INTERNET SITE PRIVACY POLICY
In accordance with article 13 of the EU GDPR no.2016/679 (hereinafter “the GDPR”), this privacy policy contains information concerning the processing of your personal data when you visit the websites of the Fondazione Luigi Rovati (hereinafter "the Websites”):
www.fondazioneluigirovati.org
biblioteca.fondazioneluigirovati.org
DATA CONTROLLER
The Data Controller is the Fondazione Luigi Rovati, Corso Venezia 52 – 20121 Milan (MI),
tax code: 94634860152, tel. 02.38.27.30.01;
email: info@fondazioneluigirovati.org; rpd-fondazioneluigirovati@fidimholding.com
(hereinafter “the Foundation” or “the Data Controller”).
DATA PROTECTION OFFICER
The Data Protection Officer (DPO) is Avv. Rocca Maria
email: rpd-fondazioneluigirovati@fidimholding.com.
COMPLIANCE WITH THE PRINCIPLES
The data processing will take place in compliance with the GDPR and the principles of data minimisation, accuracy, integrity, correctness and transparency; the data processing will be limited to the stated purposes.
The data will be processed in such a way as to ensure adequate security, including protection of the data from unauthorized or unlawful processing and from accidental loss or destruction of the data, using appropriate technical and organisational measures.
The data will be stored for the time required to achieve the stated purposes and subsequently will only be stored in order to meet legal requirements.
PERSONAL DATA THAT IS PROCESSED
1. To receive the newsletter
If you indicate that you wish to receive our newsletter, we will process and store the following information about you:
- your name, surname and email address;
2. To reply to requests for information
If you contact us to ask for information about our activities or services, we will process and store information such as your name, surname, email address, telephone number and any other data that you provide of your own accord, so that we can reply to your requests.
3. To book your participation in free events
Booking your participation at a free event entails the creation of an account on the Data Controller's website in order to retrieve information about the event, to facilitate booking for future events and to allow access to all the services offered by the Foundation with the same personal credentials. In creating the account, we process and store the following data:
- your name, surname and email address;
- technical information on your use of our site, such as your log-in credentials, the log-ins made, the pages visited and the time spent on the site.
4. To reserve book consultations through the Library Service
Reserving book consultations through the Library Service entails the creation of an account on the Data Controller's website in order to retrieve the information about the books reserved, to facilitate future reservations and to allow access to all the services offered by the Foundation with the same personal credentials. The data that we process and store are:
- your name, surname and email address; you may also be required to provide details such as your home address and tax code;
- technical information on your use of our site, such as your log-in credentials, the log-ins made, the pages visited and the time spent on the site.
5. For job applications
If you indicate that you wish to apply for a job with us, we may store and process the information contained in the CV that you send us, including, by way of example but not limited to, your name, surname, place and date of birth, tax code, home address, telephone numbers, qualifications.
We may also process information about you of a sensitive nature, for example if you have a disability, where you provide such information voluntarily on your CV.
6. For marketing and profiling purposes
The Websites will use the following data for profiling and for commercial communications only if we have received your express consent and after you have registered (the so-called “double opt-in”):
- Your personal details: name, surname and email address
- Data about your interaction with the Websites: the date and type of service used (e.g. Library reservation, registration for a free event)
7. To use our social media
We manage web pages or profiles on various social media platforms (hereinafter “the Operators” or “the Operator”).
The Operators are responsible for the protection of the data they collect when the user visits our social media sites and/or interacts with them or with our posts. This is especially the case where users are registered on or have accessed these sites through a social media platform. Even if users are not registered on a social media network, the Operators collect some personal data about them when they access the pages, such as unique identifiers linked to the user's browser or device. Further information is available in the data protection notices of the respective managers, whose details are provided below.
If you interact with us through our social media sites or our posts, we will collect and process the information provided to us by the social media platform itself. The processing of this data is carried out on the basis of the consent supplied by the user to the Operator (art. 6 par. 1 letter (a) of the GDPR) or of the contractual relationship between the user and the Operator (art. 6 par. 1 letter (b) of the GDPR).
If you send us requests or messages through the Operators, we can collect and manage the data provided in order to respond to your requests (art. 6 par. 1 letter (b) of the GDPR).
We operate official social media pages on the following social media platforms:
Facebook - Our Facebook Fan Page is available here:
https://www.facebook.com/fondazioneluigirovati/
The Facebook Privacy Policy may be viewed here:
https://www.facebook.com/privacy/center/
Instagram - Our Instagram page can be viewed here:
https://www.instagram.com/fondazioneluigirovati/
The Instagram Privacy Policy may be viewed here:
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
8. Browsing data
Browsing data are acquired automatically by the Websites for the sole purpose of collecting anonymous statistical information on the use of the site and to check that the site is functioning properly.
