Privacy policy
Dear user,
FONDAZIONE CASSA DI RISPARMIO DI TORTONA evaluates the personal data of all concerned natural or legal persons with whom it interacts as of fundamental and primary importance.
The processing of personal data takes place in respect of fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality, personal identity, the right and protection of personal data.
For this reason, in full compliance with the legislation imposed at European level by G.D.P.R. 679/2016 and at national level by Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, in this section we wish to provide all information relating to the processing of your data.
This section includes the following information:
USERS OF THE WEB SERVICES
USERS OF THE WEB SERVICES: INFORMATION ON PERSONAL DATA PROTECTION PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
Pursuant to Article 13 of EU Regulation 2016/679 FONDAZIONE CASSA DI RISPARMIO DI TORTONA, with registered office in Corso Leoniero no. 6, Post Box 92, 15057 Tortona (AL), in its capacity as Data Controller, hereby informs the users this website as follows:
PROCESSED DATA
| BROWSING DATA | The IT systems required for the functioning of this website acquire certain personal browsing data.
These data are not collected to be associated with identified data subjects; however through their processing and association with data held by third parties, the nature of the information could permit the identification of the users. For example, this category of data includes: – the IP addresses or domain names of the computers used by the users to connect to the website -the uniform resource identifier (URI) addresses of the requested resources, -the size of the file obtained in response, -the numerical status code of the response given by the server (OK, error, etc.) the time and date of the request, etc. These data are used solely for the purpose of gathering anonymous statistical data on website usage and to check the website works correctly, and they are erased immediately after their processing. The data could be used to verify accountability in case of potential cyber crimes to the detriment of the website. |
| DATA PROVIDED DIRECTLY BY THE USER | The optional, explicit and voluntary transmission of identifying and contact data as requested by various sections of this website requires the user to grant consent for the use of the same in order to follow up and respond to their requests (for example, but not limited to: requests for information or clarification made by telephone to the numbers indicated on the website or in writing to the email addresses posted thereon). |
| PURPOSE | LEGAL BASIS OF THE PROCESSING |
| The data sent spontaneously by the user as requested by various sections of this website will be used to respond to the requests. | The legal basis for the processing is the consent granted for the processing of the above-mentioned data. Consent is deemed as having been granted when the user browses the website or confers the data in question by filling in the online forms, ticking the boxes provided at the bottom of the same and sending the relative request. |
NATURE OF THE DATA CONFERRAL
Except in the case of browsing data, conferral of the personal data by users is optional. However, failure to confer said data may make it impossible to proceed in responding to the requests that the user has submitted, or intends to submit.
PROCESSING METHOD
The data is processed using IT procedures or in any case digital means and paper media, by persons authorised by the Data Controller and specifically trained to ensure the compliance and protection of the processed personal data.
The Data Controller guarantees that it will implement all the adequate security measures regarding data storage envisaged by the law in force.
DATA RETENTION PERIOD
The data will be processed for the period of time strictly necessary in order to fulfil the purposes for which they have been collected (responding to the requests received) in compliance with the limits and rights acknowledged by the law and limitation periods in force.
COMMUNICATION AND DISCLOSURE, RECIPIENTS
The collected data will only be processed by persons authorised and trained to do so.
The data can be communicated to:
Third parties appointed as external Data Processors in charge of the processing
Public and /or private third parties and competent authorities that can access the data by law.
The data shall not be disclosed to, exchanged with or sold to third parties without the express consent of the Data Subject.
TRANSFER OF THE DATA ABROAD TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA
Please note that the Data Controller does not currently transfer your personal data to any third countries or international organisations.
Should it decide to transfer your personal data to a third country or international organisation, this transfer will only take place if an adequacy decision has been made by the European Commission or, in case of the transfers described in Articles 46 and 47, or Article 49, second paragraph, only in the presence of express reference to the appropriate or opportune guarantees, and to the means for obtaining a copy of said data or the place in which they have been made available.
RIGHTS OF THE DATA SUBJECT AND CONTACT DETAILS
The Data Subjects to whom the data refer can opt to exercise the rights envisaged by the G.D.P.R. 679/2016 as specified below, at any time:
Article 15- Right to access data, Article. 16 – Right to correct data, Article 17 – Right to cancel data (right to be forgotten) , Article 18 – Right to limit the processing,Article 20 – Right to data portability, Article 21 – Right to object to the processing
Article 22 – Right not to be subjected to an automated decision-making process, including profiling,Article 7 – Right to revoke consent, Article 77 -Right to submit a complaint to the Supervisory Authority
To exercise their rights, and request the updated list of Data Processors in charge of the processing, the Data Subject can send their requests in a specific communication sent by post addressed to the FONDAZIONE, or to the email address: fondazione.crtortona@gmail.com, addressing it directly to the Data Controller to obtain a prompt response.
