Privacy Policy concerning Cloud Security Alliance Italy Chapter surveys provided pursuant to art. 13 of the European General Data Protection Regulation 2016/679 (GDPR)


We would like to inform you that Cloud Security Alliance Italy Chapter (hereinafter “CSA Italy”) considers confidentiality and the protection of your personal data a fundamental task. On this regard, in compliance with art.13 of Regulation (EU) 2016/679 – General Data Protection Regulation (hereinafter “GDPR”) and other applicable national laws we would like to provide you with the following information:

Data Controller. Cloud Security Alliance Italy Chapter is the Data Controller, with registered office in Milan, via Cesare Beruto, 11, ZIP 20131. The Data Controller can be contacted by post at our registered office or by e-mail:

Purpose for the processing of personal data. We will process your personal data (e.g., name, surname, email) for the following purposes: a) to carry out online surveys arranged by CSA Italy; b) to analyse in aggregate form the data collected from the survey aimed at studies realized by CSA Italy; c) to send electronic or paper literature in order to keep you informed on CSA Italy’s activities and events; d) to comply with the obligations laid down by national or European laws and regulations, and with requests received by Public Authorities.

Personal data will be processed by using digital archives (also by mobile device) and to the extent strictly necessary to meet the purposes indicated above. We will also protect the confidentiality of your personal data by adopting adequate technical and organizational security measures.

Legal basis for the processing of your data. The Data Controller processes your personal data:

  • as necessary to participate to online surveys arranged by CSA Italy (purposes a) and b) above);
  • only following your express consent (purpose c) above);
  • as necessary to fulfil a legal obligation to which the Data Controller is subject (purpose d) above).

Consequences if you fail to communicate personal data. For all the above-mentioned purposes the disclosure of your personal data is your own free choice. However, if you do not, you won’t be able to participate to online surveys arranged by CSA Italy and this prevents the processing of your personal data for purpose a), b) d) above. Failure to provide your personal data for purpose c) will prevent the Data Controller from sending electronic or paper literature regarding CSA Italy’s activities and events.

Data retention. Your personal data will be kept for no more than 3 years. The Data Controller may retain the data for a longer period if strictly necessary to protect the rights and to resolve judicial or extrajudicial disputes.

Categories of recipients of personal data. Your personal data may be disclosed to:

  1. persons authorized by CSA Italy to process personal data who are committed to confidentiality or have an adequate legal obligation of confidentiality;
  2. consultants, accountants or lawyers who provide functional services for the purposes indicated above;
  3. judicial or administrative authorities, for the fulfilment of legal obligations.

Profiling and Dissemination of data. Your personal data is not subject to dissemination nor to any fully automated decision-making process, including profiling.

Personal data transfer. Your personal data is not transferred outside the European Economic Area (“EEA”). However, if the Data Controller will need to transfer your personal data to non-EEA countries in order to fulfil the purposes indicated above, the Data Controller will do so only after implementing encryption and on the basis of standard contractual clauses approved by the European Commission or by virtue of an adequacy decision adopted by the European Commission regarding data protection.

Rights of the Data Subject. As a Data Subject, you are entitled to exercise at any time the rights listed below within the limits of the law. Your rights include the possibility to:

  • access your personal data;
  • rectify or update your personal data;
  • request erasure of your personal data;
  • request the restriction or object to the processing of your personal data;
  • exercise your right to portability;
  • if the processing of your personal data is based on your consent, withdraw consent at any time;
  • lodge a complaint with a supervisory authority (in Italy, Garante per la Protezione dei dati personali, – if you believe that the processing of your Personal Data is contrary to current legislation.

To exercise the aforementioned rights and to know the list of Data Processor, you may contact the Data Controller by writing to the addresses indicated above.

(Last updated on 09 March 2021)