AIA – ACOUSTICAL SOCIETY OF ITALY
This section contains information about the website management, with reference to the processing of the data of users who consult it, whether they opt to register as members of AIA – ACOUSTICAL SOCIETY OF ITALY and / or to register on the site itself, or whether they only browse the site as users.
This Policy is pursuant to Article 13 of the European General Data Protection Regulation 2016/679 (hereinafter ‘GDPR’), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (and repealing Directive 95/46/EC), for those who interact with AIA – ACOUSTICAL SOCIETY OF ITALY, and can be reached at the address corresponding to the page: www.acustica-aia.it/privacy_policy
The Policy only concerns AIA – ACOUSTICAL SOCIETY OF ITALY and does not apply to other websites possibly consulted by link.
The purpose of this document is to provide information about the nature and the management of the information relating to users / data subjects that the Data Controller collects and manages from the time of connection to the website, regardless of the purpose of the connection itself. according to Italian and European legislation. This Policy may be updated periodically and without prior notice to you to reflect changes in data practices and legislation, so the user is therefore invited to periodically check this page.
If the user is under the age of 14, pursuant to paragraph 1 of Article 2-quinquies of the amended Legislative Decree 30 June 2003, n. 196, must legitimize the consent, where required, through the authorization of the parents or legal guardian.
II – PERSONAL DATA PROCESSING
Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
AIA – ACOUSTICAL SOCIETY OF ITALY is the Data Controller: Registered Office c/o CNR – Istituto di Acustica e Sensoristica “O.M. Corbino”, Via del Fosso del Cavaliere n. 100, 00133 Roma – Italy, Tax Code 03454330584 and VAT Number 01199041003 – Operational Headquarter c/o CNR – IMAMOTER, Via Canal Bianco n. 28, 44124 Ferrara – Italy.
User’s personal data are processed by subjects authorized by the Data Controller and by Data Processors specifically appointed and instructed by AIA as Data Controller, or by other independent Data Controllers, authorized to access them pursuant to the provisions of law and regulations. User’s personal data are also processed by System Administrator designated pursuant to the Provision 27 November 2008 of the Italian Supervisory Authority for the Protection of Personal Data.
For any request for the list of designed Data Processors, for clarification or exercise of rights of the user /data subject, it will be possible to contact the Data Controller at the following email address: firstname.lastname@example.org
III – PROCESSED DATA
1 – Processed categories
For the purposes described below, the Data Controller processes the following categories of the user / data subject’s personal data: PERSONAL AND IDENTIFICATION DATA; FISCAL AND PAYMENT DATA; POSTAL, TELEPHONE AND EMAIL CONTACT DETAILS, where indicated; DATA COLLECTED DURING THE VISIT OF THE SITE (as specified in the following point – second paragraph).
2 – Methods of data processing
Data processing is carried out by the operations or series of operations indicated in Article 4 paragraph 1 letter a) of the “Privacy Code” and Article 4 nr. 2) GDPR. Personal data will be processed in paper, computerized and telematic mode and entered in the relevant databases which can be accessed by subjects authorized in data processing. All data processing operations are implemented in order to ensure the integrity, confidentiality and availability of personal data, and in any case in compliance with the principles established by Article 5 paragraph 1 GDPR.
Like all websites, this site uses ‘log files’ in which information automatically collected is stored during user visits. The information collected could be the following:
– internet protocol (IP);
– type of browser and parameters of the device used to connect to the site;
– internet service provider (ISP);
– date and time of visit;
– web page of origin of the visitor (referral) and exit;
– possibly number of clicks.
Information is automatically processed and collected in aggregate form too, in order to verify the correct operation of the site, as well as for security reasons. This information will be processed for the purposes of legitimate interests of the Data Controller.
For security purposes (spam filters, firewall, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be legally used in order to block both any attempts to damage to the site itself or to other users, either harmful or criminal activities. These data are never used for user profiling, but for the purpose of protecting the site and its users, and the information is processed for the purposes of legitimate interests of the Data Controller.
3 – Data provided voluntarily by the user
As already indicated, any optional, explicit and voluntary sending of emails to the addresses indicated on the AIA website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
4 – Data processing purposes
Personal data will be processed for purposes strictly necessary for the consultation of the AIA website, as well as for purposes connected and / or instrumental to the consultation itself. All the data used for security purposes (blocking attempts to damage the site) will be kept for the time strictly necessary to achieve this purpose.
