From April 26th, 2023.
Courtesy Translation - Italian version shall prevail.
This Policy is intended to illustrate the methods and purposes of the processing of your personal data carried
out by Fondazione Cortina and Marketing Network Milano Srl as independent
controllers (hereinafter also the “Data Controllers”), in the provision of services rendered through:
- the Website www.fcohc.it
- other websites, platforms, applications, products and/or content of the Data Controllers.
In relation to certain services, the Data Controllers reserve the right to provide a particular information that may, from time to time, supplement or amend this information; in case of conflict, the terms of the particular information relating to the specific service prevail.
The provisions set out herein shall be deemed applicable to any person browsing the site and/or any service accessible electronically, including by means of any mobile applications already existing or soon to be developed, and more generally to individuals whose personal data are collected and processed within the services.
The processing of your personal data will take place in compliance with applicable legislation, with particular reference to EU Regulation 2016/679 (hereinafter also the “Regulation”) on the protection of individuals with regard to the processing of personal data, as well as with the national implementing provisions and measures of the National Supervisory Authority (namely the Data Protection Supervisor).
A) Navigation Data: through the use of the website also for informational purposes only, the computer systems and the procedures that allow its operation to acquire your personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with you, but that by their very nature could, through processing and association with data held by third parties, allow you to be identified.
This category of data includes, but is not limited to: IP addresses, hostnames of computers you use to connect to the site or platform, date and time of request, time difference from Greenwich Mean Time (GMT), request content (specific page), access status/HTTP status code, volume of data transferred in each case, referrer site (referrer), browser, operating system and interface, language and software version of the browser and other parameters related to the operating system and your computer environment. Data related to the PC - Phone - Tablet - or other device used for navigation will also be collected.
These data, processed for the sole purpose of obtaining anonymous statistical information on the use of the sites in question and to check their correct functioning, are deleted after their processing. They can also be used for the assessment of liability in case of cybercrimes against the site or the Platform of the Data Controllers and its users, also at the request of the judicial authorities.
B) Data you voluntarily provide: the subject of processing is the personal data you provide (hereinafter also referred to as the “Data Subject”) through the contact forms on the site, or in any case within the framework of the relationship with the Data Controllers.
Such data may include:
- identification and contact data (first name, last name, gender, date of birth, company or company name, address, registered office, telephone and e-mail addresses - data relating to identification documents);
- payment and billing data, such as data relating to credit cards and other payment systems you use in the event of a request for certain services provided by the Data Controllers.
The provision of personal data is a necessary requirement for the provision and subsequent use of the services requested. It should therefore be noted that failure to provide certain data may make it impossible for the Data Controllers to validate the registration, as well as to provide the requested service. In this regard, the Data Controllers will indicate from time to time, also through their own forms, the data whose provision is strictly necessary for the use of the services and the additional data whose provision is instead optional.
Your personal data are processed by the Data Controllers for the purposes specified below.
A) For the execution of the contract or in any case to provide services you request: your data
and the data of the persons you indicate will be processed by the Data Controllers for the execution of the
contractual relationship and the provision of the services provided at your request. In particular, the Data Controllers may process your data and the data of the persons you indicate for the performance of operational
and administrative activities necessary for:
(i) managing platform registration operations;
(ii) managing requests for the purchase of goods or services offered through the platform directly by the Data Controllers or by third parties;
(iii) managing payment transactions at your request to enable banks and credit institutions to carry out the verification of your chosen means of payment, charges and other service’s procedures management;
(iv) offering a platform for contacts and useful information on possible activities, events and events organized by the Data Controllers through newsletter services and facilitating communication and information between users through networking and messaging services as well as their participation in various initiatives (sports, recreational, charitable) organized by the Data Controllers or third parties;
(v) managing, at your request, the interactions of the services with third-party’s social networking platforms, to which you can connect according to your preferences in order to share activities or information about you;
(vi) the issuing of administrative, accounting and tax documents relating to services you requested.
For this purpose, the Data Controllers may process the data indicated in points a) and b) of the previous article 2). The legal basis for processing is represented by Article 6, paragraph 1, lett. b) of the Regulation as the processing is necessary to perform a contract to which you are a party or in any case to provide the services you requested. Where, for the purposes of providing the services you requested, the Data Controllers need to process particular categories of your data, the failure to provide consent, as well as the revocation thereof, will determine the impossibility of providing the services requested.
B) For the fulfilment of legal obligations: your data and the data of the persons you indicate will be processed by the Data Controllers for the fulfilment of legal obligations, such as, for example, tax obligations related to the performance of the contract and the provision of the services. For this purpose, the Data Controllers may process the data indicated in points a) and b) of the previous article 2).
The basis of the treatment is represented by art. 6, paragraph 1, lett. c) of the Regulation as the processing is aimed at fulfilling a legal obligation to which the Data Controllers are subject.
