PRIVACY POLICY FOR THE PROCESSING OF PERSONAL DATA

COLLECTED FROM THE DATA SUBJECT

In relation to the provisions of Reg. EU 2016/679 (General Data Protection Regulation), we hereby provide the following information regarding the processing of personal data provided by the data subject

This Privacy Policy is provided pursuant to and for the purposes under the Article 13 of the EU Regulation 2016/679 (General Data Protection Regulation) and the national legislation on privacy (Legislative Decree No. 196/2003, coordinated with the amendments made by Legislative Decree No. 101/2018)

  1. DATA CONTROLLER AND PROCESSOR

Under the articles 4 and 24 of Reg. EU 2016/679, the Data Controller is the Social Promotion Association “PIANETA”, with registered office in Modena, vicolo Caselline no.3.

  1. DATA SUBJECT OF PROCESSING

The Data Controller processes personal identification data communicated by the data subject at the time of accession to the Association or when browsing the website (e.g. when filling in request forms therein) or in the context of the activity carried out by the Association and/or the adherence to its activities (e.g. on the occasion of events or projects in any way related to the Association’s activity), such as: personal data (name, surname, age, sex, tax code, address or residence or domicile) and contact details (telephone, email address); bank and/or payment details; further personal data such as: profession, institution of employment, participation in non profit organisations and/or interest shown in “PIANETA” activities

  1. PURPOSE AND LAWFULNESS OF THE PROCESSING

Personal data supplied will be processed in compliance with the conditions of lawfulness pursuant to Article 6 letter b) and c) of EU Reg. 2016/679, i.e. for membership and participation in the Association and the performance of the activities proposed for the benefit of members and/or adherents, and in particular for:

  • Entry in the register of shareholders;
  • Completion of all steps related to the donation, payment of membership fees and/or participation in projects and activities promote by the Controller, including instrumental activities (e.g. payment communications, donation summaries and reporting);
  • Participation to the association life
  • Participation in the activities of the Association, outside the hypothesis of the individual associated
  • Information on activities and other proposed initiatives
  • Possible filling in of data collection forms to send an information request to the Data Controller
  • Compliance with bureaucratic and administrative procedures and, more generally, legal and regulatory obligations
  • Fulfilment of contractual obligations, pre-contractual, fiscal and legal obligations and amministrative-accounting purposes. For the purposes of the application of the provisions on the protection of personal data, the processing operations carried out for the administrative-accounting purposes are those connected with the performance of activities of an organisational, administrative, financial and accounting nature, regardless of the nature of the data processed;
  • Fulfilment of law obligations, regulation, EU legislation or an order of the Authority (such as on anti-money laundering);
  • Exercise of the Controller’s rights, such as the right of defence in court;

The Data Processing is necessary for the provision of reception and assistance services and for the Association’s own activities.

Should the Association’s activities entail the processing of special or sensitive data, explicit written consent will be requested from the interested parties (and/or parents exercising parental authority).

Furthermore, the Association may publish (such as, but not limited to: on the website, on social channels, on printed materials such as flyers, posters, etc.) photographs or videos taken during demonstrations, events, projects or any other activity organised by the Association.

The personal data collected may also be processed for contact purposes in order to send informative newsletters on the Association’s services and initiatives, and through other channels as well, and to respond to requests for information received by the Association through the website or other communication channels.

  1. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA

Access to the personal data of data subjects will be allowed only to staff previously entrusted with the processing or to external data processors.

Under any circumstances data will be disseminated.

The personal data provided may be disclosed to recipients, appointed pursuant to Art. 28 of EU Reg. 2016/679, who will process the data as data controllers and/or as natural persons acting under the authority of the Data Controller and Data Processor, in order to comply with contracts or related purposes.

Specifically, the data may be communicated to recipients belonging to the following categories:

  • Entities providing services for the management of the computer system and of the communication networks of the Data Controller;
  • Studies or companies or individual professionals in the context of assistance and advice to the Data Controller;
  • Banking institutions, that will carry out data processing for purposes relating to the management of means of payment;
  • Competent authorities for compliance with legal obligations and/or provisions of public bodies, on request.

