(pursuant to article 13-14 of the UE Regulation 2016/679)
The EU Regulation 2016/679 on “the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter “EU Reg. 2016/679” or “GDPR”) contains a set of rules aimed at protecting fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
Browsing this Site, data relating to identified or identifiable persons may be processed.
- Data controller and Data Protection Officer
Pursuant to art. 13 and 14 of the GDPR Fondazione Ferrata Storti (hereinafter also “Foundation”) with registered office in Pavia, Via Giuseppe Belli, 4 (PV-27100), in the person of the Legal Representative, is the data controller and is required to provide information regarding the processing of personal data of the data subjects.
The contact data are as follows:
The Foundation has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address: firstname.lastname@example.org
- Type and source of data processed
The personal processed by the Foundation are: name, surname, e-mail address. These personal data are obligatory in order to fulfil the purpose indicated in par. 4. The additional personal data are freely provided by data subject. The personal data processed by the data controller are normally collected from the data subject. The processing of personal data is based on principles of fairness, lawfulness, transparency and appropriate security of personal data is ensured.
- The purposes of processing personal data and the legal basis for processing
Personal data are processed to send the newsletter relating to Haematologica contents by e-mail.
Data processing is based on data subject the consent (art. 6, (i), (a), GDPR.
The data subject has the right to withdraw the consent that he has given at any. This will not affect the lawfulness of the treatment based on the consent given before the withdrawal. The data subject may at any time contact the data controller to withdraw the consent at the addresses published in this information notice.
- How personal data are processed
Personal data are processed by using manual, computer and telematic tools with methods strictly related to the purposes stated in this document and, in any case, in such a way as to ensure the security and confidentiality of the data in accordance with current regulations.
In the event of processing by electronic or other methods, and by management and storage systems, including advanced hardware and software, the Foundation may use third-party service companies that will be made aware of their responsibilities by notice of appointment as data processor pursuant to art. 28 of the GDPR.
The updated list of Data Processors is kept at the registered office of the data controller.
- Data retention policy
The data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of storage limitation”, art. 5 GDPR), without prejudice to cases of compliance with an obligation of law or order of an authority. The check on the obsolescence of stored data in relation to the purposes for which they were collected is carried out periodically. At the end of the retention period, personal data will be deleted, destroyed or made anonymous, subject to any statutory retention periods.
In particular, data controller will process personal data until the data subject communicates his willingness to withdraw consent given to receive the newsletter relating to the contents of Haematologica.
- Categories of recipients
In some cases, the execution of all the activities connected with and/or instrumental to the management of the Foundation involves the communication of data subjects personal data – in addition to those whose right to access them is recognized by law – to external companies or entities, such as, for example:
- a) other companies as service providers, or other subjects carrying out activities in outsourcing on behalf of the data controller;
- b) companies in charge of the management of computer connections and other activities connected to those indicated, whose collaboration the Foundation avails itself of;
- c) to all those public and/or private subjects, natural and/or legal persons, if the communication is necessary or functional to the correct fulfilment of contractual obligations and legal obligations.
The subjects belonging to the categories of recipients will process the data and will use them, as data processors expressly appointed by the data controller in accordance with the law, or alternatively as independent data controllers.
The data controller appoints all employees and collaborators, including occasional ones, who carry out tasks involving the processing of personal data as authorised subjects for processing.
- Where personal data are processed
Personal data will be processed by the data controller at its registered office located in Via Giuseppe Belli, 4, Pavia (PV- 27100).
- Transfer of personal data outside the EU
If for technical and/or operational reasons it is necessary to use subjects located outside the European Union, such subjects will be appointed as data processors and the transfer of personal data to such subjects, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of the GDPR. In this case, the data controller hereby guarantees that the transfer of non-EU data will be regulated in accordance with the provisions of Chapter V of GDPR and authorised on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data, basing this transfer on: a) adequacy decision determined by the European Commission on the basis of article 45 GDPR; b) appropriate safeguards provided by the third party to which it is addressed, pursuant to art. 46 GDPR; c) the adoption of binding corporate rules.
- Rights of the data subjects
Data subject have the following rights:
– right of access to the personal data;
– right to data portability;
– right to object to processing personal data;
– right to rectification, erasure, restriction to processing personal data;
– right to withdraw consent;
– right to lodge a complaint with the Data Protection Supervisory Authority.
- How to exercise data subjects rights
Data subjects may exercise their rights contacting the data controller at Fondazione Ferrata Storti, via Giuseppe Belli, 4, Pavia (PV-27100) or sending an email to email@example.com
Alternatively, the subject may contact the Data Protection Officer sending an email to firstname.lastname@example.org