EU Regulation 679/2016 (“GDPR”)
- 31 January 2019
The Cultural Association AB Factory (“AB” or the “Owner“) is committed to protecting the Personal Data entrusted to it. Therefore, their management and security are guaranteed with the utmost care, in accordance with the requirements of the privacy legislation as per EU Regulation 679/2016.
This information regarding AB and its website www.artrightsprice.com explains who we are, for what purposes we may use your data, how we manage them, to whom they may be communicated (e.g. user companies, accommodation facilities, public bodies, etc..), where they may be transferred and what are your rights.
www.artrightsprize.com is the site aimed at promoting products and services of AB, certified incubator ex D.L. 179/2012 and subsequent amendments.
- Who will process my data?
Your data will be processed, as Data Controller, by:
CULTURAL ASSOCIATION AB FACTORY : VIA L. ALAGON 29
CAGLIARI09127 CAGLIARI CA, ITALYTEL/FAX
The list of External Data Processors for the processing of Personal Data is available at the headquarters of the Data Controller.
- Why do you need my data?
The Owner will use your data exclusively for the following purposes:
- a) Purposes related to the management of the contractual relationship and the provision of services purchased by the customer or other information and/or contractual material of the Owner. In this context, Your Personal Data will be processed for the following purposes: establishment, management and termination of the contractual relationship with AB; fulfillment of accounting and tax obligations; fulfillment of legal obligations (for example: anti-terrorism controls; anti-money laundering controls; tax and accounting controls; litigation management); provision, support, updating and information about the services offered.
- b) Purposes related to marketing activities, sending information material and commercial promotion. In this context, with Your specific consent, Your Personal Data will be processed for the following purposes: market research; economic and statistical analysis; social, cultural, solidarity initiatives; updating on training initiatives; sending advertising/information/promotional material and updates on initiatives, promotions and offers of the Owner or third companies operating in collaboration with the Owner; communications and information on the activities of the Owner and events in which the Owner participates.
- c) User profiling for marketing purposes
AB will carry out the treatment:
– with reference to letter a) above, because it is necessary for the fulfilment of contractual obligations; to fulfil legal obligations, to which AB is subject (e.g. accounting obligations, remuneration, social security, anti-terrorism controls); because the treatment is necessary to pursue a legitimate interest (e.g. anti-money laundering audits, use of video surveillance tools to protect corporate assets, fraud prevention, protection of corporate strategic interests and related business relationships).
– with reference to letter b) above, on the basis of Your express consent.
It follows that the provision of Personal Data is necessary for the purposes of providing the service.
The provision of personal data for the purposes set out in letters b) and c) is not necessary for the purposes of providing the service and the granting of consent is optional.
Any partial or total failure to provide the data will result in the partial or total impossibility to achieve the above purposes.
The extent and adequacy of the Data provided will be evaluated from time to time, in order to determine the consequent decisions and to avoid the processing of Data in excess of the purposes pursued.
We will not use your personal data for purposes other than those described in this policy, unless we inform you in advance and, where necessary, obtain your consent.
Processing of data of minors pursuant to art. 8 of the Regulation.
The provision of personal data – in order to be valid – must come from persons over the age of 16: according to art. 8 of the Regulation the minor who has reached the age of 16 can express his/her consent to the processing of his/her personal data in relation to the services offered on the Site.
Again in accordance with the provisions of Article 8 of the Regulation, the processing of personal data of a minor who has not at least sixteen years of age may be based on a valid consent given by the minor only on condition that he or she has been authorized by the person exercising parental responsibility to give consent or on condition that the consent is given directly by the parental authority. Registration of unauthorized users under the age of sixteen is not permitted. By browsing or otherwise merging your personal data on the Site you confirm that you are in possession of the above age requirements.
- How will you use my data?
AB has as its objective the protection of the Data of its customers, based on the principles of fairness, lawfulness and transparency.
We inform you, therefore, that Your Personal Data will be processed, through the use of tools and procedures suitable to ensure maximum security and confidentiality, through archives and paper media, with the help of digital media, computer and telematic means.
The communications referred to in point 2) above can take place in traditional ways (eg, paper mail, phone calls with operator), automated (eg, phone calls without operator) and similar (eg, fax, e-mail, sms, mms).
AB may send service communications and, if You have given specific and separate consent, communications of a commercial and promotional nature, through the use of electronic mail, fax, sms, mms, chat telegram, whatsapp, automated systems without operator intervention and similar, including electronic platforms and other telematic means, as well as through paper mail or telephone calls through operator
You are however given the right to exercise the right of opposition which, in the absence of Your indication to the contrary, will be referred to both traditional and automated communications.
- How long will you keep my information?
Your Personal Data will be kept, starting from their receipt/updating, for a period of time consistent with the above mentioned processing purposes.
