Identity and contact details of the data controller:
The data controller is FONDAZIONE PEDROLLO ETS, CF 92031380238, headquartered at via Enrico Fermi, 7, San Bonifacio (VR), Italy.

You can contact the data controller using the following details:

Tel: +39 347 753 6702
Email: info@fondazionepedrollo.org

2. Data Processed

• Common data
• Browsing data acquired from the browser, IP address.

3. Purpose of processing and legal basis

The personal data collected through the website will be processed by FONDAZIONE PEDROLLO ETS, without the need for the user’s consent, to manage and maintain the website, provide services, fulfill user requests, enable effective institutional communication, comply with legal obligations, regulations, EU legislation, or orders from Authorities, or otherwise in connection with institutional activities and functions, or to prevent or detect fraudulent activities or abuse affecting the organization via the website.

Emails sent to institutional addresses indicated on the portal and the completion of forms entail the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the email or form. In such cases, the acquired data will be processed solely to respond to user requests. Specific notices or references to applicable laws/legal bases may be included concerning specific data processing in dedicated pages on the website, forms, or document templates published on the website. The personal data processed by our organization are not subject to dissemination.

The legal basis for the processing lies in the legitimate interest of the controller [Art. 6, Paragraph 1, Letter f) GDPR].

4. Methods and principles of processing

Browsing this website involves the processing of personal data solely for the purpose of allowing content consultation. The IT systems and software procedures that enable the functioning of the website https://www.fondazionepedrollo.org acquire, during their normal operation, certain personal data, whose transmission is implicit in the use of Internet communication protocols. These are information not collected to be associated with identified individuals but which, by their nature, could, through processing and association with data held by third parties, allow users to be identified.
This category includes IP addresses or domain names of computers used by users connecting to the site, URIs (Uniform Resource Identifiers) of requested resources, the time of requests, and other parameters related to the user’s operating system and IT environment.

The data acquired via the website are processed at the organization’s offices and, if necessary, at other entities or IT systems/servers of other parties, designated as external data processors where required.
Processing may take place with or without electronic means, always adhering to principles of fairness, lawfulness, transparency, relevance, and limitation to the purposes of collection and subsequent processing. Adequate security measures are adopted to prevent data loss, unlawful or incorrect uses, unauthorized access, and ensure compliance with GDPR and Legislative Decree No. 193/2006, as amended.

Data are processed exclusively by members and authorized personnel (administrative or technical), or by individuals authorized for occasional maintenance operations.

5. Categories of third parties to whom data may be disclosed

Data may be disclosed to all parties responsible for the collection and IT storage of data, distribution of communications, newsletters, and mailing lists. When necessary, parties managing the IT services described will be appointed as external data processors under Art. 28 GDPR.

6. Duration of processing and data retention period

Pursuant to Art. 5 GDPR, data will be processed and retained for no longer than necessary to fulfill the service and processing purposes and/or within the deadlines established by law or regulations.

Technical cookies are stored for a maximum period of 2 months.

7. Transfer of data outside the European Union

The collected data will not be transferred to countries outside the European Union.

8. Rights of the data subject

As a data subject, you may exercise the rights outlined in Articles 15 and following of Regulation (EU) 2016/679, as listed below:

• Rights of access, rectification, integration, and deletion of data, portability, restriction of processing, and withdrawal of given consent.

Under Regulation (EU) 2016/679, you have the right to request access to your data from the data controller, as well as its rectification, integration, or deletion. You will receive a response within 30 days of your request, either in written form or via electronic means.
You also have the right to object to processing or request its restriction for legitimate reasons and in cases specified in Articles 18 and 21 of Regulation (EU) 2016/679.
You may withdraw your consent to data processing at any time for the specific purposes outlined in this notice.
Finally, you can exercise your right to data portability by requesting the transfer of your data to another controller.

To exercise the rights mentioned above, simply use one of the contact details of the data controller listed in Section 1.

Right to lodge a complaint with the Supervisory Authority

You have the right to contact the Supervisory Authority to lodge a complaint if you believe your data has been processed unlawfully and contrary to legislative provisions.