Privacy Policy

I. PROCESSING OF PERSONAL DATA
Access and consultation of the site www.fondazionesostainsicilia.it (hereinafter the “Site”) may involve the processing of personal data by FONDAZIONE SOSTAIN SICILIA, based in Italy, 90129 Palermo, Via Aurelio Drago 38, VAT number 06884520823 (hereinafter the “Company”), which will be carried out in compliance with current laws and regulations. The current legislation on the protection of personal data of individuals provides for the obligation to provide data subjects with adequate information in the event of the collection of personal data concerning them. This document therefore contains a concise statement of information on the methods, conditions and terms of the processing by the Company of any personal data collected through the Site, which are supplemented by information contained in other corporate documents adequately advertised.

II. FIGURES OF THE PROCESSING OF PERSONAL DATA
The processing of personal data covered by this document involves, in addition to the subject to whom the data processed refer (the “Data Subject”), the Company identified above (the “Data Controller”), in the person of the pro tempore legal representative, who may be contacted at the following e-mail address info@fondazionesostainsicilia.it.
The Company has also appointed some external managers for the processing of your data (hereinafter the “Managers”): the complete list of Managers appointed by the Company will be provided following a specific request to be sent by e-mail to the Data Controller.

III. TYPES OF DATA PROCESSED – PURPOSE AND LEGAL BASIS OF THE PROCESSING
3.1 Navigation data and purpose of the processing
In some cases, the computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the Site.
The legal basis of data processing is constituted in these cases by the need to acquire tools for improving the service offered to users of the Site and to fulfill legal obligations (for example with reference to the identification of any perpetrators of crimes).

3.2 Data provided voluntarily by the interested party and purpose of the processing
The optional, explicit and voluntary sending of personal data by the interested party to the e-mail addresses present on this Site or through registration involves the acquisition and processing by the Company of the data provided by the interested party, necessary for the provision of the service or sending the requested information.
The processing of data sent or acquired through the Site will be carried out in order to outline the authentication profile necessary for the user to access the Site at his own discretion, to outline the user’s profile to optimize and customize the services available following the registration, as well as to the extent necessary to fulfill the obligations and exercise the specific rights of the Data Controller or of the Data Subject in correlation with the Data Subject’s access to the Site: the communication of data to the Data Controller by the Data Subject constitutes a necessary fulfillment to allow particular: (i) the response to requests for information from the interested party to the Company for any purpose and reason; (ii) the definition, stipulation and execution of contracts concerning the supply of the services provided by the Company and the payment of the related fees; (iii) the registration of the interested party and (iv) the sending of newsletters and information communications from the Company, for which failure to indicate them will make it impossible to fulfill the required activities. In the latter cases, the expression of specific consent of the interested party to the processing of data is required by filling in the appropriate box. Specific consent is also required for registration for the periodic sending of newsletters and information communications to the address of the interested party.
The legal basis of the data processing of the interested party is constituted by the exercise of rights and interests related to the establishment of legal relationships with the Company by accessing the Site, also through the definition, stipulation and execution of contractual relationships between the Company and the interested party. .
The following paragraphs contain a specific description of the types of processing carried out and the related purposes.

3.2.1 Processing of personal data for the pursuit of the primary purposes of the processing itself. Treatment of particular categories of data.
The processing of the data of the interested party may be necessary to fulfill the obligations and exercise specific rights of the owner in the execution of the contractual relationship with the interested party, also with reference to accounting and tax profiles. In this case, the communication of data to the Data Controller by the interested party constitutes a necessary fulfillment to allow the regular establishment and execution of the contract and the provision of the main or accessory services connected to the type of contract requested by the interested party, for which failure to indicate will make it impossible to fulfill the legal obligations and the contract itself exactly. In all the cases illustrated above, the Data Controller is not obliged to acquire the specific consent to the processing of the Data Subject, since if the latter does not intend to provide the personal data requested and necessary on the basis of the foregoing, the consequence would be that the impossibility of establishing the contractual relationships referred to in the services offered by the Data Controller.

3.2.2 Secondary purposes of the processing of personal data for promotional, advertising and marketing purposes.
The personal data of the interested party collected may also be processed directly by the Data Controller for the purposes of commercial promotion, advertising communication, solicitation of purchasing behavior, market research, surveys, statistical processing and marketing in the broad sense of products and / or services. referable to the Owner (hereinafter, collectively, “Treatment for Marketing Purposes”). To proceed with the Processing for Marketing Purposes, the Data Subject may (optionally) express a specific, separate, express, documented, preventive, informed and free consent. In case of refusal of the marketing consent there will be no interference and / or consequence on the contractual, contractual or other relationships whose processing of personal data falls within the primary purposes of the processing referred to in Paragraph 3.2.1. The provision of personal data to the Data Controller and the provision of consent to the Processing for Marketing Purposes for the purposes and with the methods illustrated above are absolutely optional, optional and in any case revocable and failure to provide or deny or revoke the consent will not lead to different consequences. from the impossibility for the Owner to proceed with the marketing treatments mentioned. In case of failure to provide or deny or revoke consent to processing for marketing purposes, there will be no interference and / or consequence on contractual, contractual or other relationships whose processing of personal data falls within the primary purposes of the processing referred to in Paragraph 3.2.1.