Below is the duration of the different treatments:
Main normative references
maximum 12 months after sending the candidate’s Curriculum Vitae
Article 5 letter e) of Reg EU 2016/679.
10 years following termination of employment
art. 43 of Presidential Decree 600/73; art. 2946 Civil Code on ordinary prescription; Title I, Chapter III, of Legislative Decree 81/08 and subsequent amendments and additions.
Customers and suppliers
10 years after the end of the contractual relationship
art. 2948 civil code that provides for the prescription of 5 years for periodic payments; art. 2220 civil code that provides for the conservation for 10 years of accounting records; art. 22 of D.P.R. 29 September 1973, n.600.
Customers, for marketing and profiling purposes.
In compliance with the terms prescribed by law for the type of activity and in any case until the revocation of consent or until the exercise of the right of opposition
art. 21 EU Reg. 2016/679.
- Will you share my information with others?
Your Data may be communicated to AB’s partners for the management of existing contracts with you, and to third parties (including debt collection companies, professionals, public bodies, auditing or supervisory bodies), to fulfill obligations arising from the law, regulations, EU regulations or for aspects concerning the management and execution of the contractual relationship.
Your personal data is not transferred to third parties for marketing purposes unless you have expressly consented to such transfer.
For all the purposes indicated in this notice, your data may also be communicated abroad, inside and outside the European Union, in compliance with the rights and guarantees provided for by current legislation, subject to verification that the country in question guarantees an “adequate” level of protection.
The Data will also be processed by internal resources of AB’s offices, properly trained, which operate as authorized personnel to process the Data in accordance with art. 29 GDPR.
It is informed, also, that in fulfillment to a company policy, all the company mails will be conserved through a system of archiving ceded in outsourcing.
Access to the archived Data may only be made by public authorities, in the cases and methods provided for by the laws in force, in the event of legal disputes.
Your Personal Data is not subject to disclosure.
The list of persons responsible ex art. 28 GDPR is available at the headquarters or by request via email to firstname.lastname@example.org
- Do you transfer my data outside the European Union?
Personal data is mainly processed within the European Union. For some services we use tools (Google Inc., The Rocket Science Group – Mailchimp) of companies with registered offices in the United States of America and adherent to the Privacy Shield, which ensures that the processing of personal data is in line with European legislation on the protection of personal data.
For a better and more detailed information, we inform you that the email service referred to in the email addresses related to artbackers.agency, is based on the email service provided by Gmail managed Google LLC, based in Montain View, California together with the European subsidiaries whose list is available here https://privacy.google.com/businesses/affiliates/ (hereinafter “Google”).
Google declares that it respects the principles established by the GDPR and the so-called Privacy Shield, the regulatory framework defined by the United States and the European Commission. Google is currently on the list of companies covered by the Privacy Shield and available at the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
If you do not wish to share personal information and data through Google, please do not send such information and data to the aforementioned email address and agree with the Professional another way of sharing.
MailChimp declares to respect the principles established by the GDPR and the so-called Privacy Shield, the regulatory framework defined by the United States and the European Commission. Currently MailChimp is on the list of companies covered by the Privacy Shield and available at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG
Personal data are processed by companies that take care of updating and maintenance of the website, e-mail service and storage of computer documents or that provide other services to the Data Controller, formally designated as responsible for the processing of personal data and bound to compliance with technical and organizational security measures that ensure the protection of personal data of the data subjects. They have signed a Data Processing Agreement as data controller:
The rocket science group – Mail Chimp
- What are my rights?
At any time, you will have the right to ask:
- a) access to your personal data;
- b) their correction in case of inaccuracy;
- c) cancellation;
- d) the limitation of their treatment.
You will also have:
the right to object to their treatment:
– if treated for the pursuit of a legitimate interest of AB except where required by law;
– if processed for direct marketing purposes;
the right to their portability, i.e. to receive the personal data you have provided in a structured, commonly used and machine-readable format.
We will take care of Your request with the utmost effort to ensure the effective exercise of Your rights. Finally, you will have the right to lodge a complaint with the national supervisory authority (Privacy Guarantor).
To exercise your rights write email@example.com
- Can I revoke my consent after I have given it?
Yes, you may revoke Your consent, at any time, without this being possible, however:
– affect the lawfulness of the processing based on the consent given before the revocation;
– prejudice further processing of the same data based on other legal bases (for example, contractual obligations or legal obligations to which AB is subject)
- I still have some questions…
For more information about this policy or any privacy issues, or if you wish to exercise your rights or revoke your consent, please contact firstname.lastname@example.org or visit the Privacy Guarantor’s website www.garanteprivacy.it.
Summary information on the other rights of the interested party.