DATA CONTROLLER
The Data Controller is FONDAZIONE CASSA DI RISPARMIO DI TORTONA, with registered office in Corso Leoniero no. 6, Post Box 92, 15057 Tortona (AL).
AMENDMENTS AND UPDATES
This notice can be subject to amendments and additions, also as a result of changes in the law. We undertake to constantly update the notice.
Date of last approval 9.04.2019
Data controller
FONDAZIONE CASSA DI RISPARMIO DI TORTONA
(signed on the original)
NOTE TO VISITORS PICTURE GALLERY
NOTE TO VISITORS PICTURE GALLERY AND TEACHING WORKSHOPS
This note is addressed to all the visitors of the FONDAZIONE CASSA DI RISPARMIO DI TORTONA picture gallery whose personal data are acquired by us, including general details, telephone and digital contact details such as email addresses and social media references, for purposes related to our activity.
Please note that your personal data shall be processed in compliance with your fundamental rights and freedoms, as well as with respect for the dignity of the Data Subject, with particular reference to their confidentiality, personal identity, personal data rights and protection .
Pursuant to Article 13 of EU Regulation 2016/679, we hereby provide the following information.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
| Purpose | Legal basis | |
| A. Security | Recording of images under video surveillance | Protection of the company’s assets and security |
| B. Purpose of providing information | Sending of information about our initiatives regarding our social and cultural activities | Consent granted by the Data Subject |
| C. Administrative purposes | Management of online and offline registrations to events, tours and teaching workshops | contractual |
| D. Purposes of providing information on/advertising the activity of the picture gallery | Publication of images on the website, social media pages or printed material | Consent granted by the Data Subject |
MANDATORY AND OPTIONAL PROVISION OF DATA AND THE CONSEQUENCES OF REFUSAL
Conferring the personal data and authorising the consequent processing of the same is optional. In particular, for the purpose of sending newsletters and information about our initiatives, the processing of your personal data is subject to the Data Subject granting their explicit and free consent, which can be revoked at any time.
HOW DATA IS PROCESSED
Personal data will be processed both manually, in paper format, and using electronic means. Electronic processing is based on the proprietary systems and databases of the Data Controller and involves appropriate computerised procedures for the storage, management and transmission of data, using methods and logics designed to guarantee the security and confidentiality of the data.
RETENTION PERIODS
Personal data will be processed for the time strictly necessary to satisfy the stated purposes for which they were collected and to fulfil statutory and regulatory requirements, without prejudice to the statutory limitations and time-limits of rights and in compliance with resulting obligations.
Regarding the processing of data for the purposes of sending informative messages, and newsletters regarding the activities of the picture gallery, the data will be retained for 24 months following the last contact made with the above-mentioned Data Controller, unless the consent of the Data Subject is revoked before then.
WHO MAY ACCESS THE DATA
The personal data will be processed by parties expressly and specifically appointed by the Data Controller, in the capacity of external Data Processors or authorised persons. Personal data may also be processed by outsourcers engaged to provide services connected with the purposes of processing and which our organisation may designate as Data Processors in charge of the data processing operations they perform, to ensure greater protection.
The data can be communicated (i.e. disclosed to one or more identified parties, other than the Data Controller, the external Data Processors and those authorised to process the same who have been identified and appointed) to public and private parties who can access the data by virtue of the provisions of the laws, regulations or European laws in force, within the limits envisaged by said laws or regulations.
DISSEMINATION
Personal data will not be published, meaning that the information will not be disseminated in any way, either by being made public or available for consultation, unless you specifically give your free and informed consent for each type of processing.
