Information on the processing of personal data

This notice is provided pursuant to Art. 13 of Legislative Decree 196 of 30.06.2003 (“Personal Data Protection Code”) and Articles 13 and 14 of EU Regulation 2016/679 (“General Data Protection Regulation”).

The data resulting from browsing this site, as well as all personal data you choose to share with us through this website by sending emails, letters, or faxes, will be processed in compliance with applicable legal provisions and according to this notice.

Data Controller

The National League of Cooperatives and Mutuals, with registered office in Via Guattani 9 – 00161 Rome, Tax Code 80201570589, represented by the acting President, as Data Controller (“Controller”), informs you pursuant to Art. 13 of Legislative Decree 196/2003 (“Privacy Code”) and Articles 13 and 14 of EU Regulation 2016/679 (“GDPR”) that your data will be processed as follows:

Object of the processing

The National League of Cooperatives and Mutuals safeguards your personal data and complies with the applicable personal data protection regulations (Privacy Code and GDPR 2016/679). Your personal data are processed confidentially and are shared with third parties only as provided in this Policy or with your consent. We process the personal data you provide while using the website and/or after registering.

Specifically, we process:

1. personal, non-sensitive, identifying data (in particular: name, surname, tax code, email, date of birth, phone number – hereafter “personal data” or “data”) directly provided by you during registration and for accessing the restricted Legacoop area;
2. data not directly provided by you – acquired within the limits established by Art. 14(5) GDPR – whose transmission is inherent to the use of Internet communication protocols (e.g., page access logs, transferred data quantity, session ID numbers, IP addresses, URLs, etc.). These data allow reconstruction of your browsing path.

Purpose of processing

Your personal data are processed:

A) Without your express consent (Art. 24 a), b), c) of the Privacy Code and 6 b), e) GDPR) for the following Service Purposes:

1. 1. process a contact request;
   2. perform pre-contractual measures adopted upon your request;
   3. produce internal statistics;
   4. fulfil pre-contractual, contractual and/or tax obligations arising from existing relationships;
   5. comply with obligations under laws, regulations, EU standards or Authority orders;
   6. safeguard vital interests of the data subject or another individual;
   7. perform tasks of public interest or related to public authority exercised by the Controller;
   8. prevent or detect fraudulent or harmful activities on the website;
   9. pursue a legitimate interest of the Controller or third parties within the limits of Art. 6(f) GDPR;
   10. exercise the Controller’s rights (e.g., legal defence).
2.  

B) Only with your specific and explicit consent (Arts. 23 and 130 Privacy Code, 7 GDPR) for Marketing Purposes:

1. 1. sending newsletters, commercial communications and/or advertising material via email about products/services different from those already purchased and offered by the Controller.

 

Nature of data provision

Providing your data for purposes under point 2(A)(i)-(ii) is necessary. Without such data we cannot guarantee your registration, fulfil your requests, or provide access to the restricted Legacoop area. Providing data for purposes under point 2(B) is optional. You may decide not to provide or to revoke previously given consent. In this case, you will no longer receive newsletters, but will still receive services and retain your registration rights.

Processing methods

Data processing is carried out using operations referred to in Art. 4 of the Privacy Code and Art. 4(2) GDPR: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction. Processing is based on lawfulness, fairness, and transparency and may be performed through automated methods to store, manage, and transmit data, using tools ensuring confidentiality and preventing loss, unauthorized access, unlawful use, or disclosure.

Data retention period

The Controller processes personal data for as long as necessary to fulfil the purposes above, and in any case:

• no longer than 10 years after termination of the relationship for Service Purposes;
• no longer than 2 years from collection for Marketing After this period, data will be destroyed or anonymized.

 

Data access

Personal data will not be disseminated, meaning not disclosed to unspecified subjects in any form. They may be communicated to employees and external collaborators. Specifically, your data may be accessible to:

1. employees and collaborators of the Controller (e.g., customer service, IT department) as internal processors or system administrators;
2. third-party companies (e.g., banks, professional firms, consultants, insurance companies) acting as external processors.

 

Your data may also be communicated when required by law to authorized subjects.

Data communication

Without your consent (Art. 24 a), b), d) Privacy Code and Art. 6 b), c) GDPR), your data may be communicated to supervisory bodies, judicial authorities, and subjects legally entitled to receive them.

Data transfer

Data management and storage occur on servers of the Controller or designated processors located within the EU. Servers are currently in France and Italy. No data is transferred outside the EU. If future transfers occur, they will comply with Arts. 45+ GDPR, ensuring adequate protection, including standard contractual clauses if needed.

Browsing data

IT systems may acquire personal data during normal operation, whose transmission is implicit in Internet protocols. These data are not collected to identify users, but may allow identification through association with third-party data (e.g., OS and environment parameters). They are used only to obtain anonymous statistical information and verify correct operation, and are deleted immediately afterward. They may be used to ascertain responsibility in case of cybercrimes.

Cookies

When using the site, cookies are stored on your device. Cookies are small text files used to make websites function better, improve user experience, or provide information to site owners. Cookies may persist beyond a session. Most browsers allow blocking or deleting cookies. Disabling cookies may impair functionality.

For details, see the website’s specific Cookie Policy.

Data subject rights

As a data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR, including:

1. obtain confirmation of existence of personal data and have them communicated intelligibly;
2. obtain information about: a) origin of data; b) processing purposes and methods; c) logic of electronic processing; d) identity of controller, processors; e) recipients;
3. obtain: a) updates, rectification or integration; b) deletion, anonymization or blocking of unlawful data; c) proof that such operations were communicated to third parties unless impossible;
4. object in whole or in part: a) for legitimate reasons to processing; b) to processing for advertising, direct sales, market research, or commercial communication via automated or traditional means.

Where applicable, you also have rights under Arts. 16–21 GDPR (rectification, erasure, restriction, portability, objection) and the right to lodge a complaint.

Exercise of rights

You may request access, rectification, deletion, integration of incomplete data, restriction of processing, data portability, withdrawal of consent for sensitive data, objection, and lodge complaints.

Requests may be sent by:

• registered mail to: Lega Nazionale delle Cooperative e Mutue, Via Guattani 9 – 00161 Rome;
• email to: privacy@legacoop.coop.

Minors

If the data subject is under 16, processing is lawful only with consent of the holder of parental responsibility, whose identification data and documents must be provided.

Controller, processors

The Controller is the National League of Cooperatives and Mutuals, Via Guattani 9 – 00161 Rome, Tax Code 80201570589. The updated list of processors is available at the Controller’s office.

DPO – Data Protection Officer

A DPO has been appointed under Art. 37 GDPR. Contact: Via G. Guattani 9 – 00161 Rome, or email dpo@legacoop.coop.

Changes to this notice

This Notice may change over time. Please check the updated version regularly. Rome, 17-04-2025