Privacy policy
Fondazione Cassa di Risparmio di Cuneo, with registered office in Via Roma, 17 – 12100 Cuneo, CF 96031120049 as Data Controller, informs you that the processing of your personal data will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, data minimization, accuracy, integrity and confidentiality. Your personal data will therefore be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations provided therein.
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is the Fondazione Cassa di Risparmio di Cuneo, with registered office in Via Roma, 17 – 12100 Cuneo, CF 96031120049, whose data are also reported on the website on the Home Page and/or on other web pages of the same.
The Data Protection Officer is the lawyer Luisa Di Giacomo, with office in Turin, Corso Vittorio Emanuele II n. 76, contactable at the email address dpo@fondazionecrc.it
2. THE PERSONAL DATA SUBJECT TO PROCESSING
“Personal Data” means any information relating to an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to your physical, physiological, mental, economic, cultural or social identity.
The Personal Data collected by the Site are the following:
to. Browsing data
The Site's computer systems collect some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with you, but by its very nature could, through processing and association with data held by third parties, allow you to be identified. These include the IP addresses or domain names of the devices used to connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to your operating system and computer environment.
These data are used to obtain anonymous statistical information on the use of the Site and to check its correct functioning; to allow - given the architecture of the systems used - the correct provision of the various functions requested by you, for security reasons and to ascertain responsibility in the event of hypothetical computer crimes against the Site or third parties and are deleted after 7 days; in any case, such data are stored by the Owner of the site for the period strictly necessary and in any case in compliance with the current regulatory provisions on the matter.
b. Data provided voluntarily
Through the Site you have the possibility to voluntarily provide Personal Data such as your name and email address to request information regarding the services provided by the Data Controller, or to contact the Data Controller through the “Contact Us” form, to communicate via email or to subscribe to the newsletter service (or other similar services). Users are free to provide their personal data, but failure to provide them may make it impossible to obtain the requested service. The Data Controller will process these data in compliance with the Applicable Regulations, assuming that they refer to you or to third parties who have expressly authorized you to provide them on the basis of an appropriate legal basis that legitimises the processing of the data in question. With respect to this latter hypothesis, you act as an independent data controller, assuming all legal obligations and responsibilities. In this sense, you grant the broadest indemnity on this point with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the Data Controller from third parties whose Personal Data have been processed through your use of the Site in violation of the Applicable Regulations.
c. Cookies and similar technologies
The Owner collects Personal Data through cookies. More information on the use of cookies and similar technologies is available here (link to the cookies policy ).
3. PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
The Personal Data you provide through the Site will be processed by the Data Controller for the following purposes:
a) response to a request from the interested party, purposes related to the execution of a contract to which you are a party or to the execution of pre-contractual measures adopted at your request (e.g.: contact request via the Contact form or e-mail, registration for the newsletter service, etc.); in this case the provision is optional, but in the event of its absence it will not be possible to respond to your question or provide you with the requested service;
b) purposes of statistical research/analysis on aggregate or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the functioning of the Site, measuring traffic and evaluating usability and interest;
c) purposes related to the fulfillment of a legal obligation to which the Data Controller is subject;
d) purposes necessary to ascertain, exercise or defend a right in court or whenever the jurisdictional authorities exercise their jurisdictional functions.
The legal basis for the processing of Personal Data for the purposes referred to in point a) is the provision of a service or the response to a request from the interested party, and therefore consent is not required pursuant to the Applicable Regulations.
The purpose referred to in point b) does not involve the processing of Personal Data, while the purposes referred to in points c) and d) represent a legitimate processing of Personal Data pursuant to the Applicable Regulations since, once the Personal Data has been provided, the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
4. TREATMENT METHODS
In relation to the purposes mentioned above, the processing is carried out using manual, computerised and telematic tools with logics strictly related to the aforementioned purposes and, in any case, in a way that guarantees the security and confidentiality of the data and with the commitment on your part to promptly communicate to us any corrections, modifications and updates. Said processing may be carried out on behalf of the Data Controller for the purposes and with the methods described above and in compliance with criteria suitable for guaranteeing security and confidentiality, by companies, firms, bodies and external collaborators appointed as Data Processors and only with regard to the processing carried out by them.
None of your personal data held by the Data Controller can be traced back to the definition of “Special categories of data” in art. 9 of EU Regulation 2016/679. In the event that such data were transmitted to us, in the absence of your explicit written consent, we will take care of deleting them immediately.
5. RECIPIENTS TO WHOM YOUR DATA MAY BE COMMUNICATED
Your Personal Data may be shared, for the purposes specified in point 3, with:
-
subjects necessary for the provision of the services offered by the Site, including, for example, the sending of e-mails and the analysis of the functioning of the Site, or the newsletter management system, who typically act as external data controllers appointed by the Data Controller;
-
persons authorized by the Data Controller to process Personal Data who have undertaken to maintain confidentiality or have an adequate legal obligation of confidentiality; (e.g. employees and collaborators of the Data Controller); (a. and b. are collectively “Recipients”);
-
Jurisdictional authorities in the exercise of their functions when required by Applicable Law.
