The data controller is Ufficio Pio of the Compagnia di San Paolo Onlus, in the person of his
legal representative pro tempore. The headquarters are in P.zza Bernini 5, cap 10138, Turin (TO).
Purpose: The treatment will take place for the following purposes:
Personal data are used (ref. Articles 6 (b) of the GDPR):
a) to allow navigation on the site and
b) possibly to perform the service or provision requested as part of the normal activity carried out by the undersigned organization (non-profit organization that supports people and families in situations of vulnerability or social and economic hardship in the Turin metropolitan area).
Furthermore, all personal data can be processed:
c) for purposes connected with obligations established by law, as well as by provisions issued by authorities legitimated by the law (ref.artt. 6 (c) and 9 (b, g, h) of the GDPR);
d) for the assessment, exercise or defense of a right in judicial and extrajudicial (legitimate interest) of the undersigned organization (ref. articles 6 (f) and 9 (f) of the GDPR);
e) for direct marketing purposes according to the legitimate interest of the Data Controller in particular; for cookies, the advertising ids used to show advertisements and advertisements; for e-mail addresses for sending the newsletter; for browsing and usage logs to protect the site and service from cyber-attacks; in these cases, the interested party can always deny consent so that the Data Controller will refrain from processing (ref. Articles 6 (f) of the GDPR);
f) for purposes functional to the activity for which the interested party has the right to give consent or not, such as eg. subscription to the newsletter to receive information messages and messages for the promotion and sale of products and services, detection of the degree of satisfaction, communication of data to third parties for receiving information and promotional communications and marketing (GDPR Article 6 (a))
g) with the consent of the interested party, in the case of sensitive data (ref. Article 9 (a) of the GDPR)
Personal data will be stored, in general, as long as the purposes of the processing persist according to the category of data processed. The data (only the indispensable ones) are communicated: to persons in charge of the processing, both internal to the organization of the writer, and external, who carry out specific tasks and operations (site administration, analysis of navigation data, traffic, profiling , management of emails and forms sent voluntarily by the user, processing of e-commerce requests and orders, etc.), in the cases and to the subjects required by law.
The treatment will be based on principles of correctness, lawfulness, transparency and protection of the privacy and rights of the interested parties. In particular, to verify the recipient's actual willingness to receive the newsletter, the double-opt-in mechanism is provided, for which the recipient will receive an email containing a registration confirmation link: until confirmation, his data will not be used to send the newsletter, but you will be notified with further confirmation request notices for the next 3 days every 24 hours, after which you will no longer be on the waiting list and your data will be removed.
In each newsletter email there is both a link for unsubscribing and one for modifying the data; therefore, if the recipient forwards the message received to a contact, the latter could unsubscribe or modify his data.
Mandatory or optional nature of providing data. The provision of the requested data is optional, however the failure, partial or incorrect provision of the data highlighted as necessary (name, surname, email) may result in failure to subscribe to the newsletter.
Recipients or Categories of recipients. Personal data will be processed by the Data Controller, and by the persons strictly authorized by him or by the persons designated responsible for the processing (such as the suppliers of the mailing system).
The data will not be disseminated.
Right of complaint to the supervisory authority. The interested party has the right to lodge a complaint with the Supervisory Authority (For Italy: Guarantor for the protection of personal data www.garanteprivacy.it).
At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided for in relation to the data controller, pursuant to art. from 15 to 22 of the GDPR (link to the standard); propose a complaint to the Guarantor (www.garanteprivacy.it); if the treatment is based on consent, revoke this consent given, taking into account that the revocation of the consent does not affect the lawfulness of the treatment based on the consent before the revocation.
Existence of an automated decision-making process. The processing does not involve an automated decision-making process.
Transfer of data to a third country or to an international organization. The Data Controller will not transfer personal data to a third country or to an international organization.