Privacy Policy
The Fondazione CRC Donare ETS, headquartered at Via Roma, 17 – 12100 Cuneo, VAT No. 96101160040, as Data Controller, informs you that the processing of your personal data will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality. Therefore, your personal data will be processed in accordance with the provisions of the Applicable Legislation and the confidentiality obligations therein.
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is the Fondazione CRC Donare ETS, headquartered at Via Roma, 17 – 12100 Cuneo, VAT No. 96101160040, whose details are also available on the website’s homepage and/or other webpages.
The Data Protection Officer is lawyer Luisa Di Giacomo, with an office in Turin, Corso Vittorio Emanuele II no. 76, and can be contacted at the e-mail address: dpo@fondazionecrcdonare.it
2. PERSONAL DATA SUBJECT TO PROCESSING
“Personal Data” refers to any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
The Personal Data collected by the Site are as follows:
a. Browsing Data
The Site’s IT systems collect certain Personal Data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified individuals, but by their very nature could allow users to be identified through processing and association with data held by third parties. This includes IP addresses or domain names of the devices used to connect to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, numerical codes indicating the status of the server’s response (successful, error, etc.), and other parameters related to your operating system and IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to ensure its proper functioning; to allow – considering the system’s architecture – correct delivery of the requested functions, for security reasons and to ascertain liability in the event of hypothetical computer crimes against the Site or third parties. These data are deleted after 7 days; in any case, they are stored by the Data Controller only for the strictly necessary time and in accordance with current legal requirements.
b. Data Voluntarily Provided
Through the Site, you may voluntarily provide Personal Data such as your name and e-mail address to request information regarding the services offered by the Controller, to contact the Controller via the “Contact Us” form, email, or to subscribe to the newsletter (or similar services). Users are free to provide their personal data, but failure to do so may make it impossible to obtain the requested service. The Controller will process these data in compliance with Applicable Legislation, assuming they relate to you or third parties who have expressly authorized you to provide them under a valid legal basis legitimizing the processing. In this case, you act as an independent data controller, assuming all legal obligations and responsibilities. You agree to fully indemnify the Controller against any complaints, claims, or demands for compensation arising from the processing of Personal Data through your use of the Site in violation of Applicable Legislation.
c. Cookies and Related Technologies
The Controller collects Personal Data via cookies. More information on the use of cookies and related technologies is available here.
3. PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING
The Personal Data you provide through the Site will be processed by the Controller for the following purposes:
a) to respond to user requests, for the execution of a contract to which you are a party or pre-contractual measures taken at your request (e.g. contact requests via the contact form or email, newsletter subscription, etc.); providing data is optional, but failure to do so will prevent the requested response or service;
b) statistical research/analysis on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring Site performance, traffic, and usability;
c) to comply with legal obligations to which the Controller is subject;
d) to establish, exercise or defend legal claims, or whenever the judiciary exercises its judicial functions.
The legal basis for processing Personal Data under point a) is the provision of a service or response to a request and does not require consent under Applicable Legislation.
The purpose under point b) does not involve the processing of Personal Data, whereas purposes c) and d) are legitimate data processing under Applicable Legislation, as once the data are provided, processing is necessary to comply with a legal obligation.
4. METHOD OF PROCESSING
Processing is carried out using manual, computerized, and telematic tools with logic strictly related to the aforementioned purposes and in a way that guarantees data security and confidentiality. You are expected to promptly notify any corrections, modifications, or updates. This processing may be carried out on behalf of the Controller for the aforementioned purposes and methods, and in compliance with adequate security and confidentiality standards, by companies, firms, entities, and external collaborators appointed as Data Processors and only for processing activities under their responsibility.
None of your personal data collected by the Controller fall within the “Special Categories of Personal Data” as defined by Art. 9 of EU Regulation 2016/679. Should such data be transmitted without your explicit written consent, they will be immediately deleted.
5. RECIPIENTS OF YOUR PERSONAL DATA
Your Personal Data may be shared, for the purposes described in Section 3, with:
a. entities necessary for providing the Site’s services, including, by way of example, email delivery and Site performance analysis or newsletter management systems, typically acting as external data processors appointed by the Controller;
b. individuals authorized by the Controller to process Personal Data, bound by confidentiality obligations or legal confidentiality duties (e.g. employees and collaborators);
c. judicial authorities when required by Applicable Legislation.
6. DATA TRANSFERS ABROAD
None of your personal data are transferred outside the European Union. The server hosting this Site is located within the European Union. The Site uses a secure communication protocol (https), protecting any data you may provide.
The Controller ensures that all electronic and paper processing of your Personal Data by Recipients complies with Applicable Legislation.
Should data transfers outside the European Economic Area occur, they will be based on an adequacy decision or on Standard Contractual Clauses approved by the European Commission.
7. DATA RETENTION
The Controller will process your Personal Data for the time strictly necessary to achieve the purposes described in Section 3. For example, Personal Data processed for the newsletter service will be stored until you unsubscribe. Except as above, the Controller will process your Personal Data for the period allowed by Italian law for the protection of its interests (Art. 2947(1)(3) Civil Code). For more information on the data retention period and the criteria used to determine it, you may contact the DPO at dpo@fondazionecrcdonare.it
8. YOUR RIGHTS
- Right of Access
You can obtain confirmation from the Controller as to whether or not Personal Data concerning you are being processed, and if so, access such data and the information under Art. 15 of the Regulation.
- Right to Rectification
You can request correction of inaccurate Personal Data and, taking into account the purposes of the processing, request completion of incomplete data.
- Right to Erasure
You may request erasure of your Personal Data if any of the conditions set out in Art. 17 of the Regulation apply (e.g. data are no longer necessary for the intended purposes, consent withdrawn, etc.). The Controller may retain data where necessary for legal obligations, public interest, or legal claims.
- Right to Restriction of Processing
You may request processing restriction under Art. 18 of the Regulation, for example, if you contest data accuracy or need data for legal claims while the Controller no longer needs them.
- Right to Data Portability
If processing is based on consent or a contract and is carried out by automated means, you may:
– receive your Personal Data in a structured, commonly used and machine-readable format;
– transmit those data to another data controller;
– request direct transfer to another controller, if technically feasible.
- Right to Object
You may object at any time to the processing of your Personal Data for public interest or legitimate interest purposes (including profiling). If exercised, processing shall cease unless there are compelling legitimate grounds or legal claims.
- Right to Lodge a Complaint
You may lodge a complaint with the competent Data Protection Authority (www.garanteprivacy.it), without prejudice to any other administrative or judicial remedy.
Requests regarding rights must be addressed to the Data Controller by email or to the DPO.
9. CHANGES
This Privacy Policy has been in effect since November 2024. The Controller reserves the right to modify or update it, in part or in full, including due to changes in Applicable Legislation. You will be informed of such changes as soon as they are introduced, and they will be binding upon publication on the Site. The Controller invites you to regularly check this section to stay informed of the most recent and updated version.