International Society of Gastronomic Sciences and Studies (ISGSS)

Privacy Notice in accordance with EU Regulation 2016/679 (GDPR)


Subject of the Notice and Commitments of the International Society of Gastronomic Sciences and Studies (ISGSS)

This document constitutes the privacy notice, in accordance with EU Regulation 2016/679 (GDPR).

ISGSS, to the extent of its competence, undertakes to:

protect the personal data of every individual, request consent for the provision and processing of personal data, guarantee the privacy of everyone, respect the identity, personality, and dignity of every human being, respect constitutionally guaranteed fundamental freedoms. These principles are translated, in accordance with current regulations, as follows.

Personal data is collected and processed only for predetermined, explicit, and legitimate purposes, even if this is required by law, regulation, or community legislation (purpose of collection). The use of personal data is always kept to the essential minimum necessary to achieve the stated purposes (Necessity, Non-excess, and Essentiality).

Personal data is collected and processed only if functional to the achievement of the stated purposes (Relevance).

Personal data is processed using methods and tools proportional to the purposes to be achieved (Proportionality).

The personal data collected and processed are always promptly updated to ensure their correctness and reliability (Accuracy, Completeness, and Updating).

The personal data collected are always retained for a limited period of time until the stated purposes are achieved (Retention).

Personal data is always collected and processed after the adoption of appropriate security measures (Security).

Personal data cannot be processed for purposes other than those stated at the time of collection or in violation of the regulations on the protection of personal data (Prohibition of Unlawful Processing).

ISGSS pursues continuous improvement in the protection of personal data through:

Adoption of an adequate integrated documentary system (procedures, operating instructions, standard document templates)

Identification of collaborators and third parties with adequate requirements to ensure the correct functioning of the privacy management system. In this regard, all employees, service providers, and collaborators of ISGSS are responsible for compliance with the rules relating to the processing of personal data.

Definition of an organizational model suitable for the management of personal data processing related to each process

Adoption of security measures suitable for preventing and minimizing the risks related to the processing of personal data

Adoption of the best available and economically sustainable techniques to limit damage in the event of incidents or negative events regarding the processing of personal data

Adoption of appropriate criteria and methods for data restoration in case of damage and accidental loss

ISGSS promotes the involvement of stakeholders in the protection of personal data through targeted actions to:

Raise awareness among employees, suppliers, collaborators, supporters, donors, and citizens about the objectives and commitments made regarding the protection of personal data

Motivate, involve, and train employees and collaborators to achieve the set objectives and develop, at all levels, a sense of responsibility towards the protection of personal data and information security

Security of Personal Data

ISGSS adopts adequate and preventive security measures to safeguard the confidentiality, integrity, completeness, and availability of Your personal data, both in paper and electronic form. As provided for by the regulatory provisions governing the security of personal data, technical, logistical, and organizational measures are implemented aimed at preventing damage, even accidental loss, alterations, improper use, and unauthorized use of the data concerning You, including backup of computer data.

Similar preventive security measures are adopted by third parties (Data Processors) to whom ISGSS entrusts operations for processing Your data on its behalf.

At each point of personal data collection (website, social media, support forms, etc.), adequate and exhaustive privacy information is provided, referring to this document on Personal Data Protection.

On the other hand, ISGSS does not assume any responsibility regarding the incorrectness of the information sent directly by the user (e.g., correctness of the email address or postal address or other personal data).

Purpose of Processing

All activities of collection and subsequent processing of data are aimed at pursuing the institutional purposes of ISGSS, in compliance with the current Statute, including for:

Registration via newsletter;

Association with ISGSS;

Events and other activities;

Processing payments;

Regular and one-off donations, made in various ways (credit card, bank transfer, or other);

Sending informational material about ISGSS programs and activities;

Sending the receipt for any tax deduction of donations made;

The information service on our activities reserved for members, supporters, collaborators, and all those who have shown actions to share the mission of ISGSS.

All processing carried out by ISGSS will be done using both paper and electronic or telematic tools, with logic related to the purposes for which the data was collected and in compliance with current security regulations.

Therefore, ISGSS will not use the data provided for purposes other than those connected to the service to which the user has adhered.

For purposes related to the provision of the service, the data may be made available to third parties, acting as independent data controllers, who provide services instrumental to fulfilling the user's request (e.g., credit institutions or issuers of credit cards to manage donation payments, printers, and shippers for mailing) or to whom the data communication is necessary to comply with legal requirements.

