INFORMATION NOTICE ON DATA PROCESSING | Caritas Sant'Antonio ONLUS

INFORMATION NOTICE ON DATA PROCESSING | Caritas Sant'Antonio ONLUS

INFORMATION NOTICE ON DATA PROCESSING

PURSUANT TO ART. 13 OF EU REGULATION 2016/679

 

Purpose of this information notice

In this section we describe the processing methods applied to the personal data of the users of this web site.
First of all we would like to clarify that the web site you are visiting (hereinafter referred to as  ‘Site’) is owned and directed by Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali (Padua Province of the Friars Minor Conventual – Caritas S. Antonio Onlus) which hereinafter shall be referred to as ‘PISAPFMC’.
This information notice is not to be considered valid for other web sites which may be visited through links present on this internet site and which are not managed by PISAPFMC, and to which PISAPFMC is in no way responsible.
Through consultation of this present site data regarding either indentified or identifiable persons may be processed, either to allow browsing or, if necessary, for the execution of a contract you may have requested.
Hereinafter we are therefore clarifying, pursuant to article 13 of the General Data Protection Regulation (GDPR), the methods and aims of the management of this site with reference to the processing of the personal data which may be used in either one or the other case.
First of all we emphasize that this processing shall be performed in accordance with the principles of lawfulness and propriety, and in compliance with current laws.

 

  1. Identity of contact of the Controller and of the Data Protection Officer (DPO)

Pursuant to art. 13 and 14 of the GDPR we inform you that the Controller of your personal data acquired through the site is Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali, Caritas S. Antonio Onlus (hereinafter PISAPFMC), with registered office in Piazza del Santo, 11 in Padova, Italy, and with operating headquarters in Via Orto Botanico, 11, in Padova, Italy.
The Data Protection Officer (DPO) may be contacted through a letter addressed to DPO-Provincia Italiana dei Frati Minori; Via Orto Botanico, 11 – 35123 Padova; Italy; or via email at the following address: dpo@santantonio.org.
The list of privacy delegates (subjects who control the application of the GDPR in the various areas pertaining to PISAPFMC) and the external firms responsible for the processing will be kept updated and will be shown to the data subject (yourself) upon specific request.

 

  1. What data do we process? For what purposes?

We specify that the information relating to a natural person, either identified or identifiable, such as the name, the email address, the telephone number, to postal address or the computer IP address are all personal data.
Those data that reveal the racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership as well as genetic data, biometric data which confirm the unique identification of a natural person, information relating to the health or the sex life and orientation of a person are defined as specific data.
In our site we generally only process personal data (these are the only data necessary for the conclusion of a contract or for the subscription to a newsletter). However, it may happen that, by pure chance, specific data may also be processed (just think, for instance, if your mail were to reveal your religious or political orientation).

 

We specify that in the site you are browsing now the following personal data are being collected:

Data supplied by yourself

These are the personal data you supplied in the registration fields in order to access the newsletters we are offering to create a personal user account or to stipulate a contract with us. These data are processed by us for the following reasons:

  1. The sale or purchase or products or services present on the web site and for activities either directly or indirectly connected with them, such as, for instance, the opening and execution of a contract or the execution of possible pre-contract procedures in view of the conclusion of the proposed contract as well as all the obligations either directly or indirectly connected to it.
  2. To fulfill legal obligations of fiscal, administrative or tax reasons (for instance the administration of clients/suppliers; the management of the contractual relationship; invoicing; the management of orders; cash receipts and payments; delivery of goods).
  3. To pursue the legitimate interest of the Controller (for instance, in this indicative but not exhaustive list: in case of defense in court proceedings where necessary, but also in case of direct marketing), but in any case in compliance with the prevalent rights and fundamental liberties of the data subject (yourself) demanding the protection of personal data.
  4. For the sending of messages and newsletters regarding products and services or events relating to the Controller upon specific request of the data subject (yourself).

 

In these cases the legal basis of the processing is constituted by the fulfillment of the contract and by the legal obligation to process the data (see GDPR art. 6 points b), c), f), as well as your consent for the newsletter (GDPR art. 6 point a)).

In the case (which, as mentioned earlier, is only a mere possibility) of the processing of specific data, the legal basis of this processing is constituted by the fact that the processing is performed by the Controller, which is an Ecclesiastical Institution, and which pursues religious aims with regard to the processing of its members, ex-members or people who have regular contact with the foundation, the association or organization on account of its aims when the personal data are not disclosed outside the Ecclesiastical Institution) and by consent in the residual hypothesis (GDPR art. 9 paragraphs a) d) e) f)).
Finally, we specify that the sending of optional, explicit and voluntary messages to the contact addresses of the Controller, as well as the compilation and sending of the forms present in the site imply the acquisition of the contact details of the sender in order to answer, as well as all the personal data included in the communications.

