Dear User, thank you for visiting our site.
In the rest of the page we describe how the site is managed with reference to the processing of personal data of users who consult it.
WHY THIS NOTICE
This is an information provided pursuant to art. 13 of the European Regulation 2016/679 (hereinafter also “GDPR”) to those who interact with the web services directly provided by the Foundation.
Holder of the treatment
The data controller is the Company, whose references are present on the site in the “Contacts” section.
- a) processed in a lawful, correct and transparent way towards the interested party (“lawfulness, correctness and transparency”); at the time of the eventual provision of data, the interested party is provided with a summary but complete disclosure, in accordance with the provisions of art. 13 of the GDPR.
- b) collected for specific, explicit and legitimate purposes, and subsequently processed so that it is not incompatible with these purposes; the purposes of the processing of personal data are made known to the interested parties at the time of collection. Any new data processing, if unrelated to the stated purposes, are activated upon new information to the interested party and any request for consent, when required by the GDPR. In any case, personal data are not disclosed to third parties or disclosed without the prior consent of the interested party, except in cases expressly indicated by the GDPR;
- c) adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed (“data minimization”);
- d) Personal data are accurate and updated over time. They are also organized and stored so that the interested party is given the opportunity to know, if he wishes, what data has been collected and recorded, to check its quality and request its possible correction, integration, cancellation for violation of the law or opposition to the treatment and to exercise all other rights, pursuant to and within the limits of art. 15 and following of the GDPR, at the addresses indicated in the information on the site.
- e) stored in a form that allows the identification of the interested parties for a period of time not exceeding the achievement of the purposes for which they are processed;
- f) processed in such a way as to guarantee adequate security of personal data. They are protected by technical, IT, organizational, logistical and procedural security measures, against the risks of destruction or loss, even accidental, and of unauthorized access or unauthorized treatment.
These measures are periodically updated based on technical progress, the nature of the data and the specific characteristics of the treatment, constantly monitored and verified over time. The third parties that carry out support activities of any kind for the provision of the services requested by the Foundation, in relation to which they perform personal data processing operations, are designated by the latter as Data Processors and are contractually bound to respect of the measures for the security and confidentiality of the treatments. The identity of these third parties is available to users upon simple request.
The Foundation assumes no responsibility for:
the rules and methods of managing personal data of other websites, reachable from our pages through links and references;
the contents of any e-mail services, Web spaces, chat forums provided to users.
The treatments connected to the web services offered by this site take place at the Foundation, and possibly at the offices of the external Data Processors and are handled by data processors responsible for managing the services requested, for marketing activities – where requested by the user – data retention activities and occasional maintenance operations.
SCOPE OF DATA COMMUNICATION
The personal data provided may be communicated to third parties to fulfill legal obligations, in execution of orders from legitimate public authorities or even to enforce or defend a right in court. If necessary in relation to particular services or products requested, personal data may be disclosed to third parties who perform, as independent data controllers, functions strictly connected and instrumental to the provision of services or supply of products. Without communication, these services and products could not be provided. Personal data will not be disclosed, unless the requested service requests it.
DATA PROVIDED VOLUNTARILY BY THE USER
The types of personal data collected and processed on this site are those necessary for the provision of the various services provided. The collected data are processed using paper, automated and telematic methods and with logic strictly related to the purposes of the processing. Your telephone number and your e-mail address may also be used to offer the services. It is therefore clear that, if these data were not provided, those services that require the use of these tools cannot be provided. The legal basis for this treatment is your consent.
Any voluntary sending of e-mails to the addresses indicated on the site involves the acquisition of the sender’s address as well as any other information contained in the message; such personal data will be used for the sole purpose of carrying out the service or provision requested. The legal basis for this treatment is our legitimate interest in replying to your email.
It is useful to know that the software procedures of the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. Despite being information not intended to be associated with identified users, by their nature, if associated with other data held by third parties (e.g. your internet service provider), they could allow identification of users. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URL (Uniform Resource Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. These data are used only for anonymous statistics on the use of the site and to check its correct functioning. The Data Controller and, depending on the service requested, the Designated Managers retain, for a limited period according to the law, the route (LOG) of the connections / navigations made to respond to any requests from the judicial authority or other public body entitled to request this route for ascertaining any liability in the event of computer crimes. The legal basis for this treatment is our legitimate interest in being present on the web.
The collected data will be kept for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of conservation”, art.5, GDPR) or on the basis of the deadlines established by law. The verification of the obsolescence of the data stored in relation to the purposes for which it was collected is carried out periodically.
Apart from what is specified for navigation data, the user is free to give or not the personal data requested in the registration form to the services. On this form, however, some data may be marked as mandatory; it must be understood that these data are necessary for the provision of the requested service. If these data are not provided, the requested service cannot be provided.
At the time of the possible provision of data, according to the provisions of art. 13 of the GDPR, a summary but complete disclosure is made available to the interested party on the purposes and methods of the processing, on the mandatory or optional nature of the provision of data, on the consequences of failure to provide, on the subjects or categories of subjects to whom personal data can be communicated and the scope of dissemination of the data, on the criteria used for the cancellation of the data, on the legal basis of the processing, on the rights referred to in art. 15 and ss of the GDPR (access, integration, updating, correction, cancellation for violation of the law, opposition to processing, withdrawal of consent, complaint to the supervisory authority.), On the identity and headquarters of the Data Controller and Data Processors. The interested party is therefore called to express his informed, free, expressed consent in specific form and documented in the form provided by law, where required by the same. If the provision of personal data takes place in subsequent stages, additions to the information previously made may be provided and new consents to the processing will be required.
SECURITY MEASURES ADOPTED FOR THE PROTECTION OF THE DATA COLLECTED
The foundation uses “safe” architectures and technologies to protect personal data against undue disclosure, alteration or misuse. The protections activated against personal data are intended, in particular, to minimize the risks of destruction or loss, even accidental, of data, of unauthorized access or of treatment not allowed or not in accordance with the purposes of the collection. The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or the correction. The interested party also has the right to delete their data, to limit the processing, to the portability of the data as well as to oppose their treatment.
He also has the right to withdraw consent, should it be given, in the same ease with which he granted it, without prejudice to the lawfulness of the consent expressed before his revocation.