According to the rules as in the Regulation, the processing carried out by the Controller will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
- Data Controller
- Personal data being processed
- Browsing data
- Special categories of personal data
- Data provided voluntarily by the data subject
- Purpose of the processing
- Legal basis and mandatory or optional nature of the processing
- Recipients of personal data
- Transmission of personal data
- Data retention
- Rights of the data subjects
1. Data Controller
The Data Controller of the processing carried out through the Site is Associazione Sanità di Frontiera Onlus, as defined above, that can be reached at the address Viale Giulio Cesare 71, 00192 Rome, Italy, or at the email address firstname.lastname@example.org .
2. Personal data being processed
While browsing the Site, we inform you that the Controller will process your personal data, which may consist of an identifier such as the name, an identification number, an online identifier or one or more elements that are characteristic of your physical, economic, cultural identity suitable to make the data subject identified or identifiable (thereinafter also referred to as “personal data”).
The personal data processed through the Site is the following:
- Browsing data
The computer systems and software procedures used to operate the Site acquire some Personal Data during ordinary operations whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects but, by its very nature, it could allow users to be identified through processing and association with data held by third parties. This category of data includes the IP addresses or domain names of the computers used by the users visiting the Site, URI addresses (Uniform Resource Identifier) of the requested resources, the time when the request is made, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (positive outcome, error, etc.) and other parameters relating to the operating system and the user’s IT environment. This data is used only to obtain anonymous statistical information about the use of the Site and to check its correct functioning to identify anomalies and/or abuses, and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site or third parties.
b. Special categories of personal data
When using some of the Site sections, your personal data may be transmitted under a special category of Personal Data pursuant to art. 9 of the Regulation, verbatim the “[…] data suitable to reveal the racial or ethnic origin, the political opinions, the religious or philosophical convictions, or the trade-union membership, as well as to process genetic data, biometric data intended to unambiguously identify a natural person, data relating to health or sexual life or sexual orientation of the person.”
We invite you to communicate such data only when necessary. Indeed, we remind you that in the event of the transmission of special categories of Personal Data but in the absence of manifest consent to process such data, SDF cannot be held liable in any way, nor can it receive disputes of any kind, since in this case the processing will be allowed as having data made public by the data subject in compliance with art. 9.1.e) of the Regulation as its object. However, we specify the importance, as already mentioned above, of expressing explicit consent to the processing of special categories of personal data, in the event you decide to share such information.
c. Data provided voluntarily by the data subject
When using some of the Site Services, third parties’ personal data sent by you to SDF may be processed. That being the case, you act as an independent data controller, and take all obligations and responsibilities according to law. In this regard, you fully guarantee SDF and agree to indemnify it in the case of any dispute, proceeding or claim for compensation for any damage deriving from data processing, etc. that should reach SDF from third parties whose personal data has been processed through your use of the Site functions in breach of the rules on the protection of applicable personal data. In any case, should you provide or otherwise process third parties’ personal data while using the Site, you guarantee, as of now – and take all related responsibilities – that this particular case of processing is legally based pursuant to art. 6 of the Regulation that legitimates the processing of the information in question.
Definitions, characteristics and application of the regulations
Cookies are small text files that the websites visited by users send and record on their computers or mobile devices, to be re-transmitted to the same websites at the following visit. Thanks to cookies a site recalls users’ actions and preferences (such as, for example, login data, the chosen language, font sizes, other display settings, etc.) so that they do not have to be indicated again when a user returns to visit the site or browses from one page to another. Cookies are therefore used to perform computer authentication, session monitoring and storage of information concerning the activities of users accessing a site and may also contain a unique identification code that enables to keep track of the users whilst they browse the site for statistical or advertising purposes. While browsing a site, users may also receive cookies on their computer from sites or web servers other than the one they are visiting (the so-called “third-party cookies”). Some operations could not be carried out without using cookies, which in certain cases are technically necessary for the site to function.
Cookie types vary according to their characteristics and functions, and they can remain in the user’s computer for different lengths of time: the so-called session cookies are automatically cancelled when the browser is closed; the so-called persistent cookies remain on the user’s computer until a set deadline.
- “analytical cookies” where used directly by the site manager to collect aggregate information about the number of users and how they visit the site;
- browser or session cookies (to log in);
- functional cookies, which allow the user to browse according to a series of selected criteria e.g. language, products selected for purchase, in order to improve the delivered service.
