Questo sito o gli strumenti terzi da questo utilizzati si avvalgono di cookie necessari al funzionamento ed utili alle finalità illustrate nella cookie policy. Può conoscere i dettagli consultando la nostra privacy policy qui. Proseguendo nella navigazione si accetta l’uso dei cookie; in caso contrario è possibile abbandonare il sito. X

Privacy and Cookie Policy


Purposes of processing of personal data for the website istituto-oikos.org

Policy written in compliance with articles 13 and 14 of GDPR (General Data Protection Regulation) – EU Regulation 2016/679

Dear User (or Data Subject), In compliance with the European Regulation 2016/679 (also known as GDPR), ISTITUTO OIKOS Onlus (“Oikos”) would like to inform you that the personal information you provided or that we acquired as part of our activities, required to execute the services we offer you, will be processed in compliance with the privacy legislation and the principles of correctness, lawfulness, transparency and protection of your privacy and rights.

We also wish to inform you of what follows:

1. The Data Controller

It is ISTITUTO OIKOS ONLUS, with legal office in Varese, n.2 via Magatti and the headquarter is in Milan, n.1 Via Crescenzago. The Data Processor is the legal representative of Istituto Oikos Onlus, Rossella Rossi.

2. Processed data, aim and legal basis of the process

2.1. The computer systems and softwares needed to run the institutional website Oikos (www.istituto-oikos.org) collect certain personal information implicitly deriving from the use of the information protocols on the Internet (i.e. domain name and IP address). Such data are not coming with additional personal information and are used to produce anonymous statistics on the website usage, in order to check the ways it is being used and to verify potential responsibilities in case of cyber crimes. The legal basis that supports the processing of data is the need to enable the usability of the features of the corporate website following the data subject’s access.

2.2. The data voluntarily provided by the data subject are those needed by the data controller to provide the services available and are lawfully processed according to correctness, are also collected and registered for specific aims, clear and legitimate, stated further down and are used in processing activities not incompatible with other aims.

The personal information (data that identify the person, such as: name, surname, business name, tax code and VAT number, phone number / fax, email, bank and payment details) are collected and processed:

a) for internal administrative, fiscal and accounting purposes linked to the relationship between donor and organisation, and for the compliance with the duties of the controller provided by laws or regulations, by the Community law, by requests from the judicial authority or to exercise the rights of the controller;

b) when the User provides specific consent, for the following marketing aims: send (via email, post, sms or telephone) newsletters, updates about the controller’s activities, advertising material or sales information - even customised according to the subject’s consumption habits (profiling) - on products and services offered by the controller which the data subject will consider interesting, and to evaluate the degree of satisfaction on the services quality, including requests of participation to market research and analysis.

c) when the data subject provides specific consent, for the following marketing aims: send (via email, post, sms or telephone) newsletters, updates on the Controller’s activities, advertising material or sales information - even customised according to the User’s consumption habits (profiling) - on products and services offered by third parties.

d) in case a CV is sent over, xclusively for recruitment purposes and creation of a work relationship.

The judicial basis that legitimises data processing contained in point “a” (administrative, accounting or fiscal purposes) is the execution of a contract of service supply of which the data subject is part, or the implementation of a pre-contract activity requested by the data subject.

2.3. According to GDPR articles 9 and 10, the user can share with the controller data qualified as “particular categories of personal information” (meaning the data revealing “the racial or ethnic origin, the political opinions, the religious and philosophical beliefs or the union membership… general data, biometric data aimed at one specific natural person, data concerning health or sexual life or sexual orientation of that person). Such data categories could be processed by the controller only under consent by the data subject, shown in written form by signing this policy, for contract requirements and related legal and fiscal obligations and for recruitment requirements.

3. DATA PROCESSING METHODS

Personal information processing is carried out through the following operations: collection, recording, management, storage, consultation, processing, modification, selection, extraction, comparison, usage, interconnection, blocking, communication, erasure and destruction of data.

