PRIVACY POLICY

Regulation (EU) 2016/679 (the “GDPR”)
INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

1. Subject Matter of the Processing

The Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”
processes the personal, identifying data (e.g., first name, last name, company name, address,
telephone number, e-mail, bank and payment details) – hereinafter, “personal data” or also “data” –
that you have communicated in any manner.

2. Purposes of the Processing

Your personal data are processed:

A) Without your express consent (Art. 6(1)(b) and (e) GDPR), for the following Service Purposes:

  • to enter into contracts for goods and services provided by/to the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”;
  • to fulfil pre-contractual, contractual and tax obligations arising from existing relationships with you;
  • to comply with obligations provided by law, regulations, EU legislation or an order of a public authority (for example, in the area of anti-money laundering);
  • to exercise the rights of the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”, for example the right of defence in legal proceedings.

B) Only with your specific and separate consent (Art. 7 GDPR), for the following Marketing Purposes:

  • to send you, via e-mail, post and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material concerning products or services offered by the Data Controller, and to measure satisfaction regarding the quality of services;
  • to send you, via e-mail, post and/or SMS and/or telephone contacts, commercial and/or promotional communications from third parties (e.g., service providers, business partners, other Group companies). Please note that if you are already our client, we may send you commercial communications regarding services and products of the Data Controller similar to those you have already used, unless you object.

3. Methods of Processing

The processing of your personal data is carried out by means of the operations indicated in Art. 4(2) GDPR, namely:
collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use,
interconnection, blocking, disclosure, erasure and destruction of data.

Your personal data are processed both on paper and electronically and/or through automated means.

For each of the processing purposes set out above, the following table specifies the maximum retention period of your personal data,
after which we will no longer process your personal data for those purposes.

Retention periods

Purpose Retention period
Definition and management of an offer for products and/or services you are interested in No more than 10 years after the offer
Management of the contractual relationship relating to products and/or services For the period required by law
Management of CVs submitted to the Foundation No more than 3 years after the last update
Handling any other request from you No more than 3 years after the request
Sending you requested and/or relevant information relating to our products and/or services No more than 10 years for our customers and 5 years for prospective customers from the last collection of personal data
Sending personalised advertising messages and personalising the experience according to the customer’s characteristics and expectations No more than 10 years for our customers and 5 years for prospective customers from the last collection of consent
Measuring the performance of our sales, after-sales and advertising services No more than 5 years from the provision of the service
Conducting customer satisfaction surveys For the duration of the survey

At the end of the retention period, your data will be erased or destroyed.

4. Access to Data

Your data may be made accessible for the purposes referred to in Section 2(A) (contractual obligations)
and 2(B) (advertising communications):

  • to employees and collaborators of the Data Controller or Group companies in Italy and abroad, in their capacity as persons authorised to process data and/or internal data processors and/or system administrators;
  • to third-party companies or other entities (by way of example, credit institutions, professional firms, consultants, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

5. Disclosure of Data

Without the need for express consent (Art. 6(1)(b) and (c) GDPR), the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”
may disclose your data for the purposes referred to in Section 2(A) to supervisory bodies, judicial authorities,
as well as to those entities to whom disclosure is mandatory by law for the pursuit of such purposes.
These entities will process the data in their capacity as independent data controllers.
Your data will not be disseminated.

6. Data Transfers

Personal data are stored on servers located in Italy, within the European Union. In any case, should it be necessary,
the Data Controller may also move the servers outside the EU. In such a case,
the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights” ensures that transfers
of data outside the EU will take place in compliance with the applicable legal provisions,
after the execution of the standard contractual clauses adopted by the European Commission.

7. Nature of Data Provision and Consequences of Refusal

The provision of data for the purposes referred to in Section 2(A) is mandatory.
Without such data, we will not be able to provide you with the Services referred to in Section 2(A).

The provision of data for the purposes referred to in Section 2(B) is optional.
Consent may be given by signing this information notice.
You may therefore decide not to provide any data or later to withdraw consent for data already provided:
in such case, you will not receive newsletters, commercial communications and advertising material
relating to products and services offered by the Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”.

In any event, you will continue to be entitled to the Services referred to in Section 2(A).

8. Data Subject Rights

As a data subject, you have the rights under Art. 15 GDPR, namely the right to:

  1. obtain confirmation as to whether or not personal data concerning you exist, even if not yet recorded, and to have such data communicated in an intelligible form;
  2. obtain information on:
    1. the origin of the personal data;
    2. the purposes and methods of processing;
    3. the logic applied in the case of processing carried out with the aid of electronic instruments;
    4. the identity details of the data controller, processors and the representative designated pursuant to Art. 3(1) GDPR;
    5. the entities or categories of entities to whom personal data may be disclosed or who may become aware of them in their capacity as designated representative in the territory of the State, processors or authorised persons;
  3. obtain:
    1. updating, rectification or, where you have an interest, completion of the data;
    2. erasure, anonymisation or blocking of data processed unlawfully, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
    3. confirmation that the operations referred to above have been notified, also as regards their content, to those to whom the data were disclosed or disseminated, unless this proves impossible or involves a manifestly disproportionate effort compared to the protected right;
  4. object, in whole or in part:
    1. on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection;
    2. to the processing of personal data concerning you for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communications.

Where applicable, you also have the rights under Arts. 16–21 GDPR (right to rectification, right to erasure,
right to restriction of processing, right to data portability, right to object),
as well as the right to lodge a complaint with the Supervisory Authority.

9. How to Exercise Your Rights

You may exercise your rights at any time by sending:

You may also contact the Foundation’s Data Protection Officer, Dr. Attilio Amoroso,
at: dott.attilio.amoroso@gmail.com.

10. Data Controller

Foundation “The Siracusa International Institute for Criminal Justice and Human Rights”
Via Logoteta 27 – 96100 Siracusa (SR), Italy
Fiscal Code: 80001810896

Funded by the European Union. Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union. The European Union cannot be held responsible for them.

Back To Top