Information according to art. 13 of the EU Regulation n. 679/2016 (“GDPR”)

The Maruzza Lefebvre Foundation D’Ovidio Onlus (hereafter “Foundation”) protects the confidentiality of personal data and guarantees their protection from any event that could put them at risk of violation. As required by the European Union Regulation n. 679/2016 (“GDPR”), and in particular art. 13, the information required by the law concerning the processing of personal data of the user (“Data subject”) is provided below.

Who we are and what data we treat (article 13, paragraph 1 letter a, article 15, lett. b GDPR)

The Foundation, in the person of their legal representative p.t., with registered office in Via del Nuoto 11, 00135 – Rome, operates as Data Controller and can be contacted at the e-mail address segreteria@maruzza.org and collects and/or receives information regarding the Data subject, such as:

e-mail

Name and surname

The Foundation does not require the Data subject to provide the so called  “sensitive data”, e.g., according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify an individual, data pertaining health or sex life or sexual orientation of the person.

For what purposes we need the data of the interested party (art. 13, paragraph 1, GDPR)

1. Purpose of the processing

Data are collected by the Data Controller with the purpose of managing the relationship with the Data subject in order to send newsletters and communications regarding events, conference activities, training and fundraising initiatives.

2. Processing methods

The data processing can be done in an automated way, with the following methods: e-mail, SMS, telephone contact. The legal basis of these treatments is the consent provided by the Data subject prior to the treatment, which is freely revocable by the Data subject at any time.

3. Computer security

The Data Controller treats, also through third parties strictly necessary for the provision of the service specified in point 2 (e.g. hosting service providers, newsletter service providers, site developers, Paypal for donations), the personal data of the Data subject with measures which guarantee an adequate level of security, to prevent unforeseen events or illegal or malicious acts compromising the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. The Data Controller will promptly inform the Data subject in case of a particular risk of violation of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR concerning the notifications of personal data breach

 What happens if the Data subject does not provide his data required as necessary for the execution of the requested service? (Article 13, paragraph 2, lett. e GDPR)

The collection and the processing of personal data are necessary to provide the requested services. Should the Data subject not provide the personal data expressly required as necessary in the registration forms, the Data Controller may not process the treatment related to the management of the requested services, nor to the relevant obligations.

Should the Data subject no longer wish to receive communications, he/she can proceed independently to the cancellation through the “unsubscribe” button contained in each communication, or by sending a cancellation request by e-mail to segreteria@maruzza.org

Where we process the Data subject data

The personal data of the Data subject are stored in paper, electronic and telematic archives located in countries where the GDPR is in power (EU countries).

How we treat the data of the Data subject (art. 32 GDPR)

In order to preserve the confidentiality, the integrity, and the availability of the personal data of the Data subject, the Data Controller implements adequate security measures and imposes similar requirements to third party suppliers and Data Processors

How long are the Data subject data stored? (Article 13, paragraph 2, letter a GDPR)

Unless the Data subject explicitly requests to remove them, the personal data will be stored for the adequate time concerning the legitimate purposes for which they were collected.

Besides, personal data will, in any case, be stored for the fulfillment of the obligations provided by law (e.g. tax and accounting)

What are the rights of the Data subject? (articles 15 – 20 GDPR)

The Foundation informs that the law provides that the Data subject has the right to obtain from the data controller the evidence that any processing of personal data concerning the Data subject is being carried out and, in such case, to obtain access to personal data and to the following information:

  1.  the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to ask the controller the rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where personal data are not collected from the data subject, any available information as to their source;
  8. the existence of an automated decision-making process, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
  9. the appropriate safeguards provided by the third country (outside the EU) or an international organization protecting any transferred data;
  10. 1 the right to obtain a copy of the personal data subject processed, provided that this right does not affect the rights and freedoms of others; in case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs;
  11. 1 the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay;
  12. 1 the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay, if the conditions provided by the GDPR to the art.17 are met, among which, for example, if they are no longer necessary for the processing or if this is assumed to be illegal, and igiven thatthe conditions established by law are met; and, in any case, if the treatment is not justified by another equally legitimate reason;
  13. 1 the data subject shall have the right to obtain from the data controller restriction of processing in the cases provided for by art. 18 of the GDPR, for example when the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data. The Data subject must be informed, within a reasonable time, about the suspension period or the reason for the limitation of the processing has ceased, and therefore the limitation itself revoked;
  14. 1 the right to obtain communication from the Data controller about the recipients to whom the requests for corrections or cancellations or limitations of processing have been transmitted, unless this proves to be impossible or involves a disproportionate effort;
  15. 1 the right to receive the personal data concerning him/her in a structured, commonly used and machine-readable format, and the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data have been provided, in the cases provided by art. 20 of the GDPR, and the right to obtain the data portability from one data controller to the other, if technically feasible

