The European Corporate Council on Africa and the Middle East (“ECAM Council”) is a private, non-profit and non-partisan association, having the aim to promote and develop relations between the countries of Europe, Africa and the MENA region, with Italy playing a leading role.

ECAM Council considers the protection of personal data to be of fundamental importance, ensuring that the processing of such personal data, carried out in any manner, whether automated or manual, takes place in full compliance with the safeguards and rights recognized by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (the “Regulation”).

This privacy policy (the “Policy”) is intended to give certain information to the users of the website available at this link: https://www.ecamcouncil.com/ (the “Website”), in relation to the processing of their personal data pursuant to the Regulation. ECAM Council intends to ensure the protection and security in the processing of the personal data of each user, in accordance with the provisions of this Policy.

Unless otherwise specified and regulated by a specific privacy policy provided pursuant to article 13 of the Regulation, this Policy must be understood as a document aimed at providing specific information referred to in articles 13 and 14 of the abovementioned Regulation to all those who interact with the Data Controller (as defined below) through the Website. It should also be noted that this Policy is applicable exclusively to the Website and does not refer to other websites that may be consulted by the user during his navigation by clicking on links and/or banners on the Website.

ECAM Council - with registered office in Via Senato 12, 20121 Milan (MI) in the person of its actual legal representative, assumes the role of data controller (the “Data Controller”) for the purposes of this Policy. According to the relevant definition in article 4 at point 7 of the Regulation, “‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.

Data Controller indicates the following e-mail address for the appropriate communications: info@ecamcouncil. Your personal data may be shared with:

1. appointed personnel of ECAM Council and possibly its professionals who are committed to confidentiality or have an adequate legal obligation of confidentiality;
2. individuals, companies or professional firms that provide assistance and support to the Data Controller to ensure the proper functioning of the Website, acting as autonomous controllers, joint controllers or as data processor;
3. subjects, bodies or authorities to whom the communication of your personal data is mandatory by virtue of legal provisions and/or orders of the competent authorities.

The Website offers informative contents. While browsing the Website, information about the user can be acquired in the following ways:

1. Navigation data

   The computer systems and software procedures used to operate the Website may acquire during their normal operation some data, the transmission of which is implicit in the use of Internet communication protocols.

   This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the Website, the access time, the time spent on the single page, the analysis of the internal path and other parameters relating to the operating system and the user’s IT environment. These technical/IT data are collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website.

2. Data provided voluntarily by the user

   This is all the personal data freely released by the user on the Website, for example, by filling in forms useful for requesting information and/or contact ECAM Council. This data will be processed exclusively to respond to the request in accordance with this Policy. The data will be kept for the time necessary to provide the requested information and to manage any disputes possibly arising from such request. Personal data voluntarily provided by the user will be communicated to third parties only if the communication is necessary to fulfil the user’s requests.

The Data Controller processes personal data deriving from the navigation of the Website and those that the user has voluntarily provided in connection with the use of the Website itself. In particular, personal data may be used for the following purposes and in accordance with the following legal bases:

• guarantee and verify the correct functioning of the Website, as well as improve the user’s browsing experience. The data collected for the purposes specified above are processed mainly in an anonymized form. They are used solely for the purpose of obtaining statistical information on the use of the Website and to check its correct operation. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website. The legal basis for the processing of navigation data is the legitimate interest of the Data Controller to allow the correct use of the Website contents.
• Manage the requests forwarded by the user when filling in the contact form (personal data acquired are: name, e-mail address, phone number as well as any specific content included in the body of the message. The legal basis for the processing of data voluntarily provided by the user is the necessity to provide the service requested, in compliance with article 6, paragraph 1, lett. b) of the Regulation. With reference to such data, please note that they are used solely for the purpose of responding to requests received
• Ensure compliance with legal obligations, regulations and community standards, in accordance with article 6, paragraph 1, lett. c) of Regulation.
• On the basis of the users’ specific consent, for the installation and deployment of statistical and marketing cookies, belonging to third parties (i.e., Google Analytics). For further information, please see the Website’s Cookie Policy available here: https://www.ecamcouncil.com/en/cookies/.

