In accordance with EU Regulation No. 2016/679 – General Data Protection Regulation (GDPR) and with the national legislation, hereinafter referred to collectively as the “Applicable Law”, this policy statement addresses the subject of privacy with regard to the processing of personal data of users of the online web services www.dolomitiunesco.info.
Pursuant to legal provisions, the UNESCO Dolomites Foundation guarantees that the processing of personal data will be performed in consideration of fundamental rights and freedoms as well as the dignity of the data subject, and in accordance with the legislative provisions of the Applicable Law and the confidentiality clauses included therein. In particular, the processing of personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose and storage limitations, data minimisation, integrity and confidentiality.
1. Data Controller and Data Protection Officer
Data Controller: Fondazione Dolomiti-Dolomiten-Dolomites-Dolomitis UNESCO, Via Sant’Andrea n.5, 32100 Belluno, in the person of the legal representative pro tempore.
You can contact the DPO under the following e-mail Address: email@example.com
2. Types of Personal Data Subject to Processing
“Personal data” means any information relating to an identified or identifiable natural person (the “Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.
The personal data that may be processed includes browsing data, data provided voluntarily by the data subject and cookies.
Data Provided Voluntarily by Users
The optional, explicit and voluntary sending or transmission of e-mail and/or personal data to the addresses given on the website will entail the subsequent acquisition of the sender’s email address (which is required to respond to requests), as well as any other personal data present in the e-mail. The provision of the information is voluntary, but refusal of such renders the user’s request impossible. This data will only be transmitted to third parties if necessary to the process of responding to the inquiry. The data will not be shared with third parties for marketing or profiling purposes.
The UNESCO Dolomites Foundation does not deliberately gather or request special categories of personal data, sensitive data or judicial data through the website. All users are encouraged to refrain from supplying these types of data via the Internet.
3. Purpose and Legal Basis for the Data Processing
The personal data provided by using the website will be processed for the following purposes:
a) Research or statistical analyses on aggregated or anonymous data (i.e. without identification of the data subject) aimed at measuring the functioning of the website, as well as its traffic, usability and interest;
b) Completion of data collection forms for the purpose of receiving newsletters or communications in general via e-mail;
c) The performance of a contract/contest/procedure to which the data subject is party;
d) Compliance with a legal obligation to which the controller is subject;
The lawful basis for processing Personal Data: a) it does not imply the processing of Personal Data, b) consent, c) performance of a contract, d) legal obligation.
4. Mandatory or voluntary communication of data and possible consequences of a failure to provide it
The provision of personal data is voluntary, but refusal could interfere with the correct use of the services and its legal obligations, thus limiting the full functionality of the website.
5. Recipients of the Data Processed
The recipients of the data is the data controller.
Personal data may be communicated to third parties for the purposes of handling enquiries, including for the sending of emails, analysing the functional capability of the website, executing legal obligations or with prior consent.
6. Transfer of Data
The personal data won’t be transmitted to third countries outside of the EU.
7. Retention Period of Personal Data
In compliance with the principle of purpose and storage limitations, the retention period for personal data may be unlimited.
8. Presence of Automated Decision-making Processes
There are no automated decision-making processes.
9. The Data Subject’s Rights
At any time the data subject has the right to request access to their personal data, and to correct or delete that data, or to limit its processing. In addition, the data subject has the right to data portability, as well as the right to lodge a complaint with a supervisory authority. When the data processing is based on consent, the data subject has the right to withdraw that consent at any time. The data subject may also exercise all other rights pursuant to current data protection regulations (art. 15 et seq. GDPR) by writing to the email: firstname.lastname@example.org.