• The Data Controller

Fondazione Penta – for the treatment and care of children with HIV (and related deseases) – Onlus, an organization incorporated under the laws of Italy (Fiscal Code 92166930286) whose registered office is in Padova, Corso Stati Uniti, 4, e-mail info@penta-id.org (hereinafter “Penta” or the “Organization”), is the organization which, as Data Controller, collect and process your personal data in accordance with EU Regulation 2016/679 General Data Protection Regulation (the “GDPR”) and provide you with the following information.

  • Data Protection Officer:

Penta has appointed a Data Protection Officer pursuant to Article 37 of the GDPR. The DPO may be contacted at the following e-mail address: dpo@pentafoundation.org.

  • Purposes and legal basis of the processing:

If you give your consent, the data you provide us will be used by the Organization to subscribe you to Penta’s Newsletter and update you on our initiatives and activities.

The legal basis for the processing of your data will be your consent. Your consent can be withdrawn at any time. Only the data requested as “mandatory” is required for subscribing to the Newsletter. The failure to fill in data indicated as “optional” does not have any consequence.

  • Storage period:

Your data will be processed for the entire duration of your subscription to the Newsletter.

  • Processing methods and recipients:

Your data will mostly be processed electronically and will not be disclosed. Your data may only be communicated to persons authorized to the processing within the Organization of the Communication Area and ICT Area, and may come to knowledge to the following third parties:

  • companies responsible for processing, managing and sending newsletters;
  • companies entrusted with the management of the website and related electronic archives.

Where necessary, the Organization has designated the processing recipients as Data Processor pursuant to art. 28 of the GDPR. A list of all the Data Processors designated by the Organization can be required by notice to be sent to the contact details listed below.

  • Transmission of data outside the European Union:

In the case of transfer of subject’s data to a third country which is not an adequate country, the controller and the processor shall comply with the terms of the standard contractual clauses for the transfer of personal data to processors established in third countries approved by EC Commission Decision of 5 February 2010 and any subsequent amendment or re-edition.

  • Data subject’s rights

By notice to be sent to the e-mail address info@penta-id.org, you may at any time exercise the rights provided for by articles 15 to 22 of the Regulation, such as:

  1. obtaining confirmation as to whether or not personal data concerning you is being processed
  2. obtaining access to your personal data and to the information set out in Article 15 of the Regulation;
  3. obtaining the rectification of the inaccurate personal data that concern you without undue delay or the supplementing of incomplete personal data;
  4. obtaining the erasure of the personal data that concern you without undue delay;
  5. obtaining the restriction of processing the personal data that concern you;
  6. being informed of any rectifications or erasures or restrictions of processing in relation to the personal data that concern you;
  7. receiving in a structured, commonly used and machine-readable format the personal data that concern you;
  8. objecting at any time, on grounds associated with your specific situation, to the processing of the personal data that concern you.

You can find the full list of your rights on the website of the local Data Protection Supervisory Authority.

  • Complaint to the Data Protection Authority:

Should you consider the processing of your data infringes the Regulation, you may in any event lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), or, if different, to the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.