CEI – Comitato Elettrotecnico Italiano, as Data Controller, wishes to provide the following specific information relating to the management methods of its website (https://www.ceinorme.it) with reference to the processing of personal data of users who consult it. It is also an information notice pursuant to art. 13 of EU Regulation 2016/679 (“GDPR” or “Regulation“).
REGULATORY FRAMEWORK
DATA CONTROLLER
The Data Controller is CEI – Comitato Elettrotecnico Italiano (“CEI”), via Saccardo n. 9, 20143 – Milano, email address privacy@ceinorme.it
PLACE OF THE PROCESSING
The processing related to the web services of this website take place at the aforementioned headquarters of the CEI and at the offices of other third parties, for this purpose appointed as Data Processor.
TYPES OF DATA PROCESSED
Browsing data
The information systems and the software procedures needed for the running of this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of the Internet communication protocols.
Such data is not collected to be associated with identified Data Subjects, but due to its nature, it could allow to identify the users, through processing and association with data held by third parties.
To this category of data belong the IP addresses or the domain names of the PC used by the users who connects to the website, the URI notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the size of the file obtained in response, the numeric code specifying the status of the response given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment.
Such data is used only in order to obtain anonymous statistical information on the use of the website and to control the correct operation, and is cancelled immediately after processing. The data could be used to ascertain the liability in case of possible cybercrimes damaging the website.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of personal data by the user by filling the registration form on the website or by calling the telephone numbers published on the website, entails the subsequent acquisition of the data provided by the sender, necessary to provide the service or the information requested.
COOKIES
Please refer to the Cookie Policy available at https://www.ceinorme.it/cookie-policy/ for more information on the cookie used by the Data Controller.
PURPOSES, LEGAL BASES AND THE PERIOD OF STORAGE
| For what purposes the Data are processed | What is the legal basis of the processing | How long the Data will be storage |
| To allow the browsing of the website | The legal basis of the processing is the consent that is expressly and freely given by browsing the website (art. 6, par. 1, let. a) of the GDPR) | The data will be processed only and exclusively during the browsing of the website |
| To send responses to request for information/quotation sent by the users through the website | The legal basis of the processing is the consent that is expressly and freely given by sending the request of information (art. 6, par. 1, let. a) of the GDPR) | Until the achievement of the aims pursued |
| To send commercial communications through the newsletter | The legal basis of the processing is the consent (art. 6, par. 1, let. a) of the GDPR) | Until the consent has been withdrawn |
| Purposes related to the sending of commercial communications (by e-mail) regarding services or products similar to those already purchased by the data subject | The legal base of the processing is the legitimate interest of the Data Controller (art. 6, par. 1, let. f) of the GDPR and art. 130, par. 4, of the D.Lgs 196/2003) | Until the consent has been withdrawn. The Data Subject has the right to withdraw consent at any time |
| Purposes related to the creation of an account to be able to purchase rules, subscriptions, books and to be able to enroll in courses | The legal base of the process is to take steps at the request of the data subject prior to entering in a contract (art. 6, par. 1, let. b) of the GDPR) | Until the account is delated |
| Purposes related to the purchase of rules, subscriptions, books and enrollment in courses | The legal base of the processing is the performance of the contract to which the data subject is party (art. 6, par. 1, let. b) of the GDPR) | Until the expiry of the limitation period (ten years) related to contractual actions that may arise with reference to the contract under which the data are processedino al momento in cui non risultino decorsi i termini di prescrizione (dieci anni) relativi ad azioni contrattuali che possano sorgere con riferimento al contratto in esecuzione del quale i dati sono trattati |
| Purposes related to the enrolment and participation in events (seminars and conferences) organized by the Data Controller and the management of formative credits | The legal base of the processing is the consent of the data subject that is expressly and freely given through the enrolment in the event and, about, formative credits, at the moment of the request for credit accreditation (art. 6, par. 1, let. a) of the GDPR) | Until the consent has been withdrawn |
| Purposes related to the transfer of personal data to the Data Controller’s business partners, for sending commercial communications by the latter | The legal base of the processing is the consent (art. 6, par. 1, let. a) of the GDPR) | Until the consent has been withdrawn |
| Purposes related to the participation in the personnel selection process through the “work with us” page. | The legal basis is the legitimate interest of the Data Controller (art. 6, par. 1, let. f) del GDPR) and art. 111 bis of the D. Lgs. 196/2003 | One year from receipt of the curriculum vitae |
| Defensive purposes in case of abuse in the use of the site or fraud attempts | The legal base is the legitimate interest of the Data Controller (art. 6, par. 1, let. f) of the GDPR) | For the period of time necessary to allow the Data Controller to act or defend himself against any claims made against him or in order to prevent damage deriving from behaviour, by users, executed in violation of legal obligations |
In addition to the above, the data and information collected may be processed by the Data Controller in order to produce reports or other types of internal statistical analysis. These activities will be carried out mainly through the analysis of information regarding browsing on the website. This information will be processed in aggregate form for the sole purpose of allowing the CEI to improve the functioning of the site and the quality of our services.