6. DATA TRANSFERS ABROAD
None of your personal data is transferred outside the European Union. The server on which this site is hosted is located within the European Union. The site communicates with a secure protocol (https), so any data you enter is protected.
The Data Controller ensures that the electronic and paper processing of your Personal Data by the Recipients takes place in compliance with the Applicable Regulations.
If transfers outside the European Economic Area occur, such transfers will be based alternatively on an adequacy decision or on the Standard Model Clauses approved by the European Commission.
7. DATA RETENTION
The Data Controller will process your Personal Data for the time strictly necessary to achieve the purposes indicated in point 3. For example, the Data Controller will process the Personal Data for the newsletter service until you decide to unsubscribe from the service. Without prejudice to the above, the Data Controller will process your Personal Data for the time permitted by Italian law to protect its interests (Art. 2947(1)(3) cc). Further information regarding the retention period of Personal Data and the criteria used to determine this period can be requested by writing to the DPO at dpo@fondazionecrc.it
8. YOUR RIGHTS
1. Right of access
You may obtain from the Data Controller confirmation as to whether or not your Personal Data is being processed and, where that is the case, obtain access to the Personal Data and the information provided for by art. 15 of the Regulation, including, by way of example: the purposes of the processing, the categories of Personal Data processed, etc.
Where Personal Data is transferred to a third country or to an international organisation, you have the right to be informed of the existence of appropriate safeguards relating to the transfer.
If requested, the Data Controller may provide you with a copy of the Personal Data undergoing processing. For any additional copies, the Data Controller may charge you a reasonable fee based on administrative costs. If the request in question is submitted by electronic means, and unless otherwise indicated, the information will be provided to you by the Data Controller in a commonly used electronic format.
2. Right to rectification
You may obtain from the Data Controller the rectification of your Personal Data that are inaccurate as well as, taking into account the purposes of the processing, the integration of the same, if they are incomplete, by providing an additional declaration.
3. Right to erasure
You may obtain from the Data Controller the erasure of your Personal Data, if one of the reasons set forth in art. 17 of the Regulation exists, including, by way of example, if the Personal Data is no longer necessary with respect to the purposes for which it was collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been revoked and there is no other legal basis for the processing.
We inform you that the Data Controller will not be able to delete your Personal Data: if their processing is necessary, for example, to fulfill a legal obligation, for reasons of public interest, for the establishment, exercise or defense of a right in court.
4. Right to restriction of processing
You may obtain the limitation of the processing of your Personal Data if one of the hypotheses provided for by art. 18 of the Regulation applies, including, for example: in the event of a dispute on your part regarding the accuracy of your Personal Data being processed or if your Personal Data is necessary for the establishment, exercise or defence of a right in court, even though the Data Controller no longer needs it for the purposes of the processing.
5. Right to data portability
Where the processing of your Personal Data is based on consent or is necessary for the performance of a contract or pre-contractual measures and the processing is carried out by automated means, you may:
– request to receive the Personal Data provided by you in a structured, commonly used and machine-readable format (for example: computer and/or tablet);
– transmit your Personal Data received to another Data Controller without hindrance from the Data Controller.
You may also request that your Personal Data be transmitted by the Data Controller directly to another data controller indicated by you, if this is technically feasible for the Data Controller. In this case, you will be responsible for providing us with all the exact details of the new data controller to whom you intend to transfer your Personal Data, providing us with specific written authorization.
6. Right to object
You may object at any time to the processing of your Personal Data if the processing is carried out for the performance of a task of public interest or for the pursuit of a legitimate interest of the Data Controller (including profiling).
If you decide to exercise the right to object described here, the Data Controller will refrain from further processing your personal data, unless there are legitimate reasons to proceed with the processing (reasons prevailing over the interests, rights and freedoms of the interested party), or the processing is necessary for the establishment, exercise or defense of a right in court.
7. Right to lodge a complaint with the Data Protection Authority
Without prejudice to your right to appeal to any other administrative or judicial body, if you believe that the processing of your Personal Data by the Data Controller is in violation of the Regulation and/or applicable legislation, you may lodge a complaint with the competent Data Protection Authority (www.garanteprivacy.it).
Requests for the exercise of rights must be addressed to the Data Controller via email, or to the DPO.
9. CHANGES
This Privacy Policy is effective from November 2024. The Data Controller reserves the right to modify or simply update its content, in part or completely, also due to changes in the Applicable Regulations. The Data Controller will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Site. The Data Controller therefore invites you to visit this section regularly to take note of the most recent and updated version of the Privacy Policy so that you are always updated on the data collected and the use made of it by the Data Controller.