Privacy Policy

Personal Data Processing Notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 [“GDPR”] and Legislative Decree 30.6.2003 n. 196 [“Privacy Code”]

This personal data processing notice aims to provide full transparency regarding how the personal data of individuals registering for event or training services, online donations, job applications, volunteer activities, requests for information on institutional activities, or purchases of solidarity products [“The Services”] are processed.

Data Controller

The Data Controller is Fondazione Patrizio Paoletti per lo Sviluppo e la Comunicazione (VAT: 94092660540), based in Rome, Via Nazionale 230; email [fondazione@fondazionepatriziopaoletti.org](mailto:fondazione@fondazionepatriziopaoletti.org); certified email [fondazionepatriziopaoletti@pec.it](mailto:fondazionepatriziopaoletti@pec.it); phone 06 8082599 [“The Controller”].

The Controller has appointed a Data Protection Officer (DPO) pursuant to Art. 37 GDPR, Dr. Ilaria Sterpa. You can contact the DPO at any time for any questions or requests regarding your personal data and privacy at [privacy@fondazionepatriziopaoletti.org](mailto:privacy@fondazionepatriziopaoletti.org).

Personal Data Processed

When registering for the Services, you will be asked to provide contact information, including your first name, last name, email address, phone number, and optionally social media contact.

Purposes of Data Processing, Legal Basis, and Retention Periods

1. Use of the Services and Controller obligations

Processing is necessary for:

1. using the Services; legal basis: performance of a contract in which the data subject is a party (Art. 6(1)(b) GDPR);
2. analyzing the quality of the Services and your satisfaction, including for service improvement purposes; legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR);
3. complying with legal obligations; legal basis: compliance with a legal obligation of the Controller (Art. 6(1)(c) GDPR);
4. protecting the rights of the Controller; legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).

Retention Period: once the purposes of using the Services and analyzing service quality and user satisfaction are fulfilled, personal data will be used and retained as long as necessary to comply with legal obligations and to protect the Controller’s rights within the statute of limitations.

2. Sending communications regarding the Controller’s initiatives

The Controller may use your email address to send informational messages, including automated tools, about initiatives similar to the Services; legal basis: Art. 130(4) Privacy Code. You are free to opt out at any time.

The Controller may use your email, phone number, and social contact to send informational and promotional messages on its initiatives, including newsletters and market research, via automated (email, SMS, fax, MMS, social media messages, WhatsApp, Messenger, instant messaging apps) and non-automated channels (postal mail, phone with operator). Legal basis: your consent, freely given during registration.

Retention Period: unless consent is revoked, such data will be kept for a maximum of 36 months, reflecting the typical duration of the Controller’s project planning and implementation.

3. Sharing Personal Data

If you wish, the Controller may share your personal data (email, phone, social contact) with its Partners conducting related activities, who will become independent data controllers, to send you informational and promotional messages about their initiatives, including newsletters and market research, via automated and non-automated channels.

Legal basis: your consent, freely given at registration.

Retention Period: unless consent is revoked, data will be kept for a maximum of 36 months.

4. Social Media Profiles and Pages

The Foundation operates official pages on major social networks (Facebook, Instagram, YouTube) to promote its activities, including fundraising campaigns.

By following these pages, users express their willingness to receive information and promotional messages. Such messaging is lawful if consent is implicitly clear from the user’s actions and provided information.

Retention Period: data will be used until the user decides to unfollow the social media pages, indicating withdrawal of consent.

Consequences of Not Providing Data or Consent

• Failure to provide data required for using the Services and fulfilling Controller obligations will prevent registration.
• Refusal to provide consent for promotional communications and Partner data sharing has no consequence, and you may revoke consent at any time without affecting prior lawful processing.

Processing Methods and Security Measures
Personal data will be processed for the purposes collected, mainly using IT, telematic, and manual tools, with necessary security measures to minimize unauthorized or accidental access, modification, loss, or destruction.

Disclosure and Recipients
Personal data will never be publicly disclosed. Data will be processed by authorized personnel and responsible parties under agreement with the Controller.

Except where sharing with Partners (subject to consent), the Controller may disclose data to third parties (public authorities, police, other public/private entities) only to fulfill contractual, legal, or regulatory obligations.

Transfer to Third Countries
Data is processed within the EU. Transfers outside the EU occur only to countries deemed adequate by the European Commission or under adequate safeguards (e.g., “standard clauses”) ensuring enforceable rights and remedies.

Data Subject Rights
As a data subject, you can exercise rights under Articles 15–21 GDPR: access, rectification, erasure, restriction, objection, and data portability.

You can revoke consent or exercise rights at any time by contacting the Controller.

You also have the right to lodge a complaint with a supervisory authority in your member state or initiate legal action (Art. 79 GDPR).

For Italy: the supervisory authority is the Garante per la Protezione dei Dati Personali, Piazza Venezia 11 – 00187, Rome (RM), email [garante@gpdp.it](mailto:garante@gpdp.it), PEC [protocollo@pec.gpdp.it](mailto:protocollo@pec.gpdp.it), website [www.garanteprivacy.it](http://www.garanteprivacy.it).

Last update: 23.02.2022

FONDAZIONE PATRIZIO PAOLETTI PER LO SVILUPPO E LA COMUNICAZIONE