WITHDRAW OF THE CONSENT
If the processing is based on the consent, the data subject has the right to withdraw consent at any time, without effecting the lawfulness of processing based on consent before its withdrawal.
LINKS TO OTHER WEBSITE
This website could contain links or references for the access to other websites, we inform you that the Data Controller doesn’t control the cookies or other monitoring technologies of such websites to which this policy doesn’t apply. We therefore recommend that you consult the individual privacy policies relating to these websites.
OPTIONAL SUPPLY OF DATA
Apart from what has been specified for the browsing data (necessary for the correct functioning of the website), users are free to supply their personal data or not. However, the non-supply of such data may entail the impossibility to obtain what has been requested.
PROCESSING METHODS
Personal data is processed, even with the aid of automated devices, for the time strictly necessary to achieve the purposes for which it was collected.
Specific security measures are taken in order to prevent the loss of data, its unlawful or wrongful use and unauthorised access.
SHARING, COMMUNICATION AND CIRCULATION OF DATA
Personal data will be processed by personnel authorized for processing by the Data Controller pursuant to article 29 of the GDPR or by third parties who carry out activities strictly connected to the purposes indicated above and necessary to the execution of the service, such as the management of the computer system and the management of the website.
Apart from these cases, personal data won’t be communicated unless there’s a contractual or legal provision, or upon specific consent by the Data Subject.
In this sense, personal data may be transmitted to third parties, but only and exclusively if:
a)There is explicit consent to share the data with third parties;
b)There is a need to share information with third parties in order to provide the service required by the Data Subject;
c)It is necessary in order to meet a request by the judicial or public security authorities.
TRANSFER OF PERSONAL DATA
Personal data will not be transferred to Third Countries, meaning countries not belonging to the European Union or to the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the provisions of the articles 44 et seq. of the GDPR.
DATA SUBJECT RIGHTS
The GDPR, in particular art. 15 and the following, provides various rights that can be exercised freely and free of charge against the Data Controller by the data subjects, listed below: Right of access, Right to rectification, Right to erasure or right to be forgotten, Right to restriction of processing, Right to obtain notification in case of rectification or erasure of personal data or restriction of the processing, Right to data portability, Right to object.
To exercise these rights, you can contact the Data Controller:
RIGHT TO LODGE A COMPLAIN
If the processing of personal data occurs in violation of the provisions of the GDPR, each data subject will have the right to lodge a complaint with a Supervisory Authority for the protection of personal data (Article 77 of the GDPR) or, alternatively, to lodge a complain against the judicial authority (Article 79 of the GDPR).
Newsletter and CEI News
Subject to your express consent, to be expressed by flagging the appropriate checkbox, you will be subscribed to CEI newsletters, thus allowing you to stay up-to-date on the topics of your interest: we remind you that, if provided, the consent can be revoked and the subscriptions can be modified at any time by clicking on the link provided in each communication or by filling out specific page.
Further details relating to the Privacy Policy of the CEI newsletters can be found at the specific page.