PRIVACY POLICY

POLICY REGARDING THE PROCESSING OF PERSONAL DATA on the website ww.fondazionemilan.org/contest

(pursuant to the European General Data Protection Regulation 2016/679 and to the applicable national legislation with regard to the protection of personal data)

Pursuant to the European Regulation 2016/679 (hereinafter referred to as “GDPR”) and to the applicable national legislation with regard to the protection of personal data, Fondazione Milan Onlus (hereinafter referred to as “Foundation”) with registered office in Milan, Via Aldo Rossi 8, 20149, hereby provides information with regard to the processing of your personal data acquired through our website or supplied by third parties such as Milan Group Companies, institutions and associations in connection with auctions, fundraising campaigns and other charitable initiatives.

 

  1. Types of Data collected

 

  • Browsing Data: information which – acquired from the computer systems and the software procedures responsible for the functioning of the site over the course of their normal operation – is not collected in order to be associated with identified interests, but which could, through processing and association with data held by third parties, allow the identification of users; this data category includes the IP addresses or the computers’ domain names used by the users who access the website or the URI (Uniform Resource Identifier) addresses of the required resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (successful, error, etc…) and further parameters connected to the user’s operating system and IT environment.
  • Data voluntarily supplied by the user: name, surname and e-mail address for the participation in the initiative, as well as – in relation to the voting – the sharing link of pictures posted on social media for the social wall on the Foundation’s website, as well as data needed to make donations on the Foundation’s institutional website.

 

  1. Purposes and legal basis for the processing of personal data

Collected data are processed by the Foundation as data controller, without the need for Your consent, for the following purposes and legal basis:

  1. Performance of contractual obligations such as: obligations arising from the participation in the initiative, as well as from the transmission of information You requested.
  2. Fulfilment of legal obligations such as: management of the obligations arising from the compliance with laws and regulations to which Fondazione is subject.
  3. Pursuit of the Foundation’s legitimate interests, such as, for example, the need to identify the donor and for the defence of legal claims.

The data collected is processed by the Foundation, with your consent, for the following purposes:

  1. Sharing on the website’s social wall of links/pictures shared by users on social media in order to express their preference on one of the projects presented.
  2. Institutional communication: i.e. sending, by means of automated contact methods (such as text messages, e-mails, social networks, instant messaging apps, push notifications) and traditional contact methods (such as phone calls with an operator and traditional mailing) of communications and information material in relation to Fondazione Milan’s activities (such as fundraising campaigns, projects, surveys and statistical analysis);

 

  1. Methods of data processing

 

Data will be processed in paper, computerised and telematic form and will be inserted into appropriate database, by means of operations of collection, registration, organisation, conservation, consultation, usage, processing, comparison and any other suitable operation, including automated, in compliance with legal provisions that are necessary to guarantee data confidentiality and security, as well as the accuracy, updating and relevance of data in compliance with the stated purposes.

 

  1. Data retention

 

Data will be retained for the time necessary to comply with the abovementioned purposes and, in particular:

 

  • For the purposes under paragraph 2, letters a), b) and c) for no longer than 10 years following the end of the specific activity. In case of potential contact requests, until the request is closed. In case of judicial dispute, for the entire duration of the same, until all appeal action terms have been exhausted.
  • For the purposes under paragraph 2, letters d) and e) in relation to institutional communications and profiled communications until the consent is revoked. The data related to your habits and behaviours are retained for 24 months from collection.

 

  1. Data provision

 

The provision of data for the purposes under paragraph 2, letters a), b) and c) is necessary to ensure all activities and service requested; the denial of consent to provide personal data or its incompleteness may determine the impossibility to issue the receipt of the donation made by the user and to carry out the services in their entirety and in compliance with legal requirements.

 

The provision of data for the purposes under paragraph 2, letters d) and e) is optional, thus the failure to provide it will not lead to any consequences other than the impossibility for Fondazione to carry out the above provided activities.

 

  1. Data recipients

 

Data can be provided to subjects operating as data controllers, including authorities and supervisory and control bodies, lawyers, accountants, auditors and, broadly speaking, any public or private subjects entitled to request data.

 

  1. Authorised data processors

 

Data can be processed by employees of the corporate functions responsible for the pursuit of the above-mentioned purposes, who have been expressly authorised and who have received adequate operational instructions.

 

Data can be processed, on behalf of the Foundation in order to allow the above-mentioned activities, by subjects (including the Milan Group Companies), appointed as data processors, who provide services to the Foundation itself.

 

  1. Data transfer

 

Data can be transferred to subjects in non-EU countries that ensure an adequate level of data protection. The transfer will be made only on the basis of either adequacy decisions approved by the European Commission or the adoption, by the Foundation, of Standard Contractual Clauses established by the European Commission.

 

 

  1. Rights of the data subject – complaint to the supervisory authority

 

By contacting the Foundation by email at privacy.fondazionemilan@acmilan.it, you can:

 

  • Ask the data processor for confirmation of the existence of personal data concerning you and, if so, obtain access to the data concerning you and to the information concerning the processing, such as: purposes, types of personal data, data recipients or categories of recipients to whom data are transferred, data retention, existence of an automated decision-making process and the logic used, as well as the existence of adequate guarantees in the event of data transfer to a non-EU country.
  • Obtain the update, rectification, integration or erasure of personal data, as well as the restriction of processing.
  • Object in whole or in part: a) to the processing of personal data for the legitimate interest of the Foundation, for specific personal reasons; b) to the processing of personal data regarding you for communication purposes and personalised communication implemented by means of automated contact methods (such as text messages, e-mails, social networks, instant messaging apps, push notifications) and traditional contact methods (such as phone calls with an operator and traditional mailing);
  • Receive the data in a structured, commonly used and machine-readable format, as well as – if technically feasible – transmit it to another owner without impediment (“right to data portability”).
  • Withdraw your consent at any given time.

You also have the right to lodge a complaint with the supervisory authority.

 

  1. Data controller, data processors and Data Protection Officer

 

Fondazione Milan Onlus, with registered office in Milan, Via Aldo Rossi 8, 20149, is the data controller for all the processing purposes as indicated in this statement; you can contact the Foundation to find the complete list of those who are in charge of the processing and control of data.

Furthermore, the Foundation has appointed the Personal Data Protection Officer (DPO), a specialised figure in charge of monitoring the methodologies adopted by the Foundation to protect your data. You can contact the DPO by email at dpo@acmilan.com.