Privacy Policy

Privacy information pursuant to Legislative Decree June 30, 2003 n. 196 (Code regarding the protection of personal data), European regulation for the protection of personal data n. 679/2016

Site policy – general provisions

The Bearded Villains Italy association takes the user’s privacy very seriously and undertakes to respect it within the terms established by the applicable regulations (Legislative Decree 30 June 2003 n. 196, hereinafter “Code” and Regulation (EU) 2016 / 679 – hereinafter “Regulation”).

This page provides information on the processing of personal data collected by the Bearded Villains Italy association as Data Controller through this website (hereinafter “Site”) and therefore constitutes information to interested parties who access it (hereinafter “Users”), pursuant to the aforementioned regulations and does not apply to information collected through channels other than the Site. The purpose of the privacy policy is to provide maximum transparency regarding the information that the Site collects and how it uses it.

This privacy protection policy may vary over time, also depending on the additions and legislative and regulatory changes on the subject or due to our institutional decisions. Therefore, Users are invited to periodically consult this section of the Site.

Identity and contact details of the Data Controller

The Data Controller is identified in the Bearded Villains Italy Association, based in Latina (LT), at Via Persicara No. 2, in the person of Cocco George (hereinafter “Data Controller” or “Owner”).

Nature of the data processed

The following may be processed:

  • Any common personal data – and in any case spontaneously – provided by Users when they interact with the features of the Site or request to use the services offered on the Site (donations, subscription to the newsletter, request for information and registration for any initiatives also through contact forms, etc.)
  • Sensitive personal data such as those relating to the state of health, or belonging to particular categories of personal data pursuant to art. 9 of the Regulations. If this happens, this treatment will be carried out on the basis of the explicit consent of the Users;
  • Common personal data collected through cookies as specified in the Cookie Policy
  • browsing data

Purpose of the data processed and legal basis of the processing

The Data Controller has decided to provide Users with specific information within the sections of the Site in which Users access from time to time in order to allow them to be fully and specifically informed on the purposes for which the data provided by them to the ‘within that section will be treated as well as on the methods and other information as set out in art. 13 of the Regulation *, while in this document the information relating to the processing of common personal data collected through cookies as specified in the Cookie Policy and navigation data declines.

Consistent with the determination of the Data Controller, assumed for the sole purpose of ensuring the clarity of information provided to Users, reference is made to the sections of the Site in which the provision of personal data is envisaged and which therefore see the presence of a specific information.

The sections identified to date, but which may change according to the specific needs of the Data Controller, are the following:

PURPOSE OF THE TREATMENT

The Bearded Villains Italy association, Data Controller, will process the data you entered in the donation form for:

  • the MANAGEMENT OF THE DONATION to which he has joined and for the completion of all the phases connected and consequent to the disbursement of the contribution such as, for example, the functional operations for the collection and release of receipts The legal basis of the processing for the purpose of DONATION MANAGEMENT is the execution of the contract to which it is a part (Article 6, paragraph 1, letter b) of EU Reg. 679/2016) and the fulfillment of legal obligations .
  • THE TELEMATIC TRANSMISSION OF DATA RELATING TO THE DONATION MADE BY YOU through a bank or post office or through the other payment systems referred to in art. 23 of Legislative Decree no. 241/1997 TO THE REVENUE AGENCY for the purpose of preparing the pre-filled tax return. The legal basis of the processing for the purposes referred to in this point is the fulfillment of a legal obligation to which the Data Controller may be subject (Article 6, paragraph 1, letter c) of EU Reg. 679/2016) in the case the decree regulating the transmission when fully operational is adopted in implementation of art. 1 paragraph 6 of the Decree of the Ministry of Economy and Finance (MEF) January 30, 2018.