They will not be communicated for other purposes nor, even less, disseminated.

Retention

With reference to Chapter 5(e) of the Regulation (Data Retention), your data will be kept for the entire period provided and/or required by law, also for the purpose of fulfilling legal obligations and/or obligations, including those relating to privacy and anti-money laundering, or necessary to carry out ISGSS information activities, to promote our activities.

Data Controller

The Data Controller is the International Society of Gastronomic Sciences and Studies (ISGSS), represented by its legal representative pro tempore; registered office at Piazza Vittorio Emanuele, 9, Pollenzo – 12042 Bra, at the University of Gastronomic Sciences, Tax Code: 90063130042.

The Data Controller implements technical and organizational measures to ensure that the processing is carried out in accordance with the Regulation.

It is specified that the data will be brought to the attention of the Board of Directors of ISGSS, whose organization chart can be consulted online on the official website www.gastronomicsociety.org


Data Processors

Personal data will be made available to persons expressly authorized by ISGSS and, as such, designated "Data Processors," who perform processing activities essential for the pursuit of the above-mentioned purposes. In general, in addition to ISGSS, these are the individuals and/or organizations responsible for providing specific services, as well as administration.

The relationships with third parties must provide sufficient guarantees to implement technical and organizational measures adequate in such a way that the processing meets the requirements of the Regulation and guarantees the protection of the rights of the data subject.


Rights of the Data Subject

The rights provided by the aforementioned Regulation are guaranteed, especially by the following articles of the aforementioned Regulation:

Art. 15 (Right of access by the data subject)

Art. 16 (Right to rectification)

Art. 17 (Right to erasure)

Art. 18 (Right to restriction of processing)

Art. 21 (Right to object)

Art. 77 (Right to lodge a complaint)

which allow for the deletion, modification, or integration of data already voluntarily provided, as well as requesting their blocking, transformation into anonymous form, or objecting to their processing if carried out in violation of the law or if you do not wish to receive informational material from ISGSS. By exercising these rights, you will be able to control the use of your data even after their provision.


These rights can be exercised at any time by writing to the following addresses:

Email: congress@unisg.it;

Registered letter with return receipt to: International Society of Gastronomic Sciences and Studies (ISGSS) Piazza Vittorio Emanuele, 9, Pollenzo – 12042 Bra (CN)


It is also possible to request:

confirmation of the existence or otherwise of personal data concerning you and communication in an intelligible form of the same data and their origin, as well as the logic and purposes on which the processing is based if carried out with electronic tools;

the erasure, transformation into anonymous form, or blocking of data processed in violation of the law;

the updating, rectification, or, where interested, integration of the data;

to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you;

to object to the processing of personal data for the purpose of sending informational material or fundraising;

to lodge a complaint with a supervisory authority if you believe that the processing violates the aforementioned regulation (www.garanteprivacy.it).


Credit Cards and Other Financial Information

For all eventual payments, including donations, ISGSS guarantees maximum confidentiality and security.

Financial information of the credit card or bank account (card number, expiration date, cardholder's details, IBAN, etc.) will be known exclusively to ISGSS and the collection agency.

The retention of related information will be limited to the period necessary to ensure the verification of the correct transaction and in any case in facilities (physical and computerized) with limited access.

The transmission of payment and donation information online takes place through the highest security standards.

It is clarified, however, that ISGSS assumes no responsibility for unauthorized or fraudulent use of your credit card by third parties.


Use of Cookies

A cookie is a simple text file that contains textual data. When you visit a site, this file is downloaded to the user's computer (or notebook, tablet, smartphone, etc.) through the web browsing browser. Once this file is downloaded to your device, the cookie will allow the website to "recognize" you as a user.

Cookies can be used to collect user information. This information is not provided spontaneously and directly but leaves a digital trace. The data collected through cookies will be used for technical purposes, in order to ensure easier, immediate, and rapid access to the site and its services and facilitated navigation for the individual user.


With the user's consent, profiling cookies may also be used to create user profiles based on sections of the site or actions taken by the user on this site or while browsing the internet.


Navigation Data

The computer systems and software procedures used to operate ISGSS sites may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

These are pieces of information that are not collected to be associated with identified users, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, and other parameters relating to the operating system and the user's computer environment.

This data is used only to obtain anonymous statistical information about the use of the site and to check its correct functioning and is deleted immediately after processing.

The data may be used to ascertain responsibility in case of hypothetical computer crimes against the site.