PRIVACY NOTICE FOR WEBSITE USERS

according to article 13 of the Regulation (EU) 2016/679 (“GDPR”) General Data Protection Regulation

DATA CONTROLLER

Fondazione Collegio Carlo Alberto
Fiscal Code n. 94049090015
Headquarter: 8 Piazza Arbarello, Turin, Italy, 10122
Data controller e-mail: privacy@carloalberto.org

In accordance with Art. 13 of the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), Fondazione Collegio Carlo Alberto (hereinafter referred to as “Data Controller” or “Collegio Carlo Alberto”), as Data Controller, inform you (hereinafter referred to as “User” or “Data Subject”) that your personal data will be processed for the following purposes and in the following manner:

1. Types of Data Collected

The Data Controller processes personal data, including identification data (e.g. name, surname, e-mail, phone number, etc.) and usage data of the User (hereinafter referred to as "Personal data" or "Data") collected through the Data Controller's website, located at https://www.carloalberto.org/ (hereinafter referred to as "Website").

The information relating to the network used by the User (e.g. IP address) may also be collected and processed by the Data Controller.

2. Purposes and Lawfulness of Processing

Your Personal data will be processed for the following purposes:

  1. Respond to the User’s information requests via e-mail (in the letter case, the data processing will not be conducted directly through the Website);
  2. Enable the User to register for events organized by the Data Controller and/or its Partners. To facilitate the event registration process, the Data Controller utilizes the Google Forms service provided by Google Ireland Limited (hereinafter referred to as Google) to collect your Personal Data for identification and registration purposes. Please note that Data processing does not occur directly through the website. Instead, it is carried out in accordance with the procedures specified in the present Privacy Policy and the Google Privacy Policy, which can be found at: https://policies.google.com/privacy;
  3. Acquire statistics and metrics to ensure the proper functioning of the Website;
  4. Exercise the rights of the Data Controller (e.g., data processing for exercise or defence of legal claims).

The lawfulness of the data processing is the following:

  • With regard to purposes (a) and (b), the Data processing is necessary for the performance of a contract to which the User is a party or for taking steps at the User’s request prior to entering into a contract;
  • For purposes (c) and (d), the lawfulness of Personal Data processing is grounded on the legitimate interests of the Data Controller, specifically in monitoring the proper functioning of the Website and processing Personal Data when required for establishment, exercise, or defence of legal claims.

The Users may not to communicate the Data for the above-mentioned purposes. Failure to provide the Data, however, may render it impossible for the Website to provide its services.

Furthermore, the Data Controller will process the User's Data, exclusively upon the User's explicit consent given in accordance with Article 7 of the GDPR, for the following purposes:

  1. To send emails and communications regarding Collegio Carlo Alberto’s initiatives, etc. The Data Controller relies on the Brevo (formerly, Sendinblue) platform to deliver newsletters. The processing of personal data is carried out in accordance with the provision outlined in the Brevo Privacy Policy, available at: https://www.brevo.com/legal/privacypolicy/#privacysibinc;
  2. For statistical purposes, subject to the User’s explicit cookie acceptance. The Data Controller employs such services as “Pixel” provided by Meta Platforms Ireland Limited (hereinafter referred to as Meta) and “Google Analytics 4” provided by Google to collect anonymized Data of the Website’s Users (e.g. tracker and usage data) that aids in understanding website usage patterns and performance. The data processing for statistical purposes is carried out in accordance with the procedures outlined in the Privacy Policy of the respective services. To gain a deeper understanding of the data processing, please refer to the following links:
    Google Privacy policy: https://policies.google.com/privacy
    Meta Privacy Policy: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

In order to obtain more information about cookie processing, please visit our Cookie Policy at the following link: https://www.carloalberto.org/cookie-policy-eu/

The lawfulness of the Data processing for purposes (e) and (f) is the consent of the User.

The Consent is optional. Thus, the User may refuse to provide his/her consent for the processing of Data for purposes (e) or (f). Moreover, the User may revoke his/her consent to the processing of data at any time without affecting the lawfulness of the processing based on the consent before the withdrawal.

3. Retention Time

The Data Controller will store and process Personal data for the period of time necessary to fulfill the purposes specified in this Privacy notice. Your Data will not be retained for a longer period of time unless the current law requires a more extended retention period. The Italian Civil Code requires to store all the documents of commercial or legal relevance for a period of 10 years. The Personal Data can also be stored for the period of time necessary for the establishment, exercise or defence of legal claims.

The data collected for marketing and profiling purposes will be processed by the Data Controller until the User withdraws his/her consent to the processing and in any case, for a period not exceeding 10 years from the date when the Data was collected.

For more information about the retention period for Data acquired through cookies, please refer to our Cookie Policy: https://www.carloalberto.org/cookie-policy-eu/

4. Disclosure of Personal Data

The User’s Personal data will not be disseminated but may be made accessible where necessary for the provision of services or for compliance with statutory obligations to:

  • employees or collaborators of the Data Controller in Italy or abroad, in their capacity of subjects authorized to process Personal data and/ or system administrators.
  • third-party companies or other subjects (e.g. credit institutions, IT consultants etc.) which carry out activities in outsourcing on behalf of the Data Controller, in their capacity of Processors.

The Data Controller may communicate your Personal data for the purposes established by Art. 2 of the present Privacy notice to supervisory authorities, legal authorities and public authorities to which it is obligatory to communicate the Data, as well as to those subjects to which the communication is obligatory by law for the fulfillment of the above-mentioned purposes.

5. Transfer of Personal Data

The Personal data will be stored on servers located within the European Union and managed by third-party companies duly appointed as Processors.

The Data Controller may transfer the User’s Personal data to a third country. The data will be transferred exclusively to countries considered “adequate” and therefore, “safe” by the European Commission or to the companies that ensure appropriate safeguards pursuant to Articles 44-50 of the GDPR.

Users Rights

You may exercise the rights granted by the GDPR (articles 15-22), including:

  1. The right to receive confirmation as to whether the Data Controller is processing the User’s Personal data (access rights);
  2. The right to update, modify and/ or correct Personal data (right of rectification);
  3. The right to request the erasure of data or the restriction of the processing. This right can be granted if the process is unlawful or the Data Controller no longer needs the Personal data for the purposes of the processing (right to be forgotten and right to restriction of processing);
  4. The right to oppose to the processing (right of opposition);
  5. The right to propose a complaint to the Supervisory Authority in case of violation of the regulations regarding the protection of Personal data;
  6. The right to receive an electronic copy of the User’s Personal data (in a structured, commonly used and machine-readable format) and right to transmit those Data to another Data Controller without hindrance from the Data Controller to which the Personal Data has been provided (right to Data portability).

7. Data Controller Contact Information

The Data Controller: Fondazione Collegio Carlo Alberto

Office: 8 Piazza Arbarello, Turin, Italy, 10122

You can contact the Data Controller to exercise your rights granted by the GDPR by sending a registered letter to Fondazione Collegio Carlo Alberto at 8 Piazza Arbarello, Turin, Italy, 10122 or by sending an e-mail to privacy@carloalberto.org providing the following information: name, surname, a copy of your identity document.

8. Data Protection Officer Contact Information

The Data Protection Officer (DPO):

ARGO BUSINESS SOLUTIONS SRL

Contact: Fabio Cassanelli

The DPO can be contacted by sending an e-mail to the following address: collegiocarloalberto@argobs.it.

9. Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

10. Changes to this privacy policy

The Data Controller reserves the right to make changes to this Privacy Notice at any time by notifying its Users within this Website at the following link: https://www.carloalberto.org/privacy/

Privacy Notice updated on: 09/10/2023