AIA – ACOUSTICAL SOCIETY OF ITALY 

PRIVACY AND COOKIE POLICY 

I – INFORMATION ABOUT OUR PRIVACY POLICY

This section contains information about the website management, with reference to the processing of the data of users who consult it, whether they opt to register as members of AIA – ACOUSTICAL SOCIETY OF ITALY and / or to register on the site itself, or whether they only browse the site as users.

This Policy is pursuant to Article 13 of the European General Data Protection Regulation 2016/679 (hereinafter ‘GDPR’), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (and repealing Directive 95/46/EC), for those who interact with AIA – ACOUSTICAL SOCIETY OF ITALY. This website is not aimed directly at minors and does not provide for the possibility of registration or enrolment.

The Policy only concerns AIA – ACOUSTICAL SOCIETY OF ITALY and does not apply to other websites possibly consulted by link.

The purpose of this document is to provide information about the nature and the management of the information relating to users / data subjects that the Data Controller collects and manages from the time of connection to the website, regardless of the purpose of the connection itself. according to Italian and European legislation. This Policy may be updated periodically and without prior notice to you to reflect changes in data practices and legislation, so the user is therefore invited to periodically check this page.

                              II – PERSONAL DATA PROCESSING

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

AIA – ACOUSTICAL SOCIETY OF ITALY is the Data Controller: Registered Office c/o CNR – Istituto di Acustica e Sensoristica “O.M. Corbino”, Via del Fosso del Cavaliere n. 100, 00133 Roma – Italy, Tax Code 03454330584 and VAT Number 01199041003 – Operational Headquarter c/o CNR – STEMS, Via Canal Bianco n. 28, 44124 Ferrara – Italy.

User’s personal data are processed by subjects authorized by the Data Controller and by Data Processors specifically appointed and instructed by AIA as Data Controller, or by other independent Data Controllers, authorized to access them pursuant to the provisions of law and regulations. User’s personal data are also processed by System Administrator designated pursuant to the Provision 27 November 2008 of the Italian Supervisory Authority for the Protection of Personal Data.

For any request for the list of designed Data Processors, for clarification or exercise of rights of the user / data subject, it will be possible to contact the Data Controller at the following email address: segreteria@acustica-aia.it

III – PROCESSED DATA

1 – Processed categories

For the purposes described below, the Data Controller processes the following categories of the user / data subject’s personal data: PERSONAL AND IDENTIFICATION DATA (e.g. name, surname, associative category); FISCAL AND PAYMENT DATA; POSTAL, TELEPHONE AND EMAIL CONTACT DETAILS, where indicated; DATA COLLECTED DURING THE VISIT OF THE SITE (as specified in the following point – second paragraph).

2 – Methods of data processing

Data processing is carried out by the operations or series of operations indicated in Article 4 paragraph 1 letter a) of the “Privacy Code” and Article 4 nr. 2) GDPR. Personal data will be processed in paper, computerized and telematic mode and entered in the relevant databases which can be accessed by subjects authorized in data processing. All data processing operations are implemented in order to ensure the integrity, confidentiality and availability of personal data, and in any case in compliance with the principles established by Article 5 paragraph 1 GDPR.

Like all websites, this site uses ‘log files’ in which information automatically collected is stored during user visits. The information collected could be the following:

  • internet protocol (IP);
  • type of browser and parameters of the device used to connect to the site;
  • internet service provider (ISP);
  • date and time of visit;
  • web page of origin of the visitor (referral) and exit;
  • possibly number of clicks.

Information is automatically processed and collected in aggregate form too, in order to verify the correct operation of the site, as well as for security reasons. This information will be processed for the purposes of legitimate interests of the Data Controller.

For security purposes (spam filters, firewall, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be legally used in order to block both any attempts to damage to the site itself or to other users, either harmful or criminal activities. These data are never used for user profiling, but for the purpose of protecting the site and its users, and the information is processed for the purposes of legitimate interests of the Data Controller.

Where the insertion of comments is allowed, or in case of specific services requested by the user, including the possibility of sending the Curriculum Vitae to establish a relationship with AIA, the site automatically detects and records certain personal data, including email address. These data are voluntarily provided by the user at the time of the request. By inserting a comment or other information, the user expressly accepts this Privacy Policy and, in particular, agrees to the free dissemination of the comments also to third parties. Personal data received by AIA will be used exclusively for the provision of the requested service and only for the necessary time.

The information that the user deems to make public through the services and tools available by the website is understood to be provided knowingly and voluntarily, exempting AIA from any liability for any violations of the law. It is up to the users to verify that they have permission to enter personal data of third parties or content protected by national and international regulations.

3 – Data provided voluntarily by the user

As already indicated, any optional, explicit and voluntary sending of emails to the addresses indicated on the AIA website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

4 – Data processing purposes

Personal data will be processed for purposes strictly necessary for the consultation of the AIA website, as well as for purposes connected and / or instrumental to the consultation itself. All the data used for security purposes (blocking attempts to damage the site) will be kept for the time strictly necessary to achieve this purpose.

