Policy and Consent Request
Pursuant to the General Data Protection Regulation (EU Regulation 2016/679)
Dear data subject, according to the indicated legislation, our processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and rights. Therefore, in accordance with Article 13 of GDPR 2016/679, we are providing you with the following information:
PROCESSING REFERRED TO IN THE POLICY: Website WSO – Website https://www.wsogroup.org/
- Interested Categories:
- Categories of Processed Data:
|Database: Website wsogroup.org
- Data Processing Methods:
Through electronic and traditional means
- Purpose of mandatory Data Processing:
- carry out your normal activities of answering the questions that come to us through the various forms of the website;
- fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (for example: issuing invoices);
- exercise the rights of the Data Controller (for example: treasury management, right of defense in court, etc.).
- Purpose of non mandatory Data Processing
- send them via e-mail, post, newsletter, commercial communications and / or information material on products and / or services offered by the Data Controller and survey of the degree of satisfaction with the quality of services;
The Data Processor and Data Controller ensure data subjects that their data will be processed only for the stated purposes and only to the extent strictly necessary for processing. They also agree, within the limits of reasonableness, to modify and correct all data that could be found in the meantime to be different from the originals, to keep them up to date at all times, and to delete all those data exceeding the declared processing.
- Methods of Data Processing
The treatment consists, for example, in operations of collection, registration, organization, conservation, extraction, consultation, use, communication, cancellation of personal data. It is carried out, for the aforementioned purposes, according to principles (pursuant to Article 5 of the GDPR n. 2016/679) of lawfulness, correctness, transparency, data minimization and accuracy. The data are processed by telephone, paper, computer and telematic methods. The processing takes place using suitable tools, technical and organizational measures adequate to guarantee security, integrity and confidentiality, avoiding in particular the risk of loss, unauthorized access, illicit use, dissemination, in compliance with the provisions of art. . 32 of the GDPR n. 2016/679, by the subjects and in compliance with the provisions of art. 29 of the GDPR n. 2016/679 and art. 2-quaterdecies of the Privacy Code.
Access to datato the employees and collaborators of the Data Controller in their capacity as persons in charge of processing and / or system administrators;to third-party companies or other subjects (by way of example: professional firms, consultants, software houses that provide management, credit institutions, insurance companies, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
No data of minors are processed.
Health, biometric and judicial data are not processed.
The processing has an indefinite duration:
The company World Sustainability Organization Srl declares the processing to have an indefinite date as it will keep it going in order to continue its business.
The Data controller and Data processor will ensure that data subjects can be assured that once the purposes of this processing have been achieved, the data will be deleted.
Marketing purposes: Your data is processed until you request cancellation or unsubscribe from the newsletter.
This processing does not involve automated or profiling processes.
- Transfer of Processed Data:
The Personal Data of the interested party is transferred to countries of the European Union and to third countries, in compliance with the provisions of the Regulation. In particular, Personal Data is transferred to third countries where part of the activity is performed.
In this regard, the following should be noted:
there is no adequacy decision in relation to the level of data protection guaranteed in these third countries;
in the absence of an adequacy decision, the data may be transferred to the third country only if the adequate guarantees pursuant to art. 46.2 of the Regulation, including the standard contractual clauses adopted by the Commission and/or by a national supervisory authority.
In this case, the transfer of data to third countries takes place on the basis of the standard contractual clauses referred to in the “Commission Decision of 5 February 2010 relating to the standard contractual clauses for the transfer of personal data to data controllers established in third countries at pursuant to Directive 95/46/EC of the European Parliament and of the Council” [notified under number C(2010)/87/EU] and therefore on the basis of the consequent “Authorisation for transfers to third countries through the standard contractual clauses pursuant to Commission decision 2010/87/EU in the case of an importer established in a third country” issued by the Guarantor for the Protection of Personal Data with provisions of 27 May 2010 and 15 November 2012.
DATA CONTROLLER: World Sustainability Organization Srl (email@example.com)
DATA PROCESSOR: Paolo Bray (firstname.lastname@example.org)
- Rights of Data Subjects
The data subject has the right, at any time, to obtain confirmation of the existence or non-existence of their data and to know its content and origin, verify its accuracy or request its integration, updating or rectification. They also have the right to request the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing. Requests should be addressed to the Data Controller, World Sustainability Organization Srl at its headquarters in Via Cappuccini 8, 20122 Milan (MI) or to the email address email@example.com
The data subject has the right to submit a complaint to the Privacy Authority if the Data Controller fails to respond to the data subject’s requests. The GDPR EU Regulation 2016/679 recognizes the following specific rights held by the data subject (http://www.garanteprivacy.it/web/guest/home/autorita):
- Right of access (art. 15)
- Right to rectification (art. 16)
- Right to erasure (right to be forgotten) (art. 17)
- Right to limitation of processing (art. 18)
- Right to receive notification in case of data rectification or erasure or restriction of processing (Art. 19)
- Right to data portability (art. 20)
- Right to object (art. 21)
- Right relating to automated decision-making, including profiling (art. 22)
The data subject may, at any time, submit a complaint to the Supervisory Authority by registered letter addressed to:
Garante per la protezione dei dati personali, Piazza Venezia 11, 00186, Roma.
Or by certified electronic mail (pec) message addressed to: firstname.lastname@example.org