Privacy Policy

Information on the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 [“GDPR”] and Legislative Decree 30.6.2003 n. 196 [“Privacy Code”]

This privacy notice is intended to provide maximum transparency on the methods of processing personal data of those requesting registration for event or training services, online donations, job applications, volunteer activities, requests for information on institutional activities, and purchases of solidarity products [“The Services”].

Data Controller

The Data Controller is the Fondazione Patrizio Paoletti per lo Sviluppo e la Comunicazione (tax code: 94092660540), based in Rome, Via Nazionale 230; email: fondazione@fondazionepatriziopaoletti.org; PEC: fondazionepatriziopaoletti@pec.it; phone: 06 8082599 [“The Controller”].

The Data Controller has appointed its own Data Protection Officer (DPO) pursuant to Art. 37 of the GDPR, Dr. Ilaria Sterpa. You are reminded that you can contact the DPO at any time and send any questions or requests regarding your personal data and privacy by writing to privacy@fondazionepatriziopaoletti.org.

Personal data processed

At the time of registration for the Services, we will ask you to provide your contact information, such as first name, last name, email address, phone number, and optionally, social contact.

Purposes of personal data processing, legal basis, and retention periods

1. Use of the Services and Controller obligations

Where processing is necessary for:

1. your use of the Services, the legal basis is the necessity for the performance of a contract to which the Data Subject is a party (Art. 6, para. 1, letter b) – GDPR;
2. analysis of the quality of the Services and your satisfaction, also for improving the Services themselves, the legal basis is the legitimate interest of the Controller (Art. 6, para. 1, letter f) – GDPR;
3. legal obligations of the Controller, the legal basis is compliance with a legal obligation of the Controller (Art. 6, para. 1, letter c) – GDPR;
4. protection of a right of the Controller, the legal basis is the legitimate interest of the Controller (Art. 6, para. 1, letter f) – GDPR.

Retention periods: once the needs related to the use of the Services and the analysis of their quality and user satisfaction cease, the personal data provided will be used and retained for the time necessary to comply with the Controller’s legal obligations and to ensure the protection of its rights within the statute of limitations.

2. Sending communications regarding the Controller’s initiatives

The Controller may use your email address to send informational messages, including through automated tools, on its initiatives similar to those of the Services: in this case, the legal basis is Art. 130, paragraph 4, of the Privacy Code. You will always be free to inform us of your decision not to receive such communications in the future.

The Controller may also use your email, phone number, and social contact to send informational and promotional messages on its initiatives, even those different from the Services, including newsletters and market research, through automated tools (email, SMS, fax, MMS, social network messages, WhatsApp, Messenger, online instant messaging apps) and non-automated means (postal mail, phone with operator): in this case, the legal basis will always be represented by your consent, which you are asked to freely provide at the time of registration for the Services.

Retention periods: regarding these purposes, the data provided, unless consent is revoked, will be retained for a maximum period of 36 months, determined by the Controller considering that the planning and implementation of its projects and initiatives refer to periods not shorter than this.

3. Sharing of personal data

If you wish, the Controller may share your personal data, including email, phone number, and social contact, with its Partners who carry out related activities, albeit in different areas, with whom there is a partnership agreement for developing significant synergies and optimizations in achieving their respective social purposes.

The sharing of your data will allow the Partners in question, who will become independent Data Controllers, to send you informational and promotional messages on their initiatives, even different from the Services, including newsletters and market research, through automated tools (email, SMS, fax, MMS, social network messages, WhatsApp, Messenger, online instant messaging apps) and non-automated means (postal mail, phone with operator).

In this case as well, the legal basis will always be represented by your consent, freely given at the time of registration for the Services.

Retention periods: for these purposes, the data provided, unless consent is revoked, will be retained for a maximum period of 36 months, considering that the planning and implementation of projects and initiatives carried out in synergy with the Partners refer to periods not shorter than this.

4. Social network profiles and pages

Fondazione Patrizio Paoletti per lo Sviluppo e la Comunicazione owns pages on the main Social Networks (e.g., Facebook, Instagram, YouTube) through which it promotes its activities by posting informational and promotional messages on initiatives, services, and fundraising campaigns for the pursuit of institutional purposes.

Those who access and follow the Foundation’s Social Network Profiles and Pages express their willingness to follow the activities and receive information, including promotional messages, conveyed through these channels. In this case, sending messages through these channels is considered lawful if, from the context and functioning of the social network and information voluntarily provided by the user, it is evident that the individual has implicitly consented to receive informational and promotional messages regarding initiatives, services, and fundraising campaigns.

Retention periods: regarding these purposes, the data will be used as long as the user chooses to follow the Social Network pages, as unsubscribing demonstrates revocation of consent to receive messages.

Consequences of refusal to provide data and of refusal to give consent

• Failure to provide the requested data for the purposes of using the Services and Controller obligations will make it impossible for the Controller to process your registration for the Services.
• Failure to provide CONSENT for the processing of personal data collected for promotional communications and sharing with Partners will have no consequences, and in any case, you always have the right to revoke it at any time without affecting the lawfulness of processing based on consent given before the revocation.

Processing methods and Security measures

Personal data will be processed for the purposes for which they were collected, mainly through IT, telematic, and manual tools, adopting the necessary security measures to minimize risks of unauthorized or accidental disclosure or access, unauthorized or accidental modification, or loss and destruction, even if temporary.

Disclosure and categories of recipients

Personal data will never be disclosed.

Personal data will be processed by authorized personnel and by Data Processors bound to the Controller by specific agreements.

Except in the case of sharing data with Partners subject to your consent, always revocable, the Controller may communicate personal data to Third Parties (Public Authorities, Police Forces, or other Public or Private Entities) only to fulfill contractual, legal, regulatory, or EU obligations.

Transfer to Third Countries

Data are processed in countries within the European Union. In case of transfer to countries outside the EU, data will only be transferred to countries deemed capable of providing an adequate level of protection for personal data, as recognized by the European Commission, or in the presence of adequate safeguards (e.g., “standard clauses”) and provided that Data Subjects have enforceable rights and effective remedies, as required by current legislation.

Data Subject rights

As a Data Subject, you may exercise the rights provided in Articles 15 to 21 of Regulation (EU) 679/2016, requesting access, rectification, or deletion, and limitation of your data processing.

You also have the right to object to processing for legitimate reasons, as well as the right to data portability.

To exercise these rights and to revoke consent to processing, you may contact the Controller by any suitable means and, in any case, using the contact details above.

Finally, as a Data Subject, you always have the right to lodge a complaint with the supervisory authority of the EU member state in which you habitually reside or work, or in the place where a presumed violation occurred, or to seek appropriate judicial remedies (Art. 79 GDPR).

For Italy: the supervisory authority is the Italian Data Protection Authority, Piazza Venezia n. 11 – 00187, Rome (RM) – email: garante@gpdp.it – PEC: protocollo@pec.gpdp.it, website: www.garanteprivacy.it.

Last update of this notice:

23.02.2022

FONDAZIONE PATRIZIO PAOLETTI PER LO SVILUPPO E LA COMUNICAZIONE