Privacy Policy

Fondazione Penta ETS hereby wishes to inform visitors to the www.penta-id.org website (hereinafter the “Website”) of its personal data protection policy, emphasising its commitment and attention to protecting the privacy of Website visitors. Please read carefully our Privacy Policy, which applies if you access the Website and simply navigate it using our services.

Navigation within the Website is free and does not require registration, with the exception of certain areas in which you may freely and expressly provide a set of personal data to access certain services (e.g. to sign up for the newsletter or request information). When we ask you to provide your personal data to access these additional services, we will always inform you in accordance with EU Regulation 679/2016 General Data Protection Regulation (the “GDPR”) about the purposes and methods of use of the data as well as your right to request the deletion or updating of the data at any time.

In accordance with the GDPR, we are providing you with the following information:

  1. The Data Controller

The Data controller is Fondazione Penta ETS with registered office at Corso Stati Uniti, 4 35127 Padova, Italy, e-mail address: legal@pentafoundation.org (hereinafter also “Penta”, the “Organisation” or the “Data Controller”).

  1. The Data Protection Officer

The data Protection Officer, appointed by Penta according to Article 37 of the GDPR, can be contacted at the following address: dpo@pentafoundation.org.

  1. Types of Personal Data Processed 

Registration is not required in order to access the Website. However, there are services of the Website for which you need to provide your details (e.g. your personal data may be requested to sign up for the newsletter services or to answer your requests). For further information, please read the privacy notice available in the Website (e.g. section “Contact” and “Newsletter Privacy Notice”). With reference to the data related to the web browsing on the Website, please also read the following paragraph on the Cookies used by this Website.

  1. Optional provision of personal data 

The provision of personal data is generally optional. In certain cases only, the failure to provide personal data may make it impossible to access specific services and obtain what you have requested (e.g. the provision of the e-mail address is required to answer your requests); failure to provide such data may therefore prevent Penta from allowing you to access specific Website’s services. The data necessary are indicated in the data collection forms – e.g., indicated with a (*).

  1. Purposes and legal basis for data processing

Data is collected and processed for purposes strictly related to the use of the Website and its services. The purposes of the processing are detailed in the specific privacy notice provided by the Website whenever there is a data collection. Your data will be processed on the basis of your requests to run the services provided with by the Website [or according to your consent] (GDPR – article 6, paragraph 1, letter a) and b)).

  1. Method, period of data processing and communication

Data may be processed in both electronic and paper form. Penta guarantees that the personal data provided through the Website will be processed lawfully and properly, in full compliance with applicable legislation, and that the data provided during registration will be kept strictly confidential. All information collected is transmitted through a secure connection to prevent interception by outsiders. We implement security measures to ensure the security of the Website.

Any data provided by users shall be processed for the period of time specified in the specific privacy notice provided at the time of the data collection.

The data shall not be disseminated and will be processed only by persons expressly authorized to the processing and identified within the Communication Area of Penta.

Penta uses external providers to manage the Website and the Website’s services. Suppliers or external organisations process personal data for purposes strictly related to the provision of the services, and have therefore been appointed by Penta as Data Processors (GDPR – article 28).  A complete list of Data Processors can be requested at the e-mail address legal@pentafoundation.org.

  1. Links to other websites 

This information is provided only for the website www.penta-id.org and not for any other websites that may be assessed through a link. Penta cannot be held liable for personal data provided by users to external parties or any websites linked to this Website.

  1. Place of data processing

The data processing connected with the services provided by the Website are carried out: (i) at the headquarters of Penta indicated in point 1 above; and (ii) within the European Union by companies providing services related to the management of the Website.

  1. Transmission of data outside the European Union

Where we transfer your personal data outside the European Union, we will ensure that it is protected and transferred in a manner consistent with the GDPR. In particular, for the transfer of personal data to third countries which are not considered ensuring an adequate level of protection, we will enter into the standard contractual clauses approved by the European Commission Implementing Decision of 4 June 2021 and any subsequent amendment or re-edition.

  1. Rights of data subjects

By contacting the following e-mail address: legal@pentafoundation.org the user may at any time exercise the following rights (GDPR – article 15 to 22):

  • obtaining confirmation as to whether or not personal data concerning you is being processed
  • obtaining access to your personal data and to the information set out in Article 15 of the Regulation;
  • obtaining the rectification of the inaccurate personal data that concerns you without undue delay or the supplementing of incomplete personal data;
  • obtaining the erasure of the personal data that concern you without undue delay;
  • obtaining the restriction of processing the personal data that concern you;
  • being informed of any rectifications or erasures or restrictions of processing in relation to the personal data that concern you;
  • receiving in a structured, commonly used and machine-readable format the personal data that concern you;
  • objecting at any time, on grounds associated with your specific situation, to the processing of the personal data that concern you.

The full text of such rights is available on www.garanteprivacy.it.

  1. Lodge a complaint before the Data Protection Authority

Should you consider the processing of your data infringes the GDPR, you may lodge a complaint before the Italian Data Protection Authority (www.garanteprivacy.it), or before the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.

  1. Applicable law

This Privacy Policy is ruled by Regulation EU 2016/679, which guarantees that the processing of personal data is made in full respect of fundamental rights and freedom, as well as of the dignity of the person involved with particular reference to privacy, personal identity and the right to personal data protection.

  1. Revision clause

Penta reserves the right to revise, amend or simply update this Privacy Policy, in whole or in part, at its sole discretion, in any manner and/or at any time, without notice, including to take account of changes to the law or regulations regarding the protection of personal data. Users will be notified of changes and updates to the Privacy Policy by (i) e-mailing the registered users or (ii) publication on the homepage of the Website. Any modification will be binding as soon as published or communicated. Please access this section regularly for updates on the Privacy Policy or check your e-mail.

Padova, Italy, 29 August 2023

For more information about the processing of your data through the Website, please read the Cookie Policy.