1. Identity of the data controller
UNHATE Foundation ETS (hereinafter "Unhate Foundation" or "Data Controller"), with its registered office at Piazza San Silvestro 8, 00187 Rome.
2. Data controller's contact information
- Address: Piazza S. Silvestro n. 8 - 00187 Roma.
3. Personal Data Collected
Identifying and/or personal and contact data (e.g., first name, last name, Tax Code/VAT number, phone/mobile number, email address).
3.1. Purpose of processing
Manage the data collected through the "Submit a Project" form on the UNHATE Foundation website and the subsequent review activities related to the project initiatives that users can submit to the Foundation.
3.2. Legal basis of processing
- Performance of Contract
- Pre-contractual Measures
3.3. Personal data storage times
Five (5) years from the date of form submission.
The retention time may be extended in the event of legal or disciplinary action and to enforce Unhate Foundation's rights. In such event, your personal data will be retained for the duration of the proceedings, until they are concluded and all time limits for appeals have expired.
4. How data is processed and security measures
Data may be processed by technological and/or paper methods and through suitable IT tools (e.g. software, hardware, applications, etc.). In this regard, Unhate Foundation has controls and procedures in place to ensure the confidentiality of your data, and is constantly committed to adopting, pursuant to art. 32 of the GDPR, specific technological and organisational measures to protect data against the risk of loss, unlawful or incorrect use and unauthorised access.
5. Recipients and categories of recipient of personal data
In order to pursue the stated purposes of processing, personal data may be transferred to various entities, including:
- the Data Controller's employees and collaborators, in their capacity as authorised data processors;
- third parties contractually linked to the Data Controller, who in certain cases will act as data processors (e.g. marketing service providers, etc.) or autonomous data controllers;
- judicial authorities and/or public bodies, at their express request and/or under the law, during investigations and checks in their capacity as autonomous data controllers.
- A full list of recipients of Data Subjects' Personal Data, including further details on the location of such recipients, is kept at the Data Controller's head office and may be consulted on request..
6. Transfer of Personal Data
Your personal data will essentially be processed within the European Union. In the event that it is necessary to transfer your data to third parties located outside the European Economic Area (EEA) for specific processing management purposes, such transfer will only take place where the European Commission has confirmed an appropriate level of data protection in the third country or where there are adequate data protection safeguards in place (e.g. EU standard contractual clauses for the transfer of data to third countries).
7. Data subject rights
With regard to the Data Controller, Data Subjects may at any time exercise their rights as provided for in Articles 15 et seq. of the GDPR, in relation to the processing of their personal data, such as, for example, right of access, correction, deletion, restriction of and opposition to processing by sending an email request.
8. Right to lodge a complaint with the data protection authority
If you believe that your personal data have been processed unlawfully, you have the right to lodge a complaint with the Italian Data Protection Authority (https://www.garanteprivacy.it/)
9. Provision of personal data
- With regard to purpose 1, your data will be acquired via browsing the portal.
- With regard to purpose 2, processing of your data is subject to your providing free and express consent
10. Automated decision-making process
Personal data collected will not be subject to an automated decision-making process.