Purpose of this information notice
In this section we describe the processing methods applied to the personal data of the users of this web site.
First of all we would like to clarify that the web site you are visiting (hereinafter referred to as ‘Site’) is owned and directed by Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali – Ufficio Beni e Attività Culturali (hereinafter shall be referred to as ‘PISAPFMC’).
This information notice is not to be considered valid for other web sites which may be visited through links present on this internet site, and which are not managed by PISAPFMC, and to which PISAPFMC is in no way responsible.
Through consultation of this present site data regarding either identified or identifiable persons may be processed, either to allow browsing or, if necessary, for the execution of our services that you may have requested.
Hereinafter we are therefore clarifying, pursuant to article 13 of the General Data Protection Regulation (GDPR), the methods and aims of the management of this site with reference to the processing of the personal data which may be used in either one or the other case.
First of all we emphasize that this processing shall be performed in accordance with the principles of lawfulness and propriety, and in compliance with current laws.
a) Identity of contact of the Controller and of the Data Protection Officer (DPO)
Pursuant to art. 13 and 14 of the GDPR we inform you that the Controller of your personal data acquired through the site is PISAPFMC Ufficio Beni e Attività Culturali, with registered office in Piazza del Santo, 11 in Padova, Italy, and with operating headquarters in Via Orto Botanico, 11, in Padova, Italy.
The Data Protection Officer (DPO) may be contacted through a letter addressed to DPO-Provincia Padovana dei Frati Minori; Via Orto Botanico, 11 – 35123 Padova; Italy; or via email at the following address: dpo@santantonio.org
The list of privacy delegates (subjects who control the application of the GDPR in the various areas pertaining to PISAPFMC) and the external firms responsible for the processing will be kept updated and will be shown to the data subject (yourself) upon specific request.
b) What data do we process? For what purposes?
We specify that the information relating to a natural person, either identified or identifiable, such as the name, the email address, the telephone number, to postal address or the computer IP address are all personal data.
Those data that reveal the racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership as well as genetic data, biometric data which confirm the unique identification of a natural person, information relating to the health or the sex life and orientation of a person are defined as specific data.
In our site we generally only process personal data. However, it may happen that, by pure chance, specific data may also be processed (just think, for instance, if your mail were to reveal your religious or political orientation).
We specify that in the site you are browsing now the following personal data are being collected:
Data supplied by yourself
These are the personal data you supplied in the registration fields in order to access the newsletters we are offering to create a personal user account or to stipulate a contract with us. These data are processed by us for the following reasons:
- The sale or purchase or products or services present on the web site and for activities either directly or indirectly connected with them, such as, for instance, the opening and execution of a contract or the execution of possible pre-contract procedures in view of the conclusion of the proposed contract as well as all the obligations either directly or indirectly connected to it.
- To fulfill legal obligations of fiscal, administrative or tax reasons (for instance the administration of clients/suppliers; the management of the contractual relationship; invoicing; the management of orders; cash receipts and payments; delivery of goods).
- To pursue the legitimate interest of the Controller (for instance, in this indicative but not exhaustive list: in case of defense in court proceedings where necessary, but also in case of direct marketing), but in any case in compliance with the prevalent rights and fundamental liberties of the data subject (yourself) demanding the protection of personal data.
- For the sending of messages and newsletters regarding products and services or events relating to the Controller upon specific request of the data subject (yourself).
In these cases the legal basis of the processing is constituted by the fulfillment of the contract and by the legal obligation to process the data (see GDPR art. 6 points b), c), f), as well as your consent for the newsletter (GDPR art. 6 point a)).
In the case (which, as mentioned earlier, is only a mere possibility) of the processing of specific data, the legal basis of this processing is constituted by the fact that the processing is performed by the Controller, which is an Ecclesiastical Institution, and which pursues religious aims with regard to the processing of its members, ex-members or people who have regular contact with the foundation, the association or organization on account of its aims when the personal data are not disclosed outside the Ecclesiastical Institution) and by consent in the residual hypothesis (GDPR art. 9 paragraphs a) d) e) f)).
Finally, we specify that the sending of optional, explicit and voluntary messages to the contact addresses of the Controller, as well as the compilation and sending of the forms present in the site imply the acquisition of the contact details of the sender in order to answer, as well as all the personal data included in the communications.
c) Recipients of the personal data
The data will be processed within the organization by authorized personnel responsible for managing the website, administration, and accounting. They may also be disclosed to appointed external processors, whose list is available upon request.
The data acquired will in no way be disseminated.
d) Period of conservation of personal data
The data supplied for the conclusion of a contract will be kept for the duration of the services and for the successive time period dictated by law. In particular, we specify that accounting entries, invoices, and correspondence will be kept for 10 years as prescribed by law; the data necessary for the management of a possible dispute will be kept until the settlement of the dispute.
The data supplied for the subscription to the newsletters will be kept for as long as the service is active.
e) Compulsory data conferment
Data conferment is mandatory and necessary for the performance of the services between you and the Controller, and to receive the newsletters. Therefore, the possible refusal to confer the personal data requested implies the termination of the relationship.
Moreover, the Controller declares that a possible non communication or erroneous communication, of any of the mandatory data will have, as a consequence, the impossibility, on the part of the Controller, to guarantee the adequacy of the processing itself to the contractual terms under which the contract is to be performed, and the possible lack of correspondence of the results of the processing to the requirements imposed by the fiscal, administrative and work norms to which the processing is directed.
f) Rights of the Data Subject
You, the data subject, are entitled to claim from the Controller, at any moment, access to your personal data and to rectify or erase them, or restrict the processing or object to the processing (art. 15 and following of the GDPR), as well as the right to data portability, as provided for in art. 12 paragraph 2 point b) of the GDPR.
Erasure is not permissible for data contained in those Acts which require, according to law, mandatory conservation.
Consent may be withdrawn at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
You have, moreover, the right to lodge a complaint with a supervisory authority, as provided for in art. 77 of the GDPR itself, or to apply proceedings before the courts against the Controller (art. 79 of the GDPR) if you consider that the processing of your personal data performed by this site infringes the norms set by the GDPR.
g) Methods of exercising your rights
You may at any time exercise your rights via registered return mail addressed to Provincia Italiana di s. Antonio di Padova dei Frati Minori Conventuali, Ufficio Beni e Attività Culturali, via Orto Botanico 11, 35123 – Padova, Italy, or via email addressed to: privacy@santantonio.org indicating the words: “Accesso Privacy” in the subject line.