OUR PRIVACY DISCLAIMERS

Consorzio Kairos S.c.s., as Data Controller pursuant to Legislative Decree No. 196/2003 – as amended by Legislative Decree No. 101/2018 – (from now on “Privacy Code”) and by EU Regulation 679/2016 (from now on: “GDPR”) – invites you, before communicating any personal data to the Data Controller, to read this Privacy Policy carefully because it contains important information on the protection of your personal data.

This Privacy Policy:

• it is intended for the website https://consorziokairos.it/ (from now on: “Website”),
• forms an integral part of the Website and the services we offer,
• is made pursuant to art. 13 of the GDPR and of the Privacy Code to those who interact with web services of the Website or who contact by telephone by post, fax or e-mail Consorzio Kairos S.c.s.

The processing of your personal data will be based on principles of fairness, lawfulness, transparency, purpose limitation and retention, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to art. 5 of the GDPR.

Your personal data will therefore be processed in accordance with the legislative provisions of the GDPR and the confidentiality obligations set forth therein as well as those of the Privacy Code still in force today.

By processing of personal data we mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as defined in art. 4.2 of the GDPR.

We inform you that the personal data being processed may consist – also depending on your decisions on how to use the services – of any information concerning your person capable of making it identified or identifiable, including textual information, photographic or video images and any other information provided, depending on the type of services requested.

INDEX

Below we provide the index of this Privacy Policy so that you can easily find the information relating to the processing of your personal data that interest you.

1. DATA CONTROLLER: WHO WE ARE AND WHAT WE DO DATA

1.1 | PROTECTION OFFICE (DPO)

2. WHAT DATA WE PROCESS

2.1 | Browsing Data

2.2 | Cookie

3. PURPOSES OF THE PROCESSING

4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING

5. RECIPIENTS OF THE DATA

6. PERSONAL DATA TRANSFER

7. DATA RETENTION

8. RIGHTS OF THE DATA SUBJECT

9. UPDATES

10. CONTACTS

1. DATA CONTROLLER: WHO WE ARE AND WHAT WE DO

Data Controller is Consorzio Kairos S.c.s., VAT Number 08134210015, with headquarters in Via Lulli, n. 8 – 10148 Turin (TO), operating in the industry/branch of has the objective of stimulating collaboration between cooperatives with the aim of human promotion and social inclusion of citizens who suffer from disadvantaged and marginalized conditions, also by coordinating the activity between cooperatives.

1.1 | DATA PROTECTION OFFICER (DPO)

The Data Protection Officer has been appointed in accordance with the provision contained in art. 37, par. 1, letter a) of the GDPR and can be reached via the e-mail address provided in section 10. Contacts of this document.

2. WHAT DATA WE PROCESS

We inform you that the personal data being processed may consist – also depending on your decisions on how to use the services – of an identifier such as a name, an identification number, location data, an online identifier, a cookie or a one or more characteristic elements of your physical, physiological, genetic, psychic, economic, cultural or social identity suitable to make the interested party identified or identifiable, depending on the type of services requested (hereinafter only “personal data”).

The personal data processed through the Website are the following:

2.1 | Browsing Data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data stored by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining any anonymous statistical information on the use of the Website to check its correct functioning, to identify anomalies and/or abuses, and are cancelled immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website or third parties.

2.2 | Cookie

The information on the cookies used by the Website is available at the following address https://consorziokairos.it/cookie-policy/

3. WHY WE PROCESS YOUR DATA – PURPOSES OF THE PROCESSING

Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:

3.1 | allow browsing of the Website and the provision of Consorzio Kairos S.c.s. services through the Website.

3.2 | find specific requests, including telephone calls, addressed to Consorzio Kairos S.c.s.

3.3 | fulfil any obligations established by applicable laws, regulations or community legislation, or satisfy requests from the authorities.

3.4 | exercise the rights of the Data Controller.

Your personal data will also be processed with automated tools.

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING

The legal basis for processing personal data for the purposes set out in sections 3.1. and 3.2. is art. 6(1)(b) of the GDPR ([…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract […]), as the processing are necessary for the performance of the activity related to the employment relationship. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the requested services.

The legal basis for the purpose referred to in section 3.3. is art. 6(1)(c) of the GDPR ([…] processing is necessary for compliance with a legal obligation to which the controller is subject […]). In fact, once the personal data has been provided, the processing is necessary to comply with legal obligations to which Consorzio Kairos S.c.s. is subject.

