Last Updated on March 16th, 2020
The information is provided pursuant to art. 13 and 14 of the GDPR for the various types of data subjects:
- Users connecting to websites
- Participants in surveys, evaluations or campaign signatories
- Registered Members worldwide
- Community members
- Recipients of the association newsletter
- Recipients of thematic or project, campaign or fundraising newsletters
- Recipients of newsletters and commercial, promotional and sales-oriented communications
- Volunteers for events
- Participants in training courses and events
- Workers and candidates
- Signatories of conventions, contracts, etc.
- Work contacts between partners, customers, suppliers, consultants, collaborators and public administrations, etc.
When necessary, beyond the cases where legal obligations or contractual obligations, the data subject must, in any case after reading the information note, give his/her consent to the processing and communication of his/her data for the purposes and within the limits described below, failing which the World Permaculture Association will be unable to process the data in order to carry out and implement the services requested by or offered to the data subject.
1.1 Processing methods
The processing of personal data, understood as the collection, recording, organisation, storage, processing, modification, deletion or destruction or the combination of two or more of these operations, takes place through manual, IT and telematic tools, including by automated means, with logics strictly related to the stated purposes and, in any case, in order to guarantee security and confidentiality and for the time strictly necessary to achieve the purposes for which they were collected.
Data are processed lawfully and fairly, are collected and recorded for specific, explicit and legitimate purposes, correctly, and if necessary updated, pertinent, complete and not exceeding the purposes of the processing, in compliance with the minimum standards of security and of fundamental rights and freedoms, as well as of the dignity of the data subject with particular reference to privacy and personal identity.
Data may be transmitted to:
- data controllers and processors, both internal to the Data Controller’s organisation, and external, to all organisational levels of the World Permaculture Association and which carry out specific tasks and operations;
- project partners;
- third parties, in the cases provided for by law or by contracts and agreements.
Specific security measures are observed to prevent the loss of data, their illicit or incorrect use and unauthorised access.
The data will be stored until the end of the legal limitation period for defence, or to enforce a right in court, after the purpose (purposes of the processing) for which the data was collected has been exhausted.
Personal data will generally not be transferred to a recipient in a third country or to an international organisation outside the European Union (EU) or the European Economic Area (EEA), except in special cases described below.
1.2 Rights of data subjects
The data subject may at any time: exercise his / her rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision processes) towards the data controller, where so envisaged, in accordance with articles from 15 to 22 of the GDPR (https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:32016R0679&from=IT#d1e2168-1-1); lodge a complaint with the Personal Data Authority (www.garanteprivacy.it); and, should the processing be based on consent, revoke this consent, taking into account that the revocation does not affect the lawfulness of the processing based on consent before the revocation.
1.3 Applicable law
The processing of personal data relating to the website is governed by European Reg. (EU) 2016/679, and by Italian legislation, L. Decree no 196 dated 30 June 2003 and subsequent amendments and additions, as well as by the provisions of the Authority for the protection of personal data.
1.4 Contact details
Requests should be addressed to the Data Controller via the addresses firstname.lastname@example.org.
The Data Protection Officer is World Permaculture Association, Fiscal Code 97086490790 Via Barlaam da Seminara 22, 88100 Catanzaro, Italy, in the person of Mr Giuseppe Tallarico, email@example.com.
2 Users connecting to websites
For the internet domain worldpermacultureassociation.com (and related subdomains, including websites, portals, landing pages, forms, apps, etc.) users who navigate and consult these should know that, in relation to the processing of their personal data as users, the processing connected to the web services of these websites takes place first of all at the internet service providers’ facilities used on each occasion to implement and make the website available and also at the headquarters of the joint Data Controllers. The data processed by the appointed personnel and by the designated data processors, including for any maintenance and administration operation of the processing systems, may concern:
2.1 Navigation and technically indispensable data
During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers employed by users who connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and to the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.
2.2 Data provided voluntarily by the user (via forms and emails)
Data relating to identified or identifiable persons may also be processed, based on additional information communicated by the data subject: for example, by filling in data collection forms (forms); or with the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website, which implies the
subsequent acquisition of the sender’s address, necessary to respond to requests, as well as of any other personal data included in the communication.
2.3 E-commerce data and for online payments
The data processed for managing store orders (on the websites where there is one) and for managing online payments include records, addresses, purchase lists, reports and notes. Credit card data are not directly acquired and processed as they are managed directly by the payment system (e.g. Paypal, etc.).Unless opposed, the purchaser is registered in both the association and the commercial newsletters (see the dedicated paragraphs), from which he/she can subsequently unsubscribe.
2.4 Profiling data
The profiling data relating to the habits or consumption choices of the person concerned are not acquired directly. However, it is possible that such information should be acquired by independent or other subjects through links or by incorporating third-party elements. See the following section on Cookies.
Like others, these websites save cookies on the user’s computer browser in order to transmit personal information and to enhance his/her experience. In fact, cookies are small text strings which the websites visited by the user send to his/her terminal (usually to the browser), where they are stored, sometimes for a long time, to be then re-transmitted to the same websites at the next visit.
As explained below, it is possible to choose whether and which cookies to accept, bearing in mind that refusing their use may affect the ability to perform certain transactions on the website or the accuracy and adequacy of some proposed customised content or the ability to recognise the user from one visit to the next. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: however, this decision can be notified or changed at any time.
In particular, so-called session cookies are used, which are not stored permanently on the user’s computer and disappear when the browser is closed and whose use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) required to allow the safe and efficient browsing of the website and which avoid the use of other IT techniques which may potentially damage users’ browsing privacy and do not allow acquiring the user’s personal identification data.
Analytics cookies are used, in order to help understand how visitors interact with the website’s contents, by collecting information (geographical and web origin, technology used, language, entry pages, pages visited, length of visits etc.) and generating website usage statistics without the personal identification of individual visitors. All these should be considered technical cookies for which, since consent is not required, the opt-out mechanism applies. Technical cookies are not transmitted to third parties as they are necessary or useful for the website to function; therefore they are processed only by persons qualified as processors or system administrators.
Some people prefer not to enable cookies and for this reason almost all browsers offer the option of managing them in order to respect users’ preferences. Some browsers allow setting rules to manage cookies for each individual website, an option which offers a more precise control over privacy. This means that cookies on all websites can be disabled, except on those which are trusted.
Another function available on some browsers is the private browsing or incognito mode, so that all cookies created in this mode are deleted after closing.
See the instructions contained in the links to learn more about cookie management in the relevant browsers:
- Chrome: https://support.google.com/chrome/answer/95647?hl=it
- Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Internet Explorer 11: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookie
- Internet Explorer 9: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookie-in-internet-explorer-9
- Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT
2.6 Purposes of data processing, transmission and dissemination
The personal data collected are only used to carry out the services requested and are transmitted to third parties only if this is necessary for that purpose. Services include: consultation and mere use of the website and its contents; registration and access to the private area; donations and payments; subscription and receipt of the newsletter; reports; contact requests; etc.
In any case, no data deriving from the web services is disseminated or published without the prior consent of the data subject.
Finally, please note that in some cases (not falling within ordinary management) the Public Authorities may request information, including of a personal nature, which the Data Controller must answer.
2.7 Optional supply of data
Apart from what has been specified for navigation and technically indispensable data, the user is free to provide personal data for specific requests concerning products and/or services. Failure to provide certain data, deemed essential, may make it impossible to obtain what is requested.
Effective as of March 16th, 2020