ANANDA ASSOCIATION ASD
Information in pursuance of the GDPR (General Data Protection Regulation) art. 13
The Ananda Association ASD, F.C. (Fiscal Code) 92002350541, VAT number 02754750541, based in Nocera Umbra (06025 – PG), 61 Montecchio street , in person of the President of the association, in pursuance of the Regulation (EU) n. 2016/679 April 27th art. 13, 2016 (hereafter the GDPR), and regarding the personal data that will be processed by the association for the implementation of the requested services, provides the Data Subjects with the following information.
Data Controller and Data Processors
Data Controller is the Ananda Association ASD (hereafter, the Data Controller), in the person of the President of the association, F.C. 92002350541, VAT number 02754750541, and these are its contacts:
The complete list of the Data processors is available at the head office of the Data Controller and can be requested by contacting the abovementioned contacts.
In performing their duties, the Data Processors could avail themselves of Sub-Data Processors, if expressly approved by the Data Controller.
Purposes and Lawfulness of data processing
The data processing is aimed at the proper performance of the contract, at the implementation of the requested services, at the performing of association activities, and also at fulfilling the fiscal and accounting obligations, and those of different kind which are borne by the association, as required by current legislation.
Among the association activities there are yoga, meditation courses and similar activities, in a live or in an on-line situation.
Among the association activities there are yoga, meditation courses and similar activities, in a live or in an on-line situation. as well as free dissemination – also by written publication on the various communication channels of the organisation – of personal experiences and evaluations regarding the courses and/or activities which have been provided or relating to the social purposes of the association.
Among the association activities there are also (online) promotion and dissemination of the abovementioned activities, using the images of the participants, unless they refuse.
Personal data will be processed using manual, computerized and electronic means, following an approach which is strictly correlated to the reported purposes, and always in such a way to guarantee data security and confidentiality.
Personal data may also be stored in paper or electronic format – including portable devices – using methods which are strictly necessary to meet the abovementioned purposes.
In pursuance of art. 6 of the GDPR, the processing is carried out only if one of the following applies:
– the data subject has given the approvation for his or her personal data in order to use the requested services;
– processing is necessary for the performance of a contract and/or for the provision of the services/activities requested by the data subject, or in order to take steps at the request of the data subject prior to entering into a contract and making use of these services;
– processing is necessary for compliance with a legal obligation to which the controller is subject;
– processing is necessary for the pursuit of the association purpose and for the performance of the association activities;
In compliance with the current regulation on the protection of personal data, data will be stored, collected and processed by the Data Controller also for the following purposes:
– communication and/or transfer of personal data to third parties for marketing purposes, including newsletters and other communications sent by paper and e-mail, sms, mms, push notifications, fax, telephone operators.
The provision of personal data necessary for these purposes is not voluntary, but any failure or refusal to provide them may result in the impossibility of the Data Controller to enter into and/or perform the contract and deliver the services required.
Consequences of failure to provide personal data
Regarding personal data relating to the implementation of the requested services or to the compliance with a regulatory obligation – for example, fulfillment related to keeping fiscal and accounting records – failure to provide personal data prevents completion of the contractual relationship.
Personal data processed for the abovementioned purposes will be kept for the duration period of the contract and, subsequently, for the period in which the association is subject to storage the informations for fiscal purposes or for other purposes required by laws or regulations.
Nature of data processed
The Data Subject’s personal data processed could include phone number, permanent address, email address, name, surname, address or other personal identification details, special categories of personal data referred to in art. 9 after declaration of consent, images, bank or postal details necessary to make payments.
Transfer of personal data outside the European Union
The transfer of personal data outside the EU may be carried out if it is necessary for the management of the assignment. The processing of data and information shall require a level of protection equivalent to that offered for the processing of personal data in the EU. In any event, the disclosure will involve only the data that are necessary for the pursuit of the intended purposes and under the application of the normative tools provided in the Chapter V of the GDPR.
Categories of recipients to whom the personal data are disclosed
Personal data may be disclosed to:
1. Professionals that provide instrumental services to the abovementioned purposes;
2. Bank or insurance companies that provide functional services for the abovementioned purposes;
3. Subjects that are processing data in compliance with specific legal obligations;
4. Public administrations or judicial authorities for the fulfillment of legal obligations;
5. Furthermore, data may be communicated to third parties appointed as Processors pursuant to the GDPR art. 28, namely providers of services that are strictly necessary for the performance of the association activity, or consultants of the association – where necessary – for fiscal, administrative or fiscal reasons, or for the requirements covered by current regulations.
6. Personal data may also be communicated or transferred to business partners, including external companies, associations and foundations working in the marketing sector, advertising, trade and distribution of food products, fundraising, hotel business, publishing of books and journals, related to the mission of Ananda Association ASD, and identified from time to time by Ananda Association.
7. Associazione Ananda Sangha for Self Realization (Ananda Sangha Europa Association for Self-Realization), F.C. 92013280547, based in Nocera Umbra (PG), 67 Montecchio street; Fondazione Ananda Europa (Ananda Europe Foundation), F.C. 92000960549, based in Via Montecchio 61 06025, Nocera Umbra (PG).
Rights of the data subject
Among the rights guaranteed by the GDPR, the Data Subject has the right to request from the Data Controller:
– access to personal data and to the related information;
– rectification of inaccurate personal data or completion of incomplete data;
– erasure of personal data (upon the occurrence of one of the conditions indicated in the GDPR art. 17, paragraph 1 and in compliance with the exceptions laid down in paragrap 3 of the same article);
– restriction of processing (upon the occurrence of one of the conditions indicated in the GDPR art. 18, paragraph 1);
– Where the processing is based on a contract or on consent, and is carried out by automated means, the Data Subject has the right to receive the personal data in a structured and machine-readable format, also for communicating those data to another Data Controller.
Furthermore, the Data Subject has the right to:
– object at any time to the processing of personal data on grounds relating to his or her particular situation;
– withdraw his or her consent at any time, only where the processing is based on consent for one or more specific purposes and concerns common personal data such as birth date and place, or place of residency, or for special categories of data referred to the GDPR art. 9.
The processing based on consent and carried out before the withdrawal of consent still remains lawful;
– send a complaint to the competent Supervisory Authority for personal data protection.
° ° ° ° °
Having read the information referred to in this document, the Undersigned __________________, aware that the non-provided consent could prevent the implementation of the planned services and the regular performance of the association activities, also considering the legal obligations of the association and with regard to the treatment of personal data, he/she acknowledges in its every part the information provided in accordance of the Regulation 2016/679/UE artt. 13 and 14, and freely, voluntarily and specifically grants consent, where required, for the indicated purposes, that personal data, including special categories of personal data, may be processed for the fulfillment related to the assignment. The undersigned also grants specific consent that personal data may be communicated to the abovementioned subjects for the fulfillment related to the assignment and transferred to the subjects indicated above.