This notice is provided pursuant to articles 13 and 14 of EU Regulation 2016/679 ("GDPR") to those who have access to the website www.cmasdata.org. This notice describes how to manage the website, with reference to the processing of personal data of users, as, following its consultation and / or browsing, data relating to identified or identifiable persons can be processed. The privacy notice is provided only for the website www.cmasdata.org (“Website”) and not for other websites that may be consulted by the user through links contained therein.

World Confederation of Underwater Activities (following also “CMAS” or “the Confederation”) is the Data Controller - pursuant to articles 4, number 7), and 24 of the EU Regulation 2016/679, with registered office in Viale Tiziano, 74, 00196 Rome, Italy - of the process operating under this Website, on the data of the subjects accessing the Website or browsing and / or requesting services through the Website itself.

The processing of data will be performed by employees or collaborators of the Confederation, however operating within the same, in function of persons in charge of processing.

The processing on browsing data and on data collected with forms made available on the Website or made available by each National Federation, will be conducted for the purposes of:

1. management of the website;
2. monitoring and adjourning of personal records and actual technical and sport capabilities, records, levels and achievements of individual members of national federations affiliated with CMAS;
3. compliance with laws, codes of conducts, European or European countries norms and to establish or defend a legal claim;
4. technical and sport assistance, registration in tournaments, sport events and championships etc.;
5. with your prior consent, delivery of information and/or promotional materials and commercials about events, announcements, products or services, also through the use of technological automated instruments and devices;
6. with your prior consent, sending of products and services-related customer satisfaction surveys for internal statistics and improvement of internal processes;
7. with your prior consent, defining the data subject’s profile for marketing purposes, behavioural advertising, evaluation of interests and market trends, products and services development and improvement, selling strategies and improvement of customer services.

The provision of data browsing the Website (except for data processed by virtue of the operation of Internet protocols and cookies) is to be considered optional. Personal data expressly provided by users / data subjects who, for example, send requests for information material, are used for the sole purpose of following up the request and are only communicated to third parties involved in processing the request (for this purpose CMAS could use third-party companies, for example, for commercial reasons or for analysis and / or marketing activities). Furthermore, the user / data subject is informed that, as it is planned - both for technical reasons and for the management of the Website - the generation and storage of backup copies of the data, certain types of information may continue to persist in the systems, even after cancellation (for a variable period but in any case strictly correlated with the backup procedures and the disaster recovery plan).

Simple consultation of the Website does not in itself entail the collection or processing of personal data of users except for browsing data and technical cookies.

The computer systems and software procedures used to operate in the Website acquire, during its normal operation, some data whose transmission is implicit in the use of Internet communication protocols.

This information does not allow the user / data subject to be identified directly, but by their very nature can, through processing and association with data held by third parties, allow identification of users / data subjects.

This category of data includes IP addresses or domain names of the computers used by users connecting to the Websites, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.

These data are not disclosed, but are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are kept for the time necessary to achieve the purposes described. Furthermore, the data could, in any case, be used for ascertaining responsibility in the event of criminal or illegal activities perpetrated against the Website or through it.

A cookie is a small text file that is stored by the device (computer, tablet, Smartphone) when a website is visited by a user. A cookie can store certain information that the website can read when, once it is accessed again, it is consulted again. Some of these cookies are necessary for the proper functioning of the website, while others are useful to the visitor because they can safely store, for example, the user name or the language settings. The advantage of having cookies installed in your PC is that you no longer need to fill out the same information every time you want to access a website visited previously.

CMAS uses cookies in order to provide its users with a browsing experience modeled as much as possible around the user's preferences and so that at each visit of the Website it is not necessary to enter, again, the same information. Cookies are also used in order to optimize the performance of the Website: they, in fact, make it easier browsing and search for specific elements in the Website.

Cookies used by our Website are as follows:

Cookie	Purpose	Expires	Additional info
JSESSIONID	HTTP Session token used for users' Authentication	Browser session
COOKIE_AGREE	Web site usability, not to show cookie disclaimer once it is accepted	5 years
Google reCAPTCHA: CONSENT, PREF, NID, HSID, APISID, SID	These are the cookies used by the google reCAPTCHA	Browser session	Google privacy information

We also inform you that the user can, freely and at any time, configure his/her privacy parameters in relation to the installation and use of cookies, directly through the browser following the related instructions.

In particular, the user can set the so-called "incognito browsing", thanks to which his/her browser interrupts the recording of the history of visited sites, any passwords entered, cookies and other information on the pages visited.

Please note that in the event that the user decides to disable all cookies (including those of technical nature), the quality and speed of services offered by this Website may worsen and the access to some sections of the Website could be impractical.

The data described above will be processed by CMAS or by subjects designated by the Confederation as data processors (article 28 of the GDPR), in Italy or in the European Union. They will also be communicated to third parties authorized to provide services related to the activities of the Website and, in particular, to suppliers of technological and telematics services, which will provide for the temporary storage of the same and their process for the purposes defined in § 2 (purposes of processing).

The data generated during browsing on the Website are processed with automated and / or manual tools, for the time strictly necessary to achieve the purposes for which they were collected.

In any case, the process will be carried out with the aid of tools and procedures suitable for guaranteeing security and confidentiality in compliance with the relevant legislation. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

As the services indicated in this notice will be processed by CMAS with the support of ID Sport Ltd., incorporated under the laws of Malta, with office at 171, Old Bakery Street, Valletta, VLT 1455 Malta. ID Sport Ltd. is designated by CMAS as Data Processor (Article 28 of the GDPR).

The Servers Hosting Provider is ElasticHosts Ltd. - registered in England and Wales, no. 03888886 - which has its headquarters at 252-254 Blyth Road, Hayes, Middlesex UB3 1HA, United Kingdom - is, in its turn, identified by ID Sport Ltd. as its own Data Processor (therefore it is sub-Processor for processing against of CMAS).

Anyone in the position of data subject / user, has the right, at any time, to exercise the rights referred to in Articles 15-22 of the GDPR and, in particular, to obtain from the data controller confirmation that it is or not in progress a processing of personal data concerning him/her and in this case, he/she has the right to access them.

Furthermore, he / she has the right to ask the data controller to rectify or delete personal data or limit the processing that concerns them or to oppose their process, in addition to the right to data portability.

The data subject also has the right to lodge a complaint with a supervisory authority (in Italy it is the Italian Data Protection Authority).

To exercise your rights or any information regarding the protection of your personal data, you can contact CMAS at the headquarters located headquartered in Rome (Italy), Viale Tiziano 72 by writing a letter to the office or by sending an email.