METHOD OF DATA PROCESSING

The processing of your data may take place using manual, electronic, computerized and telematic tools, according to logic strictly related to the purposes highlighted above and, in any case, by subjects authorized to carry out these tasks, appropriately informed of the GDPR constraints, equipped with measures of security designed to guarantee the confidentiality of personal data and to avoid undue access to third parties or unauthorized personnel. Your data will not be disclosed but may be communicated, within the limits strictly necessary for the purposes pursued, to the members of the board of directors of the association to carry out the operations requested by you as well as to the subjects, appointed for this purpose or persons authorized to process. , which provide services necessary or useful to the association for the management of donations (for example, credit institutions, CRM manager and managers of email sending platforms) as well as to subjects who can access your data under the provisions of law . The Data Controller informs you that your Personal Data for the purpose of DONATION MANAGEMENT will be kept for the time strictly necessary to guarantee the correct management of the donation and, in any case, for a period not exceeding 10 years from the termination of the contract, except that the data must be kept for legal obligations or to assert a right in court.

NATURE OF THE COMMUNICATION OF PERSONAL DATA AND CONSEQUENCES OF REFUSAL

The provision of data for the purpose of MANAGING THE DONATION is necessary for the execution of the contract to which it is a party in relation to the processing related to the management of the donation. Therefore, your refusal to do so would make it impossible for the Data Controller to accept your request to make the donation and fulfill the related tax obligations.

RIGHTS OF THE INTERESTED PARTY

On the basis of art. 15 and ss. of EU Reg. no. 679/2016, you have the right, at any time and free of charge, to request information regarding the existence of the processing of your data, the retention period of the same, to obtain a copy, to rectify them, to integrate them or to update them and / or to delete them. You can exercise the rights referred to in art. 13 GDPR 679/16 as better expressed in the articles. 15-16-17-18-20-21 and 22 GDPR 679/16 and specifically you will have the right to:

  1. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  2. ask the Data Controller for access to personal data, in addition to the right to data portability;
  3. obtain the updating and rectification or, when interested, the integration of data;
  4. oppose the processing of personal data concerning you for the purpose of TRANSMISSION OF PERSONAL DATA TO THE REVENUE AGENCY. The right of opposition may be exercised within the terms set out in provision no. 34431/2018 by the director of the Revenue Agency, or at the time of the disbursement or in any case by 31 December of the year in which the donation was made. In this case, the information contained in the form published on the site must be provided to be transmitted in the manner specified therein;
  5. obtain the cancellation and transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed, which also includes the need to keep data to fulfill legal obligations or to assert a right in court weighing on the Data Controller;
  6. revoke the consent (only for the treatments for which the legal basis of consent is provided) at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
  7. propose a complaint to a supervisory authority;
  8. obtain the attestation that the operations referred to in numbers 4 and 6 above have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is revealed impossible or involves the use of means that are manifestly disproportionate to the protected right. You can exercise the above rights by writing to the Foundation at as.beardedvillainsitaly@gmail.com.

PURPOSE AND METHOD OF TREATMENT

The Data Controller informs that your data will be processed for the following purposes (PRIVACY GUARANTEE 24 OCTOBER 2018 PROT.31454 / 115526):

FIDELIZATION or to contact you, also by automated means (for example email, etc.), in order to inform you about the progress of our charitable activities and about the initiatives aimed at charity and fundraising promoted by the association through communications. This may be done by sending information and promotional communications relating to projects, activities and fundraising initiatives, participation in events. The legal basis of the processing for the purpose of FIDELIZATION is consent (Article 6, paragraph 1, letters a) of EU Reg. 679/2016).

RECIPIENTS OR CATEGORIES OF RECIPIENTS AND SCOPE OF DISCLOSURE OF PERSONAL DATA

Your personal data will not be disclosed but may be acquired by the Data Controller, and communicated to the members of the board of directors of the BEARDED VILLAINS ITALY association or to those who allow us to manage contact with you more effectively (for example the manager of the our CRM and the managers of the email sending platforms) or to whom the communication of data is necessary to comply with laws or regulations. These subjects, where required by law, are appointed as Data Processors.

