PERSONAL DATA PROTECTION
in accordance with EU regulation 2016/679
INFORMATION PROVIDED TO CUSTOMERS PURSUANT TO ARTICLES 13-14 OF THEGDPR
(GENERAL DATA PROTECTION REGULATION) 2016/679
WORLD SUSTAINABILITY ORGANIZATION S.R.L. A SOCIO UNICO, tax code 0863094966 – with headquarter in Milan (MI) Corso Buenos Aires 45 20124 in the person of its CEO Paolo Bray (hereinafter referred to as the “Owner”), in accordance with article 13 of GDPR 2016/679, provides you with the following information:
TYPES OF DATA
1. Personal data
Personal data (name, surname, identification details and copy of the same, telephone number, e-mail address, etc.), is that which will be provided at the time of subscription or in any case before the start of the contractual relationship or during the same.
2. Particular categories of data (sensitive data)
Data included in art. 9 of the GDPR (special categories of data), i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, genetic data, biometric data intended to identify a physical person unequivocally, data relating to the health, sex life or sexual orientation of the person.
Within the data processed, the data indicated in art. 10, that is personal data relating to criminal convictions and crimes or related security measures may also be present.
TYPES AND PURPOSES OF PROCESSING
3. Processing deriving from contractual obligations (use regardless of consent)
Common and/or sensitive and/or legal personal data, requested and/or provided even verbally, prior to the establishment of the contractual relationship, or during or after the termination of the same, will be the object, even without your consent, in accordance with art. 6, par. b) and f) of the GDPR:
a. of use relating to the functions connected with the management of one’s company, institutional and statutory activities;
b. of use relating to the examination and filing of customer records;
c. of use in any way connected to the pre-contractual phase and to the fulfilment of the contractual relationship also in relation to any disputes, including, but not limited to: production in judicial contexts, communication in out-of-court contexts, registration of invoices, certification processing, signing of insurance coverage, communication to any third party that has to carry out whatever consulting/assistance/service activity with regard to the said relationship (including therein accountants, lawyers, employment consultants, technicians, occupational doctors, banks and insurance companies).
4. Processing deriving from legal obligations (use regardless of consent)
Personal and/or sensitive and/or legal personal data, requested and/or provided verbally, prior to the establishment of the contractual relationship, or during or after the termination of the same, will be the object, even without your consent, in accordance with art. 6, par. c) of the GDPR:
a. of use connected to fiscal/tax-related/contributory purposes;
b. of use connected to legal obligations in relation to commercial/industrial activity;
c. of use connected to legal obligations regarding the protection of life and health;
d. of use consisting of transfer to third parties for backup purposes on external servers in any case located in EU territory. Data transferred to these servers will be encrypted so that only the owner and authorised parties can access it. The data may also be temporarily transferred to subjects in charge of hardware and software equipment maintenance activities, via the storing of backups necessary for saving and recovering data.
5. Use regardless of contractual obligations or law
Common and/or sensitive and/or legal personal data, requested and/or provided even verbally, prior to the establishment of the contractual relationship, or during or after the termination of the same, will be the object:
a. Of use consisting of the insertion of data, photographs, audiovisual articles and recordings into its own archive, for proof of activity carried out and any publication of the above mentioned material in its own internet site and/or within the scope of the Friend of the Sea (FOS) and Friend of the Earth (FOE) brand sites and in its own publications, the website, social network, Facebook, Instagram and similar, for the publication of photographs and/or audiovisual recordings, in on line courses, publications, brochures, presentations and catalogues for didactic, advertising and marketing purposes;
b. of use consisting of the sending of communications inherent to the contractual relationship and for marketing purposes via email, sms and whatsapp for the promotion of Friend of the Sea (FOS) and Friend of the Earth (FOE) commercial brands.
6. Definition of processing
The “processing” of personal data is defined by art. 4 of the GDPR as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” and includes the collection, registration, organisation, preservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and distribution of such data.
7. Use of particular categories of data (sensitive data)
Particular data as per art. 9 of the GDPR, that is personal data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, genetic data, biometric data intended to identify unequivocally a physical person, data relating to the health, sex life or sexual orientation of the person are part of the use described above and will be used only for purposes connected with the carrying out of the conferred activity of assistance, consultancy and representation.
8. Use of legal data
Legal data, in matters of judicial cases, records of administrative sanctions due to crimes and the charges in course, or the definition of indicted or investigated pursuant to articles 60 and 61 of the penal code, will be used only with the consent of the person in question for the purposes indicated in points 3 and 4.
