a) Data Controller:
Fondazione Penta ETS, an organization incorporated in Italy (Fiscal Code 92166930286) whose registered office is in Padova, Corso Stati Uniti, 4, e-mail info@penta-id.org (hereinafter “Penta” or the “Organization”), is the organization which, as Data Controller, collects and processes your personal data in accordance with EU Regulation 2016/679 General Data Protection Regulation (the “GDPR”) and provides you with the following information.
b) Data Protection Officer:
Penta has appointed a Data Protection Officer pursuant to Article 37 of the GDPR. The DPO may be contacted at the following e-mail address: dpo@pentafoundation.org.
c) Purposes and legal basis of the processing:
The data you provide us by fill in the “Contact” form are required in order to answer your request for information. The data can be processed without your consent pursuant to art. 6, lett. b) of the GDPR. We ask you to provide all the data requested as “mandatory” (*) because they are necessary for your request to be sent and enables us to handle it better. The failure to fill in data indicated as “optional” does not have any repercussions.
d) Processing methods and recipients:
Your data will mostly be processed electronically and will not be disclosed. Your data shall always be processed in compliance with the GDPR and the current regulations and, in any case, in such a way as to guarantee their security and confidentiality and avoid their unauthorized dissemination or use, alteration or destruction.
Your data may only be communicated to persons authorized to the processing within the Organization of the Communications Area and ICT Area, and may come to knowledge to the following third parties:
Where necessary, the Organization has designated the processing recipients as Data processor pursuant to art. 28 of the GDPR. A list of all the Data processor designated by the Organization can be required by notice to be sent to the contact details listed below.
e) Storage period:
Your data will be processed for the time required to handle your request and, in any case, for a maximum of 44 months and shall subsequently be erased or retained in an anonymous or aggregate form.
f) Transmission of data outside the European Union:
Where we transfer your personal data outside the European Union, we will ensure that it is protected and transferred in a manner consistent with the GDPR. In particular, for the transfer of personal data to third countries which are not considered ensuring an adequate level of protection, we will enter into the standard contractual clauses approved by the European Commission Implementing Decision of 4 June 2021 and any subsequent amendment or re-edition.
g) Data subject’s rights:
By notice to be sent to the e-mail address info@penta-id.org, you may at any time exercise the rights provided for by articles 15 to 22 of the Regulation, such as:
Moreover, pursuant to Article 21 of the Regulation, you will be entitled to object at any time, on grounds associated with your specific situation, to the processing of the personal data that concern you carried out in pursuit of the legitimate interest of the data Controller (pursuant to Article 6(1)(f) of the Regulation). You can find the full list of your rights on the website of the local Data Protection Supervisory Authority.
h) Complaint to the Data Protection Authority:
Should you consider the processing of your data infringes the Regulation, you may in any event lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), or, if different, to the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.
Fondazione Penta ETS
29 August 2023