Privacy Policy

Privacy
INFORMATION PURSUANT TO ARTICLE 13 OF EU REGULATION N. 679/2016
(relating to the protection of natural persons regarding the processing of personal data, as well as the free movement of such data)

Premise

EU REGULATION N. 679/2016
Governs the processing of personal data, by processing meaning "any operation or series of operations performed with or without the assistance of automated programs and applied to personal data or sets of personal data, such as collections, registration, organisation, structuring, conservation, adapting or modification, extraction, consultation, use, communication via transmission, diffusion or any other form of provision, comparison or interconnection, limitation, cancellation or destruction".
The law foresees that certain information, included in this notice, is provided to the interested party.
In accordance with the commitment and attention that the data processing controller applies to personal data, we wish to inform you of the means, purpose and scope of communication and diffusion of your personal data and your rights, according to Article 13 of EU regulation n. 679/2016 and according to the following principles:

The principle of responsibility
Personal data processing is managed by appropriate personnel within the organisation.

The principle of transparency
Personal data are collected and processed according to the principles expressed in the Privacy Policy adopted by CRC Foundation, and indicated in the present Privacy Policy. In the case of a request for data to access a service or area of the site, the interested party will be supplied with a concise but complete disclosure, according to article 13 of the EU regulation no. 679/2016.

Principle of collection relevance
Personal data are processed in a lawful and correct way; they are registered for determined reasons, which are explicit and legitimate; they are relevant and do not exceed the scope of processing; they are kept over the period of time necessary for the aims of collection.

Principle of objectives of use
The purposes of the processing of personal data are made clear to interested parties at the moment of collection.

Principle of verifiability
Personal data are organised and kept in such a way that the user, if he/she wishes, can access which data has been collected and registered, as well as being able to check accuracy and request any corrections, additions, cancellations due to violation of the law or opposition to data processing in order to exercise all his/her rights, according to and within the limits of EU regulation n. 679/2016.

Principle of safety
Personal data are protected by IT, technical, organisational, logistic and procedural safety measures, against the risk of destruction or loss, also accidental, and of unauthorised access or use.


Types of data collection

Browsing data
Software procedures and the IT systems that guarantee the functioning of websites acquire, during their normal functioning, certain data, the transmission of which is implicit in the communication protocols of the Internet
This information is not collected so that is can be associated with identified persons, even though such data could be exploited by third parties through manipulation and cross-referencing with their own information to identify certain users.
This category includes the IP addresses or names with domains of computers used by persons logging onto the site, URI (Uniform Resource Identifier) addresses of the resources required, the time of the request, the method used to make the request to the server, the size of the file obtained in reply, the numeric code indicating the state of reply given by the server (successful, error etc,) as well as other parameters related to the user's operative system.
This data may be used by the controller for the sole purpose of obtaining anonymous statistical information about the site to identify the user's favourite pages in order to provide more suitable content and to check it functions properly. Data may be used to determine any liability in the event of IT crimes against the website.

Cookies
Cookies are files that can be registered on the memory of the user's device. This allows for easier browsing and better use of the site itself
Cookies can be used to find out if a connection has already been made between your device and our pages. Only cookies memorised on the user's device are identified.
Cookies present on a website can be grouped into the following categories (non-exhaustive list):

Session cookies: are automatically cancelled from the device at the end of each browsing session (when the user closes the browser);
Permanent cookies: for practical reasons they are stored for a longer period of time, which may vary depending on use. For example they can be used to "remember" access to the site, or to keep contents of a shopping cart active even over a period of time;
Third party cookies: are not directly used by the site but by third party services that the site may integrate to improve service and the user's experience.
This Internet site does not use commercial profiling cookies.

For information on the types of cookies used by this site, please go to the cookie page.

In the case of the presence of third party cookies, CRC Foundation accepts no liability for any data collection or profiling that takes place in a manner not previously agreed or based on unilateral modifications of such agreements with the third party and, if they come to light, will immediately see to fulfilling legal obligations by eliminating connections with the application in question or provide information and communications.
The visitor may refuse or remove authorisation at any time, by selecting the corresponding parameters in the specific options of the browser in use. Of course, it is possible to visit the site without accepting cookies. Most browsers automatically accept cookies. To avoid the automatic registration of cookies, select the option "don't accept cookies".
For further information on how to carry out these operations, please follow the instructions of the browsers at the following addresses (non-exhaustive list):

 

Google Chrome
Mozilla Firefox
Apple Safari
Microsoft Windows Explorer


For information about cookies archived on your computer and to deactivate them individually please follow this link: http://www.youronlinechoices.com/it/le-tue-scelte

Use of IP addresses
An IP address is a number automatically assigned to the device of the browsing user each time he/she connects to Internet through his/her Internet provider or through a LAN/WAN network which uses the same Internet protocols. The IP address is necessary for the website server to send information about pages visited and to allow the visualisation of content. IP addresses are generally anonymous, in that they are not directly associated with a particular user and are used, where appropriate, only for statistical purposes.