RIGHTS OF THE DATA SUBJECT AND CONTACT DETAILS
The Data Subjects to whom the data refer can opt to exercise the rights envisaged by the G.D.P.R. 679/2016 as specified below, at any time:
Article 15- Right to access data, Article. 16 – Right to correct data, Article 17 – Right to cancel data (right to be forgotten) , Article 18 – Right to limit the processing,Article 20 – Right to data portability, Article 21 – Right to object to the processing
Article 22 – Right not to be subjected to an automated decision-making process, including profiling,Article 7 – Right to revoke consent, Article 77 -Right to submit a complaint to the Supervisory Authority
To exercise their rights, and request the updated list of Data Processors in charge of the processing, the Data Subject can send their requests in a specific communication sent by post addressed to the FONDAZIONE, or to the email address: fondazione.crtortona@gmail.com, addressing it directly to the Data Controller to obtain a prompt response.
TRANSFER OF THE DATA ABROAD
Please note that the Data Controller does not currently transfer your personal data to any third countries or international organisations.
Should it decide to transfer your personal data to a third country or international organisation, this transfer will only take place if an adequacy decision has been made by the European Commission or, in case of the transfers described in Articles 46 and 47, or Article 49, second paragraph, only in the presence of express reference to the appropriate or opportune guarantees, and to the means for obtaining a copy of said data or the place in which they have been made available.
DATA CONTROLLER
The Data Controller is FONDAZIONE CASSA DI RISPARMIO DI TORTONA, with registered office in Corso Leoniero no. 6, Post Box 92, 15057 Tortona (AL).
Tortona, 20.01.2020
Data Controller
FONDAZIONE CASSA DI RISPARMIO DI TORTONA
(signed on the original)
NEWSLETTER
NEWSLETTER: INFORMATION ON PERSONAL DATA PROTECTION PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
Pursuant to Article 13 of EU Regulation 2016/679 FONDAZIONE CASSA DI RISPARMIO DI TORTONA, with registered office in Corso Leoniero no. 6, Post Box 92, 15057 Tortona (AL), in its capacity as Data Controller, hereby informs the third party users of the internet services interested in signing up to the newsletter as follows:
PROCESSED DATA
Identifying and contact data
| PURPOSE | LEGAL BASIS OF THE PROCESSING |
| Sending of the newsletter as per the user’s request, to receive information about the activity performed and/or invitations | The legal basis of the processing is the consent granted by the user |
NATURE OF THE DATA CONFERRAL
Conferring the data is optional, but any refusal to do so will make it impossible for the Data Controller to fulfil the requests to send the newsletter.
PROCESSING METHOD
The data is processed using IT procedures or in any case digital means and paper media, by persons authorised by the Data Controller and specifically trained to ensure the compliance and protection of the processed personal data.
The Data Controller guarantees that it will implement all the adequate security measures regarding data storage envisaged by the law in force.
DATA RETENTION PERIOD
The data are retained until the Data Subject submits a request either objecting to the processing or cancelling their subscription to the newsletter by clicking on the subscription cancellation link at the bottom of each communication.
Data processing performed by the Data Controller for the purposes of marketing and advertising will continue until 24 months after the last contact made with the above-mentioned Data Controller, unless contractual relationships are established with the same and in any case until the Data Subject objects to the processing.
COMMUNICATION AND DISCLOSURE, RECIPIENTS
The personal data will be processed by parties expressly and specifically appointed by the Data Controller, in the capacity of authorised persons.
All Data Processors will process personal data in compliance with the instructions provided by the Data Controller, according to the operating profiles assigned to them on the basis of the duties they perform, as necessary and relevant to perform specific tasks within the scope of the services requested, and exclusively for the purposes stated in this privacy statement.
The collected data can be communicated to:
Third parties appointed as external Data Processors in charge of the processing (e.g. IT support companies, etc.)
Public and /or private third parties and competent authorities that can access the data by law.
The data shall not be disclosed to, exchanged with or sold to third parties without the express consent of the Data Subject.
TRANSFER OF THE DATA ABROAD TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA
Please note that the Data Controller does not currently transfer your personal data to any third countries or international organisations.
Should it decide to transfer your personal data to a third country or international organisation, this transfer will only take place if an adequacy decision has been made by the European Commission or, in case of the transfers described in Articles 46 and 47, or Article 49, second paragraph, only in the presence of express reference to the appropriate or opportune guarantees, and to the means for obtaining a copy of said data or the place in which they have been made available.
