DISCLOSURE TO NATURAL PERSONS PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 (HEREINAFTER THE “DISCLOSURE”)

1.    DATA CONTROLLER

The Data Controller is Fondazione Cassa di Risparmio di Cuneo, with registered office at 17, Via Roma – 12100 Cuneo (CN), Tax Code 96031120049 whose data are also shown on the website on the homepage and/or on other web pages of the same.

The Data Protection Officer (DPO) is the lawyer Luisa Di Giacomo, who can be contacted at the email address dpo@fondazionecrc.it, with office in Turin, at 76 corso Vittorio Emanuele II.

 

2.    PERSONAL DATA SUBJECT TO PROCESSING

The Personal Data collected by the Website are as follows:

1. Browsing data

The Website’s computer systems collect some Personal Data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with you, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This information includes IP addresses or domain names of devices used to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (successful, error, etc.) and other parameters based on the user’s operating system and IT environment.

This data is used to obtain anonymous statistical information on the use of the Website and to check its correct functioning; to allow – given the architecture of the systems used – the correct provision of the various functions requested by you, for security reasons and to ascertain responsibility in the event of hypothetical computer crimes against the Website or third parties and is deleted after 7 days; in any case, this data is kept by the Data Controller of the Website for the period strictly necessary and in any case in compliance with the current regulatory provisions on the matter.

1. Data provided voluntarily

Through the Website, you may have the opportunity to voluntarily provide Personal Data, such as your name and surname and your email address for subscribing to the newsletter service or to contact the Data Controller through the “Contact Us” form or similar. You are free to provide your personal data or not, but failure to provide them could in specific cases make it impossible to obtain the requested service. If you submit your email address to subscribe to the newsletter service, you can unsubscribe at any time, using the appropriate link that you will find below each communication.

1. Cookies and similar technologies

The Data Controller collects Personal Data through cookies. More information on the use of cookies and related technologies is available here.

 

 

3.    PURPOSE, LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF THE PROCESSING

Personal Data provided through the Website will be processed by the Data Controller for the following purposes:

1. a) response to a request from the data subject, purposes related to the execution of a contract of which you are a party or the execution of pre-contractual measures adopted at your request (e.g. request for contact via the Contact form or email, registration for the newsletter service); in this case the provision is optional, but in the event of its absence it will not be possible to respond to your request or provide you with the requested service; we specify that the data relating to your company are not considered Personal Data pursuant to current legislation and therefore do not fall within the scope of this information.
2. b) purposes of statistical research/analysis on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the Website, measuring traffic and evaluating usability and interest;
3. c) purposes related to the fulfilment of a legal obligation to which the Data Controller is subject;
4. d) purposes necessary to establish, exercise, or defend a right in court or whenever the courts exercise their judicial functions.;

The legal basis for the processing of Personal Data for the purposes referred to in point a) is the provision of a service or the response to a request from the data subject, and therefore consent is not required pursuant to the Applicable Regulations.

The purpose referred to in point b) does not involve the processing of Personal Data, while the purposes referred to in points c) and d) represent a legitimate processing of Personal Data pursuant to the Applicable Regulations since, once the Personal Data have been provided, the processing is necessary to fulfil a legal obligation to which the Data Controller is subject.

 

4. PROCESSING METHODS

In relation to the aforementioned purposes, the processing is carried out using manual, computerised and telematic tools with logic strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data and with your commitment to promptly notify us of any corrections, modifications and updates. This processing may be carried out on behalf of the Data Controller for the purposes and in the manner described above and in compliance with criteria suitable to guarantee security and confidentiality, by companies, firms, entities and external collaborators appointed as Data Processors and only as regards the processing carried out by them.

None of your personal data processed by the Data Controller is attributable to the definition of “Special categories of data” in art. 9 of EU Regulation 2016/679. If data of this kind are transmitted to us, in the absence of your explicit written consent, we will delete them immediately.

 

5.   RECIPIENTS TO WHOM YOUR DATA MAY BE DISCLOSED

Your Personal Data may be shared, for the purposes specified in point 3, with:

1. parties necessary for the provision of the services offered by the Website, including, by way of example, the webmaster agency, the system for sending emails and analysing the Website’s operation, or the newsletter management system, which typically act as external data processors appointed by the Data Controller;
2. persons authorised by the Data Controller to process Personal Data who are committed to confidentiality or have an appropriate legal obligation of confidentiality; (e.g. employees and collaborators of the Data Controller); (a. and b. are collectively referred to as “Recipients”);
3. Jurisdictional authorities in the exercise of their functions when required by the Applicable Regulations.

