POLICY PURSUANT TO ART. 13 OF EU REGULATION NO. 679/2016
(on the protection of natural persons with regard to processing personal data and the free movement of such data)
Fondazione CRC Donare, with registered office in Via Roma, 17 – 12100 Cuneo (Cn), Tax Code 96101160040 in its capacity as Data Controller, pursuant to art. 13 of EU Regulation no. 679/2016, hereby informs you that your data will be processed in accordance with the principles laid down in the General data protection regulation no. 679/2016, i.e. in compliance with the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality.
Types of data collected
The data to be processed is:
1. Browsing data
During their normal operation, the software procedures and IT system used to operate the websites acquire certain data, whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects but, by its very nature, could, through processing and association with data held by the Data Controller or third parties, allow users to be identified.
This category of data includes the IP addresses or the domain names of the devices used by users connecting to the website, the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
2. Personal, identification and contact data provided voluntarily by the user
Fondazione CRC Donare collects the personal data of its users when they voluntarily register to access a specific service or fill in a form. The data that Fondazione CRC Donare requires for registration is only that defined by “common” law (e.g. personal data); in no case are users ever asked to provide so-called “special” data (EU regulation no. 679/2016, art. 9). The website uses mandatory and optional fields for user registration purposes.
Source of the processed data
The Data Controller processes browsing data and personal data voluntarily provided by the data subject at the time of:
• direct contact to participate in events organised by Fondazione CRC Donare;
• previous relationships between the data subject and the Data Controller;
• submission of applications to calls for tenders, projects, etc.;
• interactions through the website (filling in the “contact us” form, the “work with us” form, the “use of the Meeting Room” request form);
• subscription to the newsletter service.
Purpose and legal basis of the processing
The personal data voluntarily provided by the data subject will be processed for the purposes indicated below.
Concerning browsing data: the data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the website in order to identify the pages preferred by users so as to provide increasingly suitable content and check its proper functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website.
Regarding personal, identification and contact data:
• in executing the relationship between the data subject and Fondazione CRC Donare, it may be processed to:
• carry out administrative-accounting activities closely connected with and instrumental to fulfilling fiscal and bureaucratic obligations and the organisational management of the services required;
• enable the provision of the requested services to the data subjects;
• formalise users’ requests for information and manage relationships with the data subjects;
• comply with the request to use the Meeting Room.
• Prior consent of the data subject to:
• send newsletters and communications with information on Fondazione CRC Donare initiatives or projects through a dedicated platform and allow the data subject to stop receiving them or to unsubscribe from the list of recipients.
When necessary under EU Regulation no. 679/2016, Fondazione CRC Donare requires the consent of the data subject before processing personal data. With explicit reference to marketing activities, it should be noted that, in the event of failure to provide specific consent to processing, it will not be possible to carry out such activities.
Cookies are files that can be stored in the memory of a user’s device. These facilitate navigation and make the website easier to use.
Cookies can be used to determine whether a connection has already been made between a user’s device and our pages. Only the cookie stored on a user’s device is identified.
Cookies on a website can be divided into the following main categories (non-exhaustive list):
• Session Cookies: are automatically deleted from the device at the end of each browsing session (when you close the browser);
• Permanent cookies: for practical reasons, these have a longer retention period which may vary depending on usage. For example, they can be used to “remember” access to the website, or to retain the contents of the shopping cart even after a period of time;
• Third-Party Cookies: these are not used directly by the website but are retrieved by third-party services that the website may integrate to improve the service and user experience.
This website does not use commercial profiling cookies.
To find out about the types of cookies used by this website go to the cookie page.
In case of presence of third-party cookies Fondazione CRC Donare declines all responsibility for any data collection and profiling that takes place in a manner not covered by the agreements entered into or based on unilateral amendments to those agreements with the third-party provider and, having become aware of it, shall immediately fulfil its legal obligations by removing the link to the application in question and providing due information and notice thereof.
The visitor may refuse or withdraw authorisation at any time by selecting the corresponding parameters in the specific browser options in use. Of course, you can also visit the website without cookies. Most browsers automatically accept cookies. You can prevent the automatic storage of cookies by selecting the “do not accept cookies” option from those proposed.
For more information on how to do this operation, please refer to your browser’s instructions at the following addresses (non-exhaustive list):
Microsoft Windows Explorer
Use this link for information on the cookies stored on your terminal and to deactivate them individually:
Using IP addresses
An IP address is a number automatically assigned to a user’s device every time they connect to the Internet through their Internet Provider or from a corporate LAN/WAN network using the same Internet protocols. The IP address is needed by the website server to be able to send information about the pages visited and to enable their contents to be viewed. In general IP addresses are anonymous, as they cannot be directly associated with an identified user, and are only used if necessary for statistical purposes.
Dissemination and communication of data
The personal data processed by the Data Controller will not be disseminated, i.e. it will not be disclosed to unspecified subjects, in any possible form, including by making it available or simply through its consultation. Only personal, essentially identifying data (name and surname) and photos collected during events organised by Fondazione CRC Donare may be disclosed and disseminated through the Data Controller’s website or through publication in newspapers, magazines or the press. Additional data collected (e-mail address, telephone number) will not be disseminated or disclosed.
