Via Bellaria, 3/5
40068 San Lazzaro di Savena (Bologna)
Via S. Raffaele, 5
This policy describes the purposes and methods Fondazione Furla, with registered office in Via Bellaria 3/5, 40068 San Lazzaro di Savena (BO), (hereinafter “Data Controller” or “Fondazione”) will use to process, in its capacity as Data Controller, personal data of possible users of newsletter services, in compliance with Legislative Decree No. 196/2003.
a) Categories of data
Fondazione will collect the name, surname and e-mail address, related to data subjects, through this form available on its website www.fondazionefurla.org (the “Website”).
b) Purposes and methods of the processing
Fondazione will process the above described personal data to send a newsletter to e-mail addresses of data subjects to periodically inform them on initiatives and events organised by Fondazione and on any allowances for subscribers.
Data may be processed using electronic means or paper-based systems, within the EU countries.
Data will be stored for the period of time not exceeding that necessary for purposes for which they were collected, after which they will be erased or made no longer usable.
Fondazione will adopt proper security measures to prevent loss of data, unlawful or incorrect uses and unauthorised access.
c) The obligatory or voluntary nature of providing data and consequences of any failure to reply
Providing data for the purpose of sending newsletter is voluntary. Failure to provide data will involve impossibility to use the newsletter service.
d) The entities or categories of entity to whom personal data may be communicated or who/which may get to know the data in their capacity as data processors or persons in charge of the processing and scope of dissemination of data
Data collected will be processed by staff in charge of the Fondazione or data processor of the Fondazione only for the purposes described above in letter b).
Data may also be processed by external companies appointed as data processors which are in charge of sending newsletters or maintenance of the Website. The list may be requested from firstname.lastname@example.org.
e) Data subject rights
Data subject may apply in writing to Data Controller sending a registered letter with acknowledgment of receipt or sending an e-mail to email@example.com to exercise access, modification, erasure and objection rights described below, namely to obtain:
- i confirmation of the existence of personal data refering to him/her, even if not yet registered;
- ii indication of the source of data, of purposes and methods of processing, of the logic applied to the processing, if the latter is carried out with the help of electronic means, of the identification data concerning Data Controller, Data Processor and the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as data processors or persons in charge of the processing;
- iii updating, rectification or integration of the data, erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed, cerification that the requested operations have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
A data subject shall have the right to object, on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection, or object, in whole or in part, (among other things, with regard to specific means of communication) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
Furthermore, a data subject shall have the right to request transfer of his/her data to a different data controller (known as right to portability of data).
Finally, each data subject shall have the right to lodge a claim with the competent Authority to have his/her personal data protected where an infringement of his/her personal data is found.