The user’s personal data are collected following direct transmission to the controller by filling up forms or documents made for such purpose, or put in contracts, or collected through phone by an operator during pre contract activities. Information is treated both through manual elaboration in paper format as well as through electronic or automated tools, digital or telecommunication based. The information collected is then saved and stored by the controller in paper and digital archives, guarded and kept under control in order to reduce to the minimum the risk of data loss or destruction, even accidental, unauthorised access or processing not allowed or not complying with the aim of collection.

Data are processed by the controller or collaborators of the controller, duly trained to do so.

4. NATURE OF DATA TRANSMISSION

Personal data transfer aimed at processing is optional. However, the missing data transfer, be it partial or total, can cause the partial or total impossibility of establishing or continuing the relationship with the data subject, within the limits in which data are needed for its execution.

The transfer of data for marketing purposes is also optional. The user can therefore decide not to provide any information or deny later on the chance to process data already provided: in that case he or she shall not be able to receive newsletters, sales and advertising material in general concerning the services offered by the Controller.

5. ADDRESSES OR POTENTIAL CATEGORIES OF ADDRESSEES OF PERSONAL DATA

The user’s data processing is carried out by the controller’s internal resources (employees, collaborators, system administrators), defined and authorised according to the instructions provided in compliance with the privacy and data protection regulation.

If necessary in order to fulfil the purposes listed in article 2, the user’s personal data can be processed by third parties defined as Entity Responsible of the process (according to article 28 of GDPR) or “autonomous” controllers, and more specifically:

1. by Isituto Oikos S.r.l. for the purposes mentioned in article 2.2, letter “c”;

2. by professionals, companies, associations or professional practices that may provide assistance or consultancy to the controller for administrative purposes, such as legal assistance or recruitment;

3. by public bodies defined by the law and more in general by all the entities defined in the current taxation and accountancy regulation as addressees of mandatory communications;

4. by financial institutions for income and payments and by professionals - as individuals, associations or as a company - for analysis and market research services, for payment management through credit cards or electronic payment tools more generally, couriers, for potential credit recovery or the activities related to the controller’s balance report.

The Updated list of Responsible Entity and those in charge of the processing is kept in the legal office of the controller. In any case, the personal information of the user are not subject to distribution.

6. DATA TRANSFER TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATIONS

Within the management of contracts and voluntary work relationships, User’s data transfer to international organisations linked to Oikos in countries outside the EU could take place.

7. PERSONAL DATA STORAGE PERIOD OR CRITERIA USED TO DETERMINE SUCH PERIOD

For the purposes mentioned at letter “a” (administration, tax and accounting fulfillments) of article 2.2 the data subject’s personal information will be processed and stored by the controller for the whole duration of the contract between the data subject and the controller and at the end of it for any reason, such data will be stored for the period of time established, for each data category, by the current accounting, tax, civil law and processual regulation.

For the purposes mentioned at letter “b” (profiling and marketing) and “c” (marketing and profiling by third parties) the personal information of the User will be processed and stored by the Controller until consent shall be revoked by the User or he/she will exercise the right to oppose the treatment of personal data or that of their deletion.

For the purposes mentioned at letter “d” (curricula vitae) personal information could be processed and stored by the Controller for a maximum period of 120 months since the date they were received.

8. USER’S RIGHTS

NAs the Interested party and in relation to the processes described in the current policy, the User has the rights described in articles 7, from 15 to 21 and 77 of the GDPR and, in particular:

Right of access – article 15 GDPR: the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data and a copy of them.

Right of rectification – article 16 GDPR: the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and /or to have incomplete personal data completed.

Right to erasure (‘right to be forgotten’) – article 17 GDPR: the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.

Right to restriction of processing – article 18 GDPR: The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; persola data are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing pursuant to Article 21 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability – article 20 GDPR: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided. Moreover, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object – article 21 GDPR: the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on either the lawfulness of legitimate interest or the performance of a task of public interest or the performance of a public duties, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right of withdrawal of consent – article 7 GDPR: the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint – article 77 GDPR: every data subject shall have the right to lodge a complaint with a supervisory authority, Piazza di Montecitorio 121, 00186, Roma (RM).