 

Browsing data

The information systems and the software procedures responsible for the functioning of this site acquire, in the course of their normal operation, some personal data whose transmission is implicit during the use of internet communication protocols.

The data included in this category are:

  • the address of the page you are visiting on our web site
  • the IP address of the device
  • the address of the last web site previously visited (the so-called “referrer”)
  • the date and time of your visit
  • the characteristics of the device, in particular the operating system, the browser used and the dimensions of the browser window
  • the domain names of the computers and of the terminals used by the users
  • The URI/URL (Uniform Resource Identifier/Locator) address notation of the requested resources
  • the request time
  • the method used to submit the request to the server
  • the dimension of the file received in the answer
  • the numerical code which indicates the state of the response supplied by the server (successful, error, etc.)
  • other parameters regarding the operating system and the system environment of the user.

 

This data, necessary for the fruition of the web services, are also processed for the purpose of:

  • obtaining statistical information on the use of the services (the most visited pages, the number of visits per time slot and day slot, geographical areas of provenance, etc.)
  • control the proper working of the services offered

 

The browsing data does not remain for more than seven days and is immediately cancelled after their anonymisation (with the exception of a necessity by a judicial authority to detect possible offences).

 

Cookies and other tracking systems

Cookies are not used to profile users, nor are other tracking methods used.
Instead, session cookies (non persistent) are used, but in a way that is strictly limited to the bare necessities of a safe and efficient browsing of the sites. The memorization of the session cookies in terminals and in browsers is under the user’s control where, on the servers, at the end of the HTTP sessions, information regarding cookies remain recorded in the service log files.

 

  1. Recipients of the personal data

The data will be processed within the structure by authorized personnel responsible for managing the web site and by the accounting and administration departments, and may be communicated to the following subjects which have been nominated external Processor:
NEXTEP as the supplier of development and maintenance services of the web platform.
The updated list of nominated external Processors will be supplied upon a simple request.
The personal data may also be communicated to banking institutions and external societies (for instance consortia) which supply services for the execution of a contract.
The data acquired will in no way be disseminated.

 

  1. Period of conservation of personal data

The data supplied for the conclusion of a contract will be kept for the duration of the contract and for the successive time period dictated by law. In particular, we specify that accounting entries, invoices, and correspondence will be kept for 10 years as prescribed by law; the data necessary for the management of a possible dispute or debt recovery will be kept until the settlement of the dispute.
The data supplied for the subscription to the newsletters will be kept for as long as the service is active.

 

  1. Compulsory data conferment

Data conferment is mandatory and necessary for the performance of the contract stipulated between you and the Controller, and to receive the newsletters. Therefore, the possible refusal to confer the personal data requested implies the termination of the relationship.
Moreover, the Controller declares that a possible non communication or erroneous communication, of any of the mandatory data will have, as a consequence, the impossibility, on the part of the Controller, to guarantee the adequacy of the processing itself to the contractual terms under which the contract is to be performed, and the possible lack of correspondence of the results of the processing to the requirements imposed by the fiscal, administrative and work norms to which the processing is directed.

 

  1. Rights of the Data Subject

You, the data subject, are entitled to claim from the Controller, at any moment, access to your personal data and to rectify or erase them, or restrict the processing or object to the processing (art. 15 and following of the GDPR), as well as the right to data portability, as provided for in art. 12 paragraph 2 point b) of the GDPR.
Erasure is not permissible for data contained in those Acts which require, according to law, mandatory conservation.
Consent may be withdrawn at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
You have, moreover, the right to lodge a complaint with a supervisory authority, as provided for in art. 77 of the GDPR itself, or to apply proceedings before the courts against the Controller (art. 79 of the GDPR) if you consider that the processing of your personal data performed by this site infringes the norms set by the GDPR.

  

  1. Methods of exercising your rights

 You may at any time exercise your rights via registered return mail addressed to Provincia Italiana dei Frati Minori Conventuali Caritas S. Antonio Onlus, via Orto Botanico 11, 35123 - Padova, Italy, or via email addressed to: privacy@santantonio.org indicating the words: “Accesso Privacy” in the subject line.

 

Useful Documents:

General Data Protection Regulation