This Privacy Policy governs the manner in which the Paolo Chiesi Foundation collects, uses, maintains, and discloses information collected from users (each, a “User”) of the website www.paolochiesifoundation.org (“Site”).
This privacy policy applies to the Site and all products and services offered by the Paolo Chiesi Foundation.
Personally identifiable information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, fill out a form, and in connection with other activities, services, features, or resources we make available on our site. Users may be asked for their email address, if applicable. Users may, however, visit our site anonymously.
We collect personally identifiable information from users only if they voluntarily submit such information to us. Users can always refuse to provide personally identifiable information, unless it may prevent them from engaging in certain site-related activities.
Non-personal identification information
We may collect non-personally identifiable information from users whenever they interact with our site. Non-personally identifiable information may include your browser name, computer type and technical information relating to our site, such as the operating system and Internet service providers used and other similar information.
How we use the information collected
Paolo Chiesi Foundation may collect and use users’ personal information for the following purposes:
- To improve our site
- To send periodic emails
- If you decide to join our mailing list, you will receive emails that may include news about the Foundation, updates, information about projects and initiatives, etc.
How we protect information
We take adequate data collection, storage and processing and security measures to prevent unauthorized access, alteration, disclosure or destruction of your data, username, password, transaction information and personal data stored on our site.
Sharing of personal information
We do not sell, trade, or rent user personally identifiable information to third parties.
Third Party Websites. Users may find other content on our site that points to the sites of our partners, suppliers, sponsors, licensees and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by linked websites or our site. Furthermore, these sites or services, including their content and links, may be constantly evolving. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our site, is subject to that website’s own terms and policies.
Changes to this privacy statement
Paolo Chiesi Foundation reserves the right to update this privacy policy at any time. We encourage users to frequently check this page for any changes to stay informed of how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review these policies periodically and become aware of any changes.
Acceptance of these terms
The use of this site implies the acceptance of this policy. If you do not agree to this policy, please do not use our site. Your continued use of the Site after the posting of changes to this policy implies your acceptance of those changes.
Contact us
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: info@paolochiesifoundation.org.
Through this privacy notice, the Paolo Chiesi Foundation (the “Foundation”), in accordance with Regulation (EU) No. 679/2016 (the “GDPR”), informs you that your Personal Data, or in any case the Personal Data you provide, will be processed by the Foundation as Data Controller, in full compliance with the applicable legislation.
“Personal Data” means any information of any kind, including electronic data, that allows a person to be identified, either directly or indirectly, alone or in combination with other information.
“Processing of Personal Data” means, pursuant to Article 4(2) of the GDPR, any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination.
“Data Subject” means the identified or identifiable natural person to whom the Personal Data relate.
1. How we collect and use your Personal Data
Purpose
Personal Data are processed in order to allow the successful completion of your donation to the Paolo Chiesi Foundation.
Personal Data processed
The Foundation will process only the data necessary for the purposes indicated above. In particular, your identification data, contact details, and payment data will be processed.
The processing of special categories of data, as defined under Article 9 of the GDPR (such as, by way of example, health data), and/or data relating to minors is expressly excluded. Should such categories of data be voluntarily provided by the user, they will be immediately deleted.
Legal basis
Performance of contractual obligations: for the execution of the donation agreement to which the donating user is a party.
2. How we share your Personal Data
The Foundation may share your Personal Data with other companies, organizations, and individuals in the following circumstances:
- We may share your Personal Data with companies belonging to the Chiesi Group, both in Italy and abroad (including countries outside the EEA).
- Sharing in compliance with laws and regulations: we may share information as required by applicable laws to manage legal disputes or requests from administrative or judicial authorities.
- Sharing with service providers: we may also disclose your Personal Data to companies that provide services on our behalf. In particular, your data will be shared with Rebel Idealist Inc. (DonorBox), the provider of the platform through which your donation will be processed.
In this latter case, the Foundation will ensure the lawfulness of such sharing and will enter into data processing agreements and/or contractual clauses with the companies, organizations, and individuals with whom your Personal Data is shared, requiring them to comply with this privacy notice and to adopt appropriate security measures.
3. How we protect your Personal Data
The Foundation attaches the utmost importance to the security of your Personal Data and has adopted appropriate security measures to protect it against unauthorized access, disclosure, or loss.
To this end, the Foundation adopts the following measures:
- We take reasonable measures to ensure that the Personal Data collected is limited and relevant to the purposes for which it is processed.
- We retain your Personal Data only for the time strictly necessary for the purposes indicated in this privacy notice, unless a longer retention period is required or permitted by law.
- We use a range of technologies to ensure the confidentiality of data during transmission and adopt reliable protection mechanisms to defend data and storage servers against potential attacks.
- We carefully select business partners and service providers, requiring them to comply with our Personal Data protection requirements through specific contractual clauses. We also carry out audits and other verification activities to ensure compliance.
- We organize training, testing, and information activities on privacy and data security in order to increase awareness among employees and collaborators regarding the protection of Personal Data.