PERIOD OF CONSERVATION

The Data Controller informs you that your personal data will be kept for a period of 10 years from the last use, unless the data itself must be kept for legal obligations or to assert a right in court.

RIGHTS OF THE INTERESTED PARTY

In relation to the processing of the aforementioned data, you may exercise the rights referred to in art. 13 GDPR 679/16 as better expressed in the articles. 15-16-17-18-20-21 and 22 GDPR 679/16 and specifically you will have the right to:

  1. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  2. ask the Data Controller for access to personal data, in addition to the right to data portability;
  3. obtain the updating and rectification or, when interested, the integration of data;
  4. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
  5. obtain the cancellation and transformation into anonymous form or blocking of data processed in violation of the law, including those which do not need to be kept for the purposes for which the data were collected or subsequently processed;
  6. revoke the consent (only for the treatments for which the legal basis of consent is provided) at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
  7. propose a complaint to a supervisory authority;
  8. obtain the attestation that the operations referred to in numbers 4 and 6 above have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is revealed impossible or involves the use of means that are manifestly disproportionate to the protected right.

 

NATURE OF COMMUNICATION OF PERSONAL DATA AND CONSEQUENCES OF REFUSAL

The provision of personal data is necessary for the execution of the service to which the interested party is a party, in relation to the processing related to loyalty. Any refusal and / or the provision of incorrect and / or incomplete information will make it impossible to pursue the corresponding purposes.

N.B.:

Pursuant to and for the purposes of the combined provisions of Articles 13 of Legislative Decree 196/2003 and 13 European Regulation 679/2016 by treatment means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data even if not registered in a database, such as the collection, registration, organization, structuring, processing, storage, adaptation or modification, selection, extraction, consultation, use, communication through transmission, dissemination or any other form of making available, comparison or interconnection, blocking, limitation, cancellation or destruction.

PURPOSE OF THE TREATMENT

The Data Controller informs that the data you entered in the dedicated form will be processed for the following purposes:

MANAGEMENT OF THE RELATIONSHIP WITH THE ASSOCIATE for the purposes of the charity initiative for which it is proposed and for the completion of all related and consequent phases such as the provision of information on the initiative and REPORTING purposes.

The legal basis of the processing for the purpose of MANAGING THE RELATIONSHIP WITH THE ASSOCIATE is the legitimate interest of the same, the execution of the contract and the fulfillment of legal obligations.

The legal basis of the processing for the purpose of REPORTING is the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f) of EU Reg. 679/2016).

With your consent, the Bearded Villains Italy association may also process your personal data for the following purposes:

LOYALTY or to contact you, using automated methods (such as text messages, whatsapp, email), in order to inform you about the progress of the charitable activities and future initiatives by the association in order to involve you in subsequent charitable initiatives. This may be done by sending information and promotional communications relating to projects, activities and initiatives for raising funds and participation in events. The legal basis of the processing for loyalty purposes is consent (Article 6, paragraph 1, letters a) of EU Reg. 679/2016).

METHOD OF DATA PROCESSING

The processing of your data may take place using manual, electronic, computerized and telematic tools, according to logic strictly related to the purposes highlighted above and, in any case, by subjects authorized to carry out these tasks, appropriately informed of the GDPR constraints, equipped with measures of security designed to guarantee the confidentiality of personal data and to avoid undue access to third parties or unauthorized personnel. Your personal data will not be disclosed but may be acquired by the Data Controller, and communicated to the members of the board of directors of the BEARDED VILLAINS ITALY association or to those who allow us to manage contact with you more effectively (for example the manager of the our CRM and the managers of the email sending platforms) or to whom the communication of data is necessary to comply with laws or regulations. These subjects, where required by law, are appointed as Data Processors.

