Information on the processing of personal data pursuant to art. 13-14 of the GDPR (GENERAL DATA PROTECTION REGULATION) 2016/679

KAIROS CONSORTIUM OF SOCIAL COOPERATIVES – SOCIETY COOPERATIVA SOCIAL – O.N.L.U.S., as Data Controller (hereinafter also: Data Controller) pursuant to EU Regulation 679/2016 (hereinafter: “GDPR”) and of the Legislative Decree 196/2003, as amended by Legislative Decree. 101/2018 (hereinafter “Privacy Code”). Before communicating any personal data to the Data Controller, invites you to carefully read this Privacy Policy because it contains important information on the protection of your personal data.

This Privacy Policy:

is intended for the site https://www.consorziokairos.it/ (hereinafter: “Site”), as well as for requests, information and services that were requested by phone at: 011-2207819 or by email at following email address: privacy@consorziokairos.org;

forms an integral part of the Site and the services we offer;

is provided pursuant to art. 13 of the GDPR and of the Privacy Code to those who interact with the web services of the Site or who contact by telephone or by post or by fax or email of Consorzio Kairos S.c.s. Onlus.

The processing of your personal data will be based on the principles of correctness, lawfulness, transparency, purpose limitation and conservation, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to art. 5 of the GDPR.

Your personal data will therefore be processed in accordance with the legislative provisions of the GDPR and the confidentiality obligations set forth therein as well as those of the Privacy Code still in force today.

By processing of personal data we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, as defined in art. 4.2 of the GDPR.

We inform you that the personal data being processed may be constituted – also depending on your decisions on how to use the services – by any information concerning your person suitable for making him or her identified or identifiable, including textual information, photographic or video images and by any other information provided.

1. DATA CONTROLLER: WHO WE ARE AND WHAT WE DO

The data controller is KAIROS CONSORTIUM OF SOCIAL COOPERATIVES – SOCIETY COOPERATIVE SO CIALE – O.N.L.U.S. , Tax Code / VAT number 08134210015, with registered office in via Lulli n. 8/7 – 10148 Turin (TO), which aims to address social hardship, especially of all vulnerable groups, through a work of awareness of the area, prevention and promotion of community work.

1.1 DATA PROTECTION MANAGER (DPO)

Data Protection Officer (DPO) is PrivaCycura S.r.l., with registered office in via Monte Vodice 12 / D – 10141 Turin (TO), Tax Code / VAT number 11229970014, R.E.A. TO – 1197908.

Through the Site, different categories of personal data are collected and processed, for different purposes and with different methods. Personal data is information relating to a defined or definable natural person.

2. WHAT DATA WE PROCESS

We inform you that the personal data being processed may consist of an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of your physical, physiological, genetic, psychological identity. , economic, cultural or social suitable to make the interested party identified or identifiable, depending on the type of services requested (hereinafter only “personal data”).

The personal data processed through the Site are as follows:

A. Data provided voluntarily by you – Particular Data

Except for the reference to specific information, this Privacy Policy is also intended for the processing of data voluntarily provided by you by e-mail and / or telephone and / or through the form contained within the Site for the purposes of online requests. In this regard, we invite you not to disclose information that may fall within the special categories of personal data referred to in art. 9 of the GDPR (for example, data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, life / sexual orientation as well as genetic data, biometric data or data relating to your state of health ), unless it is expressly requested and subject to specific information and possible consent.

B. Third party data provided voluntarily by you

In the use of particular services, the processing of personal data of third parties, communicated by you to the Data Controller, may occur. With respect to these hypotheses, you act as an independent data controller, assuming all the obligations and responsibilities of the law. In this sense, you grant the widest indemnity on this point with respect to any dispute, claim, request for compensation for damage from treatment, etc. that should reach the Data Controller from third parties, whose personal data have been processed through your use of the Site’s services in violation of the applicable rules on the protection of personal data. In any case, if you provide or otherwise process personal data of third parties in the use of the Site, you guarantee from now – assuming all related responsibility – that this particular hypothesis of treatment is based on the prior acquisition – by you – of the consent. of the third party to the processing of information concerning them and their dissemination and that said processing by you will take place in compliance with the GDPR.

C. Cookies

The description of the cookies used by the website can be found in the Cookie Policy of the site, at the following address: http://www.consorziokairos.it/cookies-policy/

3. WHY WE PROCESS YOUR DATA – PURPOSE OF THE PROCESSING

Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:

3.1. allow navigation of the Site and the provision of the services of the Data Controller through the Site;

3.2. find specific requests, including telephone, fax or email, addressed to the Data Controller;

3.3. fulfill any obligations established by applicable laws, regulations or community legislation, or satisfy requests from the authorities;

3.4. exercise the rights of the owner.

