top of page

Privacy Policy

Information on data processing pursuant to Article 13 of the European Regulation (EU) 2016/679

“CENTRO STUDI CHERUBINO GHIRARDACCI” – as Data Controller, with reference to the establishment and execution of contractual and/or associative relationships informs that your data, classified by law as personal, directly provided by you, even verbally, may form object of treatment in compliance with the provisions of the European Regulation (EU) 2016/679 (hereinafter 'GDPR') and with the obligations of correctness, lawfulness and confidentiality.

Pursuant to and for the purposes of Article 13 of the GDPR, you are provided with the following information:

Identification details of the Data Controller



With registered office at Via Zamboni, 15 40126 Bologna BO

CF: 91297230376


Telephone: 433153153


Purpose of the processing and legal basis, provision of data and consequences of a refusal to respond

Your personal data will be processed for the following purposes whose legal basis falls within the contractual and legal obligations:

to. execution of statutory (contract) and legal obligations deriving from membership of the Association, subject to approval by the board of directors; sending of periodic institutional communications, informative material regarding the activity of the Association and convocations of the statutory bodies through the aid of electronic and telematic tools; collection of membership fees directly or through the institutions affiliated with the Association; execution of the stipulated association contract, of the connected obligations and for those purposes strictly foreseen by the Statute and by the Association's Regulations;

b. legal obligations related to civil, fiscal, accounting, community regulations and standards;

c. fulfilments deriving from provisions issued by authorities legitimated by the law and by the supervisory bodies;

d. administrative, financial, organizational and commercial management of the relationship;

And. protection of the contractual rights of the Data Controller, even in the context of litigation;

The provision of data, for the aforementioned purposes, is strictly functional to the execution of the associative contractual relationship and is mandatory to fulfill the obligations established by law and the provisions of community regulations. Any refusal on your part to provide the data would make it impossible for the Data Controller to enroll in the association, as well as provide the services envisaged by the Statute, and to correctly carry out all the specific legal obligations. The Owner also informs that any non-communication, or incorrect communication, of one of the mandatory information, may make it impossible for the Owner to guarantee the adequacy of the treatment itself.

Optional purposes

f. publication of the name and surname of the member, of the image or video on the institutional site, on social networks (e.g. Facebook/Instagram/Linkedin/Youtube page) and on the Association's printed information material, for the sole purpose of describing and promoting the institutional activity. The provision of data, for the purposes referred to above f) is to be considered optional and therefore, in the event of your refusal, there are no consequences, if not the impossibility of completing any interviews, audio / video recordings during the conferences , or the indication of his name and/or photo as a member on the institutional site.

Method and duration of the treatment

The treatment is carried out with manual and/or IT and telematic tools, in order to guarantee the security, integrity and confidentiality of the data in compliance with the physical and logical organizational measures, provided for by the provisions in force, in order to minimize the risks of destruction or loss, unauthorized access, modification and unauthorized disclosure in compliance with the methods set out in articles 6, 32 of the GDPR. We point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, the retention period of your personal data is: established for a period of time not exceeding the achievement of the purposes for which they are collected and processed for the execution and completion of the statutory contractual purposes and in compliance with the times mandatory prescribed by law;


For the performance of certain activities, or to provide support for the functioning and organization of the activity, some data may be disclosed or communicated to recipients. These entities are divided into:

Third parties (communication to natural or legal persons, public authorities, service or other body that is not the interested party, the data controller, the data processor and the authorized persons responsible for the processing) including:

– insurance managers with whom the holder operates, if necessary; banking institutions for the management of the payment of membership fees or other contributions for various reasons; companies that manage postal services; public bodies and entities, constitutional or of constitutional importance due to legal obligations; any other subjects whose communication of data is necessary for the achievement of the statutory purposes; other associations, partners, sponsoring bodies, with which the association has established collaboration agreements which provide for the direct involvement of the members; travel agencies, or accommodation facilities if transfers are planned; any third parties subject to your consent.

Data processors (the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller):

– Companies and other subjects, consultants and freelancers who have been given mandates for the management of mandatory tax, administrative, accounting, legal consultancy, event organization secretarial obligations, etc.;

– Providers of IT, web, or other services necessary to achieve the purposes necessary for managing the relationship.

Within the association, your data will be processed only by personnel expressly authorized by the Data Controller and in particular by the following categories of employees:
– Management, administration, secretariat;


The interested parties, if the conditions are met, also have the right to lodge a complaint with the Guarantor as supervisory authority according to the established procedures. For any further information, and to assert the rights granted to you by the European Regulation, you can contact the data controller at the above references.

bottom of page