RIGHTS OF DATA SUBJECTS
The Data Subjects to whom the personal data refer, can opt to exercise the following rights at any time:
| Article 7 – Right to revoke consent
|
The Data Subject is entitled to revoke their consent for the processing at any time. Revoking consent does not compromise the lawfulness of the processing performed based on the consent in force before said revocation. Before granting consent, the Data Subject is informed of this. Consent is revoked with the same ease with which it is granted. |
| Article 15-Right to access data | The Data Subject is entitled to obtain confirmation from the Data Controller of whether or not their personal data is being processed and should this be the case, to obtain access to the personal data and the information regarding the processing of the same. |
| Article. 16 – Right to correct data | The Data Subject is entitled to have the Data Controller correct any inaccurate personal data of theirs without any unjustified delay. Considering the purposes of the processing, the Data Subject is entitled to have their incomplete personal data supplemented, also by providing an additional statement. |
| Article 17 – Right to cancel data (right to be forgotten) | The Data Subject is entitled to have the Data Controller cancel their personal data without any unjustified delay and the Data Controller must do so. |
| Article 18 – Right to limit the processing | The Data Subject is entitled to have the Data Controller limit the processing should one of the following situations occur:
a) the Data Subject disputes the accuracy of the personal data, for the period required in order for the Data Controller to verify the correctness of said personal data; b) the data are processed unlawfully and the Data Subject objects to the cancellation of the personal data and instead requests that the use of the same be limited; c) although the Data Controller no longer needs the personal data for the purposes of the processing, they are required by the Data Subject for the verification, exercising or defence of a right in court; d) the Data Subject has objected to the processing pursuant to Article 21, paragraph 1, while waiting for a check to be performed on the potential prevalence of the legitimate reasons of the Data Controller over those of the Data Subject. |
| Article 21 – Right to object to the processing
|
The Data Subject is entitled to object to the processing of their personal data at any time, for reasons related to their personal situation pursuant to Article 6, paragraph 1, letters e) and f), including profiling based on these provisions. |
| Article 22 – Right not to be subjected to an automated decision-making process, including profiling
|
the Data Subject is entitled not to be subjected to a decision based only on automated data processing, including profiling, which generates legal effects that regard or similarly and significantly affect the same |
| Article 77 – Right to submit a complaint
|
Data Subjects who believe that the processing of their personal data breaches the privacy legislation in force are entitled to submit a complaint to the supervisory authority |
DATA CONTROLLER
The Data Controller is FONDAZIONE CASSA DI RISPARMIO DI TORTONA, with registered office in Corso Leoniero no. 6, Post Box 92, 15057 Tortona (AL).
For all communications relative to the exercising of the Data Subject’s rights, and to obtain an updated list of the Data Processors in charge of personal data processing please contact: fondazione.crtortona@gmail.com
Tortona, 4/10/2018
Data controller
LA FONDAZIONE CASSA DI RISPARMIO DI TORTONA
(signed on the original)
CONTACTS
CONTACTS: INFORMATION ON PERSONAL DATA PROTECTION PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
Pursuant to Article 13 of EU Regulation 2016/679 FONDAZIONE CASSA DI RISPARMIO DI TORTONA, with registered office in Corso Leoniero no. 6, Post Box 92, 15057 Tortona (AL), in its capacity as Data Controller, hereby informs the users of the website www.fondazionecrtortona.it who require information as follows:
PROCESSED DATA
Identifying and computer data conferred by the Data Subject using the form present on the Data Controller’s website.
| PURPOSE | LEGAL BASIS OF THE PROCESSING |
| to follow up and respond to the request submitted by the Data Subject and for the performance of the activities related to and instrumental to the same | Spontaneous conferral |
NATURE OF THE DATA CONFERRAL
Conferral of the personal data by users is optional. However, failure to confer said data may make it impossible to proceed in responding to the requests that the user has submitted, or intends to submit.
PROCESSING METHOD
The data is processed using IT procedures or in any case digital means and paper media, by persons authorised by the Data Controller and specifically trained to ensure the compliance and protection of the processed personal data.
The Data Controller guarantees that it will implement all the adequate security measures regarding data storage envisaged by the law in force.
DATA RETENTION PERIOD
The data will be processed for the period of time strictly necessary in order to fulfil the purposes for which they have been collected (responding to the requests received) and in any case for two years from when the first contacts are made, unless in the meantime the Data Subject exercises their right to object to the processing, and with the exception of cases in which contractual relationships are established with the Data Controller.
COMMUNICATION AND DISCLOSURE, RECIPIENTS
The personal data will be processed by parties expressly and specifically appointed by the Data Controller, in the capacity of Data Processors in charge of, or appointed to perform, the processing.
