Privacy notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) on the protection of personal data.
Assosvezia, the Italian-Swedish Chamber of Commerce considers the protection of personal data of fundamental importance and communicates this notice to its Members, Associate members, their employees and those who use its services in various ways.
The Controller is Assosvezia, the Italian-Swedish Chamber of Commerce, VAT no. 05603110965, tax code 97137840159, with registered office in Via Agnello 6/1, 20121 Milan, Tel + 39 02 877524, Fax +39 02 72004082, E-Mail: email@example.com, represented by its President pro tempore (hereinafter referred to as Assosvezia or the Controller).
2. Necessity of processing and categories of data processed
Data are normally collected from the data subject when applying for membership to Assosvezia or concerning the provision of its services.
The communication of personal data is an essential requirement for concluding the membership contract or the contract for the provision of services, as well as the attendance at events organized by Assosvezia.
The categories of personal data processed include:
- contact information: name, place and date of birth, citizenship, role, position, company or organisation, telephone number, mobile number, e-mail address and postal address, tax code;
- commercial information: data relating to services requested from Assosvezia by the data subject and data relating to contacts with Swedish parties in order to establish the existence of the requirements in the articles of association to become a member rather than associate member;
- bank information relating to the payment of membership fees and services provided by Assosvezia;
- authentication credentials for accessing the restricted area of the website.
Assosvezia does not collect or process on its own initiative special categories of personal data, including information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or the state of health of the data subjects.
3. Purpose of processing
Personal data of data subjects may be processed for one or more of the following purposes:
1. Registration with Assosvezia and managing the membership relationship (e.g. convening General Meetings, communications to members, invoicing of membership fees, payments, tasks).
2. Provision of services to the data subjects.
3. Fulfilment of legal, administrative and tax obligations (e.g. invoicing, accounting entries).
4. Maintaining relations with public institutions (Ministry of Economic Development, Municipalities, Chambers of Commerce).
5. Promotion, organization of and invitations to Assosvezia promotional, training and informative events and those of its members, associate members and partners (other Chambers of Commerce, Ministries, Embassies etc.).
6. Networking between members, associate members and relevant third parties.
7. Promotion and organization of work experience and visits to companies by members, associate members, students, professionals and managers.
8. Sending out information, commercial, fund raising, sponsorship, and newsletter communications.
9. Posting Assosvezia events and activities on its website and social media pages (e.g. twitter, facebook, linkedin, instagram).
10. Increasing the Chamber of Commerce’s know-how, improving services, statistics relating to members, associate members, trade between Italy and Sweden and research activities.
4. Legal basis of the processing
The legal basis for the processing of personal data consists of the following:
- carrying out pre-contractual actions at the request of the data subject, such as requests for membership, quotes and offers, submission of CVs and presentations;
- contractual relationship between the Controller and the data subject, consisting of the membership relationship, or the provision of Chamber of Commerce services, attendance at events and sponsorship;
- fulfilment of legal obligations incumbent upon the Controller, such as invoicing, accounting, financial statements, membership transparency;
- legitimate interests pursued by the Controller, such as safeguarding its rights and business assets, improving the know-how of the Chamber of Commerce, training of employees and interns, improving the organization and its information systems, improving the quality of services, writing articles, transmitting Chamber of Commerce offers and those of its members, associate members and business partners with special agreements, sending newsletters, invitations to seminars and events, provided that the interests and rights of the data subject do not prevail according to a balanced assessment carried out prior to each processing operation and without prejudice to the data subject’s right to object to certain processing operations based on the legitimate interests of the Data Controller.
5. Methods of processing
Personal data are collected from the data subject and may be obtained from other sources, both private and accessible to the public, for the purpose of the correct and complete fulfilment of the contractual relationship with the Controller and for the purposes described in point 3 above.
Processing may be carried out with or without the support of electronic or automated tools, safeguarding the protection of data from intrusion, unauthorized access, alteration and loss of data.
Processing is carried out by the Controller personally and/or by the persons in charge of processing and/or by the data processor and/or its representatives, in compliance with current regulations.
Data are stored in servers located in Lombardy, Italy, which is within the European Union. The hard copy archives are also located in Lombardy, Italy, in secure rooms.
The Controller has adopted the necessary technical and organizational protection measures for the confidentiality, integrity and availability of data and especially for preventing unauthorized access, alteration, dissemination, loss and destruction.
6. Storage of processed data
Personal data of members, associate members and clients are stored for the full duration of the membership relationship and for 10 years after termination on the basis of the ten-year limitation period for contractual relationships and the provisions of Article 2220 of the Italian Civil Code with regard to accounting records.
Data of data subjects belonging to other categories shall be kept by the Controller taking into account the obligations resulting from the legislation in force and any legitimate interests of Assosvezia in pursuing the purposes described above, without prejudice to the right of the data subject to oppose processing in the cases provided for by law and request erasure.
7. Disclosure of personal data to third parties
Notwithstanding disclosure carried out in fulfilment of legal, contractual and membership obligations, the data collected and processed may be disclosed to the following third parties exclusively for the purposes specified above:
- Assosvezia staff, governing council, working groups, members, associate members, business partners;
- public bodies (e.g. Tax authorities, Ministry of Economic Development, Embassies);
- insurance companies, banks, specialists, consultants, IT service companies, pertaining to the activities of Assosvezia;
- other Chambers of Commerce, including those abroad, established in the European Union.
It is not the Controller’s intention to transfer personal data to a third country or an international organisation, unless this is done at the express request and informed consent of the data subject.
8. Your Rights
You may exercise your legal rights as a data subject at any time and obtain:
- confirmation as to whether or not personal data concerning you are being processed and to obtain access to the data and the following information (purposes of the processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be disclosed, the storage period);
- rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed, including by means of providing a supplementary statement;
- the erasure of personal data, in the situations provided by the law;
- portability of data provided to the Controller including the direct transmission of data to another controller;
- objection at any time to processing based on the legitimate interests of the Controller (e.g. sending newsletters, offers, invitations, marketing, statistics, training).
9. Exercising your rights and complaints
You may exercise your rights at any time by contacting the Controller without formalities or payment of any additional cost.
Requests will be met as soon as possible and in any case within one month, unless there are objective difficulties about which written notice will be given within that time limit.
In case of dissatisfaction with the processing methods and complaints, you may write to the Data Controller by addressing the request to firstname.lastname@example.org, without prejudice to your right to contact the Data Protection Authority www.garanteprivacy.it or the supervisory authority of the different European country in which you reside, live or work, or in the country in which you believe that a breach of your personal data has occurred.