Personal data collected by the site will be used for the following possible additional purposes (sometimes with the specific consent of the user / data subject; this consent, where necessary, will be expressly requested in the appropriate site forms):

  • managing contact and request for information on AIA products / services;
  • management of the AIA membership relationship and execution of typical AIA services;
  • management of registration on the AIA website;
  • publication of personal data (name – surname – associative category) in the list of members present in the reserved area of ​​the AIA website;
  • publication of personal data (name – surname – associative category) in the list of members present in the unique annual issue of the RIA, only in the papery copies required for legal deposit;
  • management of purchases from the AIA website;
  • management of registration request for the AIA Conference or AIA seminar events and for any subsequent administrative and informational activity relating to it;
  • fulfilment of legal, regulatory and tax obligations deriving from existing relationships or provided for by an order of the Authority;
  • data storage;
  • protection of the rights of the Data Controller;
  • marketing purposes for sending informative and promotional newsletters and invitations to events;
  • transmission of contact data to PLATINUM commercial supporters of AIA for purposes of newsletter and direct marketing.

5 – Legal basis and lawfulness of processing

The processing of personal data, where necessary as it is functional to allow consultation of the AIA website, does not require the user’s consent.

The purposes referred to in the second paragraph of point 4 above (“Data processing purposes”) find their legal basis, which certifies the lawfulness of processing pursuant to Article 6, paragraph 1 of the GDPR, in the need to fulfil both obligations deriving from any existing associative relationship or registration on the website and to AIA events (Article 6, paragraph 1, letter b GDPR), and legal obligations to which the Data Controller is subject (Article 6, paragraph 1, letter c GDPR), as well as in the pursuit of the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f  GDPR).

Data processing for marketing purpose and transmission to PLATINUM commercial supporters of AIA will take place only on the basis of the specific and distinct consent of the user / data subject (Article 6, paragraph 1, letter a) and Article 7 of the GDPR), as for the following processing:

  • publication of personal data (name – surname – associative category) in the list of members present in the reserved area of ​​the AIA website;
  • publication of personal data (name – surname – associative category) in the list of members present in the unique annual issue of the RIA, only in the papery copies required for legal deposit;
  • management of purchases from the AIA website.

6 – Provision of data and consequences of refusal

Apart from what specified for navigation data, the user is free to provide AIA with personal data by the application forms on the website or otherwise indicated in contacts with AIA to request the sending of informative material or other communications. Therefore any refusal to provide mandatory data will make it impossible to pursue the specified processing purposes and to obtain what requested.

The provision of data is mandatory for the fulfilment of legal and / or contractual obligations, for the management of the AIA membership relationship, for the management of registration on the AIA website and to the AIA Conference or AIA seminar events. Therefore any refusal to provide mandatory data will result in the objective impossibility of pursuing the processing purposes.

The provision of data which are subject to specific consent is optional, without affecting the subsistence of the contractual relationship and typical AIA services, however, the denial will prevent AIA from carrying out the related activity or service requested.

7 – Storage period

Processed data will be kept for the period strictly necessary to achieve the purposes expressed and / or for the entire duration of the relationship with AIA and also subsequently, for all the useful time in relation to the need for historical, scientific and / or statistical archiving relating to the institutional activity carried out by AIA (always subject to compliance with legal obligations). As regards the marketing purposes, the data will be processed until the user / data subject exercises the right to revoke the express consent, or until the right to object to the processing or to erasure is exercised.

8 – Place of data processing and categories of recipients

Data processing connected to the web services of this website takes place at the aforementioned Registered Office and Operational Headquarter of AIA and is handled only by AIA personnel, as well as by any persons authorized to carry out maintenance and assistance operations. No data deriving from the web service is communicated or disclosed.

In relation to the purposes expressed, the data may be communicated to employees and collaborators within the Data Controller’s structure as subjects authorized for processing, who process data according to the specific provisions given.

Outside the Data Controller’s structure, the data may be disclosed to external collaborators and companies that deal with providing services to the Data Controller as Data Processors or independent Data Controllers, such as: external companies which the Data Controller uses for technical, organizational and commercial reasons, in establishing and managing relationships with customers and users; agent networks; companies operating in transport and logistics; banks and debt collection companies; professionals and consultants; companies that provide technical, IT and telematic support to the Data Controller; financial administrations or public institutions in fulfilment of regulatory obligations and, in general, to all those public and private subjects whose right to access data is recognized by law or by orders of the Authorities.

 

IV – DATA SUBJECT RIGHTS

Pursuant to the purposes of the GDPR, the data subject is recognized the following rights.

Article 7 – Right to withdraw the consent

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Article 15 – Right of access by the data subject

The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information about processing.

Article 16 – Right to rectification

The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Article 17 – Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the GDPR grounds applies.

Art. 18 – Right to restriction of processing

The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

  1. a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
  2. b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. d) the data subject has objected to processing pursuant to Article 21, paragraph 1) of the GDPR pending the verification whether the legitimate grounds of the Controller override those of the data subject.

Article 20 – Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided.

In exercising his or her right to data portability pursuant to paragraph 1), the data subject shall have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.

