The administrator of data processing
The congregation of the Missionary Sisters of the Immaculate which has its legal headquarters in Via Masaccio no 20 – 20149 Milan (MI), is the data administrator of the personal data collected on this site in accordance with and with effect of the privacy code. The data administrator (legal representative) establishes the purposes and means for data processing.
The Congregation of the Mssionary Sisters of the Immaculate is committed and is of responsible to safeguard the personal data. Therefore, we inform you about the methods and purposes in the ambit of communication and circulation of Your personal data and of Your rights in conformity with the art. no. 13 D. Lgs. 30.6.2003 no. 196 (following “Privacy Code”) and of the art. 13, UE directive no. 2016/679 (following “GDPR”), that Your data will be handled with modalities for these subsequent scope.
1. Object to processing data
2. Purpose and duration of processing
Your personal data are processed:
A) Without Your expressed consent (a 24 literally. a), b), c) Privacy Code and art. 6 literally. b), E) GDPR General Data Protection Regulation), for the following Purposes of service:
- To terminate the contracts for the services of the administrator;
- To fulfil of the legal obligation, legal and tax obligations deriving from Your legal existing information;
- To fulfil the obligations foreseen by rules, regulations and the community legislation or an order of authority (for example the anti-money laundering);
- To exercise the rights of the administrator, for example to claim the right of defence;
- processing is necessary in order to protect the vital interests of our users or of another natural person;
- To implement a task of public interest from the part of the administrator of data processing;
- For the continuation of the legitimate interest of the administrator of data processing or of the third parties;
B) Only after Your specific and distinct consent (to 23 and 130 Privacy Code and art. 7 GDPR), for the following Marketing purposes:
- To send them through e-mail, posts and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the administrator, collection of data on the quality of the services;
We inform that if you have already benefited of our services we may send You the commercial communications related to services of the administrator similar to those of which you have already benefited, except for Your disagreement (art. 130 c. 4 Privacy Code). To deny one’s own consent to this service of the data will be possible to contact the congregation of the Missionary Sisters of the Immaculate and to revoke one’s own consent to this type of processing in accordance with the rights of the person referred to in art. 7 Privacy Code and art. 15 and 16-21 GDPR. The rights of the person concerned are totally detailed in point 8 of the information.
3. Modality and duration of processing
The process of Your personal data is carried out by means of the operations indicated in art. 4 of Privacy Code and in art. 4 No. 2) GDPR and namely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both hardcopy and electronic and/or automatic process.
The administrator will process the personal data for the time necessary to fulfil the above purposes and but, for not more than 10 years after the termination of the report for the Purposes of the Service and for not more than 2 years from the collection of data for the Marketing Purposes.
- According to the provisions of law the bills, the accounting documents and the data related to transactions will be kept for 10 years (including ivi tax obligations);
- However, the data concerning telecommunication excludes the contents of the communications, will be kept not more than 6 years from the date of communication, according to the provisions of law art. 24 no. 167/2017, which has recognised the EU directive 2017/541 with matters on anti-terrorism;
- In case of implementing the right of negligence through the request for the cancellation of right to personal data processed by the administrator, such data will be conserved, in a protected form and with limited access, only for the purposes of confirming and repressing offences, not more than 12 months from the date of the request and subsequently will be deleted safely or unacknowledged in an irreversible manner The modalities for exercising the right to cancel are expressed in paragraph eight of the current information.
4. Access to Data
Your data may be made accessible for the purposes referred to art. 2. Literally . a):
- To the personnel and collaborators of the administrator, in their quality of responsibility and/or internal person responsible for the process and/or of the system administrators;
- Other subjects (by way of an indication, professional studies, consultants such as accountants, work consultants, etc.) who carry out outsourcing activities on behalf of the administrator in their quality as external persons in charge of the processing.
5. Communication of data
Without the need for an expressed consent (ex art. 24 literally a), B), d) Privacy Code and art. 6 literally. b) and C) GDPR), the administrator may communicate Your data for the purposes referred to art. 2. literally .a) to judicial authorities, as well as to those persons to whom the communication is obligatory by law for the accomplishment of the assumed purposes. These subjects will deal the data in their quality as autonomous owners of the processing.
The administrator of the process ensures the non-diffusion of their data.
