Information on the protection of personal data (Legislative Decree 30.06.2003 No. 196 - EU Regulation 679/2016)
MyTata Inglese Association, with registered office in Florence, Via dello Statuto No. 4, represented by the founding partners, Mrs. Thaila Arzoglou (tax code RZGTHL79A69Z115G) and Patricia Esmeralda Estrada (tax code STRPRC88C57Z404F), mytatainglese@gmail.com, (tel. 338/6584939), as the Data Controller, hereby informs each member of the company structure, hereinafter also referred to as the data subject, that, in relation to the existing relationship with the association as of today's date, the personal data concerning the member and the minor over whom they exercise guardianship, held by the Data Controller or that will be requested or communicated by third parties, are necessary and will be used for the purposes indicated below.
PERSONAL DATA SUBJECT TO PROCESSING AND PURPOSES OF PROCESSING
The personal data collected, including identification, accounting, tax, computer, and banking information, communicated and collected in the performance and conduct of activities within the scope of their role, and in compliance with the provisions on the processing and protection of personal data, are used by the Data Controller in full compliance with the principles of fairness and lawfulness and the applicable legal requirements. They are utilized for instrumental and functional purposes related to the pursuit of instrumental and/or complementary purposes to the activities expressed in the bylaws, as well as for monitoring, administration, management, and representation arising from the position of the data subjects and their participation in the company of the Data Controller. They are also used for related activities such as archiving, invoicing, processing, and record-keeping.
The personal data of the minor over whom the data subject exercises guardianship may include sensitive data, such as health issues, allergies, and dietary intolerances. Similarly, they are used by the Data Controller in full compliance with the principles of fairness and lawfulness and the applicable legal requirements for instrumental and functional purposes related to the pursuit of instrumental and/or complementary purposes to the activities expressed in the bylaws.
In the context of the treatments described, it is necessary to know and memorize the personal data of the interested party and of the minor over whom he exercises parental authority, as well as the acquisition of the variations of such data which he will take care to communicate as soon as verified, for the purpose of a proper relationship management.
The Data Controller also informs that any failure and/or incorrect communication of any of the mandatory information will result in the inability of the Data Controller to guarantee the adequacy of the processing itself to the contractual agreements for which it is carried out, as well as the possible non-compliance of the processing results with the obligations imposed by tax, administrative, or labor regulations to which it is addressed.
Certain data (email address, phone number) are also collected, with your express consent, for the performance of marketing activities, such as sending advertising materials, newsletters, and communications with informational and/or promotional content via email and/or SMS, related to products or services provided and/or promoted by the Data Controller, MyTata Association.
For the purposes mentioned in the preceding paragraph, providing the data is optional, and any refusal to provide such data and give consent will result in the Data Controller being unable to carry out the marketing activities.
The processing will be based on the principles of fairness, lawfulness, transparency, and the protection of privacy and your rights.
DATA PROCESSING METHODS
The processing of data is carried out through computerized procedures or any other electronic or paper-based means by specifically authorized individuals, whether internal or external, who are committed to confidentiality. The data is stored in both paper and electronic archives, ensuring full compliance with the security measures required by the legislator.
LOCATION OF PROCESSING
Currently, the data is processed and stored at the registered office of the association. Additionally, on behalf of the Data Controller, professionals and/or companies entrusted with technical, development, management, administrative-accounting, and legal activities may also process the data.
COMMUNICATION AND DISSEMINATION
The collected data will not be subject to disclosure and dissemination. Communication to third parties, other than the Data Controller, internal and external processors within the associative structure, and appointed data processors, is only foreseen for the fulfillment of activities related to the established relationship, ensuring the protection of the rights of the data subject. Specifically allowed and necessary for the management of the employment relationship, communications to companies and/or individuals with whom specific agreements are in place based on shared processing purposes and the provision of services related to the Data Controller's ongoing activities are provided. This includes public and private entities for social security, welfare, or insurance purposes,
trade union associations and representatives to fulfill specific obligations arising from collective bargaining. It also includes companies providing IT assistance, credit institutions, competent medical professionals according to Legislative Decree No. 81/2008, chartered accountant firms providing assistance and consultancy to the association, and companies engaged in data processing, accounting, and archiving activities.
DATA TRANSFER
The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the right to use cloud services, and in such cases, service providers will be selected from those who provide adequate safeguards, as provided for in Article 46 of EU Regulation No. 679/16.
RETENTION PERIOD
The personal data of the data subjects will be retained for the time necessary to fulfill the existing relationships between the parties and to comply with related obligations. The retention period will also be in accordance with applicable legal requirements in social security matters, as well as the statutory limitation periods for the exercise of rights arising from the relationship, even after its definitive termination. Nonetheless, precautions will be taken regarding sensitive data, whereby the Data Controller ensures periodic verification of their strict relevance, non-excessiveness, and indispensability concerning the ongoing or ceased processing.
RIGHTS OF THE DATA SUBJECT
The data subject may exercise their rights as expressed in Articles 15, 16, 17, 18, 20, and 21 of EU Regulation No. 679/2016 by contacting the Data Controller.
In particular, according to Article 15, the data subject has the right to obtain from the Data Controller confirmation of whether or not personal data concerning them is being processed, and if so, to access the personal data and obtain information related to such data as specified in the aforementioned article.
The data subject, in accordance with Article 16 of the Regulation, has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning them without undue delay, as well as the right to have incomplete personal data completed by providing a supplementary statement. According to Article 17, the data subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay.
In accordance with Article 18 of the Regulation, the data subject has the right to obtain from the Data Controller the restriction of processing where a) the accuracy of the personal data is contested by the data subject, b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead,
c) the Data Controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims, or d) the data subject has objected to processing pursuant to Article 21, paragraph 1, pending the verification of whether the legitimate grounds of the Data Controller override those of the data subject. The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another Data Controller without hindrance if a) the processing is based on consent or on a contract, and b) the processing is carried out by automated means.
Finally, according to Article 21 of the Regulation, the data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them.
COMPLAINT TO THE SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, the data subject who considers that the processing of personal data concerning them violates this regulation has the right to lodge a complaint with the supervisory authority.
AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not carry out any processing that involves automated decision-making based on personal data of individual customers or individuals acting on behalf and for the account of legal entity customers.
NATURE OF DATA PROVISION
The provision of data, including sensitive data in the cases established and, where applicable, judicial data, is mandatory for the obligations required and sanctioned by law. In all other cases, the provision is optional but necessary, and any refusal by the data subject will result in the Data Controller's inability to proceed with the establishment of the relationship and its timely execution.
Florence, _________ MyTata Inglese Association The PRESIDENT OF THE ASSOCIATION
