For “data processing”, according to GDPR n. 679/2016, Community Lab Srl means any operation or set of operations, carried out with the aid of computer and data for the collection, organization, preservation, processing, modification, selection, extraction, comparison,use, interconnection, blocking, communication, dissemination, erasure and destruction of such data. According to the law, this use will be based on principles of fairness, legality and transparency and protection of your privacy and rights.

Under current regulations we provide the following information:

1. The data you provide will be used for the correct use of our services and / or the use of the site comunitylab.it
2. The data will be computerized at Comunity Lab ’s servers. We will only use this data in order to conduct operations necessary to execute the orders received by You and the provision of services requested. In any case, your personal data will not be circulated.
3. The provision of data is mandatory and necessary for the correct use of the Website Comunitylab and the refusal of provide such data could deny to use the services provided by Community Lab Srl through the Site.
4. The data will not be disclosed to other parties, unless it is required in compliance with the law. If an optional express approval is given, Community Lab Srl could send information and / or advertising for its account or on behalf of partner companies.
5. The owner of the data processing is: Community Lab Srl – Via Dante, 29 – 20099 Sesto San Giovanni (MI) Italia

Art. 15 GDPR - Information to be provided where personal data have not been obtained from the data subject
Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:
the identity and the contact details of the controller and, where applicable, of the controller’s representative;
the contact details of the data protection officer, where applicable;
the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
the categories of personal data concerned;
the recipients or categories of recipients of the personal data, if any;
where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means to obtain a copy of them or where they have been made available.
In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject:
the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
the right to lodge a complaint with a supervisory authority;
from which source the personal data originate, and if applicable, whether it came from publicly accessible sources;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The controller shall provide the information referred to in paragraphs 1 and 2:
within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or
if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
Where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
Paragraphs 1 to 4 shall not apply where and insofar as:
the data subject already has the information;
the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to the conditions and safeguards referred to in Article 89(1) or in so far as the obligation referred to in paragraph 1 of this Article is likely to render impossible or seriously impair the achievement of the objectives of that processing. In such cases the controller shall take appropriate measures to protect the data subject’s rights and freedoms and legitimate interests, including making the information publicly available;
obtaining or disclosure is expressly laid down by Union or Member State law to which the controller is subject and which provides appropriate measures to protect the data subject’s legitimate interests; or
where the personal data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.

Art. 17 GDPR - Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
At any time you exercise your rights towards the data controller addressing any request by registered letter to: Community Lab Srl Via Dante, 29 - 20099 Sesto San Giovanni (MI) Italia or write to: info@comunitylab.it , or use Settings in order to manage cookies.

You can ask anytime to erase the data we collected writing an email to info@comunitylab.it