3.2.3 Processing of the personal data of the interested party for commercial profiling purposes.
It is possible that, for marketing purposes, the Data Controller processes the so-called profiling data (hereinafter “Profiling Treatment”). To proceed with a Profiling Treatment it is mandatory to acquire a specific consent, separate (also from the consent for the pursuit of the secondary purposes referred to in Paragraph 3.2.2 above), expressed, documented, preventive and entirely optional. The Profiling Treatments could consist in the detection of: number and type of accesses to the Site in a predetermined time horizon; frequency of use of services; other indices aimed at highlighting purchasing tastes and habits. The provision of personal data to the Data Controller and the provision of consent to the Profiling Processing are absolutely optional and optional (and in any case revocable) and failure to provide or deny or revoke the consent will not result in consequences other than the impossibility for the Data Controller and for any third to proceed with the treatments mentioned. In case of failure to provide or deny or revoke the consent to the Profiling Treatment, there will be no interference and / or consequence on the contractual, contractual or other relationships whose processing of personal data falls within the primary purposes of the treatment referred to in Paragraph 3.2 .1 and in the secondary purposes of the processing of personal data referred to in Paragraph 3.2.2, in the case of providing specific consent for such processing.

IV. COOKIE
It should be noted that, in order for the Site to function properly, only technical cookies are used, while profiling cookies by the interested party or third parties are not used during the operation of the Site.
The Site uses the features offered by the Google Analytics service. Google Analytics uses “cookies”, ie text strings that the sites visited by a user send to his terminal where they are stored and then retransmitted to the same sites during subsequent accesses to the internet by the user, in order to collect and anonymously analyze information on website usage behavior.
This information (including the user’s IP address) is collected by Google Analytics, which processes it in order to prepare reports for the Company’s operators regarding the activities on its website. Google does not associate the IP address with any other data in its possession, nor does it try to connect an IP address with the identity of a user. Google may also communicate this information to third parties where this is required by law or where such third parties process the aforementioned information on behalf of Google.
For more information on how Google collects and uses data, we recommend consulting the site:www.google.it/policies/privacy/partners/

V. COOKIE MANAGEMENT
The Company reminds that the total or partial disabling of the c.d. technical (ie navigation cookies, which allow the Site to function properly and allow the provision of the related services requested by the user) may compromise the use of the Site’s features. In any case, the user can decide whether or not to accept cookies by changing the security settings of their browser.
Please note that you can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on your browser. To disable the action of Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout

VI. OPTIONAL PROVISION OF DATA
Apart from what is specified for navigation data, the interested party is free to provide their personal data. However, failure to provide them may make it impossible to obtain what is requested or a limitation of the use of the Site, as specified in point III above.

VII. METHOD OF TREATMENT AND STORAGE PERIOD
Personal data are processed, including with the aid of automated tools, for the time strictly necessary to achieve the purposes for which they were collected and in any case up to a maximum of ten years from the date of their acquisition by the Company. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The Company has adopted adequate technical and organizational measures to guarantee a level of data security appropriate to the risk.

VIII. SHARING, COMMUNICATION AND DISCLOSURE OF DATA
The data collected may be transferred or communicated, as well as to the Managers, to Company personnel who, operating under the direct authority of the Data Controller, will process data as data processors and who will receive adequate operating instructions from the Data Controller, as well as to subjects. third parties for activities strictly connected and instrumental to the operation of the service, such as the management of the IT system or instrumental services, etc.
Personal data could also be transmitted to third parties, but only and exclusively in the event that this is necessary by law or to fulfill requests from the Financial, Administrative and Judicial or Public Security Authorities and the Data Controller excludes that the data will be subject of transfer to a third country with respect to the European Union or to international organizations, it being understood that, where this proves necessary, specific information will be provided.
If the interested party accesses other sites through the links provided on the site, he is aware that the operators of said sites may be able to collect and share information on the interested party, which will be treated according to the privacy regulations of said sites, which could differ from the conditions and terms of data processing applied by the Company: it is therefore advisable to read the data processing regulations published on these sites in order to understand the procedures for the collection, processing and disclosure of personal data.

IX. RIGHTS OF THE INTERESTED PARTY
For the entire duration of the data retention period of the interested party, the same will have the right to:
– ask the Data Controller to access your data and to be informed about the methods and purposes for which the data is processed, to obtain its correction or cancellation if incomplete, erroneous or collected in violation of the law;
– limit the processing or oppose it in the presence of the conditions provided for by current legislation;
– receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him at the end of the retention period;
– propose a complaint to a supervisory authority (Guarantor for the Protection of Personal Data).