How and when can the Data subject object to the processing of their personal data? (Art. 21 GDPR)

For reasons related to his/her particular situation, the Data subject may object at any time to the processing of his/her personal data if it is based on legitimate interest or if it occurs for promotional activities, sending the request to the Data Controller at segreteria@maruzza.org. The Data subject has the right to the cancellation of his/her personal data if the Data controller has no legitimate reason prevailing the one that gave rise to the request.

To whom can the Data subject lodge a complaint? (Art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the Data subject may lodge a complaint to the competent authority in the Italian territory (Autorità Garante per la protezione dei dati personali) or to the correspondent authority in the Member State where the violation of the GDPR has occurred. Any update to this document will be promptly communicated by any appropriate means; it will also be communicated in case the Data controller intends to further process the personal data for a purpose other than that for which the personal data were collected: in such case, the data controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information and upon collection of the Data subject’s consent if necessary.

COOKIES: General information, deactivation, and management of cookies.

Cookies are data sent by the website and memorized in the Data subject’s computer or other devices (for example, tablets or mobile phones) by the internet browser. Technical cookies and third-party cookies may be installed from our website or related subdomains. In any case, the Data subject can manage or request the general deactivation or cancellation of cookies by changing the settings of the internet browser in use. However, the deactivation may slow down or prevent access to some parts of the site. The settings to manage or deactivate cookies may vary depending on the internet browser in use; for further information, we suggest to consult the manual of the device or the “Help” function of the internet browser. The links below explain how to manage or disable cookies for the most popular Internet browsers:

Technical cookies

The use of technical cookies, e.g. the necessary cookies for the transmission of communications over the electronic communication network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site. Session cookies may be installed to allow access and keep the connection in the reserved area of ​​the portal as an authenticated user.. Technical cookies are essential for the proper functioning of our website and are used to allow users the normal browsing and the possibility of using the advanced services available on our website. The technical cookies in use include session cookies, which are stored exclusively for the duration of the navigation until the browser is closed, and persistent cookies that are saved in the memory of the user’s device until their expiry or cancellation by the user himself.  Our site uses the following technical cookies:

  • Technical navigation or session cookies, used to manage normal browsing and user authentication;
  • Functional technical cookies, used to store personalizations chosen by the user, such as, for example, the language;
  • Analytics technical cookies, used to know how users use our website in order to evaluate and improve the operation.

Third-party cookies

Third-party cookies may be installed: these are analytics and profiling cookies of Google Analytics, Youtube, and Facebook. These cookies are sent by the websites of the aforementioned third parties external to our site. Analytical cookies of third parties are used to collect information on the behavior of users on the site. The collection takes place anonymously, to monitor performance and improve the site usability. Third-party profiling cookies are used to create Data subject profiles, to propose promotional messages in line with the choices made by the Data subjects themselves.

The use of these cookies is governed by the rules established by the third parties themselves, therefore, Data subjects are invited to read the privacy information and instructions for managing or disabling cookies published in the following web pages:

For Google Analytics cookies:

– privacy policy: https://www.google.com/intl/it/policies/privacy/

https://policies.google.com/technologies/types?hl=it

– instructions to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it

 For Facebook cookies:

– privacy policy: https://www.facebook.com/privacy/explanation

– indications to manage or disable cookies: https://www.facebook.com/help/cookies/

 

Profiling cookies

They can be installed by the Data controller, using software of so called web analytics, profiling cookies, which are used to prepare detailed, real-time analysis reports on information about: website visitors, search engines used, keywords used, language utilized, most visited pages. These cookies can collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.