C) For marketing purposes: the Data Controllers may process your data, to send informative and promotional communications related to the services offered by the Data Controllers, as well as related to activities, events and events promoted and/or organized by the Data Controllers, or for the completion of studies and statistical research and/or market, both with traditional methods of contact (paper mail, calls via operator) and with automated contact (email, SMS, MMS, instant messaging systems).
For the pursuit of these purposes, Data Controllers may process the data indicated in point b) of the previous article 2). Data Controllers will carry out this activity in compliance with the principles of the Regulation and for the pursuit of a legitimate interest (cf. art. 6, paragraph 1, lett. f of the Regulations); in any case, you can object at any time, even during registration for the services, to the receipt of such communications, by writing to firstname.lastname@example.org.
Moreover, the individual communications transmitted by e-mail will contain a hyperlink to oppose in a simple and intuitive way the receipt of further communications (unsubscribe).
In addition, with your expressed and specific consent (cf. art. 6, paragraph 1, lett. a of the Regulation), Data Controllers may process your data for the purposes indicated above, as well as to invite you to participate in promotional initiatives (present and future), loyalty programs or initiatives with third-party partners and to carry out market surveys and analysis of your satisfaction, using automated communication channels (e.g. SMS, e-mail, calls without operator, notifications on the App).
For the pursuit of this purpose, Data Controllers may process the data referred to in point b) of the previous article 2); moreover, if you have given your consent to carry out the profiling activities referred to in point d) below, Data Controllers may also process the information indicated in point a) of the previous article 2) for marketing purposes.
You can revoke your consent at any time by writing to email@example.com.
D) For profiling purposes: following your prior expressed and specific consent (cf. art. 6, paragraph 1, lett. a of the Regulation), Data Controllers may process your data in order to better understand your habits and interests and, consequently, offer you products and services, invitation to participate in activities, events and/or events that they believe may be to your satisfaction. In particular, based on the participation in previous events, the area of residence, navigation on the site, you may be suggested events to attend. For the pursuit of this purpose, Data Controllers may process the data referred to in points a) and b) of the previous article 2).
You can revoke your consent at any time by writing to firstname.lastname@example.org.
E) For the purposes of communication to third parties for marketing purposes: following your prior expressed and specific consent (cf. art. 6, paragraph 1, lett. a of the Regulation), Data Controllers may communicate some of your data to event organizers and companies with which Data Controllers may conclude partnership agreements for the purpose of making interesting or advantageous offers to you. These organizers and companies may then use your data for commercial and promotional purposes, using both automated systems (e.g. e-mail) and traditional channels (e.g. paper mail).
Your identification data, your address or registered office and your contact details (telephone number and e-mail address) may be shared.
You can revoke your consent at any time by writing to email@example.com.
The personal data are processed by Data Controllers with the help of electronic and manual means suitable to guarantee their security and confidentiality.
In particular, they may be processed in the following ways: registration and processing on paper; registration and processing on computer media; organization of archives in both automated and non-automated form.
The data will be stored in a form that allows your identification only for the time strictly necessary to achieve the purposes for which the data were originally collected and, in any case, within the limits of law.
In order to ensure that personal data is always accurate, up-to-date, complete and relevant, we encourage you and other interested parties to keep your data updated through the specific functions of the platforms, of the linked sites and applications or to report any changes to the following e-mail address: firstname.lastname@example.org.
Personal data will be processed only for the time necessary in relation to the purposes described above.
Unless otherwise disclosed in such policy and in the detailed information regarding specific services, Data Controllers will adhere to the following retention periods:
- for purposes related to the execution of the contract and the provision of the services you requested, letter A) art. 3 above: the data will be processed by and for the duration of the relationship and as long as there are obligations or obligations related to the execution of the same. The criteria for determining the retention period of the Data take into account the allowed processing period and the applicable laws on taxation, limitation of rights and the nature of legitimate interests where they constitute the legal basis for processing. In accordance with the provisions of current legislation, personal data may be stored for a period subsequent to that originally provided, in case of any disputes or requests from the competent Authorities;
- for the fulfillment of legal obligations letter B) art. 3 above: the data will be processed and stored by Data Controllers as long as the need for processing persists to comply with these legal obligations;
- with regard to processing for marketing purposes, carried out on the basis of a legitimate interest or with your prior consent the data will be processed for the duration of the relationship with you and as long as there are obligations or obligations related to the execution of the aforementioned relationship, unless the consent previously given is revoked or in case of opposition to processing;
- for profiling purposes, data will be processed for a maximum period of 10 years or for the period that may be provided for by law or by measures of the Supervisory Authority, after which the data will be stored, if necessary, to pursue other purposes or will be permanently deleted;
- in relation to further data processed pursuant to a legitimate interest of the Data Controllers as described above, the data will be processed as long as the legitimate interest persists, without prejudice to your right of opposition.
No data will be disclosed or shared with third parties except with your express and specific consent, except for the data disclosed or otherwise shared by you through the website of the Data Controllers or through social networks and otherwise present in the internet web according to point 6) of this policy.
