The Data Controller processes personal data (hereinafter, "Personal Data" or also "Data"), collected in the compiling of the contact form. In particular, the Data Controller processes the identification and contact data - such as name, surname, e-mail and telephone number - of the Company's legal representative and of its employees/collaborators that you may have provided.

PURPOSE

A. Send you by mail, e-mail, SMS and telephone informative and promotional communications and newsletter.

LEGAL BASIS - Consent

STORAGE - 2 years

PURPOSE

B. Share your Data with third parties for their marketing purposes (belonging to the following categories: public administrations, public companies, partners of the Data Controller).

LEGAL BASIS - Consent

STORAGE - 2 years

The processing of your Data is carried out, both on paper and by computer, by means of the operations of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Your personal data is processed electronically and, if necessary, automatically. Your personal data is protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the original purpose of collection. This is achieved by the technical and organisational security measures implemented by the Data Controller.

The provision of the Data is not mandatory. Without your consent, you do not will receive our communications.

Your Data may be made accessible for the above purposes to:

• employees and/or collaborators of the Data Controller, in their capacity of data processors and/or internal data processors and/or system administrators;
• other third parties (e.g., IT suppliers, etc.) carrying out outsourcing activities on behalf of the Data Controller, in their capacity of external data processors.

Data Controller may be communicated, even without your consent, to control bodies, law enforcement agencies or judiciary, local authorities (regions, provinces, municipalities), at their express request that will treat them as independent data controllers for institutional purposes and / or by law during investigations and controls.

Data Controller may also be communicated with your consent to third parties (belonging to the following categories: public administrations, public companies, partners of the Data Controller) in the quality of independent data controllers, for their marketing / institutional purposes.

Your Data will not be disseminated but may be transferred to countries outside the European Union. For this purpose, in accordance with privacy legislation, the Data Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (e.g. adequacy decisions or standard contractual clauses).

The Data Controller informs you that, as an interested party, if the limitations provided for by law do not apply, you have the right to:

• obtain from the Data Controller confirmation of the existence or not of Your personal data, even if not yet registered, and that such data be made available to You in an intelligible form;
   
• obtain from the Data Controller an indication and, if applicable, a copy of: a) the origin and category of Personal Data; b) the logic applied in case of processing carried out with the aid of electronic tools; c) the purposes and methods of the processing; d) the identity of the owner and handlers; e) the subjects or categories of subjects to whom the personal data are communicated or who can learn about them, in particular if they are recipients of third countries or international organizations; f) when possible, of the data retention period or the criteria used to determine this period; g) the existence of an automated decision-making process, and in this case the logic used, the importance and consequences envisaged for the interested party; h) the existence of adequate guarantees in the event of data transfer to a non-EU country or to an international organization;
   
• obtain from the Data Controller, without undue delay, the updating and correction of inaccurate data or, when interested, the integration of incomplete data;
   
• withdraw at any time, easily, without hindrance, the consents given, using, if possible, the same channels used to provide them;
   
• obtain from the Data Controller the cancellation, transformation into anonymous form or blocking of data that are: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of revocation of the consent on which the treatment is based and in case there is no other legal basis; d) if you have opposed the processing and there is no legitimate overriding reason to continue it; e) in case of fulfilment of a legal obligation; f) in the case of data referring to minors. The Data Controller may refuse cancellation only in the case of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, for scientific or historical research or for statistical purposes; e) exercise of a right in court;
   
• obtain from the Data Controller the limitation of processing in the case of: a) disputation of the accuracy of Personal Data; b) unlawful processing by the Data Controller to prevent its cancellation; c) exercise of Your right in court; d) verification of the possible prevalence of the Data Controller's legitimate reasons with respect to those of the interested party;
   
• receive from the Data Controller, if the processing is carried out by automatic means, without impediments and in a structured, commonly used and legible format, the Personal Data concerning You, in order to transmit them to another Data Controller or - if technically feasible - to obtain direct transmission from part of the Owner to another owner;
   
• object, in whole or in part: a) for legitimate reasons, connected to Your particular situation, to the processing of personal data concerning You; b) to the processing of Personal Data concerning You for the purpose of sending communication material, by e-mail and/or by traditional methods such as telephone and/or paper mail;
   
• files a complaint to the Italian Authority for the Protection of Personal Data.
   

In the cases mentioned above, where necessary, the Data Controller will inform the third parties to whom Your Personal Data are communicated of the possible exercise of these rights by You, with the exception of specific cases (e.g. when this fulfilment proves impossible or involves the use of means that are manifestly disproportionate with respect to the protected right).

You can at any time exercise these rights vis-à-vis the Data Controller:

• by sending a registered letter to the legal address of the Data Controller;
• by sending an email to privacy@yesmilano.it.

The Data Controller is Associazione Milano & Partners, with registered office in Piazza della Scala no. 2 - 20121, Milan, Italy, Tax Code 97726610153, VAT no. 11016320969, which has also appointed a Data Protection Officer who can be contacted by sending an email to dpo@yesmilano.it.

The updated list of data processing managers, data processors and system administrators, on the other hand, is kept at the offices of the Data Controller.

Milano, 18/03/2024

Associazione Milano & Partners