Website’s General Privacy Disclosure (e.g. events subscription and promotional material shipment)
Disclosure in accordance with the article 13 of the Regulation (EU) n. 679/2016 2016 General Data Protection Regulation (“GDPR”).
Fondazione Bracco is the Processing Controller; with headquarter sited in via Cino del Duca 8 - 20121 Milan. You can contact us if you want your personal data’s related information.
After having received your consent, we process the personal data that you provide us by filling the contact on line Form/subscription (“Form”). In particular, this data includes name, surname, email address, as well as further data that you eventually provides to the Data Controller.
In order to allow us to process the requests that You send through the Form, we need You to agree the inserted data’s process and we need You to at least insert the mandatory information marked with an asterisk (*). Without having the mandatory data or the consent, we will not be able to proceed. Contrarily, the consent and information that the non-asterisk-marked fields require are optional: if you decide not to provide them, there will be no consequences.
Anyway, if the law obligations, regulations and the community legislation require it, the Controller could process Your Data, even without Your consent, this as regard to legal claims, in order to pursue his legitimate interests and for all the cases that, where applicable, the Articles 6 and 9 of the Regulation includes.
We process the data in order to manage Your subscription request as regard to Fondazione Bracco’ events (purpose A) or in order to send You Fondazione Bracco or her partners’ promotional and communication material (e.g. newsletter, events related communications, workshops or seminars that the Fondazione Bracco organizes) (purposes B). Your consent represent your personal data’s legal basis for these treatments (Article 6.1 letter a) of the Regulation).
Fondazione Bracco will process the Data by means of electronic or, however, telematic and computerized devices, or by manual and paper-based elaborations. The logics of the elaboration will have a strict relation to the above-mentioned purposes of their providing and, however, we will operate in a way that ensure security and confidentiality. Internal Foundation’s staffs will process the Data and, eventually, to the extent that is necessary and/or instrumental for the above-mentioned purposes. They will have the authorization for this purpose in connection with the performance of their assigned tasks. Third parties acting on behalf of Fondazione Bracco will process the data too, they, given by the case, will act as autonomous Controllers, Co-Controllers or Processors that have a nomination in accordance with the Article 28 of GDPR (e.g. Foundation’s initiatives partners, service provider, shippers, dispatchers, computer services maintainers, other suppliers the Fondazione Bracco could involve to execute the above-mentioned purposes, Bracco’s Group societies).
All the data’s recipients will only receive data that is useful to dispatch the related functions and they will commit to use it for the above-mentioned purposes only and to process it in accordance with the applicable law. With the exception of the above mentioned, we will not share data with third parties, natural and legal persons which are performing no commercial, professional and/or technical functions on behalf of the Controller, nevertheless we will not spread the data.
As regard to the possible data’s transfer towards Third Countries, including countries that may not ensure the same level of protection as the data protection legislation require (i.e. extra EU countries); the Controller makes You known that the processing will still occur. This, given by the cases, in accordance with one or more of the modalities allowed by the Regulation. For example, the user’s explicitly given consent, the adoption of Standard Contractual Clauses that have been approved by the European Commission, the selection of subjects involved in international programs for the free movement of data, (e.g. EU-USA Privacy Shield) or that are active in countries considered as safe by the European Commission.
The data’s recipient list is available asking to the Controller using the contacts indicated in the current policy.
Period for which the personal data will be stored
In compliance with what the Article 5.1. (c) of the Regulation prescribe, the informative systems and computer programs used by the Foundation, are configured in a way that minimize the need for personal and identification data; such data shall only be processed to the extent that is necessary in order to attain the purposes set forth in this Policy. The data will be stored for the period that is strictly necessary in order to achieve the concrete objectives pursued. Anyway, the criteria used to determine the period of storage has his base in the compliance with the applicable laws and to the processing minimization principle as well as the storage limitation and the rational management of archives.
Rights of data subjects
The user may anytime exercise the rights in accordance with the Articles 15-22 of the Regulation, including the right to have a confirmation on the existence of his personal data. He can verify the data’s content, origin, accuracy, location (as also regard to Third Countries). He may ask for a copy of the data as well as its rectification and, in accordance with the applicable law, the restriction of the processing as well as the erasure of the data and he can also object to the direct contact activities (even specifically for certain means of communication). Similarly, the user may always withdraw the consent and/or make observations on specified data’s usages as regard to particular personal situations who he believes are not fair or that are not justified by the relationship placed in place. He may also lodge a complaint with the Supervisory Authority.