International Agency for the Prevention of Blindness-IAPB Italy – www.iapb.it
IAPB Italy, with its registered office in Via U. Biancamano 25 – 00185 Rome (hereinafter, “Controller”), as data controller, informs you – pursuant to art. 13 D.Lgs. 30.6.2003, no. 196 (hereinafter, “Data Protection Code“) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR“) – that your data will be processed in the described manner and for the following purposes:
1. INFORMATION WE MAY COLLECT FROM YOU
The Controller collects and processes personal data (such as name, surname, address, telephone number, e-mail, bank and payment details) – hereinafter, “personal data” or even “data” – which you have provided at the time of registering to the Controller’s site or subscribing to any of its services.
2. PURPOSES OF PERSONAL DATA PROCESSING
Your personal data are processed:
2.A) without your express consent art. 24 lett. a), b), c) of the Data Protection Code and art. 6 lett. b), e) of [GDPR] for the following Service Purposes: the Company processes the personal data provided by you or already in its possession, to finalise, manage and perform the activity requested by you. For instance: participation in the Forum “Ask the ophthalmologist”, phone calls to our toll-free number 800-068506 [available from Italy only, otherwise call + 39 06 36004929 from abroad], participation in development projects and/or mini-projects, donations, legacies, devolution of the 5xmille to IAPB with your tax return;
2.B) with your express consent only (articles 23 and 130 of the Data Protection Code, article 7 of GDPR), for the following Marketing Purposes: to send you by email, mail and/or sms and/or telephone, newsletter, any commercial and/ or promotional communications on projects, events, activities or services offered by the Controller. In such cases, the provision of your personal data will be optional and your refusal will not have any consequences on the legal relationships already existing or being established, thus precluding only the performance of the activities indicated in this point
3. HOW DO WE PROCESS YOUR DATA?
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Data Protection Code and art.4 no. 2) of GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, usage, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subjected to both paper based and electronic and/or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service Finality relationship and for no more than 6 years from the collection of data for Marketing Purposes.
4. WHO CAN ACCESS YOUR PERSONAL DATA?
Your data may be made accessible for the purposes referred to in art. 2.A and art. 2.B to anybody who, within the Company, and within parent companies, affiliated companies or subsidiaries of IAPB Italy, need them in consequence of their tasks or company role. These subjects, whose number will be as limited as possible, will be appropriately trained in order to avoid losses, destruction, unauthorized access or unauthorized processing of the data.
Furthermore, data may be disclosed to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent collaborators, also in associated form; third parties and suppliers used by the Controller for the provision of services of a commercial, professional and technical nature, which may be useful to the management of the Site and related functionalities (eg. IT service providers and Cloud Computing), to the pursuit of the purposes specified above and the services requested by the user; (iii) third parties in the case of mergers, acquisitions, sale of company or business units, audits or other extraordinary transactions; (iv) the corporate SB [[Supervisory Body]], domiciled with the Controller, for the pursuit of its supervisory activities and the implementation of the IAPB Italy Code of Conduct. These subjects will only receive the data necessary for the relevant functions and will undertake to use them only for the purposes indicated above and to treat them in compliance with the applicable privacy legislation. The data can also be communicated to the legitimate recipients according to the applicable legislation. With the exception of the aforementioned, the data is not shared with third parties, natural or legal persons, who do not perform any commercial, professional or technical function for the Controller and will not be disclosed. The subjects who receive the data treat it as Controllers, Managers or subjects authorized to process it, depending on the case, for the purposes indicated above and in compliance with the applicable law on privacy.
Regarding the possible transfer of data to Third Countries, including countries that may not guarantee the same level of protection as the applicable legislation, the Data Controller declares that the processing will take place according to one of the methods allowed by the Regulation, such as for example the user’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects belonging to international programs for free circulation of data, (eg. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
5. WHO WILL YOUR PERSONAL DATA BE SHARED WITH?
Without the need for express consent ex art. 24 lett. a), b), d) of the Data Protection Code and art. 6 lett. b) and c) of [GDPR], the Data Controller may share your data for the purposes referred to in art. 2.A to companies providing IT and archival services, or other technical/organizational services as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers. Your information will not be disseminated.
6. HOW DO WE STORE YOUR PERSONAL DATA?
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
7. WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT HAPPENS IF YOU REFUSE TO PROVIDE IT?
The provision of data for the purposes referred to in art. 2.A is mandatory. In their absence, we can not guarantee the services listed in art. 2.A.
The provision of data for the purposes referred to in art. 2.B is optional. You can therefore decide not to provide any data or to subsequently deny the possibility to process data already given: in this case, you will not be able to receive newsletters, commercial and promotional communications concerning the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in art. 2.A.
8. WHAT ARE YOUR RIGHTS?
In your capacity as an interested party, you have the rights set forth in art. 7 of the Data Protection Code and art. 15 of GDPR. Precisely, you have the right to:
i. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
ii. obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the controller, the managers and the designated representative pursuant to art. 5, paragraph 2 of the Data Protection Code and art. 3, paragraph 1, of GDPR; e) of the subjects or categories of subjects to whom the personal data may be shared with or who may become aware of it as a designated representative in the territory of the State, of managers or agents;
iii. obtain: a) the update, rectification or, when you have an interest in it, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards to their content, of those subjects with whom the data has been shared or disseminated, except in the case where this proves to be impossible or involves a use of means manifestly disproportionate to the protected right;
iv. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, the data subject also has the rights referred to in Articles 16-21 of GDPR (right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
9. HOW CAN YOU EXERCISE YOUR RIGHTS?
You can exercise your rights at any point by getting in touch with us:
➢ by email: firstname.lastname@example.org
➢ by post: IAPB Italia onlus – Via U. Biancamano, 25 – 00185 Rome, Italy
➢ by phone: +39 06 36004929 (fax 06 36086880)
10. DATA CONTROLLER AND DATA PROCESSORS
The Data Controller is IAPB Italy, with its registered office in Via U. Biancamano, 25 – 00185 Rome, Italy;
the updated list of data processors is kept at the Data Controller’s headquarters.
By continuing to browse this website, you are consenting to their use in accordance with the regulations in force. Their use by the IAPB Italy has statistical purposes: in order to offer a better website, user data are periodically analyzed. Remember, however, that the Website user has, at any time, the possibility to block such cookies (small traceability programs) by modifying their browser’s settings accordingly.
HOW TO DISABLE COOKIES THROUGH A BROWSER’S SETTINGS
By modifying the settings of your browser, you can manage cookies in order to respect your preferences. Each browser offers the possibility of accepting or not cookies in a specific manner for different websites and web applications. In addition, some browsers also allow you to define different settings for “First-party” and “Third-party” cookies.
Warning: disabling cookies may prevent the use of some features of this website. The disabling of “Third-party” cookies does not affect the browsing in any way.
The procedure slightly varies depending on the type of browser. For detailed instructions, follow one of the following links:
Please note: this website offers content for information purposes only, which cannot replace an eye examination.