The processing of personal data is carried out mainly using electronic procedures and means, without excluding manual processing, for the time strictly necessary, in accordance with article 5 of the Regulation. Personal data will be processed by the Data Controller limited to what is necessary for the pursuit of the described purposes.

Personal data is stored on servers located within the European Union (EU. The Data Controller may transfer the personal data collected outside the EU. In this case, the Data Controller ensures that the transfer of data outside the EU will take place, in any case, in accordance with the guarantees provided for by the applicable data protection law.

ECAM Council uses your data to ensure an efficient response to the requests you have made. The provision of your data for this purpose is optional, but failure to provide them could make it impossible to provide the requested services.

Users’ personal data are processed by the indicated subjects, in accordance with the provisions of current legislation. In particular, to ensure the security of your data taking into account the state of the art and the implementation costs, as well as the nature, object, context and purposes of the processing, as well as the risk for rights and freedoms of our users, the Data Controller has adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

As foreseen by article 15 of the Regulation, users can access their personal data, request their correction and updating, if incomplete or incorrect, request their deletion as well as oppose to the processing for legitimate and specific reasons. In particular, we list below all the rights that can be exercised, at any time, towards the Data Controller:

1. Right of access: the right, pursuant to article 15, paragraph 1 of the Regulation, to obtain from the Data Controller confirmation that personal data is being processed or not and, in this case, to obtain access to such personal data and the following information:
   • the purposes of the processing;
   • the categories of personal data in question;
   • the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
   • when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period;
   • the existence of the right of the data subject to ask the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him/her or to oppose to their processing;
   • the existence of the right to lodge a complaint with a supervisory authority;
   • if personal data are not collected from the data subject, all available information on their origin;
   • the existence of an automated decision-making process, including profiling referred to in article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this processing for the data subject.

   All this information can be found within this Policy which will always be available in the Website.

2. Right to rectification: right to obtain, pursuant to article 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing. Moreover, it is possible to obtain the integration of personal data that are incomplete, also by providing an additional declaration.
3. Right to erasure: the right to obtain, pursuant to article 17, paragraph 1 of the Regulation, the erasure of personal data without undue delay. The Data Controller will have the obligation to delete the personal data, if only one of the following reasons applies:
   • the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
   • the data subject wants to withdraw his/her consent on which the processing of the personal data is based and there is no other legal basis for their processing;
   • the data subject has opposed to the processing pursuant to article 21, paragraph 1 or 2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing itself;
   • the personal data have been unlawfully processed;
   • it is necessary to delete personal data to fulfill a legal obligation provided for by a EU regulation or Italian law.
   In some cases, as provided for by article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete the personal data if their processing is necessary, for example, to exercise the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, as well as for the assessment, exercise or defense of a right in court.

4. Right to obtain the restriction of processing: the right to obtain the restriction of processing, pursuant to article 18 of the Regulation, in the event that one of the following hypotheses occurs:
   • the data subject has contested the accuracy of his/her personal data (the limitation will last for the period necessary for the Data Controller to verify the accuracy of such personal data);
   • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
   • although the Data Controller no longer needs them for the purposes of processing, the personal data are used by the data subject to ascertain, exercise or defend a right in court;
   • the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

5. Right to data portability: the right to receive, pursuant to article 20, paragraph 1 of Regulation, all personal data processed by the Data Controller in a structured, commonly used and machine-readable format or request their transmission to another data controller. In this case, it will be the responsibility of the data subject to provide the Data Controller with all the details of the new data controller to which he/she intends to transfer the personal data.
6. Right to object to the processing the data subject has the right to object, at any time, to the processing of his/her personal data pursuant to the conditions set forth in article 21 of the Regulation.
7. Right to lodge a complaint with the supervisory authority: without prejudice to the right to appeal in any other administrative or judicial forum, each data subject may lodge a complaint with the competent Data Protection Authority.

To exercise all the rights described above, it is possible to contact the Data Controller by sending an e-mail to: info@ecamcouncil.com

This Policy is applicable to the Website from its publishing. This Policy is published in September 2021 and may be subject to changes over time. The entrance into force of new regulations, as well as the constant examination and updating of the general conditions of use of the Website, may result in the need to revise this document. It is therefore possible that this Policy undergoes changes over time and we therefore invite each user to periodically consult this page.