DATA USE POLICY
It is our belief that privacy protection is of uttermost importance and, for that reason, we want you to feel protected and informed regarding the use of personal data.
We hereby inform you that we have updated our policy in accordance with the European General Data Protection Regulation (GDPR) n. 679/2016.
Information in accordance with Regulation (EC) No 679/16, article 13, and Legislative Decree 30.06.2003 No 196, article 13/14, concerning the protection of personal data of participants, suppliers and all subjects interacting with the Foundation.
The WM Foundation, headquartered in via Pantano, 9 - 20122 Milano, Italy, as controller processing personal data, wishes to adequately inform the natural persons acting in the name of or on behalf of suppliers, participants, partners in different activities or other subjects involved, in accordance with article 13 of the Legislative Decree 30.06.2003 No 196 “Italian personal data protection code” and Regulation (EC) No 679/16 “General data protection regulation”.
Personal information we collect
The information that we collect are personal and contact data, provided by the interested party during: visits to our offices, phone calls or electronic communications, conference participations, info days, workshops organized or co-organized by the Foundation, information requests, registrations to events, and other forms of involvement.
Purpose of the processing
Personal data of natural persons acting in the name of or on behalf of suppliers, participants, partners in different activities or other subjects are processed with the purpose of: forwarding communications or general newsletters by phone, mobile phone, sms, email, fax, post, etc.; making or processing requests of all kinds; exchanging information aimed at the execution of a contractual relationship; fulfilling obligations under laws, regulations or other Community legislation, as well as complying with measures ordered by public authorities, supervisory boards to which the Foundation is subject; managing participants, suppliers, partners and other subjects.
The interested party may refuse to grant personal data, whose transfer is, however, needed in order to guarantee a smooth management of the contractual relationship with suppliers, participants, partners and other subjects involved in the activities. Therefore, any refusal may compromise, in full or in part, the contractual relationship.
Processing is necessary to the execution of a contract, to which each subject is a party, in accordance to art. 6.1, point B) of the GDPR, and meeting with a legal obligation, in compliance with art. 6.1, point C) of the GDPR.
How do we use your personal information?
Data are processed in accordance with the principles of fairness, transparency and lawfulness, using manual or automatized tools, including through data entry in databases, lists.
The Foundation has foreseen adequate security measures, in order to protect the data of natural persons acting in the name of or on behalf of suppliers, participants, partners in different activities or other subjects.
Data are processed exclusively by persons authorised to process them. Data are not subject of automatized decision making nor profiling.
Recipients of the data
Personal data collected by the Foundation won’t be shared nor transferred to third parties. Other subjects won’t be allowed to access those data, in any possible way, including consultation.
The mentioned data may be disclosed to the Foundation’s employees or external collaborators responsible for their processing. They can also be communicated to subjects tasked with providing goods or services, within the necessary limits of such purposes.
Technicians or external consultants in charge of technical assistance on software applications, computer networks and connectivity may access the data, within the necessary limits of such purposes.
Moreover, the data may be communicated to subjects entitled to access them by the law.
The controller retains and process personal data for the time necessary to comply to the above-mentioned purposes. The period of retention may vary depending on: purpose, legal obligation, type of data. When no longer required, data will be de-indexed or deleted securely. With regard to the distribution of newsletters and information related to the Foundation’s activities, the e-mail addresses retained in the database will be deleted upon request by the interested parties. Anyway, data will not be retained for a period longer than sixty months.
Data subject’s rights
In accordance with Legislative Decree 196/2003, art. 7 and Regulation (EC) No 679/16, art. 15 and 22, the concerned natural persons may exercise their rights, i.e. ask for the confirmation of the existence of personal data, their correction, update or deletion if incomplete, wrong or collected in breach of the law.
These rights may be invoked at any times, contacting the following email address: email@example.com, specifying the subject of the request and the specific right that is invoked.
The interested party has the right to submit a complaint to the competent authorities.
This information has been updated on 29/03/2019.