PRIVACY AND COOKIES POLICY PURSUANT TO EU REGULATION 2016/679.
This policy is prepared pursuant to and for the purposes of the General Data Protection Regulation EU 2016/679 (GDPR).
Here we describe how we process the personal data of visitors to the websites:
www.fondazioneasia.it,
www.cisai.it,
www.jhamagazine.net
The policy is provided only for the websites indicated and not for other addresses that can also be reached by the user via links inside those sites.
The data controller is:
FOUNDATION A.S.I.A. ONLUS Via Garibaldi 13 – 20900 Buccinasco (MI)
For information or to exercise your rights under Articles 15 to 22 of EU Regulation No. 2016/679, you can contact the Data Controller at the following address:
Email
fondazione.asia@gmail.com
Data Protection Officer
The Data Protection Officer (hereinafter also referred to as the DPO) can be contacted at the following address:
privacy@atiformazione.it
GENERAL INFORMATION VALID FOR ALL PROCESSINGS
All processing carried out through this website is based on the principles of lawfulness, fairness and transparency.
The rights set out in the above-mentioned articles of law can be exercised at any time by sending a request to the data controller or processor. Detailed information about the persons who process the data on behalf of the data controller (Data Processors, Persons in Charge, etc.) can also be requested.
An adequate level of protection and confidentiality will be guaranteed during processing operations in accordance with the provisions of Article 32 of the GDPR.
Specific consent will be requested from the User if the Website uses your personal information for purposes other than those set out in this policy.
SPECIFIC INFORMATION FOR DIFFERENT TYPES OF PROCESSING
a. Data collected from the use of our services by the User
Type of data processed:
- anonymised internet protocol (IP) address;
- date and time;
- type of connection (http-https);
- destination and origin url;
- browser and OS identification string;
- connection status code..
Purpose: to obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.); to check the correct functioning of the services offered.
This information is not collected for the purpose of association with identified data subjects but by its very nature it could, through processing and association with data held by third parties, allow users to be identified.
The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the website.
Legal basis: Art. 6 point f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Storage periods: browsing data are not stored for more than seven days and are deleted or anonymised immediately after their aggregation (except for any need to ascertain crimes by the judicial authorities).
Nature of the provision: mandatory in order to use the website functions.
b. Data provided by the user through use of the website functions:
Type of data processed: personal contact data.
Purpose: management of requests for information received from visitors who have filled in the electronic forms on the pages of the site, or through the email addresses of the offices and/or staff.
Legal basis: art. 6 point b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Nature of the provision: the provision of data is necessary in order to respond fully and correctly to requests.
Storage periods: data will be stored for periods compatible with the purpose of collection and subsequently deleted. The data may be communicated to third parties only when this is necessary to provide a correct response to the data subject.
SUBJECTS TO WHOM THE DATA MAY BE COMMUNICATED
Where necessary, data may be communicated only to competent authorities or to trusted parties appointed by the Website Owner to carry out tasks of a technical and/or organisational nature (provision of legal, accounting, tax, consultancy services, etc.). Your data may be communicated to partner companies appointed as External Data Processors pursuant to Art. 28 of Reg. EU 2016/679 in order to fulfil your requests.
Personal data are not subject to disclosure or transfer outside the EU.
RIGHTS OF THE DATA SUBJECT
In the cases provided for, data subjects have the right to obtain from the Data Controller access to their personal data, rectification or erasure thereof, restriction of the processing concerning them or to object to the processing (Art. 15 et seq. of the Regulation).
Data subjects who consider that the processing of personal data relating to them carried out through this service is in breach of the provisions of the Regulation have the right to lodge a complaint with the Supervisory Authority, as provided for in Article 77 of the Regulation itself.
You can use the Data Controller's contact details to exercise your rights.