Article 21 – Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6, paragraph 1), including profiling based on those provisions.

Article 22 – Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Requests can be addressed to the Data Controller without formalities or, alternatively, using the model provided by the Supervisory Authority (available on the website www.garanteprivacy.it), by sending a registered letter with return receipt to the Registered Office or an email at the following address: segreteria@acustica-aia.it

Any actions taken under Articles 15 to 22 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

Pursuant to Article 77 of the GDPR, the user / data subject has also the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as the Supervisory Authority in Italy.


V – DATA TRANSFERS TO EXTRA UE COUNTRIES

This website shares some of the data collected with services located outside the European Union area: in particular by WordPress, Google, Facebook and Twitter through social plugins. The Data Controller is committed to complying with current Italian and European legislation.

 

VICOOKIE POLICY

1 – Cookies

The AIA website uses cookies to make the user’s browsing experience easier and more intuitive: cookies are small text strings used to store some information that may concern the user, his/her preferences or the Internet access device (computer, tablet or mobile phone) and are mainly used to adapt the operation of the website to the user’s expectations, offering a more personalized browsing experience and memorizing the choices previously made.

A cookie consists of a reduced set of data transferred to the user’s browser from a web server and can only be read by the server that made the transfer. It is not an executable code and does not transmit viruses. Cookies do not record any personal information and any identifiable data will not be stored. The user can prevent the saving of some or all cookies; however, in this case, the use of the website and the services offered could be compromised. The settings to manage or disable cookies may vary depending on the internet browser used. In any case, the user can manage or request the general deactivation or deletion of cookies by changing the settings of the internet browser used. This deactivation may slow down or prevent access to some parts of the website.

The AIA website uses Technical Cookies necessary for the purpose of carrying out the transmission of an electronic communication, to guarantee the correct display of the site and navigation within it. These cookies can memorize the user’s account identifier, the personalization of the website; they can also be used for technical purposes such as saving entered information. They also allow the site to be monitored and to distinguish between the various connected users for site security reasons. Some of these cookies are eliminated when the browser is closed (session cookies – used, for example, to allow access and permanence in reserved areas of the portal as an authenticated user), others have a longer duration (persistent cookies with pre-set – for example the cookie necessary for the conservation of the user’s consent in relation to the use of the cookies themselves, which lasts 1 year). Consent is not required for these cookies.

Non-necessary analysis cookies are also used, directly from AIA or from third parties, to collect information, in aggregate form, on the number of users and on how they proceed to visit the site. If the service is anonymous, they are assimilated to technical cookies and it is not necessary to acquire the user’s consent.

The other types of non-technical Cookies (e.g. profiling) are used to bring specific actions or recurring behavioural patterns back to specific, identified or identifiable subjects in the use of the features offered, for the purpose of grouping the different profiles, so that it is possible to modulate the provision of the service in an increasingly personalized way, as well as to send targeted advertising messages, or in line with the preferences expressed by the user in the context of navigation. For the types of non-technical cookies used, the free consent of the user is expressly required.

2 – How to configure the browser

The user can manage cookies through the settings of the browser used. However, deleting the cookies from the browser, the preferences set for the website could be removed. For further information and support, the user can also visit the specific help page of the web browser used:

–  Chrome: https://support.google.com/chrome/answer/95647

–  Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies

–  Microsoft Edge: https://support.microsoft.com/it-it/help/4027947/microsoft-edge-delete-cookies

–  Firefox: https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences

–  Apple Safari: https://support.apple.com/en-ie/guide/safari/sfri11471/mac

–  Opera: https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/

3 – Social network plug-in

This website also incorporates plug-in and / or buttons for social networks, in order to allow easy sharing of content on user’s favourite social networks. These plug-in are programmed so as not to set any cookies when accessing the page, to safeguard the privacy of users. Eventually cookies are set, if so provided by social networks, only when the user makes effective and voluntary use of the plug-in. Please note that if the user browses while logged into the social network, then he / she has already consented to the use of cookies conveyed through this site at the time of registration to the social network. The use of information obtained through plug-in are governed by the respective privacy policies of the social networks, to which please refer:

–  Facebook: https://www.facebook.com/help/cookies

–  Twitter: https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter

–  You Tube: http://www.google.com/policies/technologies/cookies

VII – DATA PROTECTION

This website lawfully and correctly treats user data, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. The organization responds to logic strictly related to the purposes indicated.

As also specified in Point 8 – Section III (“Place of data processing and categories of recipients”), the various data processed by AIA may be managed both by specifically appointed and authorized internal subjects (e.g., subjects in administrative and commercial area, in IT area, or system administrators), and by external subjects, always adequately designated for data processing by AIA, by reason of the services provided and the activities carried out, also for the organization and maintenance of the website (e.g., technical service providers, hosting providers, IT companies, communication agencies, consultants and professionals).


VIII – POLICY UPDATE

This Policy may be updated periodically and without prior notice to you to reflect changes in data practices and legislation, so the user is therefore invited to periodically check this page. This document was controlled on April 10, 2023 to be compliant with current regulatory provisions.