Privacy Policy
The purpose of the present privacy policy is to provide information on the processing of personal data carried out by Fondazione Romeo ed Enrica Invernizzi when the User navigates and accesses the services of the present website “www.fondazioneinvernizzi.it”, hereinafter referred to as the Site".
1. DATA CONTROLLER
Fondazione Romeo ed Enrica Invernizzi, with registered offices in Corso Venezia 32, Milan, Italy, Postal Code 20121, Tax Code 91511400151 (hereinafter referred to as the Controller"), owner of the present website as Data Controller of the personal data of users (hereinafter referred to as the “Users”) who navigate and use the services available on the Site, hereby provides the privacy policy pursuant to Article 13 of EU Regulation 2016/679 of 27th April 2016 (hereinafter referred to as “Regulation", or "Applicable Legislation“).
2. HOW TO CONTACT US?
The Controller takes into the utmost consideration the right to privacy and protection of personal data of its users (hereinafter referred to as “Users” or “User”). For any information regarding the present privacy policy, Users may contact the Controller at any time, as follows:
– By sending a registered letter with return receipt to the Controller’s registered offices in Corso Venezia, 32 – Postal Code 20121, Milan, Italy;
– By sending an e-mail to: info@fondazioneinvernizzi.it
The Data Controller has not identified a Data Protection Officer (DPO), in that it is not subject to the designation obligation provided for in Article 37 of the Regulation.
3. PERSONAL DATA PROCESSED
User data collected by the Data Controller for the sole purpose of navigating the Site include: IP addresses used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of resources requested, time of request, the method used to submit the request to the server, the size of the file obtained in response, log files and other parameters relating to the User’s operating system and computer environment, the User’s first and last name, e-mail address and telephone number.
4. PURPOSE OF PROCESSING
Users’ personal data shall be lawfully processed by the Controller for the following purposes:
a) Request for contact and/or information by the User;
b) with the User’s consent, marketing purposes (i.e. newsletters).
The provision of personal data for the aforementioned processing purposes is optional but necessary, as failure to provide such data will make it impossible for the User to receive a reply to requests for contact and/or information submitted to the Controller, except for the purpose referred to in point b).
5. LEGAL BASIS
Execution of the contract or execution of pre-contractual measures relating to the Request for contact and/or information(as described in par. 3(b) above): the legal basis is Art. 6(1)(b) of the Regulation, i.e. processing is necessary for the execution of a contract to which the User is a party or the execution of pre-contractual measures taken at the User’s request.
Consent of the data subject for the processing relating to marketing activities (i.e. sending newsletters) (as described in par. 4.1 above), the legal basis is Article 6(1)(a) of the Regulation, i.e. the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller shall ask the User for the provision of a specific free and optional consent, to pursue such processing purpose.
6. PROCESSING METHODS AND DATA RETENTION PERIODS
The Data Controller shall process Users’ personal data by means of manual and computerised tools, using logics that are strictly related to the very purposes and, in any case, in such a way as to guarantee the security and confidentiality of data.
7. RETENTION TIME OF PERSONAL DATA
The personal data of Users requesting information through the Site shall be retained for the time that is strictly necessary to fulfil purposes indicated in paragraph 3 above, and in any case no longer than one year from the request.
Concerning marketing purposes, personal data are processed and retained for a maximum period of 24 months, unless the User withdraws his/her consent.
8. SCOPE OF COMMUNICATION AND DISCLOSURE OF DATA ABROAD
In addition to the Data Controller, external parties, such as technical service providers, hosting providers, IT companies and communication agencies, may have access to personal data and they may be appointed, if necessary, as data processors. The updated list of data recipients may be requested from the Data Controllers at addresses indicated at the bottom of the present policy.
Personal data will generally be processed within the European Economic Area (EEA). Any transfer of personal data outside the European Economic Area shall only take place after appropriate safeguards have been put in place, as required by applicable regulations.
9. RIGHTS OF INDIVIDUALS CONCERNED
With regard to personal data processed, the user may exercise the following rights:
Access | (i) The right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain information on the origin, purpose, category of data processed, recipients of communication and/or transfer of data, etc.; and (ii) the right to obtain a copy of personal data, provided that this does not infringe the rights and freedoms of others. |
Rectification | The right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, also by providing a supplementary declaration. |
Cancellation | The right to obtain from the Data Controller the erasure of personal data without undue delay if: personal data are no longer necessary in relation to the purposes of the processing; the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; personal data have been processed unlawfully; personal data shall be erased in order to comply with a legal obligation. |
Objection to processing | The right to object at any time to the processing of personal data that have a legitimate interest of the Controller as their legal basis. |
Restriction of processing | The right to object at any time to the processing of personal data that have a legitimate interest of the Controller as their legal basis. |
Data portability | The right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only in cases where the processing is based on consent or on a contract, and only for data processed by electronic means. |
Not to be subjected to automated decision-making | The right to require the Controller not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning the data subject or significantly affect him/her, unless such decisions are necessary for the conclusion or performance of a contract or are based on the consent given by the data subject. |
Complain to a supervisory authority | Without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing relating to him or her infringes the GDPR shall have the right to lodge a complaint with the supervisory authority of the Member State in which he or she resides or habitually works, or of the State in which the alleged infringement occurred. |
Withdrawal of consent | The data subject shall have the right to revoke his or her consent given for one or more of the purposes listed above at any time, without this affecting the lawfulness of the processing carried out by the Controller until revocation. |
***
The Data Controller shall not be deemed as liable for updating all the links displayed in the present Policy, therefore, whenever a link does not work and/or is not updated, Users shall acknowledge and accept that they shall always refer to the document and/or section of websites referred to in that link.
The aforementioned rights may be exercised vis-à-vis the Controller by writing to addresses indicated above and specifying “To the kind attention of HR Department”, or via certified e-mail to: info@fondazioneinvernizzi.it