4. Retention of your Personal Data
Your Personal Data, referred to in section 1) of this notice are stored on the Foundation’s servers in Italy, or on the servers of providers (specifically appointed as Data Processors) within the European Union or outside, with all appropriate security measures adopted in advance to ensure adequate protection of your personal data.
We retain your Personal Data for the time necessary to achieve the purposes set out in this Privacy Notice.
Your Personal Data will be retained for the period indicated above, or for a shorter period if you decide to exercise one of the rights listed in the “Data Subject’s Rights” section below.
5. Data Subject’s Rights
Right of access, rectification, erasure, data portability, restriction of processing, and objection to processing.
The Foundation provides an email address that you may contact in order to exercise any of the rights listed above, to obtain the list of Data Processors and the names of the entities with whom your Personal Data has been shared: info@paolochiesifoundation.org.
If you believe that the Foundation is not processing your Personal Data in accordance with this privacy notice or with the applicable law, you have the right to exercise your rights and to lodge a complaint with the Italian Data Protection Authority.
The Data Controller is:
Paolo Chiesi Foundation, with registered office at Via Paradigna 131/A, 43122 – Parma.
With this notice, the Paolo Chiesi Foundation (“Foundation”), in accordance with the provisions of European Regulation No. 679/2016 (hereinafter “GDPR”), wishes to inform you that your Personal Data, or any Personal Data provided by you, will be processed by the Foundation as Data Controller, in full compliance with applicable legislation.
“Personal Data” means any information of any kind, including electronic data, that allows an individual to be identified either individually or in combination with other information.
“Processing of Personal Data” means, pursuant to Article 4(2) of the GDPR, any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, and dissemination.
“Data Subject” means the identified or identifiable living individual to whom the Personal Data refers.
1. How we collect and use your personal data
Purpose
The data is processed solely to allow the Foundation to provide the newsletter service.
Personal data processed
The Foundation will only process the data necessary for the aforementioned purpose. Specifically, we will process your name, surname, and the email address you choose to subscribe to.
The processing of sensitive data, as defined in Article 9 of the GDPR (such as, for example, health data) and/or data relating to minors, is expressly excluded. These categories of data, if shared voluntarily by the User, will be immediately deleted.
Legal basis
Consent: freely given by the user.
2. How we share your personal data
The Foundation may share your personal data with other companies, organizations, and individuals under the following circumstances:
- Sharing in compliance with laws and regulations: We may share information required by applicable laws to handle legal disputes or requests from administrative or judicial authorities.
- Sharing with service providers: We may also disclose your Personal Data to companies that provide services on our behalf. Specifically, your data will be shared with Sendinblue SAS, a platform provider headquartered in France, through which you will subscribe to the Foundation’s mailing lists.
In the latter case, the Foundation will ensure the lawfulness of such sharing and will enter into data processing agreements and/or clauses with the companies, organizations, and individuals with whom your Personal Data will be shared, requiring them to comply with this policy and adopt appropriate security measures.
3. How we protect your Personal Data
The Foundation places the utmost importance on the security of your Personal Data and has implemented appropriate security measures to protect against unauthorized access, disclosure, or loss.
To this end, the Foundation adopts the following measures:
- We take reasonable steps to ensure that the Personal Data collected is limited and relevant to the purposes for which it is processed.
- We retain your Personal Data only for as long as strictly necessary for the purposes indicated in this policy, unless the law requires or permits a longer retention period.
- We use a variety of technologies to ensure the confidentiality of data during transmission. We adopt reliable protection mechanisms to defend data and storage servers from potential attacks.
- We carefully select business partners and service providers, requiring them to comply with our Personal Data protection requirements through specific clauses in their contracts. Furthermore, we conduct audits and other verification activities to ensure compliance with these requirements.
- We organize training, testing, and information activities on privacy and security protection to increase employee and contractor awareness regarding Personal Data protection.
4. Retention of Your Personal Data
Your Personal Data referred to in section 1) of this notice is stored on the Foundation’s servers in Italy, or on the servers of suppliers (specifically appointed as Data Processors) within or outside the European Union, with the prior adoption of all appropriate security measures to ensure adequate protection of your personal data.
We retain your Personal Data for the time necessary for the purposes indicated in this Privacy Policy.
Your Personal Data will be retained for the period indicated above, or for a shorter period if you decide to exercise one of the rights listed in the “Rights of the Data Subject” section below.
5. Rights of of the Data Subject
Access, rectification, erasure, portability, restriction of processing, and objection to processing.
The Foundation provides an email address where you can exercise any of the rights listed above, including a list of data processors and the names of those with whom your data has been shared: info@paolochiesifoundation.org.
If you believe that the Foundation is not processing your data in compliance with this policy or applicable law, we remind you that you have the right to exercise your rights and lodge a complaint with the Italian Data Protection Authority.
The Data Controller is:
Paolo Chiesi Foundation, with registered office at Via Paradigna 131/A 43122 – Parma
