top of page

Stay Tuned - Disclosure

Who are we and what do we do with your personal data?

The European House - Ambrosetti S.p.A based in Via Francesco Albani 21 - (20149) Milan henceforth Data Controller, safeguards the confidentiality of your personal data and guarantees them the necessary protection from any event that may put them at risk of being breached. 
To this end, the Controller implements policies and practices having regard to the collection and use of your personal data and the exercise of your rights under applicable law. The Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and in any case in case of regulatory and organizational changes that may affect the processing of your personal data. The Data Controller has appointed a Data Protection Officer (DPO) whom you can contact if you have questions about its policies and practices. Contact of the Data Protection Officer: dpo@ambrosetti.eu.

How does The European House – Ambrosetti collect and process your data?

Personal information about you will be processed for:

 

1) The sending of informational communications related to the GPID project.

Upon your request, your data may be processed for the purpose of sending informational communications having to do with the GPID project (e.g., opening registrations). Your data (such as first name, last name, e-mail address, role, organization, type of organization) may be processed by e-mail. 
 

2) Activities of commercial promotion of the services offered by the Owner.
If you give your consent, the processing of your personal data such as your first name, last name and e-mail address is done to send you advertising material of the services offered by the Data Controller.
The sending of promotional material will be done by e-mail.

The processing in question may be carried out if:

1. you give your consent for the use of the data also with reference to the methods of communication, both traditional and automated, by which the processing takes place;

2. if you have not objected to the processing and/or if, in case, you have not specifically and separately objected to the sending of communications through traditional means and/or through automated means. 

3) communication to third parties and recipients 
The processing of your personal data is done in dependence of the relationship and the obligations, including legal and/or regulatory obligations, arising from it. 
Your data will not be communicated to third parties/recipients for their independent purposes unless:

1. you give permission;

2. it is necessary for the fulfillment of obligations dependent on the relationship and on legal regulations governing it (e.g. for the defense of your rights, etc.);

3. the communication takes place in respect of the financial administration, and public supervisory and control bodies to which the Controller must fulfill specific obligations arising from the specificity of the activity performed, third party companies supplying and assisting IT and data processing (e.g. web hosting, data entry, management and maintenance of IT infrastructure and services, etc.).
The personal data that the Data Controller processes for this purpose are first name, last name, e-mail address.

4. information security purposes
The Data Controller processes your personal data, including computer data (e.g. logical accesses) or traffic data collected or obtained in the case of services displayed on the website or on platforms referable to the Data Controller (e.g. for the management of a restricted area), to the extent strictly necessary and proportionate to ensure the security and the ability of a network or servers connected to it to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. 
For these purposes, the Data Controller provides procedures for handling personal data breaches in compliance with the legal obligations to which it is/are obliged to comply. 

What happens if you do not provide your data?

The personal data about you and identifying you are necessary for the purpose of fulfilling the request you submitted through the "Sign up" section and, if not provided, make it impossible for the Holder to fulfill your request.

What happens if you do not give your consent to the processing of personal data for the purpose of commercial promotion of services offered by the owner?

Your personal data will not be processed for such purposes; this will not affect the processing of your data for the main purposes, nor for that for which you have already given your consent, if required.
In the event that you have given consent and should later revoke it or object to the processing for that purpose, your data will no longer be processed for sales promotion activities, without any detrimental consequences or effects.

How where and for how long is your data stored?

The processing of the data concerning you is carried out through both electronic means and tools, in the case in electronic archives protected by effective and adequate security measures to counter the risks of violation, and manual means made available to individuals acting under the authority of the Data Controller and for the purpose authorized and trained. The data are stored in paper, computer and telematic archives located also outside the European Economic Area. In particular:
 

USA, SOUTH KOREA, TAIWAN: Standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council;
 

ISRAEL: Commission Decision of January 31, 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data.
 

Personal data are retained for as long as necessary for the fulfillment of requests for registration and sending communications of such exclusive nature that the Data Controller makes following your request and in any case for 12 months after the end of the GPID project, except in cases where there are, events that involve the intervention of the competent Authorities, also in cooperation with the third parties/recipients entrusted with the data information security activities of the Data Controller, to carry out any investigation into the causes that led to the event.  Personal data processed by the Data Controller for the purposes of commercial promotion will be retained for 24 months by the Data Controller unless, following the exercise of your rights, you requests to delete the data. 

What are your rights?

Compatible with the limits especially time limits established for the processing of personal data concerning you, the rights you are granted allow you to be in control of your data at all times.
 

Your rights are those of:
- access;
- rectification;
- deletion;
- restriction of processing;
- objection to processing;
- portability. 


Your rights are guaranteed to you without special charges and formalities for requesting their exercise, which is understood to be essentially free of charge. You have the right:
 

- to obtain a copy, including in electronic format, of the data to which you have requested access. Should you request additional copies, the Controller may charge you a reasonable fee; 

- to obtain deletion of the same or restriction of processing or even updating and rectification of your personal data and that third parties/recipients in the event that they receive your data also comply with your request, unless legitimate reasons outweigh those that led to your request prevail (e.g., environmental investigations and containment of the risk determined by the emergency managed through them by the Controller); 

- To obtain any useful communication regarding the activities carried out as a result of the exercise of your rights without delay and in any case, within one month of your request, unless an extension, justified, of up to two months must be duly communicated to you.

- For any further information and in any case to send your request, you should contact the Controller at privacy@ambrosetti.eu.  

 Who can you complain to?

Without prejudice to any other action in administrative or judicial proceedings, you may lodge a complaint with the competent supervisory authority or the one that performs its duties and exercises its powers in Italy where you have your habitual residence or work or if different in the member state where the violation of Regulation (EU) 2016/679 occurred.

bottom of page