Further information can be found here: –> COOKIE POLICY
9. Cookies
Information concerning the cookies used on the Websites can be found here: –> COOKIE POLICY
PURPOSES AND LAWFUL BASES OF THE DATA PROCESSING
The GDPR requires that the Privacy Policy indicates the purposes of the data processing and the lawful basis for each purpose.
We process your personal data through the Websites for the following purposes:
- to receive our newsletter
LAWFUL BASIS: consent of the interested party.
Consent to the processing of the data is necessary to enable the contract to be fulfilled.
You may update your consent preferences at any time by accessing your personal area.
- to book a free event
LAWFUL BASIS: performance of a contract.
Consent to the processing of the data is necessary to enable the contract to be fulfilled.
- to order books for consultation through the Library service
LAWFUL BASIS: performance of a contract.
Consent to the processing of the data is necessary to enable the contract to be fulfilled.
- to forward or respond to a request for information;
LAWFUL BASIS: to perform pre-contractual measures/contractual obligations
Consent to the processing of the data is necessary to enable the contract to be fulfilled.
- to carry out marketing activities
LAWFUL BASIS: contractual.
Consent to the processing of the data is necessary to enable the marketing and profiling activities to be carried out. Consent can be withdrawn at any time.
You may update your consent preferences at any time by accessing your personal area.
- to carry out profiling activities
LAWFUL BASIS: contractual
Consent to the processing of the data is necessary to enable the marketing and profiling activities to be carried out. Consent can be withdrawn at any time.
You may update your consent preferences at any time by accessing your personal area.
- to manage job applications
LAWFUL BASIS: performance of pre-contractual measures.
Consent to the processing of the data is necessary to enable the contract to be fulfilled.
- to establish, exercise or defend our legal rights in and/or outside a court of law;
LAWFUL BASIS: legitimate interest
- to manage browsing data
LAWFUL BASIS: legitimate interest of the Data Controller.
Consent is not required.
METHODS OF PROCESSING
The data that you have supplied us through the Websites will be processed manually and using electronic means, by personnel that we have authorized to access the data and who are subject to confidentiality obligations; the data will only be processed for the purposes we have explicitly stated, and will be processed in compliance with the current legislation and for the period of time required to achieve these purposes, except where it proves necessary to store the data in order to meet administrative, tax and legal requirements.
To receive further information about methods of processing your data or to find out more details about the security measures used and the periods for storing the data, you can contact us at:
rpd-fondazioneluigirovati@fidimholding.com.
Supply of technical services
We make use of suppliers of technical hosting services and other services required for the Websites to function. The data processing is therefore carried out on the servers of these service providers. These service providers only process the data in compliance with our explicit instructions and are required to guarantee appropriate technical and organizational measures for the protection of the data. Consequently, our service providers act in the capacity of Processors for us, in accordance with art. 28 of the GDPR.
CRM system
A Customer Relationship Manager (CRM) system enables us to manage relationships with site visitors and users. We use the ZOHO platform, a service provided by ZOHO Corporation B.V. for managing user databases.
Zoho makes it possible to create accounts starting with the following information: name, surname and email address. The software can also keep track of the activities of visitors to our site through statistical operations to improve the service. The software also enables the scheduling of messages and newsletters to be sent out to site visitors. Finally, the software records the consent supplied by site visitors to the processing of their data.
The data are collected and processed using the CRM system in conformity with the policies stated in the 'Manage your preferences' that appears the first time a user accesses the Websites; you can change your preferences at any time by clicking here.
Location of the data processing: the Netherlands – Privacy Policy.
The processing is based on our legitimate interest in managing relationships with our visitors and users, under art. 6 par. 1 letter (f) of the GDPR. No adequacy decision has been made by the European Commission with regard to the USA. We have therefore agreed with Zoho to implement the standard contractual data protection clauses adopted by the EU Commission in accordance with art. 46 par. 2 letter (c) of the GDPR.
DATA STORAGE
Your personal data are stored for the time required to achieve the stated purposes and in accordance with the law, specifically:
- For processing on the basis of consent: data are stored until consent is withdrawn;
- For processing on the basis of contract: data are stored for 10 years or until the interested party requests that the data are erased;
- For processing on the basis of legitimate interest: data are stored for the time limits set by law;
- For job applications: data are stored for 6 months.
SHARING DATA
Your personal data are processed by employees and/or collaborators of the Data Controller who have received appropriate instructions for the processing and who have been expressly authorised to process the data.
