Information on the privacy as per General Data Protection Regulation (GDPR - UE 2016/679) – last update 12/03/2019
This website is managed by the Italian Physical Society.
When you visit our site or use our services, we may collect some personal data on you, data that you provide to us directly or that we gather from your browsing session and collect automatically.
We are committed to protecting and respecting your data and your privacy, so we will use the information we collect about you only in accordance with the General Data Protection Regulation GDPR - EU 2016/679 . We will use your personal data only in the ways and for the purposes described on this page, so please read it carefully as it contains important information on how we will process your personal data.
For any requirement regarding this policy, for information or to exercise your rights you can write to the e-mail address email@example.com, we will try to answer you as soon as possible and in any case within 30 days from the request.
By visiting our website, using our services or providing us with your data, you declare that you are over 16 years of age and accept and agree that the Italian Physical Society processes your personal data according to the practices described in this policy.
The data controller is Società Italiana di Fisica, in the person of its legal representative, with registered office in Bologna (BO), via Saragozza 12, 40123 Bologna, VAT No. 00308310374.
What types of data we collect
The data we collect depend on the type of service you use.
Data you provide directly
Subscription to services: when you subscribe to our site to use the services or conclude an order (for example for the payment of a membership fee), we store your name, surname and e-mail address. For passwords we use a security system that obscures them.
Submitting an order: when submitting an order, or you are ready to do so, we will store your contact details and if required, your tax information (tax code and/or VAT number).
Payment of an order: when you pay for an order, we only store the information that is strictly necessary to finalize or make a note of the transaction.
Request for information or contact: when you contact us through a public form on our website or via e-mail we will store your e-mail address, the metadata relative to the communication and all the information you will send us in the body of the message and in its attachments.
Newsletter subscription: when you subscribe to our newsletter we will store your e-mail address and some metadata such as the date and time of the registration, the IP address and the device used. If you provide it, we may also store information such as the region or province of residence, your gender and age, which will help us send you more relevant promotional messages. We remind you that you can unsubscribe from our newsletters at any time.
Data that we collect automatically
When you browse our site we collect automatically for technical reasons, also related to security, some information about your browsing, namely: IP address, device, operating system and browser used, language preferences, pages visited, duration of the visit, actions taken.
This information is stored anonymously in system logs and can be occasionally analyzed by our technicians to improve our services or solve specific problems.
We then collect some information in the form of cookies, also through third-party platforms, for which we invite you to consult the dedicated policy.
Links to other sites
We do not collect data from subjects under 16 years
Our site and our services are not available for persons under 16 years. If you are under the age of 16, please do not subscribe to our services. If we become aware of processing data from individuals under the age of 16, we will promptly remove such data from our records. If you believe that the Italian Physical Society is processing data of children under 16, please contact us at firstname.lastname@example.org.
How we use the data we collect
We use the data collected to offer you our services, inform you about our corporate and editorial activities or to answer your questions and only if we have a reason (legal basis) to do so among those listed below.
User consent: you have provided explicit consent to authorize us to process your data for this purpose (for example, to send you regular newsletters). We remind you that you can withdraw or change your consent at any time.
Contractual fulfillment: the processing of your data is necessary to fulfill the contractual obligations between the parties, for example the conclusion, finalization and registration of a payment (for example payment of the annual membership fee).
Legal obligation: the processing is necessary to fulfill the legal obligations in force (for example, to manage the security of our site and our services to prevent fraud).
Legitimate interest: processing is done to respond to our legitimate interest or legitimate interest of third parties (for example, to understand how our site is used). If you believe that your interest is higher than indicated, you can oppose this treatment at any time.
How and why we share your data with third parties
The data collected may be communicated to companies that perform functions strictly connected and instrumental to technical, managerial, fiscal and legal operations in the provision of our services or to agencies and administrative and judicial authorities by virtue of legal obligations.
Your personal data may be transferred outside the European Union to be processed by some of our service providers. In this case, we make sure that this transfer takes place in compliance with current legislation and that an adequate level of personal data protection is guaranteed.
Under no circumstances do we transfer or sell your personal data to third parties. We share anonymous data with traffic analysis platforms (for example Google Analytics) that help us understand how our site is used.
How we guarantee the security of your data
We try to guarantee maximum security to your data by adopting strict internal policies and state-of-the-art technologies. In particular we take care that:
– only personnel and suppliers strictly necessary for processing access your data;
– your data are kept only for the time necessary for processing or to comply with legal obligations;
– the redundant or no longer necessary data are deleted or anonymized;
– your passwords are never stored in clear text;
– all data are periodically backed up.
Despite our commitment to secure your personal data, we must inform you that there is no completely safe and risk-free system: we cannot therefore guarantee that our databases are completely secure or that your data cannot be intercepted when you send them to us through the Internet.
For how long we keep your data
We keep your data electronically or on paper for the time necessary to provide the requested services in compliance with privacy and current regulations.
– User accounts, including contact data: up to deactivation.
– Data useful for security and identification or prevention of fraud: up to 36 months.
– Data for analyses aimed at the development and improvement of services: up to 36 months.
– Data for marketing purposes: up to 12 months.
– Receipts, transaction data: up to 11 years.
– Data relating to electronic traffic according to EU Directive 2017/541: up to 6 years.
You must know that if you exercise the right to be forgotten, through an express request for deletion of data to the data controller, your data will be stored, in a protected form and with restricted access, only for purposes of investigation and prosecution of offenses, for a period of no more than 12 months from the date of the request and will subsequently be irreversibly deleted.
In processing your data we are committed to ensuring control and communicating in a transparent manner what data we process, for what purpose, in what way and for how long. We also want to inform you that you have the opportunity to exercise certain specific rights in relation to the treatments covered by this policy.
Right of access: you have the right to access your data, completely and without restrictions.
Right to be forgotten: under certain circumstances, you have the right to request that your personal data be deleted from our systems or stored exclusively in anonymous form. Even as a result of this request, it is however possible that some data are kept by us to fulfill legal obligations or to exercise a right (e.g., right of defense) in our legitimate interest.
Right of rectification: you have the right to update, rectify, modify or delete your data in our possession.
Right to limitation of processing: you have the right to ask us to limit the processing of some or all of your data when: a) you contest their accuracy; b) you believe that the treatment is illegal; c) they are no longer necessary for the purposes of the processing subject of this policy, but you need them for the assessment, exercise or defense of a right in court; d) you objected to their treatment and we are checking whether our legitimate interest is prevalent or not.
Right to portability: you have the right to receive a copy of your data in a structured format, commonly used and readable by an automatic device, and to transmit them to another data controller without hindrance.
Right of opposition: you have the right to object, in whole or in part, for legitimate reasons, to the processing of your data. You also have the right to withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation.
Right of complaint to the competent authority: you have the right to lodge a complaint with the Guarantor for the protection of personal data in Italy.
Automated decisions: You have the right not to be subject to decisions based solely on automatic processing, including profiling, that produces legal effects that affect you or that significantly affects you. In this regard we inform you that we do not adopt any automated decision-making process.
How to exercise your rights
If you need to contact us to exercise your rights, please do so at the dedicated e-mail address email@example.com. We will endeavor to answer you as soon as possible and in any case within 30 days; if your request is particularly complex you will receive a complete answer within 3 months.
Changes to this policy
How to contact us
For any questions, requests or complaints regarding your personal data, please contact us at the e-mail address firstname.lastname@example.org