9. modalities for the exercise of the rights of the data subject

The data subject shall have the right to exercise his or her right at any time by sending a communication through registered letter to: Istituto Oikos - n.2, via Margatti -21100 Varese, or a communication via certified e-mail to istituto.oikos.onlus@pec.it

In order to exercise the rights mentioned in the current policy and receive any information related to them, the data subject shall contact the controller who, also through the nominated facilities, shall take on responsibility of the request and provide the data subject, without undue delay or within a month from receiving the request, with the information regarding the action undertaken on his or her request.

The exercise of the rights by the data subject is granted under article 12 of GDPR. However, where requests clearly unfounded or excessive, also for their repetitiveness, shall occur, the controller could either charge the data subject a reasonable expense, in the light of the administrative costs payed to manage the request, or deny the request.




Istituto Oikos’ Cookie Policy

Cookies are small amounts of information stored in files within your computer's browser, which assist the website owner in the service supply according to the purposes mentioned. Some of the purposes of installing cookies could require the user’s consent. When Cookies installation takes place after consent, such consent can be withdrawn at any given moment following the instructions in this document.

Technical and aggregate statistics cookies

Activities strictly necessary to the website functioning www.istituto-oikos.org uses Cookies to save the user’s last session and to run operations strictly necessary to the functioning of www.istituto-oikos.org, such as those related to traffic distribution.

Saving preferences, optimisation and statistics www.istituto-oikos.org uses Cookies to save navigation preferences and improve the user’s experience. Among these Cookies are for instance those used for language set up and statistics management run by the website owner.

Other types of Cookies or tools that could install them

Some of the services mentioned below collect aggregate and anonymous data and might not require the user’s consent or might be directly managed by the Controller—depending on what is described—without involving any third party. If third party services are among the tools listed below, those could run user’s tracking activities, in addition to what already specified and without the user’s knowledge.

Interactions with external platforms and social media
This type of services enables interactions with social networks, or other external platforms, directly from www.istituto-oikos.org. Interactions and information acquired by www.istituto-oikos.org are subject to privacy settings chosen by the user for each social network. If there is a social network interaction service installed, the service, even when not used, could collect traffic data about the pages on which it is installed.

Like button and Facebook social widgets (Facebook, Inc.)
Like button and Facebook social widgets are interaction services with social media Facebook, provided by Facebook, Inc.
Personal data collected: Cookies and usage data.
Data handling location: United States – Privacy Policy.

Linkedin button and social widget (LinkedIn Corporation)
LinkedIn button and social widgets are interaction services with social media Linkedin, provided by LinkedIn Corporation.
Personal data collected: Cookies and usage data.
Data handling location: United States – Privacy Policy.

Tweet button and Twitter social widgets (Twitter, Inc.)
Tweet button and Twitter social widgets are interaction services with social media Twitter, provided by Twitter, Inc.
Personal data collected: Cookies and usage data.
Data handling location: United States – Privacy Policy.

Instagram button and social widget
Instagram button and social widgets are interaction services with social media Instagram, provided by Instagram Corporation.
Personal data collected: Cookies and usage data.
Data handling location: United States – Privacy Policy.

YouTube button and social widget (Google Inc.)
YouTube button and social widget are interaction services with social media You Tube, provided by Google Inc.
Personal data collected: Cookies and usage data.
Data handling location: United States – Privacy Policy.

Statistics
The services mentioned in this section allow the Owner to monitor and analyse traffic data and are used to track the user’s behaviour.

Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses Personal Data to track and analyse the use of www.istituto-oikos.org, compiles reports and share them with other services developed by Google.
Google could use Personal Data to put in context and customise ads belonging to its advertising network.
Personal data collected: Cookies and usage data.
Data handling location: United States – Privacy PolicyOpt Out.