The GDPR grants the interested party a series of rights that according to the Transparency Guidelines WP 260 it is mandatory to summarize in their main content within the disclosure. These rights are summarized and summarized below:
Right of access (to your personal data only): Right to obtain from the data controller confirmation as to whether or not personal data relating to the data subject are being processed and, if so, to obtain access to the personal data and to be informed of the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients from third countries or international organizations; where possible, the period of retention of the personal data envisaged or, if this is not possible, the criteria used to determine that period; where the data have not been collected from the data subject, the right to receive all available information on their source; the right to receive information on the existence of an automated decision-making process, including profiling and significant information on the logic used and the importance and expected consequences of such processing for the data subject.
Right of rectification and integration: The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary statement. The data controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients if the data subject so requests.
Right to cancellation: the interested party has the right to obtain from the data controller the cancellation of personal data concerning him/her without unjustified delay (and where the specific reasons of the art. 17 paragraph 3 of the GDPR which, on the contrary, relieves the data controller from the obligation to cancel) if the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; or if the data subject revokes the consent and there is no other legal basis for processing; or if the data subject opposes processing for marketing or profiling purposes, including by revoking consent; if the personal data have been processed unlawfully or concern information collected from minors, in violation of art. 8 of GDPR. The data controller shall inform each of the recipients to whom the personal data have been transmitted of any deletions unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients if the data subject so requests.
Right to limitation of processing: the data subject has the right to obtain from the data controller the limitation of processing (i.e., according to the definition of “limitation of processing” provided by Article 4 of the GDPR: “the marking of personal data stored with the aim of limiting its processing in the future”) when one of the following hypotheses applies: the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful and the data subject opposes the deletion of the personal data and instead requests that its use be limited; although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court; the data subject has objected to the marketing processing, pending verification as to whether the legitimate reasons of the data controller prevail over those of the data subject. If the processing is limited, such personal data shall be processed, except for storage, only with the consent of the data subject or for ascertaining, exercising or defending a right in court or to protect the rights of another natural or legal person or for reasons of relevant public interest The data subject who has obtained the limitation of the processing shall be informed by the data controller before the said limitation is lifted. The data controller shall inform each of the recipients to whom the personal data have been transmitted of any limitations, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients if the data subject so requests.
Right to object: the data subject has the right to object at any time, for reasons related to his/her particular situation, to the processing of his/her personal data carried out by the data controller or for the performance of a task carried out in the public interest or connected with the exercise of public authority vested in the data controller or carried out in pursuit of the legitimate interest of the data controller or third parties (including profiling). Furthermore, if personal data are processed for direct marketing or commercial profiling purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her carried out for such purposes.
Right not to be subject to automated decisions, including profiling: the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects his/her person in a similar way, except in cases where the automated decision is necessary for the conclusion or performance of a contract between the data subject and a data controller; is provided for by law, subject to measures and safeguards; is based on the data subject’s explicit consent.
For usefulness, however, the link to articles 15 to 23 of the GDPR on the rights of the interested party is given below.
Definition of “cookie”.
Cookies are short fragments of text (letters and/or numbers) that allow the web server to store on the client (the browser, e.g. Internet Explorer, Chrome, Firefox, Opera…) information to be reused during the same visit to the site (session cookies) or afterwards, even after days (persistent cookies).
Cookies are stored, according to the user’s preferences, by the individual browser on the specific device used (computer, tablet, smartphone).
Similar technologies, such as web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to collect information on user behavior and use of services.
A cookie cannot recall any other data from the user’s hard drive or transmit computer viruses or acquire email addresses. Each cookie is unique to the user’s web browser. Some of the functions of cookies may be delegated to other technologies.
The term ‘cookies’ refers to cookies and all similar technologies.
Technical cookies strictly necessary. These are cookies that are indispensable for the correct functioning of a website and are used to manage various services linked to websites (such as a login or access to reserved functions on the sites). The duration of cookies is strictly limited to the working session or they can take advantage of a longer stay in order to remember the visitor’s choices. The deactivation of strictly necessary cookies may compromise the experience of use and navigation of the website.
Analytics and performance cookies. Cookies are cookies used to collect and analyze traffic and use of a website anonymously. These cookies, while not identifying the user, allow, for example, to detect if the same user returns to log in at different times. They also make it possible to monitor the system and improve its performance and usability. The deactivation of these cookies can be performed without any loss of functionality and will be dealt with in detail later.
Profiling cookies (not operational on this Site). These are permanent cookies used to identify (anonymously or otherwise) your preferences and improve your browsing experience. For more information on these cookies that are not used by the Website, please visit the appropriate section on the website www.garanteprivacy.it/cookie.
Purpose of the treatment and purposes of technical session cookies.