Personal data collected by the site will be used for the following possible additional purposes (sometimes with the specific consent of the user / data subject; this consent, where necessary, will be expressly requested in the appropriate site forms):
– managing contact and request for information on AIA products / services;
– management of the AIA membership relationship and execution of typical AIA services;
– fulfillment of legal, regulatory and tax obligations deriving from existing relationships or provided for by an order of the Authority;
– management of purchases and registrations for events from the AIA website;
– data storage;
– protection of the rights of the Data Controller;
– marketing purposes for sending informative and promotional newsletters and invitations to events.
5 – Legal basis and lawfulness of processing
The processing of personal data, where necessary as it is functional to allow consultation of the AIA website, does not require the user’s consent.
The purposes referred to in the second paragraph of point 4 above (“Data processing purposes”) find their legal basis, which certifies the lawfulness of processing pursuant to Article 6, paragraph 1 of the GDPR, in the need to fulfill both obligations deriving from any existing associative relationship, and legal obligations to which the Data Controller is subject, as well as in the pursuit of the legitimate interest of the Data Controller. Data processing for marketing purpose will take place only on the basis of the specific and distinct consent of the user / data subject (Article 6, paragraph 1, letter a) and Article 7 of the GDPR).
6 – Provision of data and consequences of refusal
Apart from what specified for navigation data, the user is free to provide AIA with personal data by the application forms on the website or otherwise indicated in contacts with AIA to request the sending of informative material or other communications. Therefore any refusal to provide mandatory data will make it impossible to pursue the specified processing purposes and to obtain what requested.
The provision of data is mandatory for the fulfillment of legal and / or contractual obligations. Therefore any refusal to provide mandatory data will result in the objective impossibility of pursuing the processing purposes set out in the second paragraph of point 4 (“Data processing purposes “) of this Policy, except as specified in the following paragraph.
The provision of data which are subject to specific consent is optional in order to receive commercial information, without affecting the subsistence of the contractual relationship and typical AIA services, however this will prevent AIA from carrying out the related activity or service requested.
7 – Storage period
Processed data will be kept for the period strictly necessary to achieve the purposes expressed and / or for the entire duration of the relationship with AIA and also subsequently, for all the useful time in relation to the need for historical, scientific and / or statistical archiving relating to the institutional activity carried out by AIA (always subject to compliance with legal obligations). As regards the marketing purposes, the data will be processed until the user / data subject exercises the right to revoke the express consent, or until the right to object to the processing or to erasure is exercised.
8 – Place of data processing and categories of recipients
Data processing connected to the web services of this website takes place at the aforementioned Registered Office and Operational Headquarter of AIA and is handled only by AIA personnel, as well as by any persons authorized to carry out maintenance and assistance operations. No data deriving from the web
service is communicated or disclosed.
In relation to the purposes expressed, the data may be communicated to employees and collaborators within the Data Controller’s structure as subjects authorized for processing, who process data according to the specific provisions given.
Outside the Data Controller’s structure, the data may be disclosed to external collaborators and companies that deal with providing services to the Data Controller as Data Processors or independent Data Controllers, such as: external companies which the Data Controller uses for technical, organizational and commercial reasons, in establishing and managing relationships with customers and users; agent networks; companies operating in transport and logistics; banks and debt collection companies; professionals and consultants; companies that provide technical, IT and telematic support to the Data Controller; financial administrations or public institutions in fulfillment of regulatory obligations and, in general, to all those public and private subjects whose right to access data is recognized by law or by orders of the Authorities.
The updated list of Data Processors is available by sending a written request to the Data Controller at the following email address: email@example.com
IV. DATA SUBJECT RIGHTS
Pursuant to the purposes of the GDPR, the data subject is recognized the following rights.
Article 7 – Right to withdraw the consent
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Article 15 – Right of access by the data subject
The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information about processing.
Article 16 – Right to rectification
The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Article 17 – Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the GDPR grounds applies.
Art. 18 – Right to restriction of processing
The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21, paragraph 1) of the GDPR pending the verification whether the legitimate grounds of the Controller override those of the data subject.
Article 20 – Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided.
In exercising his or her right to data portability pursuant to paragraph 1), the data subject shall have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.
Article 21 – Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6, paragraph 1), including profiling based on those provisions.
Article 22 – Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Requests can be addressed to the Data Controller without formalities or, alternatively, using the model provided by the Supervisory Authority (available on the website www.garanteprivacy.it), by sending a registered letter with return receipt to the Registered Office or an email at the following address: firstname.lastname@example.org
Any actions taken under Articles 15 to 22 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
Pursuant to Article 77 of the GDPR, the user / data subject has also the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as the Supervisory Authority in Italy.
