In compliance with Articles 13 and 14 of EU Regulation 2016/679 on the protection of personal data (GDPR), we inform you as follows:
Purpose of processing and legal basisThe Association will process your personal data exclusively for the performance of institutional activities, including:
- Membership registration and management of the associative relationship;
- Compliance with legal obligations (e.g., tax, insurance, etc.) concerning Association members;
- Sending communications (via mail, email, mobile number, or other electronic means) related to the service, assemblies, activities, and initiatives of the Association;
- Use of images for publication on the Association's website, Facebook page, newsletters, or promotional materials for the Association's institutional activities;
- Use of personal photos for inclusion in the identification badge.
The legal basis for processing is the associative relationship (Article 6, paragraph 1, letter b and Article 9, paragraph 2, letter d GDPR), legal obligations of the Association (Article 6, paragraph 1, letter c GDPR), and, in some cases, consent expressed by the member (Article 6, paragraph 1, letter a and Article 9, paragraph 2, letter a GDPR).
Special categories of dataProcessing typically does not involve special categories of data (sensitive, judicial, health, etc.). However, such information may emerge if membership indicates political, philosophical, religious, or trade union tendencies as per Article 9, paragraph 2, letter d) of the GDPR.
Methods and principles of processingProcessing will adhere to the GDPR and Legislative Decree no. 169/03 (Personal Data Protection Code), ensuring lawfulness, fairness, transparency, adequacy, and relevance, using both paper-based and electronic methods by persons authorized by the Association. Adequate protection measures will be adopted to guarantee data security and confidentiality.
Necessity of providing dataProviding name, surname, address, email, mobile number, and individual photo is necessary for the organization of the service and management of the associative relationship. Consent for image use is optional.
Communication and transfer of data abroadData may be communicated to:
- All subjects responsible for activities required by law (accountants, insurers, system administrators, etc.);
- Individuals and/or legal entities, public and/or private, when communication is necessary or functional to institutional activities (trainers, Local Authorities, health entities, suppliers, etc.).
Data may be transferred to recipients outside the EU (e.g. for newsletter management or cloud document storage), ensuring adequate data protection through agreements or verification of adequate protection measures. When necessary, subjects receiving data for activities on behalf of the Association will be appointed Data Processors (external) under Article 28 GDPR.
Data retention periodData will be used by the Association until the termination of the associative relationship. Afterward, only data required by legal, accounting, tax obligations, or for the Association's protection needs will be retained. Names will be kept for historical archives in the paper membership book kept at the Association.
Rights of the data subjectAs a data subject, you have all the rights specified in Article 15 GDPR, including access, rectification, erasure, restriction, and objection to processing, withdrawal of consent, and the right to lodge a complaint with the Data Protection Authority. These rights can be exercised through written communication sent via email, certified email, fax, or registered mail to the Association's headquarters.
Data controllerThe data controller is the COLLETTIVOF Association, located in Monreale (PA), Via Provinciale 1/A, certified email
collettivof@pec.it, email
info@collettivof.com.