GDPR

Information notice on the processing of personal data pursuant to art. 13 of Regulation (EU) no. 2016/679

We inform you that pursuant to EU Regulation no. 2016/679, General Data Protection Regulation, (hereinafter also “GDPR”) you fall into the definition of “data subject” in relation to the processing of personal data carried out in the management of the website and the services rendered through it by the Italian Association of Labor and Social Security Law (AIDLaSS), https://www.aidlass.it , tax code 80348510589. 

Below the information that art. 13 §. 1 of the GDPR requires to be provided to the data subject at the time of providing personal data:

a)

Data Controller: Italian Association of Labor and Social Security Law (AIDLaSS), with address at the General Secretariat, Prof. Valeria Filì, Department of Legal Science, University of Udine, Via Treppo n. 18, 33100 Udine;

b)

Data Protection Officer: not applicable;

c)

Purpose and legal basis
Purpose Legal basis
Management of credentials of the website administrators
Consent (Art. 6 lett. a GDPR)
Management of the members’ credentials for accessing to their personal area
Consent (Art. 6 lett. a GDPR)
Management of the members’ personal data contained in their personal area
Consent (Art. 6 lett. a GDPR)
Management of members’, guest users’, suppliers’ and third parties’ personal data for record keeping of associative budget
Legittimo interesse (Art. 6 lett. f GDPR)
Management of members’, guest users’, suppliers’ and third parties’ personal data for the fulfillment of accounting and tax obligations
Legal obligations (Art. 6 lett. c GDPR)
Management of electronic payments made by means of an agreement with credit institution
Contract (Art. 6 lett. b GDPR)
Management of members’, guest users’ and other users’ e-mail addresses to send communications relating to institutional activities and share information within them (ex: meetings invitations)
Legitimate interest (Art. 6 lett. f GDPR)
Management of members’ and guest users’ e-mail addresses to promote the association’s activities (ex: conferences)
Consent (Art. 6 lett. a GDPR)
Processing of personal data concerning accesses to the website performed by the users (ex: cookies)
Consent (Art. 6 lett. a GDPR)

d)

legitimate interests: personal data whose processing is based on the legal basis referred to in art. 6 lett. f GDPR is strictly functional to their respective purposes: 
a. in case of the keeping of the association’s records: personal and fiscal data;
b. in relation to the newsletter: e-mail address.

e)

recipients: personal data is communicated to third parties, who are appointed as data processors pursuant to art. 28 GDPR. 
a. Providers of the website and of maintenance services and assistance in its management;
b. Assistance and maintenance of the secretarial management system;
c. Soggetti Subjects appointed to assist the association in accounting duties;
d. Taxation, in relation to the obligations required by the Law;
e. Banking institutions affiliated with the management of electronic payments;
f. Judicial and administrative authority in the cases provided for by the Law;
g. Service providers for the management of e-mail address books and of consents relating to the use of cookies;

f)

Transfer abroad: not applicable. 

The following information, in addition to the previous one, is provided when the data is obtained pursuant to art. 13 §. 2 GDPR.

a) Retention period of personal data: 10 years

b) The data subject is informed that he/she has the right to contact the data controller to:

  • Request access to personal data
  • Request the rectification or erasure of the same or
  • Request the restriction of the processing concerning him/her or
  • Object to their processing,
  • Exercise the right to data portability;

c) The data subject has the right to withdraw the consent at any time without affecting the lawfulness of the processing based on the consent given prior to the withdrawal;

d) The data subject has the right to lodge a complaint with a supervisory authority;

e) The provision of personal data constitutes a legal obligation only in relation to tax obligations. The data subject is not obliged to provide personal data, however some data is necessary for the establishment and management of the association relationship, as well as for the performance of the activities carried out by the association. The consequences in the event of failure to communicate personal data are detailed down below:

Personal data Consequences of not providing personal data
Name, Surname
The associative relationship cannot be established.
Living address
The associative relationship cannot be established.
Date and place of birth
The associative relationship cannot be established.
Social security number, VAT number
The associative relationship cannot be established.
Identity card (scan)
The associative relationship cannot be established.
Curriculum Vitae (attached to the registration request)
The associative relationship cannot be established.
E-mail address
The member cannot receive communications from the association by e-mail, nor access the association’s website (unless to do so he/she identifies him/herself indirectly through identifiers as a social network user, ex: Facebook)
Telephone number
The member cannot receive communications from the association via telephone/SMS/chat
Professional data (reference)
The data cannot be evaluated for registration purposes.
Identifier of the member as a GOOGLE, FACEBOOK user
The member cannot access the personal section using this feature.
Declaration of “junior” associate status for the purpose of payment of the fee
The member cannot take advantage of the status benefit
f) There is no automated decision-making process, including profiling.
Document updated on April 25, 2022.