1. cookies with data compiled by the user (session identifier), the duration of a session or persistent cookies limited to a few hours in some cases;
2. cookies for authentication, used for the purposes of authenticated services, the duration of a session;
user-centered security cookies, used to identify abuses of authentication, for a limited persistent duration;
4. session cookies for multimedia players, such as cookies for “flash” players, for the duration of a session;
5. session cookies for load balancing, for the duration of a session;
6. persistent cookies for customizing the user interface, for the duration of a session (or a little more);
7. cookies for sharing content through third-party social plug-ins, for members of a social network who have logged in.
The Data Controller therefore informs that only technical cookies (such as those listed above) necessary to navigate within the Site are operational on the Site as they allow essential functions such as authentication, validation, management of a browsing session and fraud prevention and allow, for example: to identify whether the user has regularly accessed areas of the Site that require prior authentication or user validation and management of sessions relating to the various services and applications or the storage of data for access in secure mode or control and fraud prevention functions.
For maximum transparency, we list below a series of technical cookies and specific operational cases on the Site:
– cookies implanted in the terminal of the user/contractor directly (which will not be used for further purposes) such as session cookies used to “fill the cart” in online reservations on the Site, authentication cookies, cookies for multimedia content such as flash player that do not exceed the duration of the session, customization cookies (for example, for the choice of navigation language, recall ID and password complete with the first few characters, etc.);
– cookies used to statistically analyze accesses/visits to the site (so-called “analytics” cookies) which pursue exclusively statistical purposes (and not also for profiling or marketing) and collect information in aggregate form without the possibility of tracing back the identification of the individual user. In these cases, since current legislation prescribes that for analytics cookies, the interested party is provided with a clear and adequate indication of the simple ways to oppose (opt-out) their installation (including any mechanisms of anonymisation of the cookies themselves), we specify that it is possible to deactivate analytics cookies as follows: open your browser, select the settings menu, click on the internet options, open the privacy tab and choose the desired level of cookie blocking. If you want to delete cookies already stored in memory, simply open the security card and delete the history by checking the box “delete cookies”.
Third Party Cookies
By visiting a website you may receive cookies from sites managed by other organizations (“third parties”) that may reside in Italy or abroad.
An example on most websites is the presence of YouTube videos, Google API, use of Google Maps, and the use of “social plugins” for Facebook, Twitter, Google+ and LinkedIn. These are parts of the page visited generated directly from these sites and integrated into the page of the host site. The most common use of social plugins is aimed at sharing content on social networks in order to increase the visitor’s user experience.
The presence of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of information collected by “third parties” is governed by the relevant information to which please refer. In order to ensure greater transparency and convenience, below are the web addresses of the various information and methods for the management of cookies, specifying that the Data Controller has no responsibility for the operation of third party cookies on this Site. –
Google information: on the use of data at http://www.google.com/policies/technologies/cookies/ and full information at
http://support.google.com/accounts/answer/61416?hl=it– Google (configuration): the guide on the general out-out for Google services (Maps, YouTube…) is available at
http://support.google.com/analytics/answer/6004245– Facebook information: http://support.google.com/analytics/answer/6004245- and http://www.google.com/policies/technologies/cookies/-
Facebook (configuration): access to your account. Privacy section. Or follow the various guides on the web e.g. https://www.linkedin.com/settings/–
Twitter information: https:
//twitter.com/settings/security- Twitter (configuration): https://twitter.com/settings/security and https://www.linkedin.com/legal/cookie-policy– Linkedin information: https:
Linkedin (configuration): _COPY-
Google+ information: https://twitter.com/settings/security-
Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/
As clarified by the General Provision of the Privacy Guarantor on cookies of 8 May 2014, cookies analytics are assimilated to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site itself: these are exactly the functions and purposes of the processing on this Site.
However, you can still opt-out by visiting the website http://tools.google.com/dlpage/gaoptout?hl=en by performing the opt-out, you can also deny consent and block third-party cookies through plugins for browsers, looking on Google “block and delete third-party cookies” there are many guides that differ depending on the operating system and browser used.
Responsibility for the operation of Third Party Cookies.
As indicated by the Privacy Guarantor, this Site does not have the ability to control third party cookies if it uses third party services (YouTube, Google Maps, “social buttons”) for which only third parties are responsible. In addition, the user may delete and block the operation of cookies at any time by using plugins for the browser and changing the settings as indicated in the various manuals contained in the browser.
Obligatory or optional consent for the operation of cookies that do not pursue marketing purposes.
It is not obligatory to acquire consent to the operation of technical cookies only or third party or analytical cookies similar to technical cookies. Their deactivation and/or denial of their operation will result in the impossibility of correct navigation on the Site and/or the impossibility of using the services, pages, functions or content available therein.