Google Analytics cwith anonymous IP (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses Personal Data to track and analyse the use of www.istituto-oikos.org, compiles reports and share them with other services developed by Google.
Google could use Personal Data to put in context and customise ads belonging to its advertising network.
This integration of Google Analytics makes your IP address anonymous. It works by shortening the IP address of users, within the borders of the European Union member countries or in other countries within the European Economic Area. Only in exceptional cases, the IP will be sent to Google servers and shortened within United States.
Personal data collected: Cookies and usage data.
Data handling location: United States – Privacy PolicyOpt Out.

How can I give my consent to Cookies installation?

In addition to what pointed out in this document, the User can manage relevant cookies references directly from their browser and avoid for instance installation by third parties. Through browser preferences it is also possible to delete Cookies installed in the past, including Cookies where it is possible to store the consent to Install Cookies by this website. The User can find information on how to manage Cookies through the most widespread browsers such as: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.

With reference to cookies installed by third parties, the User can also manage their own settings and withdraw their consent by visiting the relevant opt out link (when available) using the tools described in the third party privacy policy or by directly getting in touch with them.

In addition to what stated above, the user can take advantage of the information provided by EDAA (UE), Network Advertising Initiative (USA) e Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services. Through such services you can manage preferences regarding the tracking of most advertising tools. Therefore, the Controller suggests using such resources in addition to the information provided by this document.

The data controller and data processori

Istituto Oikos is the owner and the entity processing personal information, with legal base in Varese, n. 2 Via Magatti, and operational headquarters in Milan, n. 1 Via Crescenzago, and represented by the pro tempore legal representative based in the office of Istituto Oikos at the above mentioned address. Email address of the owner: privacy@istituto-oikos.org

Since the installation of cookies and other tracking systems operated by third parties through the services used by www.istituto-oikos.org can’t be controlled by the owner, every specific reference to Cookies and racking systems installed by third parties should be considered as approximate. Given the objective complexity to identify technologies based on Cookies, the user is invited to contact the owner whenever requiring any additional information about the use of Cookies through www.istituto-oikos.org.

Definitions and legal references

Personal Information (or Data) Personal information is every data that can directly or indirectly identify a physical person, even in relation to any other information, included the identification number.

Usage data The information automatically collected through ww.istituto-oikos.org (also through third parties applications implemented within www.istituto-oikos.org) among which: IP addresses or domain names of computers used by the User to connect to www.istituto-oikos.org, the time of request, the method used to forward the request to the server, the size of the file received in reply, the code number showing the server reply status (success, error, etc) the country of origin, the features of the browser and operative system used by the visitor, the different timing information (such as the amount of time spent on every website page) and the details of the browsing itinerary of the visit within the application, with specific reference to the sequence of pages visited, the operative system parameters and the IT environment of the User.

The user The person using www.istituto-oikos.org who, unless stated differently, coincided with the person involved.

Person involved Physical person to whom the personal information refer.

The data processor (or Processor) The natural person, legal entity, public administration or any other body that processes data on behalf of the controller, according to what stated in the current privacy policy.

The data controller (or Controller) The natural person, legal entity, public authority, the service or other body that, singularly or together with others, defines the aim, means and tools of the data processing, including the security measures used for the use and functioning of www.istituto-oikos.org. The data controller, if not stated differently, is the legal representative of Istituto Oikos.

www.istituto-oikos.org (or this application) The software and hardware Users data are collected and managed.

Service The service provided by www.istituto-oikos.org, so as defined by the relevant terms (if present) in this website/application.

European Union (or EU) A part from where differently stated, every reference to the European Union contained in this documents refers to all the current member states fo the European Union and European Economic Area.

Cookie Small portion of data saved within the User’s device.

Legal Reference The current privacy policy is drafted according to different judicial systems, including the articles 13 e 14 of the Regulation (EU) 2016/679.

Want to learn more?


Since 1996 we have devised and developed over 300 projects in Italy, Europe and in the South of the world. Discover how we carry out our commitment to safeguarding the environment and promoting sustainable development.

X
Let's keep in touch

Do you like Oikos activities?
Subscribe to our newsletter below.
Privacy Policy