Where communication to third-party suppliers, consultants or partners of the Data Controllers is necessary for requirements related to the provision of the services, registrations, recruitment and accreditations, it will be the responsibility of the Data Controllers to ensure the appointment of the latter as data processors pursuant to art. 28 of the Regulation, by virtue of the ability, experience and reliability demonstrated.
You may request at any time the complete list of data processors appointed by the Data Controllers, by sending a request in accordance with Article 9) below.
It is understood that your personal data may be freely communicated to third parties, such as police or other public administrations, whenever permitted by law or required by an order of a competent authority. These parties will process the data as independent Data Controllers.
The site and the contact forms constitute a platform for sharing the experiences of each user, both individually and as part of activities and events organized by third parties or by the Data Controllers themselves, that will participate in a plurality of subjects.
The site also offers the possibility to share this information with the social networks chosen by each user. The operators of these services will act as independent Data Controllers. If you wish to share your data and information on these social networks, you are invited to check such sites’ data processing policies.
In the case of activities and events organized by third parties, the organizer may acquire and process your data if you take part in the event for their own purposes and on the basis of an autonomous information; you are then invited to check with the organizer (and any suppliers that the organizer uses) the means and purposes of the processing of your data related to participation in the event. Where provided for in the related policy to each specific event, the Data Controllers may also play the role of co-controller or autonomous Data Controllers together with the organizer, with the consequent exchange of data and information for the purposes described in the information and on the basis of an appropriate legal basis.
In pursuit of the purposes described above, the Data Controllers may also transfer your personal data to third Countries or International Organizations outside the European Economic Area (“EEA”).
In this case, where the European Commission has recognized that a Country outside the EEA is capable of ensuring
an adequate level of data protection, your personal data may be transferred on that basis. For transfers to
non-EEA Countries or International Organizations whose level of protection has not been recognized by the
European Commission, the Data Controllers will rely on a derogation applicable to the specific situation (for
example, a transfer necessary to perform a service at the request of the data subject such as an international
payment) or on one of the following adequate safeguards to ensure the protection of your personal data:
- standard contractual clauses, approved by the European Commission, that bind the data importer to processing the data in compliance with the Regulation and this Policy;
- binding business norms.
For more information on these measures, you can send a written request to email@example.com.
Taking into account the state of the art and the costs of implementation, as well as the nature, subject matter,
context and purpose of the processing, the risks to your rights and freedoms, the Data Controllers, also through
their data processors appointed pursuant to art. 28 of the Regulation, will put in place appropriate technical
and organizational measures to ensure a level of safety appropriate to the risk in accordance with Articles 32
and with the Regulation; these measures include, among others:
- pseudonymization and encryption of personal data;
- the ability to ensure on a permanent basis the confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to promptly restore the availability and access of personal data in the event of a physical or technical incident;
- a procedure for the regular testing, verification and evaluation of the effectiveness of technical and organizational measures to ensure safe processing.
The Data Controllers also have in place a procedure for the regular verification of the effectiveness of the technical and organizational measures taken to ensure the security of the processing for its entire duration and allows access to data only to duly instructed parties, except where access is to be granted by virtue of a specific provision of Union or Member State law or by order of the authority.
According to the Regulation, you can exercise the following rights against the Data Controllers:
- request and obtain information about the existence of your own data at the Data Controllers as well as about the processing of personal data carried out by the Data Controllers and obtain access to them;
- request and obtain the receipt in a structured, commonly used and machine-readable format of the data provided to the Data Controllers, if the processing is based on a consent or a contract and is carried out by automated means, and, where technically possible, the transfer of such data to another controller;
- request and obtain the modification and/or correction of data that are inaccurate or incomplete;
- request and obtain the cancellation of data if considered not necessary - or no longer necessary - for the purposes that precede or in the presence of other conditions provided by law (cf. art. 17 of the Regulation);
- request and obtain the limitation of the processing of data if you contest the accuracy or in the other cases provided for by art. 18 of the Regulation;
- object to the further processing of data in the cases expressly defined in Article 2) above.
Such requests may be sent to the Data Controllers by a request via e-mail to firstname.lastname@example.org or through other channels that the Data Controllers may make available to interested parties. Requests sent by e-mail or other means that do not allow you to be identified must be accompanied by a copy of your identity document in order to verify your identity.
In accordance with current legislation, in addition to the above rights, you also have the right to submit a complaint to the competent supervisory authority that in Italy is the Guarantor for the protection of personal data, Piazza Venezia n. 11 - 00187 Roma, Fax: (+39) 06.69677.3785, email@example.com, firstname.lastname@example.org.
Normal browsing within the pages of the site involves the installation, by the Data Controllers or third parties, of small strings of text called cookies, the use of which is intended to ensure the normal functionality of the site and web applications, as to allow the Data Controllers to offer you a better browsing experience.
The use of the services is reserved to adults.
In any case, any abuse related to the processing of children’s data may be reported to email@example.com in order to allow the Data Controllers to take appropriate measures to protect the child, even with the immediate blocking of the processing of his or her data.