Privacy Policy

This Privacy Policy is provided pursuant to art. no. 13 of the European Regulation no. 679/2016 and applies exclusively to all data collected through the website www.greta-oncoplastic.com

This Privacy Policy, together with the Cookie Policy, establishes the basis on which the User’s personal data will be processed.

Owner and Data Controller

The owner and data controller is G.RE.T.A. Fondazione ETS, with registered office in Via dei Fiorentini, 6, 80133, Neaples.

For any question about this Privacy Policy, about your personal data or about the way we protect your data please contact us by email [email protected]

Methods of processing personal data

The personal data provided or acquired through navigation on this website will be subject to a treatment based on principles of correctness, lawfulness, transparency and protection of confidentiality in accordance with the regulations in force.

The Data Controller processes Users’ personal data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

Types of data collected

The data we collect from all users:

• Technical information on the use of the site, the type and version of the browser, the operating system

• IP address

• Usage data

Usage data is collected automatically when you use the website and may include information such as your device’s Internet protocol address (e.g. IP address), browser type, browser version, pages on our website you visit, the time and date of your visit, the time spent on those pages and other diagnostic data.

Data we may collect

• When you access the website from or via a mobile device, we may automatically collect certain information including, but not limited to, the type of mobile device you use, the unique ID of your mobile device, the IP address of your device mobile, the type of mobile internet browser used, unique device identifiers and other diagnostic data.
• ID of your social media accounts and the information you share with us through your social accounts.
• The authentication status of third party when you visit our website trough a mobile application (for example if you are currently logged into Facebook or other social media accounts).

Categories of personal data processed

Among the personal data processed by this Website, either independently or through third parties, there are: Cookies, usage data, Email and Name.

Personal data can be collected independently by the Data Controller or through third parties. Personal data may be provided voluntarily by the User when using the website, by filling in the contact form and when communicating with the Data Controller by email. Additional personal data collected may be indicated in other sections of this Privacy Policy or by information texts displayed together with the data collection.

The optional, explicit and voluntary sending of e-mails via the Contact Form or by means of the addresses indicated on this website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the email.

The consent to the provision of data by the User is necessary to be entered in the Data Controller’s database and for the purposes of establishing and correctly carrying out what is offered by the same to its Users, as well as to third parties for the fulfillment of the single activity requested.

Failure to provide, therefore, prevents registration in the Data Controller’s databases, the completion of any contracts, as well as the execution of the same and any other activity.

Tools used for processing personal data

Contact Form

By filling in the contact form with their data, the User consents to their use to respond to requests for information or for any other purpose indicated by the header of the form. Personal data collected: E-mail and Name.

Contact Form 7 (Rock Lobster, LLC.)

Contact Form 7 is a form creation and management service that allows this website to integrate such content within its pages. Personal Data collected: E-mail and Name. Various types of Data as specified in the Privacy Policy of the service. Place of Processing: USA – Privacy Policy: https://contactform7.com/privacy-policy/

Donation form

By filling in the donation form with their data, the User consents to their use to complete the payment procedure. Personal data collected through the contact form: E-mail, Name and Surname.

GiveWP (LiquidWeb, LLC.)

GiveWP is a creation and management service for donations that allows this website to integrate such content within its pages. Personal Data collected: E-mail, Name and Surname. Various types of Data as specified in the Privacy Policy of the service. Place of Processing: USA – Privacy Policy: https://givewp.com/privacy-policy/

SOCIAL NETWORKS

To enrich your personal information, we may use cookies or other online advertising technologies. Via such technologies, we will collect personal information related to your activities on social media and your browsing activity across different websites and devices. Certain technologies may rely on services provided by other companies acting on their own account (such as social media Facebook, Twitter, Instagram, LinkedIn or other online platforms). These companies have their own privacy and cookies policies and the way they use the personal information you share with them will be subject to their rules and not ours.

Facebook (Meta Platforms Ireland Limited)

Place of processing: Ireland – Privacy Policy https://www.facebook.com/privacy/explanation

Instagram (Meta Platforms Ireland Limited)

Place of processing: Ireland – Privacy Policy

https://help.instagram.com/help/instagram/519522125107875/?locale=en_GB&maybe_redirect_pol=false

LinkedIn (LinkedIn Ireland Unlimited Company)

Place of processing: Ireland – Privacy Policy https://www.linkedin.com/legal/privacy-policy?_l=it_IT

CONTENT ON EXTERNAL PLATFORMS

These services allow you to view content hosted on external platforms directly from the pages of this website and interact with them. In the event that a service of this type is installed, it is possible that, even if the Users do not use the service, the same collects traffic data relating to the pages in which it is installed.

Payment Management

Payment management services allow this Website to process payments by credit card, bank transfer or other methods. The Data used for payment are acquired directly by the operator of the requested payment service without being processed in any way by this Site. Some of these services could also allow the programmed sending of messages to the User, such as e-mails containing invoices or payment notifications.

This Website uses the following service:

Stripe (Stripe Payments Europe Ltd.)

