Privacy Policy
Information on the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 [“GDPR”] and Legislative Decree 30.6.2003 n. 196 [“Privacy Code”]
This privacy notice aims to provide maximum transparency on how the personal data of those requesting registration for event or training services, online donations, job applications, volunteer activities, inquiries about institutional activities, and purchases of solidarity products [“The Services”] are processed.
Data Controller
The Data Controller is the Fondazione Patrizio Paoletti per lo Sviluppo e la Comunicazione (VAT: 94092660540), based in Rome, Via Nazionale 230; email [fondazione@fondazionepatriziopaoletti.org](mailto:fondazione@fondazionepatriziopaoletti.org); certified email [fondazionepatriziopaoletti@pec.it](mailto:fondazionepatriziopaoletti@pec.it); phone 06 8082599 [“The Controller”].
The Data Controller has appointed a Data Protection Officer (DPO) pursuant to Art. 37 of the GDPR, Dr. Ilaria Sterpa. You may contact the DPO at any time and send any questions or requests regarding your personal data and privacy by writing to [privacy@fondazionepatriziopaoletti.org](mailto:privacy@fondazionepatriziopaoletti.org).
Personal data processed
When registering for the Services, you will be asked to provide your contact details, such as name, surname, email address, phone number, and optionally, social media contact.
Purposes of personal data processing, legal basis, and retention periods
- Use of the Services and obligations of the Controller
If processing is necessary for:
- your use of the Services, the legal basis is the necessity of performing the contract to which the data subject is a party (Art. 6, para. 1, letter b) – GDPR;
- analyzing the quality of the Services and your satisfaction, including for Service improvement, the legal basis is the legitimate interest of the Controller (Art. 6, para. 1, letter f) – GDPR;
- the Controller's legal obligations, the legal basis is the fulfillment of a legal obligation of the Controller (Art. 6, para. 1, letter c) – GDPR;
- the protection of a right of the Controller, the legal basis is the legitimate interest of the Controller (Art. 6, para. 1, letter f) – GDPR.
Retention period: once the need related to the use of the Services and analysis of their quality and user satisfaction ceases, the personal data provided will be used and retained for the time necessary to fulfill the Controller's legal obligations and to protect its rights within the statute of limitations.
- Sending communications regarding the Controller's initiatives
The Controller may use your email address to send informational messages, including via automated tools, about initiatives similar to the Services: in this case, the legal basis is Art. 130, paragraph 4, of the Privacy Code. You are always free to inform us if you do not wish to receive further communications of this type.
The Controller may use your email, phone number, and social contacts to send informational and promotional messages on its initiatives, even different from the Services, including newsletters and market research, via automated tools (email, SMS, fax, MMS, messages on social networks, WhatsApp, Messenger, instant messaging apps) and non-automated means (postal mail, phone calls): in this case, the legal basis will always be your consent, which you are asked to freely provide when registering for the Services.
Retention period: for these purposes, the data provided, unless consent is revoked, will be retained for a maximum of 36 months, determined by the Controller considering that the planning and implementation of its projects and initiatives refer to periods not shorter than this.
- Sharing personal data
If you wish, the Controller may share your personal data, including email, phone, and social contacts, with its Partners operating in related but distinct areas, with whom it has partnership agreements to develop significant synergies and optimizations for achieving respective social objectives.
Sharing your data will allow the Partners, who will become independent data controllers, to send you informational and promotional messages about their initiatives, including newsletters and market research, via automated and non-automated tools.
Again, the legal basis will always be your consent, freely provided at the time of registration for the Services.
Retention period: for these purposes, data provided, unless consent is revoked, will be retained for a maximum of 36 months, determined considering that the projects and initiatives carried out in synergy with the Partners cover periods not shorter than this.
- Social Network Profiles and Pages
Fondazione Patrizio Paoletti per lo Sviluppo e la Comunicazione manages its pages on major social networks (e.g., Facebook, Instagram, YouTube) to promote its activities, publishing informational and promotional messages about initiatives, services, and fundraising campaigns.
Those accessing and following the Foundation's social profiles and pages express the intention to follow activities and receive information, including promotional messages. In this case, sending messages via these channels is lawful if it is clear from the context and the platform's operation that the user has implicitly consented to receive messages regarding initiatives, services, and fundraising campaigns.
Retention period: for these purposes, data will be used until the user decides to stop following the social network pages, as unsubscribing indicates revocation of consent to receive messages.
Consequences of refusal to provide data and consequences of refusal to give consent
- Failure to provide data required for the use of Services and Controller obligations will prevent the Controller from processing your registration.
- Failure to give CONSENT for processing personal data for promotional communications and sharing with Partners will not have any consequence. You may revoke it at any time without affecting the lawfulness of processing based on consent given before revocation.
Data processing methods and security measures
Personal data will be processed for the purposes for which they were collected, mainly through IT, telematic, and manual tools, adopting security measures to minimize risks of unauthorized or accidental disclosure, access, modification, loss, or destruction.
Disclosure and categories of recipients
Personal data will not be disclosed under any circumstances.
Personal data will be processed by authorized personnel and data processors bound to the Controller by specific agreements.
Except for sharing with Partners with your consent (always revocable), the Controller may disclose data to third parties (Public Authorities, Police, or other Public and Private Subjects) only to fulfill contractual, legal, or regulatory obligations.
Transfer to Third Countries
Data is processed in European Union countries. Transfers to non-EU countries will only occur to countries deemed adequate by the European Commission or with adequate safeguards (e.g., “standard clauses”) and provided that data subjects have enforceable rights and remedies as per applicable law.
Rights of Data Subjects
As a Data Subject, you may exercise the rights under Articles 15–21 of Regulation 679/2016, requesting access, correction, deletion, or restriction of your data.
You also have the right to object for legitimate reasons and the right to data portability.
To exercise these rights and revoke consent, you may contact the Controller by any means you consider appropriate, using the contact details above.
Finally, as a Data Subject, you have the right to lodge a complaint with the supervisory authority of your member state or take legal action (Art. 79 GDPR).
For Italy: The supervisory authority is the Italian Data Protection Authority, Piazza Venezia n. 11 – 00187, Rome (RM) – email: [garante@gpdp.it](mailto:garante@gpdp.it) – certified email: [protocollo@pec.gpdp.it](mailto:protocollo@pec.gpdp.it) – website: [www.garanteprivacy.it](http://www.garanteprivacy.it).
Last update of this notice:
23.02.2022
FONDAZIONE PATRIZIO PAOLETTI PER LO SVILUPPO E LA COMUNICAZIONE