Information pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)


INDICAM with registered office at Via Gabrio Serbelloni 5, Tax Code 97057580157 – VAT No. 11639900965, email:, Tel: +39 02 46512116 (hereinafter the “Controller”)

Processed DataPurposes of processingLegal BasisNature of ProvisionData Retention Period
Browsing data on the website (the “Website”) collected through technical cookies (for example: information on the browser used by the User, pages visited, date, time and duration of each visit, as well as other parameters relating to the operating system and the User’s computer environment).Analyse the operation of the Website and resolve associated problems by use of technical cookies.Fulfilment of pre-contractual obligations to which the Data Subject is a party (Article 6, paragraph 1(b) of the GDPR).Required.

If Data is not provided, correct browsing on the Website may not be guaranteed.
Please refer to our cookie policy accessible from the footer of our Website.
Site Access Credentials for Data Subjects associated with INDICAM.Access to the private area of the Website for Data Subjects associated with INDICAM.Fulfilment of pre-contractual obligations to which the Data Subject is a party (Article 6, paragraph 1(b) of the GDPR).Required.

Access to the private area will not be guaranteed if the Data are not provided.
The Data will be processed and retained for 10 years as from the end of the relationship between INDICAM and the associated company/entity to which the Data Subject belongs or 10 years after the end of the relationship between the associate company/ entity and the Data Subject, as soon as notified to INDICAM.
Contact, personal details and any other Data voluntarily provided by Data Subjects not associated with INDICAM.Respond to requests for information on the activity of INDICAM sent by email to, by telephone or using the form on the Website ( Fulfilment of pre-contractual obligations to which the Data Subject is a party (Article 6, paragraph 1(b) of the GDPR).Required.

In the event of failure to provide the Data, the Data Controller will be unable to respond to the request.
The Data Controller will erase the Personal Data processed in response to requests within 1 year of the date of termination of management of said request.
Personal and contact details of Data Subjects not associated with INDICAM.Carry out direct marketing activities, such as sending newsletters, information and communications, updates on activities and events organised or promoted by INDICAM.
These activities will be carried out by e-mail or telephone, even by automated means (SMS, social media).
Express consent to the processing of Personal Data (Article 6, paragraph 1, letter a) of the GDPR).
The Data Subject may withdraw consent to the processing at any time by clicking on the “unsubscribe” link included in the email received or by sending an email to .

In the event of failure to provide the Data, INDICAM will be unable to provide regular updates to the Data Subject on its activities and events.
The Controller will no longer use and will erase the Processed Data in the event of withdrawal of consent or 5 years after the date of the last contact with the Data Subject.
This retention period is deemed adequate in relation to the purposes pursued by INDICAM as a non-profit association.

The information contained in this policy does not apply to third-party websites, apps or content of any kind, even if accessible from the Website by clicking on links contained therein. In such cases, the data protection provisions of such third parties may apply, which may differ from those presented herein and which the Data Subject is invited to consult prior to the communication of any Data.

In addition, and without prejudice to the above, the Controller undertakes to base the processing of Personal Data on the principles of minimization, verifying on an annual basis the need for their storage for a period not exceeding that required by the purposes for which the Data were collected and processed. The Controller may retain Personal Data in order to comply with the law or to exercise or defend any right or claim in judicial proceedings. Once the purposes for which the Personal Data have been collected and processed have been achieved, the Data Controller shall implement appropriate measures to make them anonymous, so that the Data Subject cannot be identified.


The Data will be processed by employees and associates of the Data Controller expressly authorised to process the Data on the basis of specific instructions and by adopting appropriate measures to protect the Data in relation to all the purposes indicated above.

The following entities may become aware of the Data in relation to the processing purposes provided for in this privacy policy notice and may process the Data both as autonomous data controllers and data processors duly appointed by the Data Controller (a list of such data processors and autonomous data controllers is available upon request via email to be forwarded to

  • Providers of cookie management services;
  • IT service providers for managing contact databases, digital service providers and IT consultants who provide technical support to the Data Controller,
  • Service provider for sending newsletters.

Data may be disclosed to the Judicial, Public Security or other Public Authorities in order to fulfil instructions or requests received from them.


Personal Data may be transferred to the United States where the Mailchimp supplier used by INDICAM to send out its newsletter is located. INDICAM confirms that the standard contractual clauses approved by the European Commission for the transfer of personal information outside the EEA have been adopted with this supplier (these are clauses approved in accordance with Article 46 (2) GDPR).


The Data will be processed in compliance with the principles of fairness, lawfulness and transparency, through manual and automated methods and using paper and electronic means, in any case within the limits of the purposes of the data processing(s) established by this privacy policy information sheet and, in any case, always guaranteeing the security and confidentiality of the Data.


The Data Subject may at any time exercise the following rights under the conditions and within the limits established in Articles 12-22 of the GDPR by sending an email to      

  • Right of access (Article 15 GDPR);
  • Right to rectification of inaccurate personal data and to have incomplete personal data completed (Article 16 GDPR);
  • Right to erasure of personal data (Article 17 GDPR);
  • Right to restrict processing (Article 18 GDPR);
  • Right to object to processing pursuant to Article 6(1)(e) or (f) of the GDPR.

If the Data Subject believes that the processing of personal data by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, the Data Subject has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which they normally reside or work or in the place where the alleged breach of the regulation occurred (in Italy, the Italian Data Protection Authority, or to take legal action.

This policy statement is updated on 28 February 2023.