The General Data Protection Regulation (GDPR)
The information here in is given in compliance with article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) to individuals interested in receiving news, information, invitations, publications, announcements and newsletters relating to the activities conducted by Fondazione Cariplo.
“Personal data” (article 4, paragraph 1 of the GDPR) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Special categories of personal data” (article 9, paragraph 1 of the GDPR) means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
“Processing" (article 4, paragraph 2 of the GDPR) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
For the purposes of the GDPR (article 24) the Data Controller is:
Via Daniele Manin 23 Milan
Type of data processed
As part of our activities as a philanthropic entity, we, Fondazione Cariplo, collect and use personal data provided by you, the data subject, e.g. your personal details, to the extent that is needed and helpful to attain the purposes set out below.
Purpose of processing and profiling
We may collect and use personal data for the following purposes:
Communication and promotion of the activities of our Foundation e.g. news, information, invitations, publications, announcements and newsletters via e-mail; as well as monitoring, analysis and research.
Personal data may be collected also for profiling purposes. Specifically, we may ask you to give information about your municipality and province of residence for the exclusive purpose of informing you about events, activities and projects that concern your place of residence. We may also ask you to specify your areas of interest (environment, arts & culture, social & human services, scientific research) so that you receive communications that are targeted to your preferences.
You can change your preferences at any time.
Legal basis for processing personal data
For the purposes set out above, the legal basis of processing is the consent you, the data subject, give to the processing of your personal data.
Data Subject Rights
In relation to your personal data you can exercise your rights as data subject under the GDPR, namely:
- Right of access [article 15 of the GDPR];
- Right to rectification [article 16 of the GDPR];
- Right to erasure (‘right to be forgotten’) [article 17 of the GDPR];
- Right to restriction of processing [article 18 of the GDPR];
- Right to data portability [article 20 of the GDPR];
- Right to object [article 21 of the GDPR].
You have the right to withdraw your consent at any time.
The rights set out above can be exercised in writing by sending an email to firstname.lastname@example.org.
Pursuant to article 19 of the GDPR, we shall communicate any rectification or erasure of personal data or restriction of processing requested by you, the data subject, to each recipient to whom your personal data has been disclosed, unless this proves impossible. You as data subject have also the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
For further information about data subjects rights visit our website at www.fondazionecariplo.it.
We will keep personal data up to 24 months of consent.
Consent to data processing
Your are free to give or withhold your consent to processing of your personal data for the purposes above. We need your freely given consent to send you news, information, invitations, publications, announcements and newsletters regarding our Foundation’s philanthropic activities. Should you deny your consent, we will be unable to send you said communications.
Disclosure of data outside of the Foundation
We may disclose your personal data outside of our Foundation for various reasons. In particular, your personal data may be made available to entities providing IT system management on behalf of our Foundation, competent authorities and/or public bodies and supervisory authorities to comply with statutory requirements, PR agencies and firms, and other third parties collaborating with our Foundation for the attainment of our philanthropic purposes. Where appropriate, we shall formally appoint said third parties Data Processors pursuant to article 28 of the GDPR. Upon your request you can access the detailed list of third parties to whom your personal data has been disclosed.
How data is processed
We process your personal data on paper or electronic form and enter your data into relevant databases that may be accessed – hence your data be disclosed to – our Foundation’s employees, contractors/consultants interns and other authorised individuals. Said employees, contractors/consultants interns and other authorised individuals may consult, use, process, compare the data as well as carry out any other appropriate action, including using automated means, always in compliance with statutory requirements that ensure, inter alia, protection of the confidentiality and security of the personal data, as well as data accuracy, update and appropriateness to the purposes for which the data is collected and used, as stated above.
Transfer of data outside of the EU
Your personal data may be transferred outside of the EU only for the purposes of promoting philanthropic activities, including via social media. In particular, Fondazione Cariplo - the Data Controller – reserves the right to transmit the data to third parties including those outside of the EU that guarantee an adequate level of personal data protection and apply the EU-US Privacy Shield framework.
Changes and updates
Weo may make changes and/or additions to this privacy notice including as a result of regulatory changes.
CONSENT REQUEST PURSUANT TO ARTICLE 7 OF THE GDPR