Privacy and cookies policy

    Premise

    In compliance with the "European Regulation 2016/679 of the European Parliament and of the Council of 26 April 2016 on the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data", indicated below for the sake of brevity with the acronym GDPR, General Data Protection Regulation, the present note illustrates how the privacy of the personal data of users of this website is managed, and also how any cookies are managed This note also  highlights  the rights of users of this web site, according to the new GDPR regulation.

    A user of this OAD web site needs to create an account only if she/he requires the access to the web and/or the dowload of the documents and articles available only to registered users: in particular the OAD annual report. And in this case the user has to allow that his e-mail will be known by the Sponsors of the downloaded report.

     

    1. Owner of the treatment

    The owner Malabo Srl, with registered office in via del Caravaggio 14 20144 Milan, informs with this policy that the personal data of the interested parties are processed for the purposes and with the methods detailed below, in strict compliance with the principles referred to in art. 5 of the GDPR and the lawfulness of the processing itself (art. 6 GDPR).


    The complete list of data processors, also for other specific categories of interest (e.g. any data processors of the IT infrastructure suppliers, the accountants and tax advisors of Malabo srl, the banks on which it relies, etc.), can be requested at the addresses indicated below for the exercise of the rights provided by the GDPR and reported later in the paragraphs §10 of this note.

    To exercise the rights in order to obtain confirmation of the existence or not of personal data concerning the interested party, their updating, rectification, integration and cancellation, as well as for any other type of request relating to privacy:

        Send a PEC to This email address is being protected from spambots. You need JavaScript enabled to view it.;
        Send a simple email to     This email address is being protected from spambots. You need JavaScript enabled to view it.
        send a registered letter to Malabo Srl - Privacy Office, via Savona 26, 20144 Milan ITALY.

    The updated list of managers and appointees for the treatment of Malabo Srl is kept at the Data Controller's operating office in via Savona 26 20144 Milan.

     

    2. Object of the treatment

    The Data Controller processes the personal data of the of registered users, including, for example: name, surname, company name, address, telephone number, mobile number, company / organization to which they belong, professional role , educational qualification, e-mail , etc.


     

     

     

     

    10. Rights of the interested party

    The following of this paragraph contains the articles of the GDPR which detail the rights of the interested party.

     

    Art. 15 GDPR Right of access by the data subject

    1. 1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
      1. the purposes of the processing;
      2. the categories of personal data concerned;
      3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
      4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
      5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
      6. the right to lodge a complaint with a supervisory authority;
      7. where the personal data are not collected from the data subject, any available information as to their source;
      8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
    2. 2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
    3. 3. The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
    4. 4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

    Art. 6 GDPR Lawfulness of processing

    1. 1. Processing shall be lawful only if and to the extent that at least one of the following applies:
        1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
        2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
        3. processing is necessary for compliance with a legal obligation to which the controller is subject;
        4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
        5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
        6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

      Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.

    2. 2. Member States may maintain or introduce more specific provisions to adapt the application of the rules of this Regulation with regard to processing for compliance with points (c) and (e) of paragraph 1 by determining more precisely specific requirements for the processing and other measures to ensure lawful and fair processing including for other specific processing situations as provided for in Chapter IX.
    3.  3. The basis for the processing referred to in point (c) and (e) of paragraph 1 shall be laid down by:
        1. Union law; or
        2. Member State law to which the controller is subject.

      4. The purpose of the processing shall be determined in that legal basis or, as regards the processing referred to in point (e) of paragraph 1, shall be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 3That legal basis may contain specific provisions to adapt the application of rules of this Regulation, inter alia: the general conditions governing the lawfulness of processing by the controller; the types of data which are subject to the processing; the data subjects concerned; the entities to, and the purposes for which, the personal data may be disclosed; the purpose limitation; storage periods; and processing operations and processing procedures, including measures to ensure lawful and fair processing such as those for other specific processing situations as provided for in Chapter IX. The Union or the Member State law shall meet an objective of public interest and be proportionate to the legitimate aim pursued.

    4. 5. Where the processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law which constitutes a necessary and proportionate measure in a democratic society to safeguard the objectives referred to in Article 23(1), the controller shall, in order to ascertain whether processing for another purpose is compatible with the purpose for which the personal data are initially collected, take into account, inter alia:
      1. any link between the purposes for which the personal data have been collected and the purposes of the intended further processing;
      2. the context in which the personal data have been collected, in particular regarding the relationship between data subjects and the controller;
      3. the nature of the personal data, in particular whether special categories of personal data are processed, pursuant to Article 9, or whether personal data related to criminal convictions and offences are processed, pursuant to Article 10;
      4. the possible consequences of the intended further processing for data subjects;
      5. the existence of appropriate safeguards, which may include encryption or pseudonymisation.

    Art. 17 GDPR Right to erasure (‘right to be forgotten’)

    1. 1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
      1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
      3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
      4. the personal data have been unlawfully processed;
      5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
      6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
    2. 2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
    3. 3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
      1. for exercising the right of freedom of expression and information;
      2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
      3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
      4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
      5. for the establishment, exercise or defence of legal claims.

     Art. 18 GDPR Right to restriction of processing

    1. 1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
      1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
      2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
      3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
      4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
    2. 2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
    3. 3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

     

    OAD

    Privacy and cookies policy

    Login Form

    This website uses cookies from both its Joomla 3.x and from third party software to improve the browsing experience of users and to collect information on the use of the site itself.

    Cookie Policy