REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
Fondazione Bambini e Autismo Onlus (hereinafter the “Foundation”) protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. As required by the European Union Regulation no. 679/2016 (“GDPR”), and in particular to art. 13, below we provide the user (“Interested”) with the information required by law relating to the processing of their personal data.
1. Who we are and what data we process (Article 13, 1st paragraph, letter a, Article 15, letter b GDPR)
The Foundation, in the person of its legal representative p.t., with registered office in via A. Vespucci 8 / A 33170 Pordenone, operates as Data Controller and can be contacted at firstname.lastname@example.org and collects and / or receives information concerning the interested party, such as:
The Foundation does not require the interested party to provide so-called data “Particular”, or, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.
The Data Controller has appointed a Data Protection Officer – DPO who can be contacted for any information and request:
1. For what purposes do we need the data of the interested party (Article 13, 1st paragraph of the GDPR)
1. Purpose of the treatment
The data is used in order to manage the relationship with the user for
• subscription to the newsletter relating to:
activities, events, projects, fundraising initiatives of the Officina dell’Arte and BA Foundation (of which the Officina dell’Arte is a part) and any partners who collaborate in their non-profit mission
• promotion and sale of solidarity products on the site.
1. Processing methods
The data processing can take place, in an automated way, in the following ways: e-mail, sms, telephone contact. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time.
The personal data of the interested party may also be processed for profiling purposes (such as analysis of the transmitted data and the selected Services / Products, proposing promotional messages in line with the choices made by the users themselves and with the social purposes of the Foundation) exclusively in the case in which the interested party has provided explicit and informed consent. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time
1. IT security
The Data Controller, also through third parties strictly necessary for the provision of the service specified in point 2.a (eg hosting service providers, newsletter service providers, site developers, Paypal for donations / solidarity purchases), personal data of the interested party with measures designed to guarantee an adequate level of security, to prevent unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. The Data Controller will promptly inform the Data Subjects, if there is a particular risk of violation of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to notifications of violation of personal data.
2. What happens if the interested party does not provide his data identified as necessary for the performance of the requested service? (Article 13, paragraph 2, letter and GDPR)
The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested Product. If the interested party does not provide the personal data expressly provided as necessary in the order form or the registration form, the Data Controller will not be able to proceed with the processing related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.
If the user who has made an online purchase does not want promotional communications, he can, upon receipt of the first newsletter, independently proceed with the cancellation using the “unsubscribe” button contained therein, or send a request for cancellation via email to infomedia @ bambinieautismo.org
3. Where we process the data of the interested party
The personal data of the interested party are stored in paper, computerized and telematic archives located in countries where the GDPR is applied (EU countries).
4. How we process the data of the interested party (Article 32 of the GDPR)
The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the data subject’s personal data and imposes similar security measures on third party suppliers and Managers.
5. How long are the data of the interested party kept? (Article 13, paragraph 2, letter a GDPR)
Unless they explicitly express their will to remove them, the personal data of the interested party will be kept as long as they are necessary with respect to the legitimate purposes for which they were collected.
It should also be added that, in the event that a user forwards unsolicited or unnecessary personal data to the Foundation for the purpose of carrying out the requested service or providing a service strictly connected to it, the Foundation cannot be considered the owner of these. data, and will delete them as soon as possible.
Furthermore, personal data will in any case be kept for the fulfillment of legal obligations (eg tax and accounting)
6. What are the rights of the interested party? (articles 15 – 20 GDPR)
The Foundation informs that the legislation provides that the interested party has the right to obtain from the data controller the following: a) confirmation that personal data concerning him is being processed and, in this case, to obtain the access to personal data and the following information:1. the purposes of the processing;
2. the categories of personal data in question; |
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations;
4. when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
5. the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the data subject, all available information on their origin;
8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
9. the adequate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred
10. the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In the event of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs.
11. the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay
12. the right to obtain from the data controller the cancellation of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law always exist; and in any case if the processing is not justified by another equally legitimate reason;
13. the right to obtain from the data controller the limitation of processing, in the cases provided for by art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in a reasonable time, also of when the suspension period has been completed or the cause of the limitation of the processing has ceased, and therefore the limitation itself has been revoked;
14. the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort.
15. the right to receive personal data concerning him in a structured format, commonly used and readable by an automatic device and the right to transmit such data to another data controller without impediments by the data controller to whom he provided them , in the cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to the other, if technically feasible. For any further information and in any case to send your request, you must contact the Data Controller at email@example.com. In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.
16. How and when can the interested party oppose the processing of their personal data? (Art. 21 GDPR)
For reasons relating to the particular situation of the interested party, the same may oppose at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities (see above), by sending the request to the Data Controller. address firstname.lastname@example.org, email@example.com.
The interested party has the right to have their personal data deleted if there is no legitimate overriding reason for the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.
17. To whom can the interested party lodge a complaint? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one that carries out its duties and exercises its powers. in the Member State where the violation of the GDPR took place. Any update of this Information will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the data of the interested party for purposes other than those referred to in this Information before proceeding and following the manifestation of the relative consent of the ‘Interested if necessary.
COOKIES: General information, deactivation and management of cookies.
Cookies are data sent from the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or its subdomains. In any case, the user can manage or request the general deactivation or deletion of cookies by changing the settings of their internet browser. This deactivation, however, may slow down or prevent access to some parts of the site. The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform these operations, we suggest that the User consult the manual of his device or the “Help” function or “Help” of your internet browser. Below are the links that explain how to manage or disable cookies for the most popular internet browsers:
• Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
• Opera: http://help.opera.com/Windows/10.00/it/cookies.html
• Safari: https://support.apple.com/kb/PH19255
The use of technical cookies, ie cookies necessary for the transmission of communications over an electronic communications network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site. Session cookies may be installed in order to allow access and stay in the reserved area of the portal as an authenticated user. Technical cookies are essential for the proper functioning of our website and are used to allow users to navigate normally and to take advantage of the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of the navigation until the browser is closed, and persistent cookies that are saved in the memory of the user’s device until their expiration or cancellation by the user. same. Our site uses the following technical cookies:
• Technical navigation or session cookies, used to manage normal navigation and user authentication;
• Functional technical cookies, used to store customizations chosen by the user, such as, for example, the language;
• Technical analytics cookies, used to know the way in which users use our website so as to be able to evaluate and improve its functioning.
Third party cookies
Third-party cookies may be installed: these are cookies, analytical and profiling, of Google Analytics, Youtube, and Facebook. These cookies are sent from the websites of the aforementioned third parties external to our site. Third-party analytical cookies are used to detect information on user behavior on the site. The survey takes place anonymously, in order to monitor performance and improve the usability of the site. Third-party profiling cookies are used to create profiles relating to users, in order to propose promotional messages in line with the choices made by the users themselves.
The use of these cookies is governed by the rules established by the third parties themselves, therefore, Users are invited to read the privacy policies and instructions for managing or disabling the cookies published on the following web pages:
For Google Analytics cookies:
– instructions to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
For Facebook cookies:
– instructions to manage or disable cookies: https://www.facebook.com/help/cookies/
They can be installed by the Owner (s), using the so-called software. web analytics, profiling cookies, which are used to prepare detailed and real-time analysis reports relating to information on: visitors to a website, search engines of origin, keywords used, language of use, most visited pages. They can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.