The Data Controller informs you that your Personal Data for the purpose of managing the relationship will be kept for the time strictly necessary to guarantee the correct management of the same and, in any case, for a period not exceeding 10 years from the termination of the last assignment, except that the data itself must be kept for legal obligations or to assert a right in court. To fulfill the purpose of reporting, your data will be kept for up to three years following the conclusion of the projects carried out thanks to your contribution. To fulfill the purpose of creating loyalty, your data will be kept for a period of three years from the conclusion of the campaign or charity initiative in which you participated, in order to contact you for other charitable initiatives. In any case, your data may be deleted even before this period, in the event that you revoke your consent to the processing.

NATURE OF THE COMMUNICATION OF PERSONAL DATA AND CONSEQUENCES OF REFUSAL

The provision of data for the purpose of managing the relationship is necessary for the execution of the same and the consequent reporting activity. Therefore, your refusal to do so would make it impossible for the Controller to accept your request to be voluntary. The provision of data for the purpose of reporting is necessary for the purpose of informing you about the results of the campaigns to which you have contributed. The provision of data for the purpose of loyalty is, however, optional and your refusal will not cause any prejudice, but will preclude the Data Controller from providing you with information on further fundraising campaigns or other charitable initiatives promoted by the Bearded Villains association Italy.

RIGHTS OF THE INTERESTED PARTY

On the basis of art. 15 and ss. of EU Reg. no. 679/2016, you have the right, at any time and free of charge, to request information regarding the existence of the processing of your data, the retention period of the same, to obtain a copy, to rectify them, to integrate them or to update them and / or to delete them.

You can exercise the rights referred to in art. 13 GDPR 679/16 as better expressed in the articles. 15-16-17-18-20-21 and 22 GDPR 679/16 and specifically you will have the right to:

obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

ask the Data Controller for access to personal data, in addition to the right to data portability;

obtain the updating and rectification or, when interested, the integration of data;

object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;

obtain the cancellation and transformation into anonymous form or blocking of data processed in violation of the law, including those which do not need to be kept for the purposes for which the data were collected or subsequently processed;

withdraw the consent (only for the treatments for which the legal basis of the consent is provided) at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;

propose a complaint to a supervisory authority;

obtain the attestation that the operations referred to in numbers 4 and 6 above have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is revealed impossible or involves a manifestly disproportionate use of means with respect to the protected right. You can exercise the above rights by writing to as.beardedvillainsitaly@gmail.com.

In the sections of the Site listed above, various types of data are processed and therefore the texts of the information are present in which, with reference to the specific processing performed, the Users are informed regarding the identity of the Data Controller and the Data Protection Officer, for the purposes of the processing and related legal bases, to any recipients or categories of recipients of the data, to the retention period, to the rights of the interested parties, all in accordance with art. 13 of the European Regulation.

The page gives specific information relating to navigation data and common personal data collected through cookies, as categories of data processed by the owner not present in the information referred to in the sections of the Site listed above.

NAVIGATION DATA

The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the Users. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

DATA PROVIDED VOLUNTARILY BY USERS

The sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the e-mail. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

COOKIES

By cookies we mean a textual element (file) that is inserted into the hard disk of a computer only after authorization (as per setting on the browser in use). Cookies are used to streamline the analysis of web traffic or to indicate when a specific site is visited and allow web applications to send information to individual users. No personal data of the Users is acquired by the site in this regard. Cookies are not used for the transmission of information of a personal nature and for tracking Users. The use of c.d. session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. I c.d. session cookies used on the site avoid the use of other IT techniques that are potentially prejudicial to the confidentiality of users’ browsing and do not allow the acquisition of personal identification data of users.

PROCESSING METHODS AND DATA STORAGE TIMES

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The data are kept for the time strictly necessary for the pursuit of the purposes indicated in this information and will be deleted at the end of this period, unless the data must be kept for legal obligations or to assert a right in court.