6. Data transfer
The personal data are stored on servers positioned within the European Union in accordance with the modality that respects the European regulations regarding the GDPR data processing with regard to the correct and safe protection of the same. However, it remains that the administrator, if necessary, will have the right to move the servers also extra-EU. In this case, the administrator shall ensure that the transfer of extra-EU data will take place in accordance with the applicable legal provisions, subject to the specification of the standard contractual clauses provided for by the European Commission.
7. Nature of the conferral of data and the consequences of refusal to respond
The conferral of the data for the purposes referred to art. 2. literally. A) is obligatory. In their absence, we will not be able to guarantee you the services of art. 2. Literally a).
The conferral of the data for the purposes referred to art. 2. literally b) is instead optional. Therefore, it can decide not to confer any data or subsequently to deny the possibility of processing already provided information: In this case, it will not be able to receive newsletters, commercial communications, advertising material on the Services offered by the administrator and any Wishes in conjunction with festivities. However, it will continue to be entitled to the services referred to art. 2. Literally a).
Whereas the person conferring the data is less than 16 years of age, such processing will be acceptable only if and in the measure in which such consent is granted or authorized by the administrator of parental responsibility for which the identification data and the Copy of the recognition documents are acquired.
8. The rights of the person concerned
As far as Your person concerned you have the rights referred to in art. 7 in Privacy Code and art. 15 in GDPR and precisely the rights of:
- To obtain the confirmation of the existence or less than the personal data that concerns yourself, even if not yet registered, and their communication in an intelligible form;
- To obtain the indication: a) of the origin of the personal data; (b) of the purposes and modalities of processing; c) of the logic applied in case of carried out processing with the help of electronic instruments; d) of the final identification details of the administrator, of the responsible person and the designated representative pursuant to art. 5, paragraph 2 of Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of persons to whom the personal data may be communicated or which may become acquainted with them in their quality as designated representative in the territory of the State, of persons in charge or appointed;
- To obtain: a) the updates, the rectification or, when it has the interest the of integration of data; (b) The cancellation, the transformation in an anonymous form or blocking of processed data in violation of law, including those which are not required the storage in relation to the purposes for which the data were collected or subsequently processed; (c) The attestation which the services referred to a) and b) have been brought to the knowledge, even with regard to their content, of those to whom the data have been communicated or circulated, except the case in which such fulfilment is impossible or involves an investment of means obviously disproportionate to the protected law; To oppose, in whole or in part: a) for legitimate reasons for the processing of personal data concerning You, even if relevant to the purpose of the collection;
- To oppose, in whole or in part: a) for legitimate reasons for the processing of personal data concerning it, even if relevant to the purpose of the collection; b) to the processing of personal data that concerns You for the purposes of sending advertising material or of direct sales or for the completion of market research or commercial communication, through the use of automatic systems called without the involvement of an operator through e-mail and/or through traditional marketing modalities through telephone and/or post. It is stated that the right of opposition of the person concerned, shown in the previous point b), for direct marketing purposes through automatic methods extends to that of traditional ones and that however it remains safe the possibility for the person concerned to exercise the right of opposition even in part. Therefore, the person concerned may decide to receive only communications using traditional means or only automatic communications or none of the two types of communication.
Where applicable, it shall also has the rights referred to articles. 16-21 GDPR (right of rectification, right to void, right of processing limitation, right to portability of data, right of opposition), as well as the right to claim to the Guarantor Authority.
9. Method of exercising the rights
You may at any time exercise your rights by sending:
- A registered post to the congregation of the Missionary Sisters of the Immaculate Via Masaccio, 20 20149 Milan;
- An e-mail address: firstname.lastname@example.org
10. Google reCAPTCHA v3
11. To modify the Information
The present information may be subject to change. If substantial changes are made to the use of the user’s data by the administrator, the latter will notify the user publishing with the maximum evidence on their pages or through alternative or similar means.
12. The administrator, Manager and Person in charge
The administrator of the processing is the congregation of the Missionary Sisters of the Immaculate with its headquarters in via Masaccio, 20 – 20149 Milano (MI). The updated list of administrators and persons in charge of processing shall be kept at the headquarters of the administrator of the data processing.
13. Regulatory references
You can view the Code regarding the protection of personal data of the Guarantor of privacy by clicking here.
You can view the European privacy regulations by clicking here.
You can access the Italian data protection supervisor’s website by clicking here.
You can access the European data protection supervisor’s website (GEDP) by clicking here..