EU Regulation No. 2016/679 (hereinafter, ‘GDPR’)
Object of Processing
The Foundation “The Siracusa International Institute for Criminal Justice and Human Rights” processes personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references) – hereinafter, “personal data” or also “data”) communicated by you in any case.
Purpose of processing
Your personal data are processed
A) without your express consent art. 6 lett. b), e) GDPR), for the following Service Purposes
– to conclude contracts for the goods and services provided by/to the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”;
– to fulfil pre-contractual, contractual and fiscal obligations arising from relations with you
– Fulfil obligations provided for by law, regulation, Community legislation or an order of the Authority (such as anti-money laundering);
– exercise the rights of the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”, such as the right of defence in court;
B) Only with your specific and distinct consent (art. 7 GDPR), for the following Marketing Purposes
– to send you by e-mail, post and/or sms and/or telephone contact, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and detection of the degree of satisfaction on the quality of services
– send you by e-mail, post and/or sms and/or telephone contact commercial and/or promotional communications from third parties (e.g. service providers, business partners, other Group companies). We would like to point out that if you are already our customer, we may send you commercial communications relating to services and products of the Controller similar to those you have already used, unless you disagree.
The processing of your personal data is carried out by means of the operations indicated in Article 4 n. 2) GDPR and precisely: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data are subject to both paper and electronic and/or automated processing.
For each of the aforementioned processing purposes, the table below specifies the maximum retention period for your personal data, after which we will no longer process your personal data for the aforementioned purposes.
Definition and management of an offer for products and/or services in which you are interested
No more than 10 years after the offer
Management of the contractual relationship in relation to products and/or services
Within the terms of the law
Management of Curricula sent to the Foundation
No more than 3 years after the last update
Dealing with all your other requests
No more than 3 years after the request
Sending you requested and/or relevant information in relation to our products and/or services
No more than 10 years, for our customers, and 5 years for potential customers, after the last collection of personal data
Sending personalised advertising messages and customising the experience according to the customer’s specificities and expectations
No more than 10 years, for our clients, and 5 years for potential clients, from the last collection of consent
Measuring the performance of our sales, after-sales and advertising services
No more than 5 years after service delivery
Conduct customer satisfaction surveys.
For the duration of the survey.
At the end of the processing period your data will be deleted or destroyed.
Access to data
Your data may be made accessible for the purposes set out in art. 2.A) (contractual fulfilment) and 2.B) (advertising communications):
-to employees and collaborators of the Data Controller or Group companies in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators;
-to third party companies or other entities (by way of example, credit institutions, professional firms, consultants, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
Communication of data
Without the need for your express consent (art. 6 lett. b) and c) GDPR), the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights” may communicate your data for the purposes of art. 2.A) to supervisory bodies, judicial authorities, as well as to those subjects to whom communication is compulsory by law for the fulfilment of the aforementioned purposes. These subjects will process the data in their capacity as autonomous data controllers. Your data will not be disseminated.
Transfer of data
Personal data are stored on servers located in Italy, within the European Union. It is in any case understood that the Data Controller, should it become necessary, will be entitled to move the servers outside the EU as well. In this case, the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights” assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
Nature of the provision of data and consequences of refusal to answer.
The provision of data for the purposes set out in Article 2.A) is obligatory. In their absence, we will not be able to guarantee you the Services referred to in art. 2.A).
On the other hand, the provision of data for the purposes of Article 2.B) is optional. Consent may be given by signing this information notice. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the products and services offered by Fondazione “The Siracusa International Institute for Criminal Justice and Human Rights”.
You will, however, continue to be entitled to the Services referred to in Art. 2.A).
Rights of the data subject
In your capacity as data subject, you have the rights set out in Article 15 GDPR, namely the rights to:
obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and its communication in intelligible form;
obtain the indication
the origin of the personal data
the purposes and methods of the processing
of the logic applied in the event of processing carried out with the aid of electronic instruments;
the identity of the data controller, data processors and the representative designated pursuant to Article 3(1) of the GDPR
of the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing;
the updating, rectification or, when interested, the integration of the data;
the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed
certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
object, in whole or in part
on legitimate grounds, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection;
to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communications, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, as set out in point b) above, for direct marketing purposes by automated means extends to traditional marketing methods and that, in any case, the data subject’s right to object may also be exercised in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.
Where applicable, he/she also has the rights set out in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.
Procedures for exercising rights.
You may exercise your rights at any time by sending:
– an e-mail to firstname.lastname@example.org.
In the event of such requests or any complaints regarding the way in which your personal data has been processed, you may still send an e-mail to email@example.com.
You may also send an e-mail to the Personal Data Protection Officer of the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights” Dr Attilio Amoroso, for any aspects relating to the application in the Foundation of the GDPR, by writing to firstname.lastname@example.org.
The Data Controller is: Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”, with registered office in Siracusa (SR) – Via Logoteta n. 27 – CAP 96100.