Personal data can also be processed by third parties (outsourcers) and consultants engaged to provide services connected with the processing purpose and which our organisation may designate as Data Processors in charge of the data processing operations they perform, to ensure greater protection.
All Data Processors will process personal data in compliance with the instructions provided by the Data Controller, according to the operating profiles assigned to them on the basis of the duties they perform, as necessary and relevant to perform specific tasks within the scope of the services requested, and exclusively for the purposes stated in this privacy statement.
The list of Data Processors in charge of processing is constantly updated and can be obtained by sending a written request, as explained below in the section on the rights of Data Subjects.
They can also be communicated to public and /or private third parties and to competent authorities that can access the data by law.
The data shall not be disclosed to, exchanged with or sold to third parties without the express consent of the Data Subject.
TRANSFER OF DATA OUTSIDE THE EU
Please note that the Data Controller does not currently transfer your personal data to any third countries or international organisations.
Should it decide to transfer your personal data to a third country or international organisation, this transfer will only take place if an adequacy decision has been made by the European Commission or, in case of the transfers described in Articles 46 and 47, or Article 49, second paragraph, only in the presence of express reference to the appropriate or opportune guarantees, and to the means for obtaining a copy of said data or the place in which they have been made available.
RIGHTS OF DATA SUBJECTS
The Data Subjects to whom the personal data refer, can opt to exercise the following rights at any time:
| Article 7 – Right to revoke consent
|
the Data Subject is entitled to revoke their consent for the processing at any time. Revoking consent does not compromise the lawfulness of the processing performed based on the consent in force before said revocation. Before granting consent, the Data Subject is informed of this. Consent is revoked with the same ease with which it is granted. |
| Article 15-Right to access data | The Data Subject is entitled to obtain confirmation from the Data Controller of whether or not their personal data is being processed and should this be the case, to obtain access to the personal data and the information regarding the processing of the same. |
| Article. 16 – Right to correct data | The Data Subject is entitled to have the Data Controller correct any inaccurate personal data of theirs without any unjustified delay. Considering the purposes of the processing, the Data Subject is entitled to have their incomplete personal data supplemented, also by providing an additional statement. |
| Article 17 – Right to cancel data (right to be forgotten) | The Data Subject is entitled to have the Data Controller cancel their personal data without any unjustified delay and the Data Controller must do so. |
| Article 18 – Right to limit the processing | The Data Subject is entitled to have the Data Controller limit the processing should one of the following situations occur:
a) the Data Subject disputes the accuracy of the personal data, for the period required in order for the Data Controller to verify the correctness of said personal data; b) the data are processed unlawfully and the Data Subject objects to the cancellation of the personal data and instead requests that the use of the same be limited; c) although the Data Controller no longer needs the personal data for the purposes of the processing, they are required by the Data Subject for the verification, exercising or defence of a right in court; d) the Data Subject has objected to the processing pursuant to Article 21, paragraph 1, while waiting for a check to be performed on the potential prevalence of the legitimate reasons of the Data Controller over those of the Data Subject. |
| Article 21 – Right to object to the processing
|
The Data Subject is entitled to object to the processing of their personal data at any time, for reasons related to their personal situation pursuant to Article 6, paragraph 1, letters e) and f), including profiling based on these provisions. |
| Article 22 – Right not to be subjected to an automated decision-making process, including profiling
|
the Data Subject is entitled not to be subjected to a decision based only on automated data processing, including profiling, which generates legal effects that regard or similarly and significantly affect the same |
| Article 77 – Right to submit a complaint
|
Data Subjects who believe that the processing of their personal data breaches the privacy legislation in force are entitled to submit a complaint to the supervisory authority |
DATA CONTROLLER
The Data Controller is FONDAZIONE CASSA DI RISPARMIO DI TORTONA, with registered office in Corso Leoniero no. 6, Post Box 92, 15057 Tortona (AL).
For all communications relative to the exercising of the Data Subject’s rights, and to obtain an updated list of the Data Processors in charge of personal data processing please contact: fondazione.crtortona@gmail.com
AMENDMENTS AND UPDATES
This notice can be subject to amendments and additions, also as a result of changes in the law. We undertake to constantly update the notice.
Date of last amendment 20.01.2020
Data controller
LA FONDAZIONE CASSA DI RISPARMIO DI TORTONA
(signed on the original)
