PRIVACY POLICY – PRIVACY NOTICE

PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF THE REGULATION (EU) 2016/679

Data Intermediaries Alliance, as the Data Controller (hereinafter referred to as “Controller”), pursuant to the EU Regulation 2016/679 (hereinafter referred to as “Regulation”), considers the privacy and protection of Personal Data as one of the goals of its activity. Therefore, we invite you to carefully read this Notice before transmitting any personal data to the Controller, as it contains important information on the processing of Your Personal Data. “Personal Data” refers to any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Notice:
– Is provided for the websites https://www.dataintermediariesalliance.org/ and its subdomains (hereinafter referred to as “Site”);
– Is an integral part of the Site and the services we offer;
– Is issued pursuant to Art. 13 of the Regulation, to those interacting with the web services of the Site and of the Controller, whether through mere consultation or through the use of specific services made available via the Site.

The Controller can be contacted at the following address: info@dataintermediariesalliance.org.

This document has been prepared pursuant to Art. 13 of the EU Regulation 2016/679 (hereinafter referred to as “Regulation”) to allow you to know our privacy policy, to understand how your personal information is processed when you use our sites (https://www.dataintermediariesalliance.org/ and its subdomains) and, if necessary, to give your informed and free consent to the processing of Your Personal Data. The information and data you provide or otherwise acquired in the context of using the services of Data Intermediaries Alliance will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the activity of Data Intermediaries Alliance.

In accordance with the rules of the Regulation, the processing carried out by Data Intermediaries Alliance will adhere to the principles of lawfulness, fairness, transparency, purpose limitation and data retention, data minimization, accuracy, integrity, and confidentiality.

INDEX
1. Data Controller
2. Personal Data subject to processing
a. Navigation Data
b. Data voluntarily provided by the data subject
3. Purpose of processing
4. Legal basis and mandatory or optional nature of processing
5. Recipients of Personal Data
6. Retention of Personal Data
7. Transfer of data abroad
8. Rights of the data subject
9. Changes
____________________________________________________________________
1. Data Controller
The data controller of personal data is the Data Intermediaries Alliance (hereinafter “DIA”), located at Via Borgonuovo 12, 00121 – Milan, reachable at the email address info@dataintermediariesalliance.org.
2. **Personal Data subject to processing**
Following the navigation of the site, we inform you that Data Intermediaries Alliance will process your Personal Data, which may consist of an identifier such as name, an identification number, an online identifier, or one or more elements characteristic of your physical, economic, cultural or social identity suitable to make the subject identified or identifiable.
Any sensitive data, referred to in Art. 9.1 of Reg. 2016/679/EU, should not be processed unless prior explicit consent has been provided by the data subject.
a. Navigation Data
The computer systems and software procedures responsible for the operation of the Site, during their normal operation, acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. This data is used only to obtain anonymous statistical information on the use of the Site and to check its proper functioning, to identify anomalies and/or abuses, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties: except for this possibility, at present, web contact data does not persist for more than seven days.
b. Data voluntarily provided by the data subject
We may process identification and/or contact data such as name, surname, email, and telephone. Data and metadata related to the services offered by Data Intermediaries Alliance.
Should you communicate third-party Personal Data to DIA, you must ensure – assuming all responsibility – that such a particular processing scenario is based on a suitable legal basis under Art. 6 of the Regulation, which legitimizes the communication to DIA and the related processing of the information in question.
3. Purpose of processing
The processing of data that we intend to perform can have the following purposes:
a. To enable the provision of Services requested by you such as:
– general information request;
– subscription to events and initiatives organized by DIA;
– management of your possible associative relationship with DIA;
– promotion and management of donations and sponsorships by DIA, or subscriptions to its initiatives and editorial and scientific products;
b. to respond to requests for assistance or information;
c. to fulfill any legal, accounting, and tax obligations;
d. to assert or defend rights in court, in case of abuses in the use of the Site and/or our Services or for contractual or non-contractual disputes;
4. Legal basis and mandatory or optional nature of processing
The legal basis for processing Personal Data for the purposes referred to in section 3(a-b) is Art. 6.1.b) of the Regulation as the processing is necessary for the provision of Services or to respond to requests from the data subject. The provision of Personal Data for these purposes is optional but failing to provide it would make it impossible to activate the Services provided by the Site.
For processing within the statutory purposes of DIA, included among those in letter 3(a), data of adherents or subjects in regular contact with DIA may be processed. If you have purchased services or goods from DIA, your data may be processed for the purpose of direct sending of advertising material related to products or services of DIA similar to those you have purchased, without your consent (so-called “soft spam”). The processing of your data for such purposes is the legitimate interest referred to in Art. 6.1.f) of the Regulation and Art. 130 paragraph 4 of Legislative Decree 196/2003. In any case, under Art. 21 of the Regulation, you have the option to object to such processing at any time, initially or during subsequent communications, in an easy and free manner also by writing to the Controller at the above addresses, and to obtain immediate confirmation that this processing has been halted (Art. 15 of the Regulation).
The purpose referred to in section 3(c) represents a processing of Personal Data carried out under Art. 6.1.c) of the Regulation, to comply with a legal obligation. Once the Personal Data is provided, the processing is indeed necessary to fulfill a legal obligation to which DIA is subject. The processing for the purposes referred to in section 3(d) would be carried out under Art. 6.1.f) of the Regulation.