V – DATA TRANSFERS TO EXTRA UE COUNTRIES
This website shares some of the data collected with services located outside the European Union area: in particular by WordPress, Google, Facebook and Twitter through social plugins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of the GDPR, so no further consent is required. Data will never be transferred to countries that do not comply with the conditions set out in Article 45 et seq. of the GDPR.
1 – Cookies
A cookie consists of a reduced set of data transferred to the user’s browser from a web server and can only be read by the server that made the transfer. It is not an executable code and does not transmit viruses.
Cookies do not record any personal information and any identifiable data will not be stored. The user can prevent the saving of some or all cookies; however, in this case, the use of the website and the services offered could be compromised. To proceed without changing the options relating to cookies, simply continue browsing. The types of cookies that the AIA website uses are described below.
There are numerous technologies used to store information on the user’s computer, which are then collected by websites. Among these, the best known and used is that of HTML cookies. They are used for navigation and to facilitate the access and safe and efficient use of the website by the user. They are necessary for the transmission of communications on the electronic network, or for the supplier to provide the service requested by the customer.
The settings to manage or disable cookies may vary depending on the internet browser used. In any case, the user can manage or request the general deactivation or deletion of cookies by changing the settings of the internet browser used. This deactivation may slow down or prevent access to some parts of the website.
Cookies inside the browser which are retransmitted through Google Analytics, or through the blogger statistics service or similar, are technical only if used for the purpose of optimizing the website directly by the owner of the website itself, who can collect information in aggregate form on the number of users and how they browse the website. Under these conditions, the same rules provided for technical cookies apply to analytics cookies, in terms of information and consent.
About duration, temporary cookies can be distinguished, which are automatically deleted at the end of the browsing session and are used to identify the user, and therefore avoid logging in to each page browsed, compared to permanent cookies that remain active on the PC until expiry or cancellation by the user.
Session cookies may be installed in order to allow access and stay in the restricted areas of the portal as an authenticated user. These cookies are not stored permanently, but only for the duration of the navigation until the browser is closed and disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers consisting of random numbers generated by the server necessary to allow safe and efficient exploration of the website.
Third Party Cookies
In relation to the origin, there are cookies sent to the browser directly from the website and those of third parties sent to computer from other websites and not from the one which is browsed. Permanent cookies are often third party cookies. Most third party cookies consist of tracking cookies used to identify online behaviour, understand interests and then customize advertising proposals for users. Third party analytical cookies may be installed. They are sent from the domains of the third parties external to the website. Third party analytical cookies are used to detect information on user behaviour on the AIA website. The survey takes place anonymously, in order to monitor performance and improve the usability of the website.
Third party profiling cookies are used to create profiles relating to users, in order to propose advertising messages in line with the choices made by the users themselves. The use of these cookies is governed by the rules established by the third parties themselves, therefore, users are invited to read the privacy policies and the indications to manage or disable the cookies published on the relative web pages.
Profiling cookies are those that create profiles relating to the user and are used in order to send advertising messages in line with the preferences expressed by the user while browsing. If these types of cookies are used, the user will be asked for explicit consent, according to Article 22 of the GDPR and Article 122 of the Privacy Code.
2 – How to configure the browser
The user can manage cookies through the settings of the browser used. However, deleting the cookies from the browser, the preferences set for the website could be removed.
For further information and support, the user can also visit the specific help page of the web browser used:
– Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
– Firefox: https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences
– Safari: http://www.apple.com/legal/privacy/it/
– Chrome: https://support.google.com/accounts/answer/61416?hl=it
– Opera: http://www.opera.com/help/tutorials/security/cookies/
3 – Social network plugin
The use of information obtained through plugins are governed by the respective privacy policies of the social networks, to which please refer:
You Tube: http://www.google.com/policies/technologies/cookies
VII – DATA PROTECTION
This website lawfully and correctly treats user data, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. The organization responds to logic strictly related to the purposes indicated.
As also specified in Point 8 – Section III (“Place of data processing and categories of recipients”), the various data processed by AIA may be managed both by specifically appointed and authorized internal subjects (for example, subjects in administrative and commercial area, in IT area, or system administrators), and by external subjects, always adequately designated for data processing by AIA, by reason of the services provided and the activities carried out, also for the organization and maintenance of the website (for example, technical service providers, hosting providers, IT companies, communication agencies, consultants and professionals).
VIII – POLICY UPDATE
This Policy may be updated periodically and without prior notice to you to reflect changes in data practices and legislation, so the user is therefore invited to periodically check this page.
This document was controlled on January 22, 2021 to be compliant with current regulatory provisions, in particular with EU Regulation 2016/679 – GDPR.