Stripe is a payment service provided by Stripe Payments Europe, Ltd., which allows the User to make donations or payments online using their Stripe credentials. Personal Data collected: Various types of Data as specified in the privacy policy of the service. Place of processing: USA – Privacy Policy: https://stripe.com/it/privacy

How we use your data

We use your personal information we collect to provide you with the requested service, innovate our technology and optimize your browsing experience. We may use the personal data of all visitors to the site to administer and improve the site and to optimize its infrastructure.

Purpose of the processing of personal data and legal basis

Personal data can be collected independently by the Data Controller or through third parties. In this case, the computer systems and software procedures used to operate this Website acquire some personal data of the Users, of a technical/IT nature (e.g. IP address, type of browser used, operating system, domain name and the addresses of websites from which access or exit was made, etc.), the transmission of which is inherent to the normal functioning of the internet.

These data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning and will be deleted immediately after processing.

The data that the User chooses to provide spontaneously are collected to allow the Website to provide its services, as well as for the following purposes:

a) fulfill the obligations arising from the contract between the User and the Owner for the sale of the Products on the Website and to provide the information requested by the User. This treatment is mandatory for the execution of the contract of which the User is a party, for the execution of pre-contractual measures or to fulfill a legal obligation to which the Data Controller is subject to;

b) fulfill any type of obligation contemplated and envisaged by current laws, regulations, related laws and commercial uses, in particular, in tax/fiscal matters. This treatment is mandatory to fulfill a legal obligation to which the Data Controller is subject to;

c) other subsidiary purposes or related to those indicated above and, in any case, falling within the scope of the Website’s activities;

d) follow up on the specific requests addressed to the Owner by the User for informative communications relating to the Services of the same Owner, via e-mail messages. This processing is optional and based on the User’s consent, however failure to communicate one or more data will make it impossible to respond to the request for information and to use the services offered by the Owner.

Information we share

In addition to the Data Controller, in some cases, they may have access to the data:

a) Persons in charge of processing, specifically trained for this involved in the organization of the Website (administrative, commercial, marketing, lawyers, system administrators).

b) External subjects (such as third-party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Data Controller pursuant to art. no. 28 GDPR. The updated list of Data Processors, if appointed, can always be requested to the Data Controller.

c) Public or private subjects who can access the data in compliance with legal obligations;

d) persons who perform subsidiary and instrumental tasks with respect to the activity of the Data Controller.

Place of processing and transfer of data abroad

The Data are processed at the Data Controller’s operational headquarters.

For more information, you can contact the Data Controller. The Data may be processed by natural persons and/or legal entities operating on behalf of the Data Controller and by virtue of specific contractual obligations and based in EU or extra EU member countries.

If the Data is transferred outside the EEA, the Data Controller will take all appropriate contractual measures to ensure adequate data protection.

Time of Treatment

The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.

In particular:

a) The data collected for contractual obligations will be kept for the time necessary to carry out the aforementioned purposes and in accordance with the provisions of the law.

b) The data collected for fiscal/administrative obligations or contractual obligations will be kept for the time necessary to carry out the aforementioned purposes and in accordance with the provisions of the law.

c) The data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until this interest is satisfied.

d) The data collected based on the User’s consent may be kept until such consent is revoked

e) The data may be kept by the Data Controller for a longer period in compliance with legal obligations or by order of an authority.

The User can obtain further information regarding the legitimate interest pursued by the Owner by contacting the Owner. At the end of the retention period, personal data will be deleted and therefore, the rights of access, cancellation, rectification and data portability can no longer be exercised.

How to update and modify data

For users in the European Union, the European Economic Area and Switzerland, there is also the right to:

a. access to personal data;

b. obtain the rectification or cancellation of the data or the limitation of the treatment;

c. oppose to the treatment;

d. data portability;

e. revoke the consent, where provided: revoke the consent doesn’t affect the lawfulness of the processing based on the consent given before the withdrawal. Withdrawal of consent includes the option to unsubscribe from our e-mailing list at any time or to contact us to request to be excluded from our text message lists.

f. to file a complaint with the supervisory authority (www.garanteprivacy.it).

For your protection we can only share and update the personal data associated with the e-mail address you use to send us your request. We may need to verify your identity before doing so. We will respond to such requests in a reasonably time. Please do not send sensitive personal data, passwords or credit card details by e-mail.

Information Security

We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure, or destruction of information we hold, in particular:
– We encrypt many of our services using SSL and HTTPS protocol to make sure the moment in which Personal Data are entered.
– We review our information collection, storage, and processing procedures, including physical security measures, to guard against unauthorized access to systems.
– We restrict access to personal information to our employees and contractors who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

How we protect your data

Your data may be communicated abroad.

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested at any time.

Cookie

A cookie is a string of information that a website stores on a visitor’s computer and that the visitor’s browser provides to the website each time the visitor returns. Cookies can be used to make the user experience more efficient and to personalize content and ads, provide social network functions and analyze traffic.

They can be used by websites to make the user experience more efficient and to personalize content and ads, provide social network functions and analyze traffic.

For any information on the cookies on this Website, please consult our Cookie Policy (inserire link alla cookie policy)

Privacy Policy Changes

Although most changes are likely to be minor, we may change our Privacy Policy from time to time, and in our sole discretion. We encourage visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Privacy Policy updated on December 2022