Notice on the processing of personal data pursuant to Articles 13 and 14 of regulation (EU) 2016/679 [“GDPR”] and legislative decree 30.6.2003 n. 196 [“Privacy Code”]
This notice on the processing of personal data is intended to provide utmost transparency on how personal data is processed by those who sign up for services of events or training course registration, online donations, applications for job positions, volunteer activities, requests for information on institutional activities, purchases of solidarity products. [“The Services”].
The Data Controller
The data controller is the Patrizio Paoletti Foundation for Development and Communication (cf: 94092660540), with headquarters in Rome, Via Nazionale 230; email firstname.lastname@example.org; pec email@example.com; telephone 06 8082599 [“The Data Controller”].
The data controller has appointed their own person in charge of the protection of personal data (Data Protection Officer) pursuant to art. 37 of the GDPR, Ms. Ilaria Sterpa. We remind you that you can contact the DPO at any time and send any questions or requests relating to your personal data and respect for your privacy by writing to firstname.lastname@example.org.
Personal data processed
When you register for the services, we will ask you to provide us with your contact details, such as your first name, last name, email address and, optionally depending on the type of service, telephone number, home address, date of birth, tax code.
The purposes of the processing of personal data, the legal basis and the respective retention periods
- The fruition of the services and the controller’s compliance
Where processing is necessary for:
- your use of the services, the legal basis is the need for the contract implementation which the interested party is part of (art. 6, par. 1, lett. b) – GDPR); the data controller may use your email address to send informational messages to you, also through automated tools, about their own initiatives similar to the services: in this case, the legal basis of the processing is art. 130, paragraph 4, of the privacy code. You will always be free to inform us of your decision not to receive further communication of this nature in the future.
- the legal obligations of the controller, the legal basis is the compliance to the controller’s legal obligation (art. 6, par. 1, lett. c) – GDPR).
- the protection of a right of the controller, the legal basis is the controller’s interest of the controller (art. 6, par. 1, lett. f) – GDPR).
Retention times: once the needs related to the use of the services cease, the personal data provided will be used and stored for the time necessary to fulfill the legal obligations of the controller and to ensure the protection of their rights within the prescribed period.
- Sending communications pertinent to the controller’s initiatives
The data controller may use your email address to send you informational messages, also through automated tools, about their initiatives similar to those of the services: in this case, the legal basis for the processing is art. 130, paragraph 4, of the privacy code. You will always be free to inform us of your decision not to receive further communication of this nature in the future.
The controller may use your email address, phone number and social contact, to send you information and promotional messages about their initiatives, including those different than the services, including the sending of newsletters and market research, through automated tools (e-mail, sms, fax, mms, messages on social networks, whatsapp, messenger, instant messaging applications online) and not (paper mail, telephone with operator): in this case, the legal basis of processing will always be represented by your consent, which you are asked to freely express at the time of registration to the services.
Retention time: with reference to these purposes, the data provided, unless you revoke your consent, will be retained for a maximum period of 24 months, determined to this extent by the controller in view of the fact that the planning and implementation of their projects and initiatives are referred to periods of time not shorter than that.
- Sharing of personal data
Lastly, if you wish, the data controller may share your personal data, including your email address, telephone number and social contact details, with their partners who carry out similar activities, albeit in different fields, with whom there is a partnership agreement for the development of significant synergies and optimization in order to achieve the respective social goals.
The sharing of your data will be aimed at allowing the partners in question, which will thus become independent data controllers, to send you information and promotional messages about their initiatives, including those other than the services, including the sending of newsletters and market research, through automated tools (e-mail, sms, fax, mms, messages on social networks, whatsapp, messenger, instant messaging applications online) and not (paper mail, telephone with operator).
Also in this case, the legal basis of the processing will always be represented by your consent, which you are asked to express freely at the time of registration to the services.
Retention times: with reference to these purposes, the data provided, unless you revoke your consent, will be retained for a maximum period of 24 months, determined to this extent by the controller in view of the fact that the planning and implementation of projects and initiatives carried out in synergy with their partners refer to periods of time not shorter than that.
Consequences of refusal to provide data and consequences of refusal to give consent
- Failure to provide your name, surname and email address for the purposes of using the services and compliance of the controller, will make it impossible for the controller to follow up on your request for registration to the services.
- Failure to provide CONSENT to the processing of personal data collected for the purposes of sending promotional communications and sharing with partners will not entail any consequences and, in any case, you will always be entitled to revoke it at any time and without affecting the lawfulness of processing based on the consent given before the revocation.
Processing modalities and security measures
Personal data will be processed for the purposes for which they were collected, mainly by means of computer, telematic and manual tools, adopting the necessary security measures to minimize the risk of disclosure or access to unauthorized or accidental third parties, unauthorized or accidental change, or loss and destruction, even if temporary.
Dissemination and recipient categories
Under no circumstances will personal data be disseminated.
Personal data will be processed by persons authorized to process and by data processors linked to the data controller by means of a specific agreement.
Except in the case of sharing data with their partners subject to your consent, which is always revocable, the controller may disclose personal data to third parties (public bodies, police or other public and private institutions), only in order to comply to contractual obligations with the interested party, the law, or regulation or legislation.
Transfer to Third Countries
The data are processed in countries belonging to the European Union. In case of transfer to countries not belonging to the European Union, the data will be transferred only to countries deemed capable of providing an adequate level of protection of personal data, as deemed adequate by the European Commission, or in the presence of adequate safeguards (e.g. “standard clauses”) and provided that the interested parties have enforceable rights and effective remedies, as required by current legislation.
Rights of the interested parties
As an interested party you can exercise the rights set forth in Articles 15 to 21 of European Regulation 679/2016, asking the data controller for access, rectification or cancellation, restriction of processing of your data.
In addition, you will always have the right to object to the processing for legitimate reasons, as well as the right to data portability.
In order to exercise these rights and to revoke your consent to the processing, you may address your requests to the data controller by any means deemed appropriate and, in any case, by contacting the data controller at the addresses indicated above.
Finally, again as an interested party, you will always have the right to lodge a complaint with a supervisory authority of the member state in which you usually reside, work, or in the place where an alleged violation has occurred or to take appropriate legal action (art. 79 of the GDPR).
For Italy: the supervisory authority is the guarantor authority for the protection of personal data, Piazza Venezia n. 11 – 00187, Rome (RM) – mail: email@example.com – mail pec: firstname.lastname@example.org, – website: www.garanteprivacy.it.
Last update of this notice: 23.2.2022
PATRIZIO PAOLETTI FOUNDATION FOR DEVELOPMENT AND COMMUNICATION