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING

The legal basis for the processing of personal data for the purposes referred to in sections 3.1 and 3.2 is art. 6 (1) (b) of the GDPR ([…] the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same […]), as the treatments are necessary for the provision of services. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the requested services.

The legal basis for the purpose referred to in section 3.3 is art. 6 (1) (c) of the GDPR ([…] processing is necessary to fulfill a legal obligation to which the data controller is subject […]). In fact, once the personal data has been provided, the processing is indeed necessary to fulfill legal obligations to which the Data Controller is subject.

The legal basis for the purpose referred to in section 3.4 is art. 6 (1) (f) of the GDPR ([…] processing is necessary for the pursuit of the legitimate interest of the owner or third parties, provided that the interests or fundamental rights or freedoms of the interested party do not prevail […]). In fact, once the personal data has been provided, the processing is indeed necessary for the pursuit of a legitimate interest of the Data Controller under the aforementioned conditions.

5. RECIPIENTS OF PERSONAL DATA

Your personal data may be shared, for the purposes referred to in section 3 of this Privacy Policy, with:

5.1. subjects who typically act as data processors, that is: i) subjects delegated to carry out technical or IT maintenance activities, such as by way of example but not limited to, subjects operating on management software, on the electronic register, etc .; (collectively “Recipients”).

5.2. subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities;

5.3. persons authorized by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of services, who are committed to confidentiality or have an adequate legal obligation of confidentiality and who guarantee the processing of data in accordance with the GDPR.

6. TRANSFERS OF PERSONAL DATA

Personal data are stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the European Economic Area. In this case, the Data Controller ensures from now on that said transfer will take place in compliance with the applicable legislation based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. More information is available by sending a written request to the Data Controller at the addresses indicated in the “Contacts” section of this statement.

7. STORAGE OF PERSONAL DATA

The personal data processed for the purposes referred to in section 3 will be kept for the time strictly necessary to achieve those same purposes as well as, in the case of treatments carried out for the provision of services, up to the period of time envisaged and allowed by the Italian legislation for the protection of interests and the right of defense of the Data Controller, having regard to the limitation periods provided for by the applicable legislation.

Further information regarding the data retention period and the criteria used to determine this period can be requested by sending a written request to the Data Controller at the addresses indicated in the “Contacts” section of this statement.

8. RIGHTS OF THE INTERESTED PARTY

In your capacity as interested party, pursuant to art. 15 and ss. of the GDPR, you have the right to:

1_ obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

2_obtain the indication: a) of the origin of personal data; b) the purposes and methods of the processing; c) the logic applied in case of processing carried out with the aid of electronic tools; d) the identity of the owner, manager and the designated representative pursuant to Article 3, paragraph 1, of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents;

3_ obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data which need not be kept for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means that are manifestly disproportionate to the protected right;

4_ object, in whole or in part: a) to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail, It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to the traditional ones and which in any case remain without prejudice to the possibility for the interested party to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.

Where applicable, it also has the rights referred to in Articles. 16-22 of the GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object, right to object to automated processing, including profiling).

Requests must be sent in writing to the Data Controller at the addresses indicated in the “Contacts” section of this statement.

In any case, you always have the right to lodge a complaint with the competent supervisory authority (Guarantor for the protection of personal data), pursuant to art. 77 of the GDPR, if you believe that the processing of your data is contrary to the legislation in force.

9. MODIFICATIONS

The Owner reserves the right to modify or simply update the content of this Privacy Policy, in part or completely, also due to changes in the applicable legislation. In this case, Consorzio Kairos S.c.s. Onlus will inform you of these changes as soon as they are introduced and they will be binding as soon as they are published on the Site. The Owner therefore invites you to regularly visit this section to become aware of the most recent and updated version of the Privacy Policy in order to always be updated on the data collected and on the use made by the Data Controller.

10. CONTACTS

To exercise the above rights or for any other request, you can write to:

Data controller: KAIROS CONSORTIUM OF SOCIAL COOPERATIVES – SOCIETY COOPERATIVE SOCIAL – O.N.L.U.S., with registered and operational headquarters in via Lulli n. 8/7 – 10148 Turin (TO) email: privacy@consorziokairos.org

Responsible for the Protection of Personal Data (DPO): PrivaCycura S.r.l., with legal and operational headquarters in via Monte Vodice n. 12 / D – 10141 Turin (TO), email: dpo@privacycura.com