DATA PROTECTION POLICY
GDPR – European Data Protection Regulation 2016 / 679 / EU
This Data Protection Policy is provided pursuant to and in compliance with Article 13 of the Regulation (EU) 2016/679 (hereinafter ‘GDPR’) on the protection of natural persons regarding the processing of personal data. It aims to explain in a transparent manner how and why we collect, store and use your personal data and how you can exercise your rights concerning such processing.
1. Who is the Data Controller, and how can I contact them?
The Data Controller is the Wellness Foundation (VAT no.: 03340690407) with registered office at Via Uberti 48, Cesena (hereinafter the ‘Foundation’ or the ‘Data Controller’). You can contact the Foundation at the above address or by email at: firstname.lastname@example.org. To know your rights, please consult section 9 of this document.
2. When does this policy apply? What are the purposes for which your data is processed?
This Data Protection Policy applies to data collected, only with the Data Subject’s consent, through the form on the Site or during the initiatives and events organised by the Foundation or those in which the Foundation participates as a sponsor or guest. This data will be processed in compliance with the privacy legislation referred to above and the principles of correctness, lawfulness, transparency and protection of confidentiality for the following purposes:
- For purposes related to the promotion of Wellness culture, understood as a lifestyle combining regular physical activity, healthy eating and a positive mental approach.
- For research purposes, such as the collection of qualitative and quantitative data on lifestyles through voluntary questionnaires.
- For purposes related to training activities on the theme of Exercise is Medicine for general practitioners and residents
- For purposes related to communication campaigns for the entire population (e.g. Wellness Week) and parents to combat childhood obesity (e.g. Gioca Wellness [Play Wellness]).
The Foundation does not carry out marketing or profiling activities.
3. What personal data are collected?
The Foundation processes, for example but not limited to, the following categories of personal data:
- Personal and contact details such as: first name and surname, date of birth, address of residence or domicile, landline and mobile phone numbers, and email address…
- Other personal data such as: organisation they belong to, job title…
- Qualitative and quantitative data on lifestyles in anonymous and aggregate form only, through voluntary questionnaires.
4. Personal data of minors?
We process the personal data of persons under 18 only in anonymous and aggregate form, with the prior consent of the holders of a parental authority solely for the purposes set out in point c) of the previous paragraph.
5. What is the nature of the data provision and what are the consequences of refusal?
The Data Subject’s provision of data is always subject to their consent. If the person concerned refuses to receive communications, the Foundation will be unable to keep them updated on the studies and initiatives undertaken.
The processing of the data takes place with the aid of manual and electronic tools and, in any case, in such a way as to
ensure their security and confidentiality.
6. Who can have access to your personal data?
The data collected for the purposes referred to in paragraph 3 may be accessed by: persons authorised under Italian law, regulations or EU legislation or as ordered by the Judicial Authorities; the Foundation’s employees, contractors and consultants who may become aware of your personal data in their capacity as ‘Data Processors’; other persons who need access to the data for purposes ancillary to the existing contractual relationship and/or to provide services to the Foundation (for example but not limited to Foundation computer systems maintenance, email system providers…) as ‘External Data Processors“.
The list of natural persons or legal entities with whom your personal data may be shared is
available on request by writing to email@example.com
7. What about international transfers?
Your personal data collected for the purposes referred to in paragraph 3, if guaranteed by adequacy decisions, may be transferred to other European Union countries or to non-EU countries, to the same categories of subjects as above for the same purposes for which they were collected.
In the case of data transfer to non-EU countries not guaranteed by adequacy decisions, the transfer will only occur after the adoption of appropriate safeguards in compliance with the GDPR.
8. How long do we keep personal data?
Your personal data collected for the purposes referred to in paragraph 3 shall be processed until you revoke any consent given to its processing, without prejudice to any processing lawfully carried out before such revocation.
9. What are the Data Subject’s rights concerning personal data processing, and how can they be exercised?
The GDPR guarantees the Data Subject a series of rights that can be exercised by notifying the Foundation at the address given in paragraph 1.
A brief description of the Data Subject’s rights concerning the processing of personal data follows.
- The right of access allows the Data Subject to obtain confirmation of whether or not the Foundation is processing their personal data and, if necessary, to obtain access to such data and related information;
- The right of rectification enables the Data Subject to have inaccurate personal data amended without undue delay and, taking into account the purposes of the processing, to have incomplete data supplemented;
- The right to erasure allows the Data Subject to have the data erased without undue delay (e.g. when the personal data are no longer necessary for the purpose for which it was collected), without prejudice to exceptions provided for in applicable legislation (e.g. when the retention of data is necessary to fulfil the Data Controller’s legal obligations). This right does not extend to the lawfulness of data processing based on consent given before its revocation.
- The right to data portability allows the Data Subject, in certain circumstances provided for by applicable legislation, to receive in a structured, commonly used and machine-readable format the personal data concerning them as provided to the Foundation.
- The right to restriction of processing allows the Data Subject to limit the processing of their personal data. In such cases, the Foundation may continue to process the Data Subject’s data, but only under certain circumstances (e.g. to exercise its right of defence and to protect the rights of other natural persons or legal entities);
- The right to object to processing allows the Data Subject, in certain circumstances pursuant to applicable legislation, to object to the processing of personal data concerning them, unless there are freedoms, rights or overriding legitimate reasons for the Foundation to continue such processing.
The Data Subject may complain to the Data Protection Authority if they feel they have not received a satisfactory response from the Data Controller regarding their rights or think they have been violated. The Italian Data Protection Authority’s contact details are available at this link: https://www.garanteprivacy.it/.
We may occasionally make changes to this Policy. Should they be of material significance, we will provide the Data Subject with a clearly visible notice, depending on the circumstances, e.g. on the Foundation’s Website or by email.