Information in pursuance of the art. 13 of the Regulation (EU) n.2016/679 of the European Parliament and of the Council of April 27th, 2016 (the General Data Protection Regulation – GDPR)
In accordance with the Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, namely Regulation (EU) n. 2016/679 of the European Parliament and of the Council of April 27th, 2016 (hereafter, the Regulation), the Ananda Associazione ASD, f.c. 92002350541, vat number 02754750541, based in Nocera Umbra (06025 – PG), via Montecchio n.61, provides to the Data Subjects with the following information.
Data Controller and Data Processors
Data Controller is the Ananda Associazione ASD (hereafter, the Data Controller) and these are its contacts:
website: www.ananda.it ; mail: firstname.lastname@example.org; fax: (+39) 075 9033103 ; phone: (+39) 0742 813620
Representative of the Data Controller is Mr. Arthur Louis Lucki, f.c. LCKRHR46R23Z404E. The complete list of the Data processors is available contacting the Data Controller by the abovementioned contacts.
Source and categories of personal data processed
The personal data are collected exclusively from the Data Subjects. The Data Subject’s personal data processed could include name, surname, nationality, contacts (including address, phone number and email address), date and place of birth, civil status, economic and financial information, details of ID documents. Should the Data Controller collects or process special categories of personal data (primarily, informations about religious or philosophical beliefs) in order to achieve the purposes indicated, it will always process these data in compliance with the provisions of the law and with the consent of the Data Subjects.
Purposes of the processing
The processing of the data indicated above is carried out in compliance with the Regulation and with the principles and obligations of confidentiality and privacy.
The personal data are processed for the following purposes:
- a) purposes closely related and essential to the provision of the associative activities.
The provision of personal data necessary for such purposes is not mandatory, but the refusal to provide them may result in the impossibility of the Data Controller to provide the service. Their processing does not require the consent of the Data Subject.
- b) purposes connected to the obligations laid down by laws, regulations and directives issued by the Supervising Authority (Garante) and Public Administrations (for example, Agenzia delle Entrate, judicial authority etc). The provision of personal data necessary for these purposes is mandatory and the processing does not require the consent of the Data Subject. The Data Subject’s personal data collected for the abovementioned purposes are not used by the Data Controller for marketing, commercial or promotional purposes. Data will be processed using both paper and electronic means.
Categories of recipients to whom the personal data are disclosed
– professionals, bank or insurances companies and different subjects that provide services for the abovementioned purposes connected to the obligations laid down by laws and regulations;
– Public Administrations and Judicial Authority.
Transfer of personal data outside the European Union
The Data Controller will not transfer the personal data collected to countries outside the European Union, whose legal provisions on the protection of personal data are different from those of the Regulation.
Retention period of personal data
The Data Controller keeps personal data for a period of ten years starting from the comunication of the informations by the Data Subjects, without prejudice to the provisions of art.17 of the Regulation.
Lawfulness of processing
The Data Controller will process the personal data only if and to the extent that at least one of the following applies:
– the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
– processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
– processing is necessary for compliance with a legal obligation to which the controller is subject;
– about processing of special categories of personal data, when the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
Exercising the personal data access right and other rights
With relation to the provided personal data, the Data Subject can exercise the following rights guaranteed by the Regulation:
– access right;
– right to rectification, modification and cancellation of personal data or the right of restriction of the processing of the former;
– right to object the processing;
– right to withdraw the consent
– right to send a complaint to the competent Supervisory Authority (Garante)
– right to portability where the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2).
° ° ° ° °
The Data Subject, informed by the Data Controller in pursuance of the art.13 of the Regulation and also informed about the possible consequences of refusal to provide the personal data.