PRIVACY NOTICE FOR WEBSITE USERS
according to article 13 of the Regulation (EU) 2016/679 (“GDPR”) General Data Protection Regulation
Fondazione Collegio Carlo Alberto
Fiscal Code n. 94049090015
Headquarter: 8 Piazza Arbarello, Turin, Italy, 10122
Data controller e-mail: firstname.lastname@example.org
In accordance with Art. 13 of the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), Fondazione Collegio Carlo Alberto (hereinafter referred to as “Data Controller” or “Collegio Carlo Alberto”), as Data Controller, inform you (hereinafter referred to as “User” or “Data Subject”) that your personal data will be processed for the following purposes and in the following manner:
1. Types of Data Collected
The Data Controller processes personal data, including identification data (e.g. name, surname, e-mail, phone number, etc.) and usage data of the User (hereinafter referred to as "Personal data" or "Data") collected through the Data Controller's website, located at https://www.carloalberto.org/ (hereinafter referred to as "Website").
The information relating to the network used by the User (e.g. IP address) may also be collected and processed by the Data Controller.
2. Purposes and Lawfulness of Processing
Your Personal data will be processed for the following purposes:
- Respond to the User’s information requests via e-mail (in the letter case, the data processing will not be conducted directly through the Website);
- Acquire statistics and metrics to ensure the proper functioning of the Website;
- Exercise the rights of the Data Controller (e.g., data processing for exercise or defence of legal claims).
The lawfulness of the data processing is the following:
- With regard to purposes (a) and (b), the Data processing is necessary for the performance of a contract to which the User is a party or for taking steps at the User’s request prior to entering into a contract;
- For purposes (c) and (d), the lawfulness of Personal Data processing is grounded on the legitimate interests of the Data Controller, specifically in monitoring the proper functioning of the Website and processing Personal Data when required for establishment, exercise, or defence of legal claims.
The Users may not to communicate the Data for the above-mentioned purposes. Failure to provide the Data, however, may render it impossible for the Website to provide its services.
Furthermore, the Data Controller will process the User's Data, exclusively upon the User's explicit consent given in accordance with Article 7 of the GDPR, for the following purposes:
The lawfulness of the Data processing for purposes (e) and (f) is the consent of the User.
The Consent is optional. Thus, the User may refuse to provide his/her consent for the processing of Data for purposes (e) or (f). Moreover, the User may revoke his/her consent to the processing of data at any time without affecting the lawfulness of the processing based on the consent before the withdrawal.
3. Retention Time
The Data Controller will store and process Personal data for the period of time necessary to fulfill the purposes specified in this Privacy notice. Your Data will not be retained for a longer period of time unless the current law requires a more extended retention period. The Italian Civil Code requires to store all the documents of commercial or legal relevance for a period of 10 years. The Personal Data can also be stored for the period of time necessary for the establishment, exercise or defence of legal claims.
The data collected for marketing and profiling purposes will be processed by the Data Controller until the User withdraws his/her consent to the processing and in any case, for a period not exceeding 10 years from the date when the Data was collected.
4. Disclosure of Personal Data
The User’s Personal data will not be disseminated but may be made accessible where necessary for the provision of services or for compliance with statutory obligations to:
- employees or collaborators of the Data Controller in Italy or abroad, in their capacity of subjects authorized to process Personal data and/ or system administrators.
- third-party companies or other subjects (e.g. credit institutions, IT consultants etc.) which carry out activities in outsourcing on behalf of the Data Controller, in their capacity of Processors.
The Data Controller may communicate your Personal data for the purposes established by Art. 2 of the present Privacy notice to supervisory authorities, legal authorities and public authorities to which it is obligatory to communicate the Data, as well as to those subjects to which the communication is obligatory by law for the fulfillment of the above-mentioned purposes.
5. Transfer of Personal Data
The Personal data will be stored on servers located within the European Union and managed by third-party companies duly appointed as Processors.
The Data Controller may transfer the User’s Personal data to a third country. The data will be transferred exclusively to countries considered “adequate” and therefore, “safe” by the European Commission or to the companies that ensure appropriate safeguards pursuant to Articles 44-50 of the GDPR.
You may exercise the rights granted by the GDPR (articles 15-22), including:
- The right to receive confirmation as to whether the Data Controller is processing the User’s Personal data (access rights);
- The right to update, modify and/ or correct Personal data (right of rectification);
- The right to request the erasure of data or the restriction of the processing. This right can be granted if the process is unlawful or the Data Controller no longer needs the Personal data for the purposes of the processing (right to be forgotten and right to restriction of processing);
- The right to oppose to the processing (right of opposition);
- The right to propose a complaint to the Supervisory Authority in case of violation of the regulations regarding the protection of Personal data;
- The right to receive an electronic copy of the User’s Personal data (in a structured, commonly used and machine-readable format) and right to transmit those Data to another Data Controller without hindrance from the Data Controller to which the Personal Data has been provided (right to Data portability).
7. Data Controller Contact Information
The Data Controller: Fondazione Collegio Carlo Alberto
Office: 8 Piazza Arbarello, Turin, Italy, 10122
You can contact the Data Controller to exercise your rights granted by the GDPR by sending a registered letter to Fondazione Collegio Carlo Alberto at 8 Piazza Arbarello, Turin, Italy, 10122 or by sending an e-mail to email@example.com providing the following information: name, surname, a copy of your identity document.
8. Data Protection Officer Contact Information
The Data Protection Officer (DPO):
ARGO BUSINESS SOLUTIONS SRL
Contact: Fabio Cassanelli
The DPO can be contacted by sending an e-mail to the following address: firstname.lastname@example.org.
9. Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.
The Data Controller reserves the right to make changes to this Privacy Notice at any time by notifying its Users within this Website at the following link: https://www.carloalberto.org/privacy/
Privacy Notice updated on: 09/10/2023