Information notice concerning the processing of personal data, in accordance with article 13 of the Regulation EU 2016/679- GDPR

Purpose of this privacy policy

This page will describe the management of the website (the “Website”) as regards the processing the personal data of users that visit it.

Specific privacy policies

Specific privacy policies might be presented on the pages of the Website in connection with any special services or processing of the data provided by the User or by the data subject.

Please note that during the Annual Congress of ASSO DPO videos will be shot and pictures will be taken in public areas (exhibition room, conference rooms etc.) and during the different sessions of the Congress to be spread by web for communication and promotional activities (websites, Mass media, Social Networks etc.). If you do not want your image and/or sound to be spread, please inform our staff before the event, even on site. All participants can be identified by name. The full privacy policy concerning photos (video images) will be available even at the Congress venue

Data controller

Data Protection Officer Association (ASSO DPO), with registered office in P.le Principessa Clotilde, 6 20121 Milan, in person of its President pro tempore Dott. Matteo Colombo,

 Processing purposes and data retention

1. Navigation data on this web site
Legal basis: Please see cookies policy
Data retention: Please see cookies policy

2. Contact or information request
Legal basis: Legitimate interest | Data subject request
Data retention: up to 1 year

3. ASSO DPO’s newsletter subscription by e-mailing list, by filling the form

Legal basis: Consent

Data retention: Duration of service | opt out


4. Administrative-accounting activities in general/ Subscription to Congresso ASSO DPO i.e., processing of data connected with the performance of organisational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, these purposes are pursued by internal organizational activities, those functional to membership of the Association, the management of conference registrations.

Legal basis: Legitimate interest/ management of membership data and enrolled in couses

Data retention: 10 years /Art.2220 Italian Civil Code


Categories of processed data

With exception of what above specified concerning navigation data, the user is free to provide personal data. The provision of data is necessary or optional and discretionary although it may be necessary for some specified purposes. Failure to provide the data marked with the symbol* will make it impossible to obtain what has been requested (subscription to Congresso) or to use the services of the data controller (subscription to the mailing list).

Recpient or categories of recipients

Provided personal data will be shared with companies contractually linked to Associazione Data Protection Officer, within or outside the European Union, pursuant to art. 44 EU Regulation 2016/679 in order to comply with the related purposes indicated above. Data shall be transferred to third Countries outside EU, in particular in Switzerland, a Country considered safe by the European Data Protection Supervisor, within the limits set forth art.45 EU Regulation 2016/679. Namely, data will be shared with:

- entities that provide services for the management of the information system used by Assiciazione Data Protection Officer e and the telecommunication networks;- firms or companies which provide assistance and advice;

- third parties who provide services for the management of the activities indicated above in the purposes (third parties for communication, printing brochures, flyers, websites, videos); -operators of platforms for the services listed above (hosting sites, youtube); -Commercial Partners, only with prior consent; -authorities competent to fulfill obligations of laws and / or provisions of public bodies, on request; -other members; - Companies hosting events or security services.

Subjects belonging to the aforesaid categories act as Data Processors or in complete autonomy as separate Data Controllers. The list of Data processors is constantly updated and it is available by sending an e-mail to

If at the time of registration online, you have given consent for the diffusion of your data through publication on the institutional website of the Association, your data will be diffused. Any further communication or data diffusion will take place only with your explicit prior consent.


Data subjects’ rights

You may free exercise your rights according to articles 15, 16, 17, 18, 19, 20, 21, 22 UE Regulation 2016/679, by contacting the Data Controller – ASSO DPO by sending an email to the following address or by telephone at the following number 800.561.720 or +39 347 544 6259.You shall have the right, at any time, to obtain from the Data Controller the access to your personal data, request their rectification, erasure as well as the restriction of their processing. Furthermore you have the right to object anytime to your personal data processing (automated meaning included , i. e. profiling). Without prejudice to any other administrative or judicial remedy, in case you consider your data processing in contrast with Reg. UE 2016/679, pursuant to article 15 lett. f) you have the right to lodge a complaint with a supervisory authority and, pursuant to article 6 paragraph no. 1, lett. a) (consent) and article 9, paragraph no. 2, lett. a) (single purpose consent on particular data processing), you have the right to revoke your expressed consent at any time. In exercising your right to data portability, the Data Controller may provide your personal data in a structured, commonly used and machine-readable format, without prejudice to paragraphs 3 and 4 of Article 20 of EU Reg. 2016/679. 

 Amendments to the privacy policy

The Data Controller reserves the right to modify, update, supplement or remove parts of this policy at its own discretion and at any time. The data subject is required to check any changes on a regular basis. In order to make this easier, the policy shall include the update date of the policy itself.


Update date: September 6th, 2019