Privacy Policy

PRIVACY NOTICE PURSUANT TO ART. 13 OF EU REGULATION 2016/679
Regarding the data processed through the website fondofilantropicoitaliano.it

Fondo Filantropico Italiano ETS (hereinafter “FFI”) respects and protects your privacy and is committed to using your personal data in accordance with applicable data protection legislation and, in particular, EU Regulation 2016/679 (hereinafter also: “GDPR”).

Data controller
Fondo Filantropico Italiano ETS
Registered office: Via Giovanni Bovio 6, 20159 Milan
Telephone: 02 49412960
Email: segreteria@fondofilantropicoitaliano.it

The categories of data that are subjected to processing
The categories of "personal data" (pursuant to Art. 4.1 of the GDPR) processed by the Data Controller may include, by way of example and not limited to:
personal and identification data (name , surname, etc.);
contact information (address, email address, telephone number, etc.);
data relating to any services provided (such as, for example, the newsletter service, etc.).

Purposes covered by the data subject's consent (pursuant to art. 6, paragraph 1 (a) of the GDPR)
Personal data is processed for the following purposes for which the interested party has given his/her consent:
respond to requests or questions submitted and sent to the contacts indicated on this site, to receive information on FFI's activities;
Sending communications and newsletters relating to FFI's institutional activities (including invitations to events and conferences) via email.

Retention period (pursuant to art. 5.1 e) of the GDPR)
FFI will process the personal data you provide for the purposes set out above for the entire duration of the provision of the requested services.

Recipients or categories of recipients of personal data (pursuant to art. 13, paragraph 1 (e) of the GDPR)
Your personal data will not be disclosed, but may be disclosed, where necessary for service provision, to third parties (such as technical service providers, postal couriers, hosting providers, IT companies) appointed by FFI, if necessary, as Data Processors. Access to the data is also permitted to FFI employees involved in personal data processing (administrative, marketing, and system administrators).

The updated list of Data Processors may always be requested from the Data Controller.

Within the scope of the aforementioned purposes, the Data Controller may communicate your data to:

Third parties who perform support activities for FFI's provision of services and who process personal data are designated as Data Processors and are contractually bound to comply with security and confidentiality measures.

Recipients or categories of recipients of personal data (pursuant to art. 13 paragraph 1 (f) of the GDPR) and transfer of data to non-EU countries
Your personal data will be processed by FFI within the European Union.
If, for technical and/or operational reasons, it becomes necessary to use entities located outside the European Union, or if it becomes necessary to transfer some of the collected data to technical systems and cloud-managed services located outside the European Union, the processing will be regulated in accordance with the provisions of the GDPR.

Rights of the interested party
The interested party, in relation to the personal data covered by this notice, has the right to exercise the rights provided for by the EU Regulation as follows:
right of access by the data subject [art. 15 of the EU Regulation] (consisting of the possibility of being informed about the processing carried out on their personal data and, where applicable, receiving a copy thereof);
right to rectification of personal data [art. 16 of the EU Regulation] (the data subject has the right to rectification of inaccurate personal data concerning him or her);
right to the erasure of your personal data without undue delay (“right to be forgotten”) [Article 17 of the EU Regulation] (the data subject has, and will have, the right to the erasure of his or her data);
right to restrict the processing of your personal data in the cases provided for by Art. 18 of the EU Regulation, including in the case of unlawful processing or if the accuracy of the personal data is contested by the data subject [Article 18 of the EU Regulation];
right to data portability [Article 20 of the EU Regulation] (the data subject may request his or her personal data in a structured format in order to transmit them to another Data Controller, in the cases provided for by the same article);
right to object to the processing of your personal data [Article 21 of the EU Regulation] (the data subject has, and will have, the right to object to the processing of his or her personal data in the cases foreseen and regulated by Article 21 of the EU Regulation);
right not to be subject to automated decision-making [Article 22 of the EU Regulation] (the data subject has, and will have, the right not to be subject to a decision based solely on automated processing).
With regard to the purposes for which consent is required, the interested party may withdraw their consent at any time, and the withdrawal will take effect from the moment of withdrawal, without prejudice to the terms established by law. Generally speaking, the withdrawal of consent is effective only for the future.
The above rights may be exercised in accordance with the EU Regulation by sending an email to segreteria@fondofilantropicoitaliano.it
The Data Controller, in accordance with Article 19 of the EU Regulation, will inform the recipients to whom the personal data have been disclosed of any requested rectification, erasure, or restriction of processing, where possible.

Right to lodge a complaint (pursuant to art. 13 paragraph 2 (d) of the GDPR)
If the interested party believes that their rights have been compromised, they have the right to lodge a complaint with the Guarantor Authority.
For further information on your rights and how to exercise them, please refer to http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 or by sending written communication to the Italian Data Protection Authority.

Possible consequences of failure to provide data and nature of the provision of data (pursuant to art. 13 paragraph 2 (e) of the GDPR)
Please note that the legal basis for the purposes set out above is consent. For these purposes, the data subject may withdraw their consent at any time, with the withdrawal taking effect from the date of withdrawal, subject to any legally required deadlines. Withdrawal of consent is effective only for the future. Therefore, processing carried out prior to the withdrawal of consent will remain unaffected and will remain lawful.

Failure to provide consent, or partial consent (or its revocation), may not guarantee the full provision of services or activities, with reference to the individual purposes for which consent is denied, and will not constitute a prejudice or impediment for other purposes (and related activities) not involved or expressly affected by the denial of consent or not founded on this legal basis.

Please note that with reference to the request for information referred to in Article 3, letter a) of this Policy, while consent to the processing of personal data remains voluntary and optional, it is necessary to process the request. Therefore, sending the request or an equivalent expression of intent will be considered consent, which can always be revoked with the consequences described above.

When the data is no longer necessary, it is regularly deleted. If deletion is impossible or only possible with a disproportionate effort due to a particular storage method, the data cannot be processed and must be archived in inaccessible areas.

Existence of automated decision-making (including profiling)
The use of purely automated decision-making processes, as detailed in Article 22 of the GDPR , is currently excluded . If we decide to implement such processes for individual cases in the future, the data subject will be notified separately, if required by law or if this policy is updated.

Treatment methods
Personal data will be processed in paper, computerized, and electronic form and entered into relevant databases. These databases will be accessed and accessed by those specifically designated by the Data Controller as Data Processors and Authorized Persons. These persons may consult, use, process, compare, and perform any other appropriate operations in compliance with the legal provisions necessary to guarantee, among other things, the confidentiality and security of the data, as well as the accuracy, timeliness, and relevance of the data to the stated purposes.

Notice regarding children under 14 years of age
Minors under 14 may not provide personal data. The Data Controller will not be liable in any way for any collection of personal data, or for false statements provided by minors. In any case, if it becomes aware of such use, the Data Controller will facilitate the rights of access and deletion submitted by the legal guardian or person exercising parental responsibility.