 

6. TRANSFER OF DATA ABROAD

None of your Personal Data is transferred outside the European Union. The server on which this site is hosted is located within the European Union. The website communicates with a secure protocol (https), so the data you enter is protected.

The Data Controller ensures that the electronic processing of your Personal Data by the Recipients is carried out in compliance with the Applicable Regulations.

Should transfers occur outside the European Economic Area, such transfers will be based either on an adequacy decision or on the Standard Model Clauses approved by the European Commission.

 

7. DATA RETENTION

In general, your Personal Data are kept for as long as you request the services provided and, at the end, for the following ten years. If you subscribe to the newsletter, your data will be processed until you decide to unsubscribe. In this case, you will no longer receive communications from the Data Controller, but the retention of data, if processed for other purposes and with an adequate legal basis, may remain for a period not exceeding ten years. Personal Data may also be processed for a longer period of time if there is an act of interruption and/or suspension of the limitation period that justifies the extension of the extension of data storage.

 

8.    YOUR RIGHTS

You can exercise the rights provided for by the Regulation by sending an email to info@fondazionecrc.it or by contacting the DPO at the addresses indicated above, clearly indicating for which data you are requesting the exercise of the rights, listed below.

a. Right to access

You can obtain from the Data Controller confirmation as to whether the processing of Personal Data is or is not in progress and, where this is the case, obtain access to the Personal Data and information provided for by art. 15 of the Regulation, including, by way of example: the purposes of the processing, the categories of Personal Data processed, etc.

Where Personal Data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If requested, the Data Controller may provide you with a copy of the Personal Data being processed. For any additional copies, the Data Controller may charge a reasonable fee based on administrative costs. If the request in question is submitted by electronic means, and unless otherwise indicated, the information will be provided by the Data Controller in a commonly used electronic format.

b. Right of rectification

You can obtain from the Data Controller the rectification of Personal Data that are inaccurate as well as, taking into account the purposes of the processing, the integration of the same, if they are incomplete, by providing a supplementary declaration.

c.  Right to deletion

You can obtain from the Data Controller the deletion of your Personal Data, if one of the reasons provided for by art. 17 of the Regulation are present, including, by way of example, if the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been revoked by you and there is no other legal basis for the processing.

We inform you that the Data Controller will not be able to proceed with the deletion of your Personal Data if their processing is necessary, for example, for the fulfilment of a legal obligation, for reasons of public interest, or for the ascertainment, exercise or defence of a right in court.

d. Right to restrict processing

You may obtain the restriction of the processing of your Personal Data if one of the hypotheses provided for by Article 18 of the Regulation occurs, including, for example: in the face of a dispute about the accuracy of the Personal Data being processed or if the Personal Data are necessary for the establishment, exercise or defence of a right in court, although the Data Controller no longer needs them for the purposes of processing.

e. Right to data portability

If the processing of your Personal Data is based on consent or is necessary for the execution of a contract or pre-contractual measures and the processing is carried out by automated means, you can:

– request to receive the Personal Data provided by you in a structured, commonly used and machine-readable format (example: computer and/or tablet);

– transmit the Personal Data received to another Data Controller without any hindrance from the Data Controller.

You may also request that your Personal Data be transmitted by the Data Controller directly to another data controller indicated by you, if this is technically feasible for the Data Controller. In this case, it will be your responsibility to provide all the exact details of the new data controller to whom you intend to transfer your Personal Data, providing us with written authorisation.

f. Right to object

You may object at any time to the processing of Personal Data if the processing is carried out for the execution of an activity of public interest or for the pursuit of a legitimate interest of the Data Controller (including profiling).

If you decide to exercise the right to object described herein, the Data Controller shall refrain from further processing of your personal data, unless there are legitimate reasons to proceed with the processing (overriding reasons relative to the interests, rights and freedoms of the data subject), or the processing is necessary for the ascertainment, exercise or defence of a right in court.

g. Right to lodge a complaint with the Italian Data Protection Authority

Without prejudice to your right to appeal to any other administrative or judicial body, if you believe that the processing of your Personal Data by the Data Controller is in violation of the Regulation and/or applicable law, you may lodge a complaint with the competent Data Protection Authority (www.garanteprivacy.it).

 

9.    AMENDMENTS

This Privacy Policy is effective as of October 2024. The Data Controller reserves the right to modify or simply update the content of this privacy policy, in full or in part, including in the case of amendments to the Applicable Legislation. The Data Controller will inform you of these changes as soon as they are introduced and will be binding as soon as they are published on the Website. The Data Controller invites you to regularly visit this section so that you are aware of the most recent and updated version of the Privacy Policy in order to remain up-to-date on the data collected and their use by the Data Controller.