Information on the processing of personal data

This page describes how this website is managed with regard to the processing of the personal data of users who consult it. This information is provided in accordance with current legislation on personal data for users who interact with the services of this site within the framework of EU Regulation 2016/679. The information is provided only for this site and not for other websites that the user may consult through our links.

The ‘Data Controller’

Following consultation of the site, data relating to identified or identifiable persons may be processed. The Data Controller is CAI – Club Alpino Italiano in the person of the General President and legal representative with an address for service at the head office in Milan, via E. Petrella 19, cap 20124.

The Data Protection Officer-DPO

We would like to inform you that the organisation has appointed a personal data protection officer (data protection officer) in accordance with Article 37 GDPR, who can be contacted at the following e-mail address: dpo@cai.it

Place of data processing

Processing related to web services is handled only by the technical staff of the Office in charge of processing, or by persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated.

Purpose of processing and legal basis for processing

The personal data provided by users who submit requests or intend to use services or products offered through the site, as well as to receive further specific content, are used for the sole purpose of responding to requests or performing the requested service or performance, and are disclosed to third parties only if necessary for this purpose. The legal basis for these processing operations is the need to respond to the requests of the persons concerned or to perform activities provided for in the agreements defined with the persons concerned.
With the express consent of the user, the data may be used for commercial communication activities relating to offers of further products or services of the Controller. The legal basis for this processing is the consent freely expressed by the data subject.
Outside these hypotheses, users’ browsing data are kept for the time strictly necessary for the management of processing activities within the limits provided for by law.

Types of data processed

Navigation data

The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, and is deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

Cookies

A cookie is a textual element that is placed on the hard drive of a computer only after authorisation. Cookies have the function of streamlining web traffic analysis or signalling when a specific site is visited and allow web applications to send information to individual users. No personal user data is acquired by the site in this regard. Cookies are not used to transmit information of a personal nature, nor are so-called persistent cookies of any kind, i.e. systems for tracing users, used. The use of so-called session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The so-called session cookies used on the site avoid the use of other IT techniques that could potentially prejudice the confidentiality of users’ browsing and do not allow the acquisition of personal data identifying the user.

Optional provision of data

Apart from what is specified for navigation data, the user is free to provide personal data to request the services offered by the Owner. Failure to provide them may make it impossible to obtain what has been requested.

Processing methods and data retention periods

Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.
The data are kept for the time strictly necessary to pursue the purposes indicated in this statement and will be deleted at the end of this period, unless the data have to be kept for legal obligations or to enforce a right in court.

Rights of data subjects

Within the limits and under the conditions laid down by law, the Data Controller is obliged to respond to requests from the data subject regarding personal data concerning him/her. In particular, according to current legislation:

1.

The data subject has the right to obtain from the Controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data in question;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
  • where possible, the intended period of retention of personal data or, if this is not possible, the criteria used to determine that period;
  • the existence of the data subject’s right to request from the Controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or to object to their processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the data are not collected from the data subject, all available information on their origin;
    the existence of an automated decision-making process, including profiling.
2.

The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.

3.

The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him/her without undue delay, and the Controller shall be obliged to erase the personal data without undue delay within the limits and in the cases provided for by the legislation in force. The Data Controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification or cancellation or restriction of processing within the limits and in the forms provided for by current legislation.

4.

The data subject has the right to obtain from the data controller the restriction of processing.

5.

The data subject has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her that he/she has provided to a Data Controller and has the right to transmit these data to another Data Controller without hindrance from the Data Controller to whom he/she has provided them.

To exercise the rights listed above, the data subject must submit a request to the Data Controller at the following address

CAI – Italian Alpine Club

in the person of the General President and legal representative at the Milan headquarters in via E. Petrella 19, cap 20124 and/or via the following e-mail address privacy@cai.it or certified e-mail address (Pec) cai@pec.cai.it