENTS OF DATA

Personal data will be communicated, also on the basis of the purposes envisaged in specific areas, to subjects who will process the data as autonomous Data Controllers, or Data Processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR) acting under the authority of the Data Controller and Data Processors on the basis of specific instructions given regarding the purposes and methods of processing, for specific purposes on the basis of the area of reference. The data will be communicated to recipients belonging to the following categories:

• Parties providing services for the website and communication networks, including e-mail, hosting and website management;
• Subjects based in Italy, with which the Controller has signed agreements and prior consent, where applicable;
• For direct marketing;
• Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request

The list of Data Processors is available by writing to aecis.segreteria@gmail.com or to the other addresses indicated above.

5. WILL THE DATA BE TRANSFERRED TO NON-SEE COUNTRIES?

Personal data will not be transferred to countries outside the EEA. In case of subscription to the newsletter the data will be transferred to countries outside the European Economic Area in compliance with the applicable regulations, in particular, the transfer will take place in compliance with the appropriate and suitable guarantees for the purposes of the transfer itself, pursuant to Articles 44 et seq. of Regulation (EU) 2016/679. For further information regarding the transfer of personal data, you may contact the Data Controller at the contact details indicated above 

6. IS THERE AN AUTOMATED PROCESS?

Personal data will be subject to traditional manual, electronic and automated processing. Please note that no fully automated decision-making processes are carried out.

7. WHAT ARE YOUR RIGHTS? HOW CAN HE EXERCISE THEM?

You may assert your rights as expressed in Art. 15 et seq. GDPR, by contacting the Data Controller at aecis.segreteria@gmail.com, or to the contacts listed above. You have the right, at any time, to request access to your personal data (Art. 15), rectification (Art. 16), erasure (Art. 17), and restriction of processing (Art. 18). The data controller shall inform (Art. 19) each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out. The controller shall inform the data subject of these recipients if the data subject so requests. In the cases provided for, you have the right to the portability of your data (Art. 20), in which case they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object (Art. 21), at any time, to the processing of your data based on legitimate interest, and in cases where the legal basis is consent, you have the right to revoke the consent given without prejudice to the lawfulness of the processing based on the consent before revocation.

If you wish to stop receiving automated direct marketing communications (e-mail), please write an e-mail to aecis.segreteria@gmail.com with the subject line “unsubscribe from automated” or use our automated unsubscribe systems provided for e-mails only (opt-out). 

If the data subject considers that the processing of personal data carried out by the Controller is in breach of the provisions of Regulation (EU) 2016/679, he/she has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State where he/she normally resides or works or in the place where the alleged breach of the Regulation occurred (Garante Privacy https://www.garanteprivacy.it/), or to take appropriate legal action.

8. CHANGES TO THE POLICY

The Controller reserves the right to change, update, add or remove parts of this notice. In order to facilitate the verification and modification of the text, the notice will contain the date of update.

Date of update: 15/03/2023