Pursuant to Art. 13 of Regulation (EU) no. 2016/679, also known as the General Data Protection Regulation (hereinafter also referred to as “GDPR” for short), Cenpis Talent and Quality of Life Association informs you that your personal data (hereafter also referred to as “Data” for brevity), will be processed in compliance with the provisions of the GDPR and any applicable national and international legislation in force regarding the processing of personal data in accordance with this notice.

1. Data controller. Data Protection Officer

The Data Controller is.
Cenpis
(VAT number and Fiscal Code: IT0121010002021) based in
via Piazza Trasimeno 2, IT-00198 – Rome,
hereinafter for brevity also referred to as “Data Controller”. The Data Protection Officer can be contacted for any information pertaining to the processing of Data at the email address:
segreteria@cenpis.it
.

2. Categories of Data

Data processed by the Data Controller include:

– biographical data (first name, last name, age, gender), residential or home address and contact information (e.g., telephone, email address);

– bank and/or payment information;

– Data provided for the purpose of carrying out professional activities.

3. Purpose and legal basis of processing. Legitimate interest

Data will be processed for the purposes for which they were provided and for the fulfillment of legal obligations, pursuant to Art. 6, paragraph 1, subparagraph (b) and (c) of the GDPR, as well as the pursuit of the legitimate interest of the Owner, Art. 6(1)(f) of the GDPR, referring to:

1. fulfillment of the activities for which they were conferred (e.g., for the professional service that is the subject of the assignment);
2. compliance with internal administrative procedures and fulfillment of legal or regulatory obligations in force in Italy

In any case, the processing of your Data carried out on the basis of the Data Controller’s own legitimate interest takes place, in addition to the provisions of Art. 6(1)(f) of the GDPR, also in accordance with the provisions of recital no. 47 and to Opinion no. 6/2014 Article 29 Data Protection Working Party, para. III.3.1.

4. Method of processing

Your Data will be collected and recorded legitimately and fairly for the purposes stated above and will also be processed through the use of electronic and automated tools, including by entering and organizing it in databases, in accordance with the provisions of the GDPR on security measures, and, in any case, in such a way as to ensure the security and confidentiality of the Data.

5. Recipients or categories of recipients

The Data may be made accessible to, brought to the attention of, or communicated to the following individuals, who will be appointed by the Data Controller, as appropriate, as data processors – a list of whom is available at the Data Controller’s office – or appointees:

• employees and/or collaborators in any capacity of the Owner;
• Public or private entities, natural or legal persons, which the Data Controller uses to carry out the activities instrumental to the achievement of the above purpose or to which the Data Controller is required to communicate the Data under legal or contractual obligations.

In any case, the Data will not be disseminated.

6. Transfer of Data Abroad

For the purpose of processing instrumental to the management of the database, Data may be transferred to third countries (non-EU). In this case, the transfer will take place by adopting the contractual clauses prescribed by the decision of February 5, 2010 of the European Commission, as well as in such a way as to provide appropriate and adequate guarantees under Articles 46 or 47 or 49 of the GDPR.

7. Retention period

The Data will be kept for a period of time not exceeding 10 (ten) years for administrative purposes and, in any case, for the time strictly necessary to pursue the legitimate interest of the Data Controller.

8. Rights of access, cancellation, limitation and portability

The Controller informs you that you have the rights set forth in Articles 15 to 20 of the GDPR. By way of example only, sending a specific request via email to the following address
segreteria@cenpis.it
, you will be able to:

1. Obtain confirmation as to whether or not personal data concerning you are being processed;
2. where a processing operation is in progress, obtain access to the data and information related to the processing, and request a copy of the data;
3. Obtain correction of inaccurate data and supplementation of incomplete personal data;
4. obtain, if any of the conditions stipulated in Art. 17 of the GDPR, the deletion of Data concerning you;
5. Obtain, in the cases listed in Art. 18 of the GDPR, the restriction of the processing of Data concerning you;
6. Receive the Data concerning you in a structured, commonly used, machine-readable format and request its transmission to another data controller, if technically feasible.

9. Right of opposition

Pursuant to Art. 21 of the GDPR, you may exercise your right to object at any time to the processing of your Data carried out in pursuit of the legitimate interest of the Data Controller by sending an email to the email address
segreteria@cenpis.it
. In this case, the Data may no longer be processed, except where there are legitimate grounds for processing that override the interests, rights and freedoms of the data subjects, or for the establishment, exercise or defense of a legal claim.

10. Right to file a complaint with the Guarantor

The Data Controller also informs you that you may file a complaint with the Garante per la Protezione dei Dati Personali if you believe that your rights under the GDPR or any other applicable legislation have been violated, in the manner indicated on the website of the Garante per la Protezione dei Dati Personali accessible at: www.garanteprivacy.it.