Collection and use of personal data freely provided by the user

CRC Foundation collects the personal data of its users only at the moment in which the user registers to access a specific service or to fill in a form. Data the CRC Foundation requires for registration is only that defined by law as "common" (eg. anagraphic data); In no case is the user required to proved so called "particular" data (UE Regulation n. 679/2016, art. 9). In order to register users, the site uses required fields and optional fields. Data completed in required fields is strictly necessary for the provision of the service. Data completed in optional fields is useful for the improvement of the service itself and of communications; to meet the users needs in the best way possible.
Data freely provided by the user, also that sent via email to request information, will be used by the CRC Foundation exclusively for the following purposes:
to allow for the provision of the service needed and, more generally, for administrative/accounting or technical ends.
to reply to users' specific requests for information
to keep the user updated on any CRC Foundation initiatives or projects
When necessary, according to EU regulation n. 679/2016, the CRC Foundation will ask for the user's consent before proceeding to personal data processing.
Personal data is organised and kept in such a way that the user, if he/she wishes, can access which data has been collected and registered, as well as being able to check accuracy and request any corrections, additions, cancellations due to violation of the law or opposition to treatment of data in order to exercise all his/her rights, according to and within the limits of EU regulation n. 679/2016.

Data processing and storage

Means of data processing
In relation to the purposes set out above, data processing is done through manual tools, both IT and telematic, which strictly correlate to the above purposes in order to guarantee safety and confidentiality of data, along with your responsibility to promptly communicate any corrections, modifications or updates. Specific safety measures are observed to prevent data loss, illegal or incorrect use, or unauthorised access.
Such data processing may be done on behalf of the CRC Foundation for the purposes and by the means described above and with respect to the appropriate criteria of guaranteeing safety and confidentiality by companies, organisations, bodies and external partners deemed responsible, and only for the aims and purposes for which the data has been collected.

Location of data processing
Data processing connected to web services of this site takes place at CRC Foundation headquarters and is handled only by technical staff working for the data controller, or by occasional maintenance workers. However, they can, for the time needed to complete the service, transit and reside in the server of external providers of the CRC Foundation such as (for example) providers of Internet connection (ISP) or of email providers.

Duration
Data will be processed for the duration of the contractual relationship. Following this only for the fulfilment of legal obligations and any commercial purposes.

Sensitive data
None of your personal data kept by CRC Foundation can be defined as "particular data" or "judiciary data"


Rights of the interested parties

Please be advised that according to EU regulation n. 679/2016 the subject has the right to access (art. 15); the right to correct (art. 16); the right to cancel (art. 17); the right to limit processing (art. 18); right to number portability (art. 20); the right to oppose (art. 21); the right to oppose the automated decision process (art. 22).

For each privacy request and to exercise your rights according to EU regulation n. 679/2016, please contact: info@fondazionecrc.it


The Personal Data Processing Controller is
Fondazione CRC
via Roma 17, 12100 Cuneo
info@fondazionecrc.it

NB:
The user may exercise his/her rights at any time, according to EU regulation n. 679/2016 including the right to access the register of the guarantor, or to access, correct, cancel or oppose data processing by writing to
info@fondazionecrc.it

The request to cancel can be done by writing a simple email indicating in the subject line "request cancellation and/or modification of data" and brief details to enable the request to be satisfied.

Changes to the protection of privacy

The data controller reserves the right to make changes to the present privacy policy at any time, by publicising it on this site. In the case that the modifications to this privacy policy are not accepted, the user must stop using the website and services connected to it, and can ask the data controller to remove his/her personal data. Unless otherwise specified, the previous privacy policy will continue to be applied to personal data collected up to that point.


Definitions

Personal data (or Data)
Personal data is any information that relates to an identified or identifiable living individual. An identifiable living individual is considered a physical person who can be identified directly or indirectly with particular reference to an identifying element such as name, ID number, address, online identity or one or more elements characterising physical, physiological, genetic, psychic, economic, cultural or social identity.


Technical data or of use
This is personal data collected in an automatic way by the site (or by third party applications the site uses), including: IP addresses or domain names of users' devices that connect to the site, addresses in UR (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the files obtained, the code number indicating the state of the request from the server (successful, error etc.), the country it comes from, the characteristics of the browser and of the operating system used by the visitor, the various time spans of the visit (for example how long the user has spent on each page) and details related to the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to parameters related to the operating system and the user's computer.

User
The individual who uses this Application, which is the interested party or any other person authorised by the interested party, whose personal data are the subject of data processing

The interested party
The natural or legal person whose personal data is concerned

Responsible for Processing
The natural or legal person, public authority and any other agency, association or other body which processes personal data on behalf of the Data Controller, as described in this privacy policy.

Data Controller
The natural or legal person, public authority, service or other body that, individually or with others, decides the ends and the means of personal data processing; when the ends and the means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria applicable to its description can be established by Union or Member State law.

Site or Application
The hardware or software through which the user's personal data are collected.

Cookie
A small piece of data preserved inside the user's device

Legal references

EU regulation n. 679/2016 - related to the protection of natural persons regarding personal data processing as well as the free movement of such data
Lgs. n. 196/2003 - Code on the protection of personal data (on the parts not repealed)
Decisions of the EU Commission
Guidelines and measures of European Data Protection Supervisors. (WP29, European data protection board)
Directive 2002/58/CE, as updated by Directive 2009/136/CE, regarding Cookies.