On the contrary, for “profiling cookies”, namely those aimed at creating user profiles and used to send advertising messages in line with the preferences shown by users in the context of web browsing, prior consent is required to users.
Types of cookies used by the Site and the possibility of (de-) selection
The Site uses the following cookies that can be de-selected, except for third-party cookies, which you must refer directly to the relevant methods for selection and de-selection of the respective cookies indicated by means of links:
- Technical or session cookies and strictly necessary for the Site to function or to allow you to benefit from the use of content and services as required.
- Functional cookies, namely used to activate specific Site functions and a set of selected criteria e.g. the language, in order to improve the delivered service.
BE AWARE that by disabling technical and/or functional cookies, the Site may not be accessible or some of the Site services or functions may not be available or may not work properly and you may have to change or manually enter some information or preferences every time you visit the site.
- Third-party cookies, namely cookies of sites or web servers that are different from the Controller’s, used for specific purposes by these third parties. It is worth noting that these third parties, listed below together with the related links to the privacy policies of merit, are typically independent data controllers of the data collected through the cookies they serve, therefore, you will have to refer to their personal and information processing policies and consent forms (selection and de-selection of the respective cookies), as specified in the aforementioned Provision. With reference to third parties who send cookies through our Site, we provide hereby the links to their privacy policies: as already specified, these third parties would be responsible for providing the information and collecting your consent, as provided by the Provision. This responsibility refers not only to the cookies that the third parties send directly, but also to any additional cookies that are sent through our Site after using the services the third parties use too. Concerning these cookies sent by the third parties’ service providers, SDF can exercise no control and is aware neither of the characteristics nor of the purposes.
Following, the links to the information about third-party cookies:
In detail, cookies within the Site are outlined at the link http://www.sanitadifrontiera.org/en/cookie-policy
Users can block, in whole or in part, technical and functional cookies via the specific functions in their Browser. However, we inform you that not enabling technical cookies could hinder the Site use, the visualization of its contents and the use of the related services. Disabling functional cookies may cause that some services or certain functions of the Site are not available or do not work properly and you may have to change or manually enter some information or preferences every time you visit the Site.
The choices made regarding the Site cookies will in turn be recorded in an ad-hoc cookie.
However, in some circumstances, this cookie may not function properly: in such cases, we advise that you delete and disable unwanted cookies also via the browser features. Your preferences regarding cookies should be reset if you use different devices or browsers to access the Site.
How to view and modify cookies via the Browser
3. Purpose of the processing
The processing we intend to carry out, following your specific consent when needed, aims at the following:
a. allowing the delivery of the Services requested by you, namely i) the access to the Site reserved area; ii) the request to be contacted by SDF; iii) the provision of training courses delivered by SDF;
b. responding to the requests for assistance or information;
c. fulfilling any legal, accounting and tax obligations.
d. direct sales, marketing and profiling. The provided data may be processed, prior explicit and specific consent, for the purpose of direct sales and/or for sending promotional and marketing communications, including sending newsletters and market research, via automated (text messages, MMS messages, emails, push notifications, fax) and traditional tools (paper mail, phone help lines), as well as for analysing personal data, purchase choices and behavioural preferences on the Site, in order to better design communications and customized commercial proposals, to carry out general analyses and for profiling activities.
