PRIVACY POLICY AND INFORMATION PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
Nature of data provision
The personal data requested is collected by the website https://fondazioneraulgardini.org/ and processed on computer systems in order to fulfill contact and information requests.
Data controller
Fondazione Raul Gardini, located in Ravenna, at via Massimo D’Azeglio n. 10, is the Data Controller in accordance with and for the purposes of EU Regulation 2016/679.
Data processors
Third parties may become aware of Users’ personal data and may process personal data on behalf of the Controller as “External Data Processors,” such as, for example, providers of IT services essential to the Foundation’s operations, outsourcing or cloud computing service providers, professionals, and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller as indicated below.
Purpose of data processing
The data provided will be retained by the Controller for the following purposes and in compliance with EU Regulation 2016/679 (GDPR):
1. Install technical-optional cookies on the user’s device as per the cookie policy;
2. Make data available to third parties for purposes instrumental to what is strictly necessary to carry out the services requested by the data subject or to comply with legal requirements;
3. Manage user data to provide feedback;
4. Fulfill requests to exercise the data subject’s rights;
5. Ensure correct and lawful data processing, safeguarding confidentiality by applying appropriate security measures.
All processing carried out on this site will be done through electronic or telematic tools, with methods related to the purposes for which the data was collected and in compliance with current security regulations, for the specified purposes. Consent for these processes, except for the installation of optional cookies, is mandatory; any refusal will result in the inability to manage the activities listed in points 1 to 5 of this section.
Data recipients
For purposes related to the provision of the service to which the data subject has adhered, data will be made available to third parties acting as data processors, providing instrumental services to meet user requests or when data communication is necessary to comply with laws, regulations, or EU legislation (e.g., public entities). They may also be made available to law enforcement agencies (e.g., prevention and prosecution of crimes, including cybercrimes), judiciary, authorities, and competent public entities for their institutional activities or to assert or defend rights in court. The list of these third parties can be requested directly from the Controller as specified in this privacy policy.
Personal data will be accessible to individuals expressly authorized by the Controller – designated as authorized data processors – who perform essential processing activities to achieve the aforementioned purposes; the categories of appointed individuals are specified in the information provided. Generally, they include individuals responsible for specific service delivery, administration, and information service management.
The provided data will not be transferred outside the European Union.
Retention Period
Based on the identified purposes, the following data retention periods are defined:
1. Installation of technical and analytical cookies on the user’s device and other optional cookies: as per our cookie policy on the same site.
2. Making data available to third parties for purposes instrumental to what is strictly necessary to carry out the services requested by the data subject or to comply with legal requirements: until the user requests deletion or for the periods identified by the law.
3. Fulfill requests to exercise the data subject’s rights: up to 10 years from the collection.
The retention periods for personal data are documented in our records of processing activities.
Data Subject Rights
The following rights of the data subject are guaranteed:
– Right of access to data (Art. 15 EU Regulation 2016/679)
– Right to rectification (Art. 16 EU Regulation 2016/679)
– Right to erasure (Art. 17 EU Regulation 2016/679)
– Right to restriction (Art. 18 EU Regulation 2016/679)
– Right to data portability (Art. 20 EU Regulation 2016/679)
– Right to object (Art. 21 EU Regulation 2016/679)
The data subject, if the acquisition of data by the controller occurred following the consent given, has the right to withdraw consent at any time.
Furthermore, if the data subject believes that one or more of their rights have been violated, they can lodge a complaint with the Data Protection Authority following the procedures indicated at the following link: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali.
It is also specified that the Controller does not use automated decision-making processes.
All the above-mentioned rights can be exercised at any time and without any charge by writing to the email address segreteria@fondazioneraulgardini.org.
Data Security
The security standards used by the Controller to keep your personal information confidential and secure, including firewalls and data transmission through SSL (Secure Socket Layer), are state-of-the-art. Specific techniques are also used to protect this data from unauthorized access by third parties. Minimum security measures indicated by the Privacy Code and subsequent amendments are guaranteed in any case.
You can verify if you are operating in a secure mode in several ways:
– receiving a warning message from your browser program;
– checking that the address of the page you are on is preceded by the Https acronym;
– checking the symbol that appears at the bottom, left, or right of your browser program window: if you see a whole key or a closed padlock, it means SSL is active.
In any case, the Controller adopts adequate and preventive security measures to safeguard the confidentiality, integrity, completeness, and availability of personal data. As established by the regulations governing the security of personal data, technical, logistical, and organizational measures are put in place to prevent damage, loss, even accidental, alterations, improper and unauthorized use of data. Similar preventive security measures are adopted by third parties (data processors) to whom data processing operations are entrusted on our behalf, and the Controller has established behavioral rules and security procedure instructions to be followed, monitoring their correct implementation by the data processors.
The Controller is not responsible for untrue information provided directly by the user (e.g., correctness of the email address or postal address or other personal data), as well as for information about the user provided by a third party, even fraudulently.
Navigation Data
The computer systems and software procedures used for the operation of this site acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols. These are pieces of information not collected to be associated with identified users, but which by their very nature could, through processing and association with data held by third parties, allow the identification of the users themselves. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information about the use of the site and to check its correct functioning and are deleted immediately after processing. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the site.
