At Fondazione PENTA Onlus, we are strongly committed to protecting your privacy. You can navigate the majority of our Website without giving us any personal information about yourself. However, sometimes we need additional information about you in order to provide the information or services you are requesting.
As you may be aware, new data protection rules in the European Union (EU) known as the General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Focused on data privacy, GDPR is the new EU legal framework for the protection of personal data. It includes several key changes to existing EU data protection law, including data breach notification, accountability and enhanced individual rights. GDPR will affect all organizations and public bodies, wherever located, that handle data of persons in the EU. Over the past few years, we have been preparing for this and are taking steps to ensure timely compliance with those rules.
To protect your privacy, we provide this notice explaining our practices in connection with information that we collect, use and disclose through activities that link to our service and the choices you can make about the way your information is collected and used.
The term ‘Fondazione PENTA Onlus’, or ‘us’ or ‘we’ refers to the owner of the website (data controller) whose registered office is Corso Stati Uniti, 4, Padova 35127, Italy.
The term ‘you’ refers to the user or viewer of our website.
This privacy notice is provided by Fondazione Penta Onlus to the visitors of the Website, pursuant to Article 13 of GDPR.
a) The Controller
By using the Website, you might provide us personal data. The controller of such personal data is Fondazione Penta – for the treatment and care of children with HIV (and related diseases) – Onlus with registered office at Corso Stati Uniti, 4, 35127 Padova, Italy, e-mail address: email@example.com (hereinafter also referred to as the “Controller”).
b) The Data Protection Officer
The data Protection Officer, appointed by Penta according to Article 37 of the GDPR, can be contacted at the following address: firstname.lastname@example.org.
c) Place of Data Processing
The data related to the services provided by the Website are processed by the Controller at its registered office – at Corso Stati Uniti, 4, 35127 Padova, Italy – and the data processing will be carried out only by subjects expressly authorised by the Controller. For further information, please contact us at email@example.com.
d) Types of personal data processed
We may collect the following types of Personal Information, in a various way, including, but not limited to:
Failure to provide certain Personal Data may make it impossible for this Website to provide its services.
Your information will not be disclosed to any third party unless you have given your consent to such disclosure.
e) What we do with the information we gather
Your Personal Data may be collected in particular for the following reasons:
f) Purposes and legal basis for processing
The data is collected and processed for purposes strictly related to the usage of the Website and its services. The specific purposes for processing are described in detail in the further privacy notices provided by the Website in all cases of data collection. Please read carefully the privacy notices which, from time to time, illustrate the characteristics of the processing that will be carried out by the Controller.
Your data will be processed according to Article 6, paragraph 1, letter b) of the GDPR to run the services provided by the Website (for example, to answer requests made through the Website).
g) Optional nature of the user’s decision to provide personal data
Except for what already specified regarding data related to the web browsing, the user is free to provide personal data to the Controller by filling in the “Contact form”. Failure to provide such data may result in the impossibility for the Controller to answer the user’s requests.
The data required from time to time is indicated in the data collection form on the Website and the consequences of the failure to provide such data are described in the specific privacy notices present on the data collection pages.
h) Links to other websites
This privacy notice is only applicable to the Website and is not valid for any other websites that may be consulted by the user via links originating from the same. The Controller cannot be held responsible for the personal data provided by the user to third parties or to any other website that may be linked to the Website.
i) Lodge a complaint before the Data Protection Authority
Should you consider the processing of your data infringes the GDPR, you may lodge a complaint before the Italian Data Protection Authority (www.garanteprivacy.it), or before the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.
j) Applicable law
k) Data processing procedures and communication of data
The data can be processed both electronically and in paper form. The personal data you provide us with will be processed lawfully and correctly, in full compliance with the legislation in force, in order to guarantee the strictest confidentiality of such personal data. Specific security measures are implemented to prevent data loss, illicit use and unauthorised access.
Data will not be communicated or disseminated to third parties except within the limits and under the conditions expressly indicated in the information notices provided to the user from time to time on the Website, and only upon receipt of authorization from the same (e.g. to the companies providing services related to the Website operation).
The data will be processed only by persons expressly authorized to manage the data provided by users through the Website, identified within the Communication and Project Management Areas of Fondazione PENTA Onlus designated pursuant to art. 29 of GDPR.
The Controller use external providers to manage the Website and the Website services. For those activities, suppliers or external organisations process personal data of the users for purposes strictly related to the provision of the services, and have therefore been appointed by the Controller as data processors (according to article 28 of the GDPR). A complete list of external processors can be requested by contacting the Controller at the address provided in par. n) below.
l) Transmission of data outside the European Union
Transmission of data outside the European Union: In the case of transfer of subject’s data to a third country which is not an adequate country, the controller and the processor shall comply with the terms of the standard contractual clauses for the transfer of personal data to processors established in third countries approved by EC Commission Decision of 5 February 2010 and any subsequent amendment or re-edition.
m) Storage period
Your data will be processed for the period indicated in the specific privacy notices provided at the moment of collection.
Your data, collected through the “Contact form” of the Website will be processed for the time necessary to properly manage your request and subsequently erased.
As regards the storage period for the browsing data, please read the following paragraph dedicated to Cookies.
n) Rights of data subjects
By contacting the following e-mail address: firstname.lastname@example.org, the user may at any time exercise the following rights (GDPR – article 15 to 22):
The full text of such rights is available on www.garanteprivacy.it.
The Fondazione PENTA Onlus Website uses ‘cookies’.
A cookie is a small text file that is placed on your hard disk whenever you start to navigate a Website. Cookies are uniquely assigned to each user, and can only be read by a webserver within the domain that issued the cookie.
You may accept or decline cookies. Most web browsers automatically accept cookies, but users can usually modify their browser settings to decline cookies should they so prefer. If users choose to decline cookies, they may not be able to fully experience the interactive features of the ZIKAction services or website being visited.
p) Google Analytics
We may collect files that record interaction with this Website (System Logs) or use for this purpose other Personal Data (this includes IP Address). An IP address is a number assigned to you by your Internet service provider, so you can access the Internet. Although we do receive IP addresses, we do not use them to identify you personally or disclose them to others.
In accordance with art. 6, paragraph 1, point f) of GDPR, we may have access and use your IP Address through Google Analytics web analysis service utilizing the Data collected to track and examine the use of our Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
You may selectively disable the Google Analytics’ installation on your browser, with the opt-out option provided by Google. To disable Google Analytics action, please refer to the link below: https://tools.google.com/dlpage/gaoptout
q) Third party cookies
When visiting our Website, you may receive cookies from visited site (first part), both sites run by other organizations (third parties). Notable examples are the presence of “embed” video or “social plugin” from social networking services. These are parts of the page visited generated directly from these sites and integrated into the site’s host page. The most common use is aimed at content sharing on social networks.
The presence of these plugins entails the transmission of cookies to and from all sites managed by third parties. The management of information collected by third parties is governed by their policies.
r) Other Third-Party Websites
Our Website may contain links to other Third-Party Websites. You should carefully review the Privacy Policies and practices of other websites, as we do not have any control or responsibility over Third-Party Websites.
s) Our commitment to children’s privacy
Protecting the privacy of the very young is especially important. For that reason, we do not intend to collect or maintain information at our Website from those we know are under 13 years of age, and no part of our Website is structured to attract anyone under 13.