Your personal data may be shared with our partners or suppliers who have, where necessary, been trained and appointed as “Processors” in compliance with art. 28 of the GDPR. More specifically, we may share your data with
- companies entrusted with the maintenance/management of the internet site and of the electronic and/or IT tools used by the Foundation; managers of the services supplied on the site;
- companies that manage memberships/registrations and/or sending out of newsletters.
Your personal data may also be shared with third parties as independent data controllers, for example:
- parties with whom data sharing is specifically required by law;
- individuals, companies, associations or studios who provide professional services.
The list of parties with whom the data are shared is regularly updated and may be obtained easily and free of charge by writing to the Data Controller at the address indicated above or by sending an email to:
rpd-fondazioneluigirovati@fidimholding.com
RIGHTS OF INTERESTED PARTIES
You may:
- a) request access to your Personal Data (art. 12 of the GDPR). We will supply the data within 1 month. In particularly complex cases we reserve the right to extend the period for supplying the data to 3 months. In any case you will receive notification within 1 month informing you that our response to your request will require a longer period of time. If we receive a request that is clearly groundless or excessive, we may charge you a reasonable fee or refuse the request. In the event of a refusal or the application of a fee, you will also be informed of your rights with regard to the refusal or the fee.
- b) ask for your personal data to be rectified (art 16 of the GDPR). We will ensure that the updating or rectification of your data is carried out within 1 month of your request, except for complex cases where we reserve the right to make the changes within 3 months; in any case, you will receive an answer from us within 1 month. If we receive a request that is is clearly groundless or excessive, we may charge you a reasonable fee or refuse the request. In the event of a refusal or the application of a fee, you will also be informed of your rights with regard to the refusal or the fee.
- c) ask for your data to be erased for legitimate reasons (art. 17 of the GDPR); we reserve the right to refuse the erasure of your data where the data are necessary for the following situations: to comply with a legal obligation; to perform a task carried out in the public interest; in the exercise of official authority; for reasons of public interest in the area of public health; for archiving purposes in the public interest, or for scientific or historical research purposes or statistical purposes; to establish, exercise or defend legal claims. In the event that your request is refused you will in any case be informed of the reasons for the refusal;
- d) exercise the right to restrict the processing (art. 18 of the GDPR); you have the right to ask us to restrict the processing of your data when you contest the accuracy of the data until the accuracy has been verified. You have the right to restrict the processing of your data when you oppose the processing (where it may be necessary for the performance of a task carried out in the public interest or for purposes of legitimate interest), and where we need to assess whether the legitimate interests of the data controller override your interests. You have the right to restrict the processing of your data when the processing is unlawful and you oppose the erasure of the data and request the restriction of the processing instead. You have the right to restrict the processing of your data when we no longer need the personal data and you intend to exercise or defend a legal claim in the appropriate place. You will be informed of any restriction to the processing.
- e) exercise your right to the portability of the Data, where applicable (art. 20 of the GDPR), without any hindrance on our part; you will be informed of the method we will use to transmit the data to you if you should request us to do so;
You may exercise your rights by sending an email to: rpd-fondazioneluigirovati@fidimholding.com.
You may exercise your right to make a complaint to the Garante per la Protezione dei Dati Personali (GPDP - the Italian Data Protection Authority); if you wish to do so you can find information about how to make a complaint to the authority on the GPDP official website: www.garanteprivacy.it.
THE RIGHT TO OPPOSE THE PROCESSING OF DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION AND THE RIGHT TO OPPOSE IT FOR MARKETING PURPOSES
You may oppose the processing of your data on grounds related to your particular situation by sending an email to: rpd-fondazioneluigirovati@fidimholding.com. In this case, we will confirm to you that we will no longer process your data, except where there are compelling legitimate grounds for continuing the processing which override your interests, rights and freedoms, or where the processing is necessary in order for us to establish, exercise or defend legal claims in a court of law; in such cases we will duly inform you of the reasons.
If you have given your consent to the processing of your data for direct marketing purposes, or if, on our part, sending you marketing communications may be categorized as a legitimate interest because you have purchased a product from our site, for example, you may oppose the processing by removing your name from our email marketing list by simply clicking on 'Unsubscribe' ('Cancellati') in our newsletter, or from your personal profile, or by sending an email to: fondazioneluigirovati@fidimholding.com.
AMENDMENTS
We reserve the right to amend this privacy notice; you will be informed of any amendment by email and through the Websites.
TRANSFER OF DATA ABROAD
With the sole exception of the CRM system, as explicitly stated in the relevant section, your data will not be transferred abroad to countries that are not members of the European Union.