NOTICE ON THE PROCESSING OF PERSONAL DATA

Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

This privacy notice is provided by the National Council of Architects Planners Landscapers and Conservationists (CNAPPC), pursuant to Articles 13 and 14 of the EU Regulation No. 2016/679 (hereinafter also referred to as the “GDPR”), in its capacity as Data Controller for the processing of personal data collected through the www.cnappc.org website (hereinafter also referred to as the “website”). This notice only applies to browsing on www.cnappc.org and does not apply to any external websites, even if accessed via links on the portal or its thematic pages.

This notice describes how the CNAPPC’s website and its related thematic sections manage the personal data of users who visit the website, who register, and/or use any online services accessible via the website.

Therefore, pursuant to Articles 13 and 14 of the EU Regulation No. 2016/679, the Data Controller provides the following information.

Data Controller

Pursuant to Article 4 no.7 of the EU Regulation No. 2016/679, the Data Controller (hereinafter referred to as the “Data Controller” or simply “CNAPPC”) of your personal data provided through contact channels (email addresses) and/or the contact form available on the website at https://cnappc.org/it/contatti/, is the National Council of Architects Planners Landscapers and Conservationists (CNAPPC), in the person of the pro tempore legal representative, tax code 80115850580, located in Via Santa Maria dell’Anima 10, 00186 Rome. The Data Controller will process your data in compliance with the principles of  fairness, lawfulness and transparency, while guaranteeing integrity, and confidentiality by adopting appropriate technical and organizational measures.

The Data Controller can be contacted at the following phone number +39 06 6889901, via email privacy@cnappc.it or certified email (PEC) direzione.cnappc@archiworldpec.it

The Data Controller has appointed a Data Protection Officer (hereinafter referred to as DPO), in accordance with Article 37 of the GDPR. The DPO can be contacted at dpo@cnappc.it

Legal basis and purposes of the processing

The processing of personal data collected through the website is based on your freely given, specific, informed consent, which may be revoked at any time by written request pursuant to Article 7, paragraph 3 of the EU Regulation No. 2016/679. Personal data (including any special categories of data provided voluntarily by filling in data collection forms and contact request forms on the website) will be processed for the following purposes.

Personal data of website users is processed by the Data Controller only to the extent necessary for managing access to the website and for the subsequent proper use of it, as well as for handling requests for contact and/or information regarding events, projects, conferences, publications, and any other services and/or initiatives communicated and promoted by the Scientific Committee through the website, alongside other services offered by the CNAPPC.

Personal data is collected through the website for the following purposes and by means of the following services:

• Contacting the User

Contact Form (this Application): by filling in the contact form with their personal data, the User consents to their use to answer to requests of information, materials, or any other purpose indicated in the form’s header.

• Contact management and message distribution (e.g., event registration confirmation)

This kind of services enables the management of a database of email addresses, phone numbers, and, where applicable, postal addresses, used to communicate with the User (including the promotion of scientific publications, events, conferences, seminars, and other professional initiatives).

Types of Personal Data processed by the data controller

The data processed by the data controller are primarily related to the category of “personal data” (as per Article 4, no.1) of the EU Regulation No. 2016/679 and it refers specifically to identifying information such as full name, address, contact details (phone number, email address, etc.), of the data subject or of the legal representative of a company.

Other data collected through the website, autonomously or via third parties may include:

1. Usage Data: this refers to data whose transmission is implicit in the use of Internet communication protocols (browsing data). These are not collected to be matched with identified users, but that, by their nature, could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who connect to the website; the URI (Uniform Resource Identifier) addresses of the requested resources; the time of the request; the method used to submit the request to the server hosting the website; the size of the file obtained in response; the numerical code indicating the status of the server’s response (successful, error, etc.); and other parameters related to the user’s operating system and IT environment.
2. Tracking Tools
3. Number of users
4. Session statistics

Personal data are provided freely by the user or collected automatically during website use, as it is the case of usage data.

Unless otherwise specified, all data requested via the website’s collecting or contact forms is mandatory. Failure to provide or insert such data may result in the inability to process the request or receive information.

The use of cookies or other tracking tools by the website serves to provide the best experience to the User, together with other purposes mentioned above and in the Cookie Policy.

Users are responsible for any third-party personal data obtained, published or shared via this website.

Methods of processing

The Data Controller adopts appropriate security measures in order to prevent unauthorized access, disclosure, alteration, or destruction of personal data.

Your personal data will be processed at the Data Controller’s headquarters and offices and/or, if necessary, at the headquarters or offices of third parties in accordance with legal obligations or supply contracts for which the third parties operate in the name and on behalf of the Data Controller, pursuant to Article 28 of EU Regulation No. 2016/679, using automated tools designed to store, manage and transmit the data, in compliance with all precautionary measures to ensure its security and confidentiality.

The processing will be carried out so as to minimise the risk of destruction or loss, unauthorised access, or processing that does not comply with the purposes for which the data was collected.

Your personal data will be processed:

• in accordance with the principle of minimisation, pursuant to Articles 5(1)(c) and 25(2) of EU Regulation No. 2016/679;
• lawfully and fairly,
• for specific, explicit and legitimate purposes in accordance with the principles set out in Article 5 of EU Regulation No. 2016/679.

All data processing operations are carried out in such a way as to guarantee the integrity, confidentiality and availability of personal data.

Data disclosure and sharing

For the above-mentioned purposes, data may be disclosed and/or transmitted and/or made accessible, wholly or partially, by the data controller to:

1. External Data Processors appointed pursuant to Article 28, paragraph 2 of the GDPR and authorized by the Data Controller (e.g. outsourced service providers, tax/legal consultants), in compliance with legal provisions regarding data security.
2. Any third parties appointed pursuant to Article 28, paragraph 2 of the GDPR, including Carenza Brown’s company, that created and manages the maintenance and updating of the website.
3. Members of the CNAPPC International Scientific Committee.

Data Retention Period

Browsing data is retained for the time necessary to fulfil the purposes for which it was collected, and, in any case, no longer than 12 months from the last contact and/or information request made by the user, or the last event registration by the user. Longer retention may occur to comply with any requests from the competent authorities regarding the defence, investigation or suppression of crimes, that is to comply with requests from the Data Protection Authority.

Data Subject Rights

We inform you that, as a Data Subject, in addition to the right to lodge a complaint with a Supervisory Authority and to withdraw your consent to data processing at any time, you also have the following rights. You may exercise these rights by sending a written request to the Data Controller and/or the Data Protection Officer at the following email addresses: privacy@cnappc.it and/or dpo@cnappc.it. Your rights include:

Right of access (Art. 15 GDPR)

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information regarding its processing.

Right to rectification (Art. 16 GDPR)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (Right to be forgotten – Art. 17 GDPR)

The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data the controller shall have the obligation to erase personal data  without undue delay.

Right to restriction of processing (Art. 18 GDPR)

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

1. a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
4. d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to Data Portability (Art. 20 GDPR)

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to object (Art. 21 GDPR)

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

Right not to be subject to automated decision-making, including profiling (Art. 22 GDPR)

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Right to lodge a complaint (Art. 77 GDPR)

The data subject is informed of their right to lodge a complaint with a supervisory authority (in particular, the Italian Data Protection Authority – www.garanteprivacy.it) according to the procedures outlined on the Authority’s official website at the following link:
https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali

Updates to this privacy notice

The Data Controller may need to update this notice. Therefore, data subjects and users are invited to check the latest version published in the appropriate section of the website:
https://cnappc.org/privacy-policy/

Last update date: September 4th, 2025