The controller of the treatment
The Data Controller of personal data (hereinafter also referred to simply as "data") is the Leonardo Civiltà delle Macchine Foundation, with registered offices in Via del Plebiscito 102 Roma 00186, in the person of its legal representative pro tempore (hereinafter referred to as the "Controller").
Purpose and legal basis of processing
As better explained in the sections that allow you to adhere - by releasing your personal data - to the services reserved for users of the Site, the data of data subjects are processed on the basis of the requests expressly made by them, from time to time, through the Site. In particular, all activities of collection and subsequent processing of data are aimed at pursuing the following purposes:
- sharing content on the Site;
- managing relations with users interested in the Foundation's initiatives;
- general request for information;
- allowing users to access certain reserved pages of the Site. In this case, the user may be asked to enter their data for registration and the processing will be carried out on the basis of a specific information file on the processing of personal data and with the specific consent of the person concerned, requested, from time to time, through specific pages and/or areas of the Site;
- information activities on the initiatives and activities of the Foundation and/or other entities related to it;
- purposes connected with the obligations provided for by applicable laws or regulations, as well as by provisions issued by the competent authorities/supervisory and control bodies.
The Controller will not use the data provided for purposes other than those listed above, to which the data subject has adhered, or only within the limits indicated from time to time in any other specific information file accompanying the different and particular service requested by the subject.
Who processes the data for us
For purposes related to the delivery of the service to which the user has subscribed, the data will be made available to third parties, including related entities, as well as consultants who assist the Controller in meeting the requests of users (eg, law and tax firms), who will act, as the case may be, as independent data controllers or as data controllers under Art. 28 of the GDPR. The data will also be transmitted to third parties to whom the communication of data is necessary to comply with laws or regulations.
The current list of processors is available on request at the Foundation's e-mail address below.
The personal data will be made available to persons expressly authorised by the Controller and specifically appointed to do such processing, who carry out processing activities essential for the pursuit of the above purposes, the categories of persons responsible are employees in administration, communication, accounting, technical maintenance of information systems, depending on the specific request made by the user concerned through this Site.
Unless otherwise stated in the specific information file, personal data will not be disseminated or transferred to countries outside the European Economic Area.
How we process data
All the treatments within the Site will be carried out
- using methods and procedures strictly necessary to satisfy the user's requests, by means of the operations or sets of operations indicated in Article 4, paragraph 1, number 2 of the GDPR;
- with the aid of electronic or otherwise automated instruments, but also with paper/manual means. In this regard, it should be noted that the data are stored in paper archives located at the headquarters of the Foundation and in electronic archives located both at the same headquarters and on servers controlled by the Controller and in any case located in the European Economic Area.
Personal data will be processed for the time strictly necessary to pursue the purposes for which they have been collected.
Types of data processed and optionality of conferment
Both data that are strictly necessary to comply with any requests from users and optional data that are not strictly necessary to comply with the request will be processed.
Any refusal by the data subject to provide their personal data or to give, where requested, consent to the processing:
- in the case of data strictly necessary to comply with any requests from users, will make it impossible for the Controller to meet the requests themselves;
- in the case of data provision being optional, refusal will make it impossible to provide at least part of the services requested or carry out commercial information activities for users of the services provided by the Controller and other companies connected to the same.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the operating system and computer environment.
These data are used only to obtain anonymous statistical information on the use of the Site and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site: except for this possibility, at present, the data on web contacts do not persist for more than seven days.
Data provided voluntarily by the user
The personal data normally requested for the use of Site services are personal and contact information. The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the Site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the Site set up for particular services on request or for registration in reserved areas of the Site. Normally no data belonging to particular categories under Art. 9 of the GDPR will be processed; in the event of such data being processed for certain services a special statement will be issued and the data subject’s specific consent will be requested.
Cookies and other technologies for reading/archiving information on the user's terminal
Cookies may be "temporary" (or session cookies, as they are deleted at the end of the connection) or "permanent" (they remain stored on the user's hard drive, unless the user deletes them himself).
Types of Cookies used by the Site
- Technical/functional cookies
This type of cookie is a prerequisite for the proper functioning of the Site. These cookies allow you to browse, share content, store your login credentials to speed up your access to the Site on subsequent visits (if you are a registered user) and activate your browsing preferences. Without technical cookies we cannot guarantee the perfect functioning of the services for which users access the Site. Functional cookies, on the other hand, are not indispensable to the operation of the Site, but they improve the quality of your browsing experience.
- Statistical and performance cookies
These cookies allow us to find out how visitors use the Site, so that we can evaluate and improve its operation and prioritise the production of content that best meets the information needs of our users. For example, they allow us to find out which pages are more and less visited. They take into account, among other things, the number of visitors, the time spent on the Site by the average user and the way in which users arrive (e.g. from links, advertising, etc.). In this way, we can ensure that the pages load quickly and are displayed correctly. All information collected by these cookies is anonymous and not linked to the user's personal data. To perform these functions on our Site we may use third party services that anonymise data and remove individual identifying information. Where services are not completely anonymous, to ensure privacy, you will find them listed among the third party cookies for which you can refuse consent.
Marketing and profiling cookies and third-party functional and profiling cookies
The Controller does not use its own cookies or third party marketing or profiling cookies, i.e. to create user profiles in order to send commercial messages that meet the preferences expressed during the visit or to improve your browsing experience.
Rights of data subjects
- they may ask the Data Controller to confirm the existence of his/her personal data, the origin of such data, the logic and purposes of the processing, the categories of subjects to whom the data may be communicated, as well as the identification details of the Foundation and the processors;
- request access to personal data, the anonymisation, blocking, rectification, integration or deletion of same, or limitation of the processing;
- exercise the right to portability;
- revoke consent (where this is the necessary legal basis for the processing) at any time without prejudice to the lawfulness of processing based on the consent given prior to revocation;
- lodge a complaint with the Data Protection Authority, following the procedures and indications published on the Authority's official website at www.garanteprivacy.it .
In order to exercise the rights of data subjects, as well as for any communications, requests or reports regarding data privacy, you can send an email to the Data Protection Officer of Leonardo, to the following contact details:
Any corrections or cancellations or limitations to the processing carried out at the request of the data subject - unless this proves impossible or involves a disproportionate effort - will be communicated by the Controller to each of the recipients to whom the personal data were transmitted. The Controller may notify the user of such recipients if the user so requests.