Santa Lucia Foundation, headquartered in Via Ardeatina n. 306, 00179 Rome (hereafter "The Foundation") takes seriously the online privacy of its website users. This document, drafted consistent with Art. 13 of EU Privacy Regulation 679/2016 (hereinafter "Regulation") and in conformity with related Italian harmonization legislation and measures adopted by the Italian Privacy Authority for the protection of personal data (hereinafter, "Privacy Policy") is designed to explain how your personal information is handled when you use this website. In accordance with the Regulation, the data processing carried out by the Foundation will be based on the principles of legality, correctness, transparency, retention limitation, minimization of acquisition, accuracy, integrity and confidentiality.
1. DATA CONTROLLER
The Data Controller of the processing carried out through the website is Santa Lucia Foundation, with registred office in Via Ardeatina n. 306, 00179 Rome (hereinafter "the Controller"). For any information concerning the processing of personal data by the Controller, including a list of data processors, please write to the following address: privacy@pec.fondazionesantalucia.it. The Data Controller has appointed a Data Protection Officer ("DPO") pursuant to Art. 37 of the Regulations, which can be contacted at: dpo@hsantalucia.it.
2. PERSONAL DATA PROCESSED
We inform you that the Foundation will process Personal Data that may consist of identifiers such as name, an identification number, an online ID or one or more characteristic elements of your physical, physiological, psychological, economic, cultural or social identity appropriate to identify you (hereinafter "Personal Data"). The Personal Data processed through the website includes the following:
a. Navigation data
The computer systems and software procedures used to operate the website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, but its very nature could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers of the users who connect to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the connection, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on website usage and to help ensure correct functioning, to identify anomalies and / or abuses, and is deleted immediately after processing. This type of data could be used to ascertain responsibility in case of computer crimes against the website or third parties.
b. Special categories of personal data
The use of some sections of the website may involve personal data included in the category of the Personal Data referred to Art. 9 of the Regulations: "[....] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation". In such cases, specific information will be provided and you will be asked for your explicit consent to the processing of these special categories of Personal Data.
c. Data provided voluntarily by the Subject
In the use of some services of the website, the Foundation may process personal data of third parties you have sent. In this case, you are the independent data controller and assume all legal obligations and responsibilities. You confer to the Foundation the broadest indemnity with respect to any dispute, claim, request for compensation for damages, etc. related to personal data of third parties, which may be processed through your usage of the functions of the website in violation of the rules on the protection of personal data. In any case, if you provides or otherwise processes personal data of third parties using the website, you guarantees - assuming all related responsibilities - that this particular case of processing is based on an appropriate legal basis pursuant to Art. 6 of the Regulation that legitimates the processing of the information in question.
d. Cookies
Definitions, characteristics and application of the legislation
Cookies are small text files that are placed on your computer, tablet or mobile phone when you access a website. These files can then be retransmitted to same site at your next visit. Thanks to cookies, a site remembers the user's actions and preferences (such as login data, language preference, font size, other display settings, etc.) so that they do not have to be re-entered when the user returns to visit or browse. Cookies, therefore, are used to perform computer authentication, monitoring sessions and storing information regarding the activities of users accessing a website and may also contain a unique identification code that allows the tracking of user navigation within the site for statistical or advertising purposes. During navigation on a site, the user can also receive on his computer cookies from websites or web servers other than the one he / she is visiting ( "third party" cookies). Some operations can not be performed without the use of cookies, which in some cases are therefore technically necessary for the site to function itself.
There are various types of cookies, depending on their characteristics and functions, and these may remain on the user's computer for different periods of time: for example, “session cookies”, which are automatically deleted when the browser is closed; “persistent cookies”, that remain on the user's equipment until a set deadline.
Pursuant to applicable Italian law and regulation, the user's express consent is not always required for the use of cookies. it's the case of "technical cookies", i.e. those used for the sole purpose of enabling transmission of a communication over an electronic communications network, or those strictly necessary to provide a service explicitly requested by the user. In other words, these are cookies that are essential for the site to function or are necessary to perform activities requested by the user. Among technical cookies, which do not require express consent for their use, the Italian Data Protection Authority (see Determination Individuazione delle modalità semplificate per l'informativa e l'acquisizione del consenso per l'uso dei cookie of May 8, 2014 and subsequent regulations, hereinafter "Ruling") further includes following cookie types:
- analytical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and their site usage;
- browsing or session cookies (used to authenticate);
- functional cookies, which allow the user to navigate according to a series of selected criteria (for example: language preference, shopping lists for purchase) in order to improve the service provided.
Prior consent is instead required for the use of profiling cookies, i.e. those used to create profiles related to the user and used to send advertising messages consistent with the preferences expressed by the user in the context of surfing the net.
