INFORMATION ON THE PROCESSING OF PERSONAL DATA ACCORDING TO ARTICLE 13 OF THE GENERAL REGULATION FOR THE PROTECTION OF PERSONAL DATA UE 2016/679
The Foundation Don Lorenzo Guetti, with its registered office in Quadra-Bleggio Superiore, frazione (hamlet) Larido 3, in place of its attorney, acting as the personal data controller voluntarily communicated by you (verbally, via e-mail, through website etc.), it gives you the following information pertaining to personal data treatment in accordance with article 13 GDPR (short for “report”).
1.DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS
Fondazione don Lorenzo Guetti
Frazione Larido 3 - 38071 Quadra - Bleggio Superiore (TN)
2. CONTACT DETAILS OF DATA PROTECTION OFFICER
Data Protection Officer (“DPO”)
Frazione Larido 3 - 38071 Quadra - Bleggio Superiore
3. PURPOSE OF PERSONAL DATA PROCESSING AND ITS LEGAL BASIS
Your personal data will be treated:
a) With your consent (article 7, GDPR) for the following goals:
different types of marketing activity, including information and advertising material distribution, dispatch of newsletters and publications
- attività di marketing di vario tipo, inclusa la distribuzione di materiale a carattere informativo e promozionale, l’invio di newsletter e pubblicazioni,
- handling of surveys and questionnaires, relative also to the degree of customers satisfaction
b)Without your consent (article 6 letters b,c,f GDPR) for the objectives below:
to fulfil the obligations generally provided by the data controller by laws and regulations, by community law, by requests by judicial Authority or to exercise the rights of the data controller (for example the right of defence in court).
The provision of data for the purposes referred to in section a) above is optional, with the consequence being that you may decide not to give your consent, which means to revoke it at all times. The data provision for the purposes referred to in section b) above is mandatory.
4. CATEGORIES OF PROCESSED PERSONAL DATA
Within the scope of treatments aims highlighted in paragraph 3 above, only personal data will be processed and these will concern, for example, name and surname, tax code, VAT number, residence, domicile, place of work, e-mail address or certified e-mail, telephone and fax number, employing company, role and/or company position etc
5. PROCESSING METHODS
The personal data processing of the user is carried out by means of collection, registration, organization, storage, consultation, elaboration, modification,selection, extraction, comparison, usage, interconnection, blocking, communication, deletion and destruction of data.
The user’s personal data are collected when sent directly to the Data Controller, by filling in forms designed for such a purpose, even as a part of contractual documents or collected by telephone by the operator in the context of pre-contractual activities. Data should be processed either manually in paper format or with electronic tools /automated, computerised and telematic. Data are collected and stored by the data controller in computer and paper records, as well as kept and controlled in such a way as to minimise the risks of destruction, including accidental loss, unauthorised access and unauthorised process or not conforming to the purposes of the collection. Data are processed by the staff or collaborators of the data controller, instructed to do so.
6. INFORMATION ON THE PROVISION OF PERSONAL DATA
The provision of personal data relating to processing is optional. However, partial or total failure to provide data will result in the partial or total inability to start or continue the relationship with the user, in so far as such data are necessary for their same execution.
Data provision for marketing aims is also optional. The user may then decide not to provide any data or deny consequently the possibility to process data already given: in this case it won’t be possible to receive any newsletter, commercial communication and advertising material, usually concerning the services offered by the data protector.
7. CATEGORIES OF PERSONAL DATA RECIPIENTS
For the aims referred to in paragraph 3, section a) above, personal data provided by you may be made accessible:
-to legal or supervisory Authorities, administrations, institutions and public corporations (national and international);
If the user expresses consent to the use of personal data for the purposes referred to in paragraph 3, section a) above, the same may be made accessible to the persons mentioned in the previous points.
8. STORING AND TRANSFER OF PERSONAL DATA ABROAD
Management and storage of personal data take place in the cloud and on servers located within the EU, owned by and/or in the availability of the data collector and/or third-party companies entrusted, duly appointed as data processors. In the field of contractual relations management no transfer of the user’s data is provided towards non-EU countries nor to international organisations. Your personal data will not be subject to general disclosure.
9. DATA STORAGE PERIOD
Personal data, collected for the purposes referred to in paragraph 3, paragraph a) may be processed and stored by the data controller until the consent revocation by the user or until the user exercises the right to object to data process or deletion.
RIGHTS YOU CAN EXERCISE
Right of access: obtaining confirmation of whether or not the processing of personal data that concern you is underway and, in this case, receiving information relating, in particular, to: processing purpose, processed personal data categories and period of storage, recipients to whom that may be communicated (article 15, GDPR).
Right to rectification: to obtain, without unjustified delay, the rectification of inaccurate personal data that concern you and the integration of incomplete personal data (article 16, GDPR)
Right to erasure: to obtain, without an unjustified delay, the erasure of personal data that concern you, in the cases provided by GDPR (article 17, GDPR)
Right to limitation: to obtain from joint-controllers processing limitation, in the cases provided by GDPR (article 18, GDPR)
Right to data portability: to receive personal data concerning you in a structured, commonly used and machine-readable format, provided by joint-controllers, including ensuring that the same are transmitted to another data controller without impediments, in the cases provide by GDPR (article 20, GDPR)
Right to object:To object to the process of personal data concerning you, unless there are legitimate reasons for the joint controllers to continue processing (article 21, GDPR)
Right to lodge a complaint with the supervisory authorities: to lodge a complaint with the Data Protection Authority.
You may exercise these rights by simply sending a request to the Data Protection Officer, stated above.
10. APPLICATION OF THE RIGHTS
The Data Subject (user) may at any time exercise their rights by sending an e-mail to firstname.lastname@example.org
To exercise the rights as indicated in this policy, as well as to receive any information relating to them, the user may contact the data controller or DPO that, through the designated structures, will take charge of the request and, without unjustified delay and at the latest within one month of its receipt, will provide the user with information relating to the action taken with regard to the request.
The application of rights by the user is free of charge under article 12 of the GDPR. Yet, in the case of manifestly unfounded or excessive requests, for their repetitiveness as well, the data controller may charge the user a reasonable fee, taking into account the administrative costs incurred for managing or denying the fulfilling of your request.