CATEGORIES OF SUBJECTS TO WHOM DATA CAN BE COMMUNICATED
9. Personal data provided (common, sensitive and legal) may be the object of communication to all employees and co-workers involved, as well as to external bodies, recipients of files regarding the customer/supplier, in carrying out preceding activities and to external entities who interact with the owner, always and exclusively for the functional activities for the above described purposes; such categories are:
a. Companies operating in the E.D.P. field, also resident abroad, looking after the information management of the owner, the security and secrecy of the data;
b. Accountants, service companies in the field of employment consulting and pay and salary system processing, as well as Legal Offices for any controversies to be dealt with;
c. Customers and Suppliers for carrying out the owner’s commercial, service and administrative activities, moreover absolving applicable laws;
d. Distributors, agents, carriers, couriers, transporters and in any case every other company used within the scope of the services offered by the owner;
e. Companies or entities that carry out commercial activities of sales and/and or supply of goods and/or services, advertising, in the area of the commercial activity of promotion and marketing of the Owner and of the Friend of the Sea (FOS) and Friend of the Earth (FOE) brands;
f. Public administration entities that carry out institutional functions, within the limits established by law and regulations;
g. Third parties with whom it is necessary or even only appropriate to cooperate within the scope of the organisation of the professional activity;
h. Legal authorities;
i. Pension and assistance bodies (e.g. Tax Authority, Health Service, INAIL, ministries, insurance companies etc.);
j. Banks and Building Societies.
METHODS OF USE
10. Principles
According to the indicated norm, use of personal data will be based on the principles of correctness, legality, clarity and protection of your privacy and rights.
11. Instruments
Use of data will be carried out both by manual and/or informatic and/or telematic instruments with organisational logic and processing strictly correlated to the purposes of the same and in any case in such a way as to guarantee the security, integrity and privacy of the data itself respecting organisational, physical and logical measures provided for by the rules in force. There are no automated decisional processes and/or profiling systems of the data managed by the owner.
12. Passing data abroad
Passing data abroad and outside the European Union is possible in the case of organisation of events/exhibitions abroad, or sale of products to customers abroad.
13. Term of data storage
Personal data is stored for the whole duration of the contractual relationship and, in the case of termination of the relationship, in the prescribed terms provided for by the norm for the exercise of whatever right connected to the relationship had between the parties, also for the purpose of any need for proof of the regularity of services in a judicial or out of court context.
14. Consent of interested party
The rendering of personal data (common, sensitive and legal) for use explained until now, as well as its communication to the listed subject categories, are of an obligatory nature according to the laws and contracts that they regulate, by way of example, for purposes connected to the carrying out of the contractual relationship.
15. Note in particular that:
a. it is obligatory to provide data for use for the purposes as per points 3 and 4 and to consent to its dissemination to the subjects as per point 9 so that they in turn can use them. Non consent, partial or total, makes it impossible – on the one hand – to absolve the legal obligations and therefore to establish or proceed with the contractual relationship and – on the other – to carry out one’s typical activity; in particular the use of images is necessary, being the object of the online services offered (e.g. relating to publications, on paper and digital, and online courses);
b. it is optional to provide data for use as per point 5 and to consent to its dissemination to subjects as per point 9, a), c), d) and e) even if in that case the owner may evaluate case by case whether it is possible to proceed with the contractual relationship under the less convenient conditions deriving from the non consent;
c.it is optional to provide legal data.
RIGHTS OF INTERESTED PARTY
16. You will be able, at any time, to exercise the rights:
a. to access to your personal data in accordance with art. 15 of the GDPR;
b. to obtain rectification in accordance with art. 16 of the GDPR, cancellation of the same in accordance with art. 17 of the GDPR or limitation of use regarding them in accordance with art. 18 of the GDPR;
c. to oppose use in accordance with art. 21 of the GDPR;
d. to the portability of data in accordance with art. 20 of the GDPR;
e. to revoke consent, where provided for: revocation of consent does not prejudice the legality of use based on consent given before revocation in accordance with art. 7, point 3 of the GDPR;
f. to make complaint to the controlling authority (Privacy Guarantor).
The exercise of their rights can come about by sending a request via email to privacy@friendofthesea.org
Revocation of consent, request for cancellation, opposition and request for porting of data will mean the impossibility to fulfil obligations inherent to the contractual relationship and therefore render impossible its proceeding.
DATA OF THE OWNER AND PERSON RESPONSIBLE
The owner is WORLD SUSTAINABILITY ORGANIZATION S.R.L. A SOCIO UNICO, tax code 0863094966 – with headquarters in Milan (MI), Corso Buenos Aires 45, 20124, in the person of its CEO Paolo Bray.