Data is communicated to the recipients to the extent strictly necessary in relation to the purposes above. It may be communicated to workers employed by the Data Controller; in particular, based on the roles and tasks performed, some of them have been authorised to process personal data, within the limits of their competence and in accordance with the instructions given. It may also be communicated, to the extent strictly necessary, to external parties who cooperate with the Data Controller to provide services. It may also be communicated to subjects entitled to access it by virtue of legal provisions, regulations and EU legislation.
Finally, the data may be communicated to third parties belonging to the categories below:
• subjects that provide services to manage the IT system used and to operate the website;
• freelancers, firms or companies in the context of tax and labour law assistance and advisory relationships;
• credit institutions;
• competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request.
Fondazione CRC Donare does not transfer personal data to third countries or international organisations. However, it reserves the right to use cloud services, in which case the service providers will be selected from among those who give suitable guarantees, as provided for in art. 46 GDPR 679/16.
Data processing and storage methods
In relation to the purposes mentioned above, processing is carried out by using manual, computerised and telematic tools with logics that are strictly related to the above-mentioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data itself, by subjects specifically appointed in compliance with the provisions of art. 4 and the principle of accountability of the G.D.P.R., and you undertake to promptly notify us of any corrections, amendments and updates. Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorised access.
Some processing may be carried out on behalf of Fondazione CRC Donare for the purposes and with methods described above, and in compliance with appropriate criteria to ensure security and confidentiality, by companies, firms, bodies and external collaborators appointed as Data Processors and only insofar as the purposes and goals for which the data has been collected are concerned.
The Data Controller stores and processes personal data for the time necessary to fulfil the purposes indicated, or to carry out what has been requested by the user. Subsequently, personal data will be stored, and not further processed, for the time stipulated by applicable civil law and tax provisions.
Data processed for marketing purposes will be kept from the time the data subject has given consent until that consent is withdrawn.
Location of data processing
Processing related to the web services of this website takes place at the headquarters of Fondazione CRC Donare and is handled only by the technical staff appointed by the Data Controller, or by those responsible for occasional maintenance operations, if appointed. However, it may transit and reside, for the time necessary to perform the service, on the servers of Fondazione CRC’s external telematics service providers such as (for example, but not limited to) Internet service providers (ISPs) or e-mail service providers.
None of your personal data at Fondazione CRC Donare is covered by the definition of “special data” or “judicial data”.
Rights of data subjects
We also inform you that, pursuant to European Regulation no. 679/2016, the data subject has right to access (art. 15); right to rectification (art. 16); right to erasure (art. 17); right to restrict processing (art. 18); right to data portability (art. 20); right to object (art. 21); right to object to automated decision-making (art. 22).
In order to assert their rights, data subjects may contact the Data Controller, specifying the subject of their request, the right they intend to exercise and attaching a photocopy of an identity document confirming the legitimacy of the request, at the following address:
Spett. Fondazione CRC Donare
Via Roma, 17 – 12100 Cuneo
Or by sending an e-mail to the following address:
Withdrawing consent and lodging complaints
With reference to art. 6 of the GDPR 679/16, the data subject may withdraw the consent given at any time, except for that relating to the communication of data to third parties as provided for by law, the non-transmission of which could compromise the provision of the service in whole or in part.
The data subject has the right to lodge a complaint with the supervisory authority of the state of residence.
Refusal to provide data
The data subject may not refuse to provide the Data Controller with the personal data necessary to comply with the legal requirements governing commercial transactions and taxation. Providing additional personal data may be necessary to improve the quality and efficiency of the services offered. Therefore, refusal to provide the data required by law will prevent the provision of the services; while providing additional data may compromise in whole or in part the processing of other requests and the quality and efficiency of the relationship.
Persons acting in the name and on behalf of legal persons may refuse to give the Data Controller their personal data. However, providing this data is necessary for the proper and efficient management of the contractual relationship. Therefore, refusal to provide the data may jeopardise the contractual relationship in whole or in part.
As regards the data provided when subscribing to the newsletter service, the data subject may refuse to communicate it to the Data Controller, since providing such data is optional. However, completion of the fields indicated is essential in order to receive the requested newsletter.
Automated decision-making processes
The Data Controller makes use of:
• Google Analytics, to anonymously collect statistical information on the use of the website by users (number of accesses, most visited pages, geographical origin) and for tracking campaigns undertaken by the Data Controller;
• Google Forms, to carry out surveys, for satisfaction questionnaires and event planning;
• Eventbrite, to organise and promote events organised by Fondazione CRC Donare;
• Vimeo, to share and publish videos concerning events organised by Fondazione CRC Donare;
• Facebook, to share and publish photographs relating to events organised by the Data Controller. In addition, by interacting with the Fondazione CRC Donare Facebook page the user may become the target of campaigns run by the same Data Controller.
For a more in-depth analysis go to the cookies page.
The Data Controller is Fondazione CRC Donare with headquarters in Via Roma, 17 – 12100 Cuneo. The Data Controller guarantees the security, confidentiality and protection of the personal data in its possession at any stage of the data processing process. The updated list of internal and external Data Processors is available from the Data Controller.
Amendments to this policy
• EU Regulation no. 679/2016 – on the protection of natural persons with regard to processing personal data and the free movement of such data
• Leg. Decree no. 196/2003 – Personal data protection code (in the parts not repealed)
• Decisions of the EU Commission
• Guidelines and measures of the European Supervisory Authorities (WP29, European Data Protection Board)
• Directive 2002/58/EC, as updated by Directive 2009/136/EC, regarding Cookies.