The legal basis for the purpose referred to in section 3.4. is art. 6(1)(f) of the GDPR ([…] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject […]).

5. RECIPIENTS OF THE DATA

Your personal data may be shared, for the purposes set out in section 3. of this Privacy Policy, with:

5.1 | Subjects, bodies or authorities to whom it is mandatory to communicate your personal data in accordance with the provisions of law or orders of the authorities.

5.2 | third parties connected to the activity of sending promotional messages via e-mail address carried out by Consorzio Kairos S.c.s.

5.3 | persons authorized by Consorzio Kairos S.c.s. to process personal data necessary to carry out activities strictly related to the employment relationship, who are committed to confidentiality or have an adequate legal obligation of confidentiality and who guarantee the processing of data in accordance with the GDPR.

The complete and updated list of Data Processors is kept at the operational headquarters of the Data Controller, located in Turin (TO) and can be sent by sending a written request to the Data Controller at the addresses indicated in the “Contacts” section of this document.

6. PERSONAL DATA TRANSFER

Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the European Economic Area. In this case, the Data Controller ensures from now on that said transfer will take place in compliance with the applicable legislation based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available by sending a written request to the Data Controller at the addresses indicated in the “Contacts” section of this document.

7. DATA RETENTION

Personal data processed for the purposes referred to in section 3.1.–3.2.–3.3.–3.4. they will be kept for the time strictly necessary to achieve those same purposes as well as, since they are processing carried out for the provision of services, up to the period of time foreseen and admitted by the Italian legislation for the protection of the interests and the right of defence of Consorzio Kairos S.c.s., paying attention to the limitation periods established by the applicable legislation.

Further information regarding the data retention period and the criteria used to determine this period can be requested by sending a written request to the Data Controller at the addresses indicated in the “Contacts” section of this document. In any case, without prejudice to the possibility for Consorzio Kairos S.c.s. to keep your personal data for the period of time envisaged and permitted by Italian law to protect its interests and the right of defence, paying attention to the limitation periods envisaged by the applicable legislation.

8. RIGHTS OF THE DATA SUBJECTS

As data subject, pursuant to artt. 15 and following of the GDPR and pursuant to art. 7 Privacy Code, you have the right to:

8.1 | obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form.

8.2 | obtain the indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the Data Controller, of the Data Processors and of the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, of the GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as designated representative in the territory of the State, Data Processors or persons in charge. 

8.3 | obtain: a) updating, rectification or, when interested, integration of data; b) the erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the statement that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment is proves impossible or involves the use of means manifestly disproportionate to the protected right.

8.4 | object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail, it should be noted that the data subject’s right to object, set out in point b) above, for direct marketing purposes using automated methods extends to the traditional ones and which in any case saves the possibility for the data subject to exercise the right to object, even only partially. Therefore, the data subject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.

Where applicable, you also have the rights pursuant to articles 16 – 22 of the GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object, right to object to automated processing including profiling).

Requests must be sent in writing to the Data Controller at the addresses indicated in the “Contacts” section of this document.

In any case, you always have the right to lodge a complaint with the supervisory authority in charge (Garante per la protezione dei dati personali), pursuant to art. 77 of the GDPR, if you believe that the processing of your data is contrary to the legislation in force.

9. UPDATES

Consorzio Kairos S.c.s. reserves the right to modify or simply update the content of this Privacy Policy, in part or completely, also due to changes in the applicable legislation. The Data Controller will inform you of these changes as soon as they are introduced on the Website. The Data Controller therefore invites you to visit this section regularly to familiarize yourself with the most recent and updated version of the Privacy Policy in order to be always updated on the data collected and, on the use, made of it the Data Controller.

10. CONTACTS

To exercise the above rights or for any other request, you can write to the aforementioned contacts; moreover, to exercise the right to have your data deleted, you can specify to the following contacts: name and surname of the person who was contacted, telephone number where the call was received, e-mail address, Company/Institution and reason for contact.

Data Controller: Consorzio Kairos S.c.s., with headquarters in Via Lulli, n. 8 – 10148 Turin (TO) e-mail: privacy@consorziokairos.org

Data Protection Officer (DPO): e-mail dpo@abprivacy.it