Subjects belonging to the above categories perform the function of Data Controllers or operate independently as separate Data Controllers.

  1. DATA FLOWS TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION

Personal data provided buy the data subject will not be transferred abroad, within or outside the European Union

  1. METHODS OF PROCESSING

The processing of personal data of the data subject is carried out by means of operations indicated in Article 4. No 2) GDPR of EU Reg. 2016/679 and precisely: collection, registration, organisation, storage, consultation, processing, modification, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

Personal data are processed both on paper and electronically and/or automated.

In the latter case, the processing of personal data will be carried out in full compliance with the requirements of confidentiality and with the most appropriate security measures, in accordance with current provisions and technological progress.

  1. DATA STORAGE PERIOD

In compliance with art. 5 paragraph (1) (e) of Reg. EU 2016/679 (i.e. ‘data minimisation’) personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

  1. NATURE OF PROVISION AND REFUSAL

The provision of personal data for the purposes referred to in point 3 of this information document is necessary to follow up the membership of the association and/or to carry out the related activities. Failure to provide personal data may result in the impossibility of obtaining such membership and/or participation.

  1. RIGHTS OF THE DATA SUBJECT

The interested party may assert their rights as expressed by art. 15, 16, 17, 18, 19, 20, 21, 22 of EU Reg. 2016/679, by contacting the Data Controller, via the e-mail address associazionepianeta@gmail.com

The data subject has the right, at any time:

  • Obtain confirmation of the existence (or lack thereof) of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form;
  • Obtain indication on:
    • the origin of personal data;
    • the purposes and methods of processing;
    • The logic applied in case of treatment carried out with the aid of electronic tools;
    • the identification details of the owner, the managers and of any designated representative under art. 5 (2) Privacy policy and art. 3 (1), GDPR;
    • the subjects or categories of subjects to whom personal data may be disclosed or who may become aware of it as a designated representative in the territory of the State, and managers or agents;
  • Obtain:
    • updating, correcting or, where it is of interest to you, integrating the data;
    • to deletion, transformation into anonymous form or blocking of data processed in violation of law, including those the retention of which is not necessary in relation to the purposes for which the data were collected or subsequently processed;
    • a statement that the operations referred to in a) and b) havenotified, also with regard to their content, to the entities to whom or which the data have been communicated or disseminated, except where such compliance proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  • Object, in whole or in part:
    • for legitimate reasons to the processing of personal data concerning him/her, although relevant to the purpose of the collection;
    • The processing of personal data concerning him/her for the purpose of sending advertising material or direct sales, market research, or commercial communication, by the use of automated call systems without the intervention of an operator, by e-mail and/or traditional marketing methods by telephone and/or paper mail.

If the right to object is exercised, the Data Controller reserves the right not to process the application and thus to continue processing, if there are compelling legitimate grounds for processing, which must be deemed to override the interests, rights and freedoms of the data subjects.

Where applicable, the data subject also has the rights referred to in art. 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object).

In any case, consent to data processing is free and may be revoked in any time by a communication to the following email address associazionepianeta@gmail.com.

Without prejudice to any other administrative and judicial remedy, if the data subject considers that the processing of data relating to him or her infringes the provisions of EU Reg. 2016/679, pursuant to Article 15 (f) of the aforementioned EU Reg. 2016/679 the right to lodge a complaint with a Supervisory Authority as provided by art. 77 of the aforementioned Regulation, or to appeal to the appropriate courts pursuant to art. 79 thereof, in addition to the right to revoke the consent given at any time.

In case of data portability requested by the data subject, the data Controller will provide personal data concerning him/her in a commonly used and readable format, without prejudice to the provisions of paragraphs 3 and 4 of art. 20 of Reg. EU 2016/679.

  1. UPDATES AND CHANGES

The Data Controller reserves the right to modify, supplement or periodically update this Privacy Policy, in accordance with the applicable legislation or measures adopted by the Data Protection Authority.

Such changes or additions shall be brought to the attention of the interested parties.