Types of cookies installed by this website and deselection procedure
This website uses the following types of cookies in order to constantly improve the usability of content:
- Technical cookies: they are essential for the proper functioning of the website and to facilitate the use of specific contents (example: language preference, location information, user preferences etc.). They are temporary and remain in the cookie folder of the user's browser only for the duration of the browsing session. For the use of this type of cookie the consent of the user is not required.
- Analytical and performance cookies: they anonymously collect and analyze data on site usage and in the case of technical errors. By using this website, the user accepts that this type of cookie is installed on his Internet navigation device.
- Third-party analytical cookies: this website uses Google Analytics, a web analytics service provided by Google Inc., which uses cookies to anonymously analyze browsing behavior of users (for example: site visits per page, duration of visits per page, etc.). Google may also transfer this information to third parties who process the information on its behalf or in the when needed to comply with law. By using this website, the user accepts that this type of cookie is installed on his Internet navigation device. It is specified that the third parties are typically independent data controllers of cookies they use, therefore, you must refer to their policies regarding the processing of personal data, information and consent forms (selection and de-selection of the respective cookies). For the sake of completeness, please note that these cookies are updated regularly in the table below, where we provide links to the privacy policies of third parties:
Type of cookie: Analytical
Technical Name: Google Analytics (google.com)
Useful links: Privacy Policy | Opt-out
Cookie deselection: Internet Explorer | Chrome | Safari | Firefox
More options to deselect cookies:
Activate “Do Not Track” - The “Do Not Track” option is present in most of the latest generation of browsers. Websites designed to comply with this option, when activated, should automatically stop collecting some of your browsing data. However, not all websites are compatible with this option as compliance is discretionary.
Activate the "Anonymous Surfing" - With this function you can browse without leaving a trace in the navigation data browser. The sites will not remember you, the pages you visit will not be stored in the history and any new cookies will be deleted. However, the anonymous browsing function does not guarantee anonymity on the Internet since it only serves not to retain browsing data in your browser. Your navigation data will continue to be available to website managers and connectivity providers.
3. METHODS, PURPOSES AND LEGAL BASIS FOR PROCESSING
Personal data is processed in compliance with the Privacy Law with automated tools for the time strictly necessary to achieve the purposes of the site, to allow navigation and for any additional services as requested. Specific security measures pursuant to Art. 32 of the GDPR are utilized to prevent data loss, illicit or incorrect use and unauthorized access.
The Foundation reserves the right to use the data collected to ascertain responsibility in the case of computer crimes against the website and to comply with any legal obligations.
The legal basis of the processing of Personal Data for the purposes described is the Art. 6 (1) (b) of the Regulations as processing is necessary to allow browsing and use the website services. If specific services are requested by the user, specific information will be provided and consent will be requested for processing.
Notwithstanding the above, the user has the right to not provide personal data requested in electronic forms and other sections of this website or indicated by other contacts with the Foundation for the use of additional services, requests for information and other communications. Failure to provide this information may in some cases make it impossible for the Foundation to process the user's request or provide certain services.
4. DISTRIBUTION OF DATA
Your Personal Data may be shared with:
- persons or entities that typically act as data processors, e.g. the managers of the web platform (collectively "Recipients"). The updated list of data processors is available upon request by writing to the Data Controller at the addresses indicated;
- persons, entities or authorities to which it is mandatory to communicate your personal data in accordance with the provisions of law or orders of authorities;
- persons authorized by the Foundation to process Personal Data necessary to perform activities strictly related to the provision of the services This persons are committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g. employees of the Foundation).
5. TRANSFERS OF PERSONAL DATA
Your data will not be transferred with recipients located outside the European Economic Area. The Foundation ensures that if this occurs, the transfers will be based on verified adequacy criteria, on the Standard Contractual Clauses approved by the European Commission or on another appropriate legal basis. More information is available at the Foundation by writing to the addresses indicated.
6. DATA RETENTION
The Personal Data processed will be kept only for the time strictly necessary to achieve the above articulated purposes. Since these retentions are conducted for the provision of services, the Foundation will retain Personal Data for the entire period allowed by Italian law to protect its own interests (Article 2946 c.c. and subsequent amendments). Further information about the data retention period and the criteria used to determine this period are indicated in the specific information relating to the requested services and can still be requested by writing to the Foundation at the addresses indicated.
7. USERS RIGHTS
In relation to the processing of your data, you may exercise your rights under Articles 15 to 22 of the GDPR which includes your right to request access to your Personal Data, correct, update or delete the same. Additionally you may limit or object to the data processing. Upon the occurrence of the conditions, you can also exercise the right to data portability by communication addressed alternatively to:
- Data Protection Officer of the Foundation available by email at: dpo@hsantalucia.it
- Data Controller, Via Ardeatina, 306, 00179, Rome or by email at: privacy@pec.fondazionesantalucia.it
You are always entitled to lodge a complaint with the competent Personal Data Protection Authority.