Information on the processing of personal data.
This page describes how this site is managed with regard to the processing of personal data of users who consult it. This information is provided in accordance with current legislation on personal data for users who interact with the services of this site in the framework of the EU Regulation 2016/679. The information is provided only for this site and not for other websites that may be consulted by the user through our links.
Following consultation of the website, data relating to identified or identifiable persons may be processed. The controller of such data is WE WORLD ONLUS based in via Serio 6, Milan.
Place of data processing.
The processing operations connected to the web services are carried out only by technical personnel of the Office in charge of processing, or by persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated.
Purposes and legal basis of the processing.
The personal data provided by users who submit requests or intend to use services or products offered through the website as well as to receive further specific content are used only to respond to requests or perform the service requested and are communicated to third parties only where this is necessary for that purpose. The legal basis for this processing is the need to respond to the requests of the data subjects or to perform activities provided for in the agreements defined with the data subjects.
The data may be used for institutional communication activities or to provide additional services and feedback to requests of the data controller. The legal basis for this processing is the freely expressed consent by the data subject.
Apart from these cases, users’ browsing data are kept for the time strictly necessary for the management of processing activities within the limits provided for by law.
Types of data processed.
The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified data subjects but, by its very nature, could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code showing the status of the response from the server (successful, error, etc..) and other parameters regarding the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the website and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.
Data provided voluntarily by the user.
The optional, explicit and voluntary sending of electronic mail to the addresses specified on the website entails the subsequent acquisition of the sender’ address, necessary to respond to requests, and any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the website set up for particular services on request.
Optional provision of data.
Apart from the information specified for browsing data, the user is free to provide personal data to request the services offered by the Controller. Failure to provide such data may make it impossible to obtain what has been requested.
Processing methods and data retention time.
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are adopted to prevent the loss of data, illicit or incorrect use and unauthorized access. The data are kept for the time strictly necessary for the pursuit of the purposes specified in this information and will be deleted at the end of this period, unless the data must be kept for legal obligations or to enforce a right in court.
Data subject’s rights.
Within the limits and under the conditions provided for by law, the data controller is obliged to respond to requests from the data subject regarding personal data concerning him/her. In particular, according to current legislation:
- The data subject shall have the right to obtain confirmation from the data controller as to whether or not personal data concerning him/her are being processed, and if so, to obtain access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients in third countries or international organizations;
- where possible, the expected period of retention of the personal data or, if this is not possible, the criteria used to determine this period;
- the existence of the data subject’s right to request to the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him/her or to object to the processing of such data;
- the right to lodge a complaint with a supervisory authority;
- where the data are not collected from the data subject, all available information on their origin;
- the existence of an automated decision-making process, including profiling.
- The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
- The data subject has the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay, and the data controller has the obligation to erase the personal data without undue delay within the limits and in the cases provided for by current legislation. The data controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification or erasure or limitation of processing within the limits and in the forms provided for by current legislation.
- The data subject has the right to obtain the limitation of processing from the controller.
- The data subject has the right to receive any personal data concerning him/her that has been provided to a Data Controller in a structured, commonly used and machine-readable format, and has the right to have such data transmitted to another Data Controller without hindrance by the Data Controller to whom he/she has provided it.
Requests should be sent to the Data Controller at the following e-mail address: firstname.lastname@example.org.
The Data Protection Officer designated by the Controller may be contacted at the following e-mail address: email@example.com.
This version of the information on the processing of personal data was updated on April 27, 2020.