THIRD PARTIES TO WHOM THE DATA ARE COMMUNICATED

Users’ personal data may be made available to third parties, independent data controllers, for purposes related to the provision of the services of interest or in compliance with the laws and regulations that provide for their communication, as well as to supervisory bodies. The Bearded Villains Italy association reserves the right to:

transmit the data to third parties (data processors – Article 4, paragraph 8, GDPR: “Article 4, paragraph 8, GDPR:” the natural or legal person, public authority, service or other body that processes data personal data on behalf of the data controller “) exclusively for purposes which are instrumental to what is expressly requested and carefully selected by us;

communicate data to third parties for activities related to what is of interest or if this is required by law, regulation or community legislation.

TRANSFER OF DATA TO NON-EU COUNTRIES

This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Instagram through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular the decision 1250/2016 (Privacy Shield), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.

RIGHTS OF USERS AS INTERESTED PARTIES

Users can exercise, at any time, the rights pursuant to articles 15-22, GDPR listed below, by making a request to the email address as.beardedvillainsitaly@gmail.com (alternatively, by writing to the Owner of the Association Mr. Cocco George – Via Persicara N ° 2, 04100 Latina (LT)):

  • obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  • ask the Data Controller for access to personal data, in addition to the right to data portability;
  • obtain the updating and rectification or, when interested, the integration of data;
  • object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
  • obtain the cancellation and transformation into anonymous form or blocking of data processed in violation of the law, including those which do not need to be kept for the purposes for which the data were collected or subsequently processed;
  • revoke the consent (only for the treatments for which the legal basis of consent is provided) at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
  • propose a complaint to a supervisory authority;
  • obtain the attestation that the operations referred to in numbers 4 and 6 above have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is revealed impossible or involves the use of means that are manifestly disproportionate to the protected right.

THE SECURITY OF YOUR PERSONAL DATA

The Bearded Villains Italy association adopts appropriate and preventive security measures designed to safeguard the confidentiality, integrity, completeness and availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which aim to prevent damage, even accidental loss, alterations, improper and unauthorized use of the data concerning you. Similar preventive security measures are adopted by third parties (data processors) to whom the association has entrusted the processing of your data on its own behalf. On the other hand, the Bearded Villains Italy association is not responsible for untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as for the information that concern and that have been provided by a third party, even fraudulently.

N.B.:

Article 13 Information to be provided if personal data are collected from the interested party 1.In case of collection of data concerning him from the interested party, the data controller provides to the interested party, when the personal data are obtained, the following information: a) the identity and contact details of the data controller and, where applicable, of his representative; b) the contact details of the data protection officer, where applicable; c) the purposes of the processing for which the personal data are intended as well as the legal basis of the processing; 4.5.2016 L 119/40 Official Journal of the European Union EN d) if the processing is based on article 6, paragraph 1, letter f), the legitimate interests pursued by the data controller or by third parties; e) any recipients or any categories of recipients of the personal data; f) where applicable, the intention of the data controller to transfer personal data to a third country or to an international organization and the existence or absence of an adequacy decision by the Commission or, in the case of the transfers referred to in Article 46 or 47, or Article 49, second paragraph, the reference to the appropriate or opportune guarantees and the means to obtain a copy of such data or the place where they were made available. 2.In addition to the information referred to in paragraph 1, when the personal data are obtained, the data controller provides the interested party with the following additional information necessary to ensure correct and transparent processing: a) the retention period of the personal data or, if not possible, the criteria used to determine this period; b) the existence of the right of the interested party to ask the data controller for access to personal data and the correction or cancellation of the same or the limitation of the processing concerning him or to oppose their treatment, in addition to the right to portability some data; c) if the processing is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation; d) the right to lodge a complaint with a supervisory authority; e) if the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and if the interested party has the obligation to provide personal data as well as the possible consequences of failure to communicate such data; f) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
3.If the data controller intends to further process the personal data for a purpose other than that for which they were collected, before such further processing provides the interested party with information on this different purpose and any further relevant information referred to in paragraph 2. 4. Paragraphs 1, 2 and 3 do not apply if and to the extent that the data subject already has the information.