5. Recipients of Personal Data
Your Personal Data may be shared, for the purposes referred to in section 3 above, with:
a. Entities that typically act as data processors under Art. 28 of the Regulation, namely: i) individuals, companies, or professional firms that provide assistance and consultancy to DIA in accounting, administrative, legal, tax, financial, and credit recovery matters related to the provision of Services; ii) entities with which it is necessary to interact for the provision of Services (for example, hosting providers); iii) or parties delegated to perform technical maintenance (including the maintenance of network equipment and electronic communication networks); (collectively “Recipients”); a list of the data processors handling data can be requested from the Controller.
b. Entities, bodies, or authorities, independent data controllers, to whom it is mandatory to communicate your Personal Data by virtue of legal provisions or orders from the authorities;
c. Persons authorized by DIA to process Personal Data under Art. 29 of the Regulation necessary to carry out activities strictly related to the provision of Services, who have committed to confidentiality or have an appropriate legal obligation of confidentiality.

6. Data Retention
Personal Data processed for the purposes referred to in section 3 will be retained for the time strictly necessary to achieve those same purposes in compliance with the principles of minimization and limitation of retention according to Art. 5.1.e) of the Regulation. In any case, the Controller will process Personal Data for the time necessary to fulfill contractual and legal obligations.
More information regarding the data retention period and the criteria used to determine this period can be requested by writing to the Controller.

7. Data Transfer
There will be no processing of personal data in countries outside the European Union.

8. Rights of Data Subjects
Under Articles 15 and following of the Regulation, you have the right at any time to request access to your Personal Data, rectification or deletion of the same, limitation of processing in the cases provided for by Art. 18 of the Regulation, to obtain in a structured format commonly used and readable by an automatic device the data concerning you, in the cases provided for by Art. 20 of the Regulation. At any time, you may withdraw consent given under Art. 7 of the Regulation; file a complaint with the competent supervisory authority under Article 77 of the Regulation (Data Protection Authority WWW.GARANTEPRIVACY.IT), pursuant to Art. 77 of the Regulation, should you believe that the processing of your data is contrary to the legislation in force.
You may make a request to oppose the processing of your data under Article 21 of the Regulation in which you give reasons justifying the opposition: the Controller reserves the right to evaluate the request, which would not be accepted in case of compelling legitimate reasons to proceed with the processing that prevail over your interests, rights, and freedoms.
Requests should be addressed in writing to the Controller.

9. Changes
This privacy policy is effective as of June 13, 2024. DIA reserves the right to modify or simply update its content, in whole or in part, also due to changes in applicable legislation. DIA will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Site. DIA therefore invites you to regularly visit this section to be aware of the most recent and updated version of the privacy policy so as to be always updated on the data collected and the use made by DIA.