4. Legal basis and mandatory or optional nature of the processing
The legal basis for the processing of personal data for the purposes referred to in section 3 (a-b) is art. 6.1.b) of the Regulation given that the processing is necessary for providing the Services or for checking the requests from the data subject. Providing personal data for these purposes is optional but failure to provide such data would make it impossible to activate the Services provided by the Site or to reply to your requests. The purpose referred to in section 3.c is legitimate processing of personal data pursuant to art. 6.1.c) of the Regulation. Once the personal data has been provided, processing becomes necessary to fulfil a legal obligation SDF is subject to. The data provided for the purposes referred to in section 3.d may be processed prior receiving explicit and specific consent, for direct sales and/or for sending promotional and marketing communications as regards training courses and/or other initiatives related to the activity of SDF or its commercial partners, including newsletters and market research, via automated (text messages, MMS messages, emails, push notifications, fax) and traditional tools (paper mail, phone help lines), as well as for analysing personal data, purchase choices and behavioural preferences on the Site, in order to better design communications and customized commercial proposals, to carry out general analyses and for profiling activities. The legal basis for the processing of your data for these purposes is art. 6, paragraph 1, lett. a) of the Regulation. Commercial profiling and direct marketing processing are optional and at the user’s free choice; therefore, failure to provide consent to this intent will not affect the use of the services. For processing carried out for the purpose of sending direct advertising material or direct sales or of carrying out market research or commercial communications relating to the Controller’s products or services that are similar to those purchased, SDF may use, without the data subject’s consent, e-mail and paper mail addresses pursuant to and to the extent permitted by art. 130, paragraph 4 of the Code and by the Data Protection Authority provision of 19 June 2008. The legal basis for the processing of your data to this intent is art. 6, paragraph 1, lett. f) of the Regulation. The data subject is entitled to object to such processing at any time, initially or during subsequent communications, easily and free of charge also via e-mail to email@example.com, as well as to obtain an immediate reply that confirms that the processing has been interrupted (art. 15 of the Regulation). When needed, specific summary information about the processing of personal data and requests for consent will be progressively reported or viewed on the Site pages set up for specific services.
5. Recipients of personal data
Your personal data may be shared, for the purposes referred to in section 3 above, with:
a. subjects typically operating as data processors pursuant to art. 28 of the Regulation, namely: i) persons, companies or professional offices that deliver assistance and advice to the Controller on accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services; ii) subjects with whom it is necessary to interact, in order to provide the Services e.g. hosting providers; iii) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks); (collectively “recipients”); the list of the data controllers may be requested from the Controller via email to firstname.lastname@example.org.
b. subjects, bodies or authorities, independent data controllers, to whom it is mandatory to communicate your personal data pursuant to the legal provisions or orders by the authorities or in the performance of the services and services requested by you;
c. persons authorized by SDF to process Personal Data pursuant to art. 29 of the Regulation that is needed to carry out activities strictly related to the provision of Services, who have committed themselves to confidentiality or are bound to an adequate legal confidentiality obligation (e.g. SDF employees);
d. prior your specific consent, the third parties whom the Controller has established commercial agreements and/or covenants with, which fall under the following categories: professionals, communication and marketing companies or organizations; professionals, companies or organizations operating in the legal, tax/fiscal, financial, accounting/administrative, insurance, training, IT/technology sectors; professionals, companies or organizations operating in the social-humanitarian field; professionals, companies or organizations operating in the real estate field and in related areas; professionals, companies or organizations operating in the field of television and film productions; professionals, companies or organizations of the healthcare, medical/pharmaceutical sectors and personal and leisure service providers, for their direct marketing and promotional communication purposes.
6. Transmission of personal data
As regards the possible transmission of Data to Third Countries, the Controller informs that the processing will take place according to one of the methods provided by the law in force, such as the data subject’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data or operating in countries the European Commission considers to be safe. You can request further information to the Controller at the contact details indicated above.
7. Data retention
The processed personal data will be stored for the time strictly necessary to achieve the purposes referred to in chap. 3, in compliance with the principles of minimization and limitation of data retention pursuant to Articles 5.1.e) of the Regulation. In any case, SDF will process the personal data for the time necessary to fulfil contractual and legal obligations. More information about the period of data retention and the criteria used to determine this period can be requested from the Controller at the contact details indicated above.
8. Rights of the data subjects
Pursuant to article 15 and subsequent articles of the Regulation, you are entitled to request, at any time, access to your Personal Data, their correction or cancellation, restriction of processing in the cases provided for by art. 18 of the Regulation, to obtain your personal data in a structured, commonly used and readable format from an automatic device in the cases provided for by art. 20 of the Regulation. You can revoke your consent at any time pursuant to art. 7 of the Regulation; lodge a complaint to the competent supervisory authority (Data Protection Authority) pursuant to art. 77 of the Regulation, if you consider that the processing of your data is contrary to the legislation in force.
If you disagree with the processing of your data, you can make a request pursuant to Article 21 of the GDPR where you can emphasise the reasons which justify your disagreement: the Controller reserves the right to assess the request, which would not be accepted in the event legitimate and imperative grounds existed to proceed to the processing, which override your interests, rights and freedoms.
Requests should be sent in writing to the Controller to the contact details indicated above.