EU Regulation 679/2016 General Data Protection Regulation
Navigation within the Website is free and does not require registration, with the exception of certain areas in which you may freely and expressly provide a set of personal data to access certain services (e.g. to request information). When we ask you to provide your personal data to access these additional services, we will always inform you in accordance with EU Regulation 679/2016 General Data Protection Regulation (the “GDPR”) about the purposes and methods of use of the data as well as your right to request the deletion or updating of the data at any time.
In accordance with the GDPR, we are providing you with the following information.
- The Data Controller
The Data controller is Fondazione PENTA Onlus with registered office at Corso Stati Uniti, 4 35127 Padova, Italy, e-mail address: firstname.lastname@example.org (hereinafter also “Penta”, the “Organisation” or the “Data Controller”).
- The Data Protection Officer
The data Protection Officer, appointed by Penta according to Article 37 of the GDPR, can be contacted at the following address: email@example.com.
- Types of Personal Data Processed
Registration is not required in order to access the Website. However, there are services of the Website for which you need to provide your details (e.g. your personal data may be requested to answer your requests). For further information, please read the privacy notice available on the Website (e.g. section “Contact”). With reference to the data related to the web browsing on the Website, please also refer to the Cookies Policy.
- Optional provision of personal data
The provision of personal data is generally optional. In certain cases, the failure to provide personal data may make it impossible to access specific services and obtain what you have requested (e.g. the provision of the e-mail address is required to answer your requests); failure to provide such data may therefore prevent Penta from allowing you to access specific Website services. The data necessary is indicated in the data collection forms – e.g., indicated with a (*).
- Purposes and legal basis for data processing
Data is collected and processed for purposes strictly related to the use of the Website and its services. The purposes of the processing are detailed in the specific privacy notice provided by the Website whenever there is a data collection. Your data will be processed on the basis of your requests to run the services provided with by the Website (GDPR – article 6, paragraph 1, letter a) and b)).
- Method, period of data processing and communication
Data may be processed in both electronic and paper form. Penta guarantees that the personal data provided through the Website will be processed lawfully and properly, in full compliance with applicable legislation, and that the data provided during registration will be kept strictly confidential. All information collected is transmitted through a secure connection to prevent interception by outsiders. We implement security measures to ensure the security of the Website.
Any data provided by users shall be processed for the period of time specified in the specific privacy notice provided at the time of the data collection.
The data shall not be disseminated and will be processed only by persons expressly authorized to do so and identified within the Penta Communication team.
Penta uses external providers to manage the Website and the Website’s services. Suppliers or external organisations process personal data for purposes strictly related to the provision of the services, and have therefore been appointed by Penta as Data Processors (GDPR – article 28). A complete list of Data Processors can be requested at the e-mail address firstname.lastname@example.org
- Links to other websites
This information is provided only for the website www.odysseytrial.org and not for any other websites that may be assessed through a link. Penta cannot be held liable for personal data provided by users to external parties or any websites linked to this Website.
- Place of data processing
Your data will mostly be processed electronically and will not be disclosed. Your data may only be communicated to persons authorized to the processing within the Organization of the Communication Area and ICT Area, and may come to the knowledge of companies entrusted with the management of the website and related electronic archives.
Where necessary, the Organization has designated the processing recipients as Data Processor pursuant to art. 28 of the GDPR. A list of all the Data Processors designated by the Organization can be required by notice to be sent to the contact details listed below.
Transmission of data outside the European Union
In the case of transfer of subject’s data to a third country which is not an adequate country, the controller and the processor shall comply with the terms of the standard contractual clauses for the transfer of personal data to processors established in third countries approved by EC Commission Decision of 5 February 2010 and any subsequent amendment or re-edition.
- Rights of data subjects
By contacting the following e-mail address: email@example.com, the user may at any time exercise the following rights (GDPR – article 15 to 22):
- obtaining confirmation as to whether or not personal data concerning you is being processed
- obtaining access to your personal data and to the information set out in Article 15 of the Regulation;
- obtaining the rectification of the inaccurate personal data that concerns you without undue delay or the supplementing of incomplete personal data;
- obtaining the erasure of the personal data that concern you without undue delay;
- obtaining the restriction of processing the personal data that concern you;
- being informed of any rectifications or erasures or restrictions of processing in relation to the personal data that concern you;
- receiving in a structured, commonly used and machine-readable format the personal data that concern you;
- objecting at any time, on grounds associated with your specific situation, to the processing of the personal data that concern you.
The full text of such rights is available on www.garanteprivacy.it.
- Lodge a complaint before the Data Protection Authority
Should you consider the processing of your data infringes the GDPR, you may lodge a complaint before the Italian Data Protection Authority (www.garanteprivacy.it), or before the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.
- Applicable law
- Revision clause