INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users that access the website isaproject.eu
pursuant to Article 13 of Regulation (EU) 2016/679
Fondazione Giacomo Brodolini may process a user’s personal data when the latter accesses the Website and makes use of the services and tools available on the Website.
Pursuant to Article 13 of Regulation (EU) 2016/679, a specific privacy notice is available in the sections of the Website where users’ personal data are collected.
In the cases provided for by Regulation (EU) 2016/679, the user’s consent will be required before processing their personal data.
The data controller is Fondazione Giacomo Brodolini, with registered office at Via Solferino 32, 00185 Rome.
Type of processed data
Accessing and browsing the Website do not entail the collection and processing of the user’s personal data except for browsing data and cookies as specified here below.
In addition to the so-called “browsing data” (see below), processing may concern personal data voluntarily provided by the user when the latter interacts with the Website, or requests to use the services provided on the Website. In compliance with the Privacy Code, Fondazione Giacomo Brodolini, in the carrying out of its activity, may also collect a user’s personal data from third parties.
Purposes of processing
The Data Controller may process a user’s non-sensitive personal data for the following purposes:
- use, by the users, of the services and tools available on the Website;
- management of applications submitted through the Website.
Furthermore, with the user’s further and specific consent, Fondazione Giacomo Brodolini may process personal data for marketing purposes, i.e. to send the user, at the address provided by the latter, promotional material and/or commercial communications concerning the services offered by Fondazione.
Personal data are processed in both paper and electronic format, and are entered into the corporate information system in full compliance with Regulation (EU) 2016/679, including the provisions on security and confidentiality, and in accordance with the principles of fairness and lawfulness of data processing. In compliance with Regulation (EU) 2016/679, data are stored and kept as long as necessary for the abovementioned purposes.
Storage of personal data
Data are processed at the operational headquarters of the Data Controller, as well as in any other places where the parties concerned by data processing are located. Data are processed by the Data Controller itself or by third parties providing technical services. For further information, please contact the Data Controller.
Place of processing
Collected data are processed at the premises of the Data Controller, as well as through MailChimp’s servers (as far as the newsletter is concerned), which are based in the USA. As MailChimp has joined the EU-US Privacy Shield, full compliance with the requirements set out in Regulation (EU) 2016/679 is ensured.
Transfer of personal data
With a view to managing and dispatching the newsletter, the Data Controller uses the services offered by MailChimp; as a consequence, contact details (email addresses) are stored on MailChimp’s servers based in the USA.
MailChimp is certified under the EU-US Privacy Shield. This is an agreement between the European Union (EU) and the USA aimed at ensuring compliance with EU privacy standards in the USA.
If you do not want your personal data to be processed through MailChimp, you can unsubscribe from the newsletter. To this aim, we provide a link in each issue of our newsletter, or you can send your unsubscribe request directly to the Data Controller.
Security and quality of personal data
The Data Controller commits itself to protecting security of users’ personal data, and complies with the applicable provisions on security, with a view to avoiding data loss, unlawful use of data, and unauthorised access thereto, with specific reference to the Technical Specifications on minimum security standards.
Moreover, information systems and IT programmes used by the undersigned are set so as to minimise the use of personal and identification data; such data are processed only for the purposes pursued in each specific case.
Recipients of data (if any)
A user’s personal data may be communicated to:
- all the subjects that are entitled by law to access such data;
- corporate employees as “authorised persons”;
- all natural and/or legal persons, private and/or public subjects, whenever necessary or useful to the carrying out of our activities, as well as in the ways and for the purposes described above.
Compulsory and voluntary nature of the provision of data
The provision of some personal data by the user is mandatory in order to allow the company to manage communications and requests submitted by the user, or to get back in touch with them with a view to following up on their request.
This type of data are marked with an asterisk [*]; in these cases, the provision of data is mandatory in order to allow the Company to follow up on the request, which otherwise cannot be processed.
Conversely, the other types of data that are not marked with an asterisk are collected on a voluntary basis: failure to provide such data will not entail any consequence for the user.
As specified in the “Purposes of processing” section, the provision of personal data by the user for marketing purposes is on a voluntary basis. The refusal to provide them will have no effect. Consent given for marketing purposes is deemed to include the sending of communications in both automated and traditional forms and/or through both automated and traditional means of contact as exemplified above.
Rights of Data Subjects
In relation to the abovementioned processing, the Data Subject is entitled to request access to, and rectification or erasure of their personal data, and has the right to restrict or object to the processing of data that concern them, as well as the right to data portability.
Right to withdraw consent
If processing is based on consent, the Data Controller informs the Data Subject that the latter has the right to withdraw it at any time, without prejudice to the lawfulness of processing based on consent given prior to withdrawal.
Right to lodge a complaint
The Data Controller informs the Data Subject that the latter has the right to lodge a complaint with a supervisory authority.
Cookies and browsing data
Cookies are small files that are stored on users’ hard disk.
There are two macro-categories of cookies: technical cookies and profiling cookies.
- Technical cookies are necessary in order for a website to function properly, as well as to enable users to browse.
- Profiling cookies are aimed at creating user profiles with a view to disseminating advertisements according to the preferences shown by the users themselves while browsing.
Moreover, cookies can also be classified as follows:
- “session” cookies: they are erased immediately upon closing the browser;
- “persistent” cookies: they are kept within the browser for a certain time span. They are used, for instance, to recognise a device that connects to a website, thus easing login for users;
- “own” cookies: generated and managed directly by the subject managing the website that is being browsed by the user;
- “third-party” cookies: generated and managed by subjects other than the one managing the website that is being browsed by the user.
Cookies used on the Website
The Website uses the following types of cookies:
- own session and persistent cookies, necessary to enable users to browse the Website, for internal security and system administration purposes;
- third-party session and persistent cookies, necessary to enable users to make use of multimedia content available on the Website, e.g. pictures and videos;
- third-party persistent cookies, used by the Website to send statistical information to the Google Analytics system, through which the Data Controller can carry out statistical analysis about accesses/visits to the Website. The cookies used pursue statistical purposes only, and collect information in an aggregated form. By means of two cookies, a persistent one and a session one (expiring when the browser is closed), Google Analytics also keeps track of start and end time of visits to the Website. In order to prevent Google from collecting data through cookies and from processing them, it is necessary to download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=it;
- third-party persistent cookies, used by the Website to include on its pages the share buttons of some social media (Facebook, Twitter, and Google+). By selecting one of these buttons, the user can post on their own personal page of the related social media, the content of the webpage they are visiting.
The Website may contain links to other websites (so-called “third-party websites”).
The Data Controller does not access or exert any form of control over cookies, web beacons, and other user-tracking technology that may be used by the third-party websites to which the user can access through the Website. Moreover, the Data Controller does not exert any form of control over content and material published by, or accessed through third-party websites, or over how users’ personal data are processed; in this regard, the Data Controller accepts no responsibility whatsoever.
How to disable cookies in browsers
To disable cookies, just open the browser settings in the device used.