The Association for the Meditation of Awareness (VIipassanā) – A.Me.Co. (or, below, also in brief A.Me.Co. o Association or Association A.Me.Co. ) as Data Controller (hereinafter: “Controller”) in accordance with EU Regulation 679/2016 (hereinafter: “Regulation”) – considers privacy and the protection of personal data to be one of the main objectives of its activities.
It describes the personal data processing activities carried out by the Association A.Me.Co. through the website https://www.associazioneameco.it/ (hereinafter: “Site”), the relative commitments undertaken in this regard and is an integral part of it in relation to the services offered. This information does not concern other sites, pages or online services accessible through hypertext links that may be published on sites but refer to resources outside the domain of the Owner. The Association may process your personal data when you visit the Site and use the services and features on it. In the sections of the Site in which the user’s personal data is collected, a specific notice is normally published, as provided for by EU Reg. 2016/679.
By processing of personal data we mean any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction and may consist – even depending on your decisions on how to use the services – of textual information, photographic or video images and / or any other information likely to make the person concerned identified or identifiable, depending on the type of services requested.
Finally, we inform you that the processing of your personal data will be based on principles of correctness, lawfulness, transparency, purpose and storage limitation, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability under art. 5 of the Regulation. Your personal data will therefore be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations provided for therein.
- DATA CONTROLLER
- PERSONAL DATA SUBJECT TO PROCESSING
- Navigation data
- Data provided voluntarily by you
- Third party data voluntarily provided by you
- Data processed in interaction with social networks
- Special categories of data
- PURPOSE OF PROCESSING
- LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
- RECIPIENTS OF PERSONAL DATA
- TRANSFERS OF PERSONAL DATA
- LINKS TO OTHER WEBSITES
- SECURITY AND QUALITY OF PERSONAL DATA
- STORAGE OF PERSONAL DATA
- THE RIGHTS OF THE DATA SUBJECT
- Art. 15 (right of access), art. 16 (right of rectification) of EU Reg. 2016/679
- Right under Article 17 of EU Regulation 2016/679 – right to erasure (“right to be forgotten”)
- Right under Art. 18 Right to limitation of treatment
- Right under Article 20 Right to data portability
- Withdrawal of consent to processing
1. DATA CONTROLLER
The Data Controller is the Association for the Meditation of Awareness (Vipassanā) – Tax Code 97057150589, with registered office and operations in Rome (RM) Vicolo d’Orfeo, n. 1, in the person of the pro-tempore Legal Representative of the Association.
2. PERSONAL DATA SUBJECT TO PROCESSING
Visiting and consulting the Site does not generally involve the collection and processing of the user’s personal data except for navigation data and cookies as specified below. In addition to the so-called “navigation data”, personal data voluntarily provided by the user may be processed when the user interacts with the functions of the Site or requests to use the services offered on the Site. This data may consist of an identifier such as your name, your email address, an online identifier or one or more characteristic elements that can make you identified or identifiable, depending on the type of information that you may contain in the text of the message with which you have decided to interact with us (hereinafter only “personal data”).
The personal data processed through the Site are as follows:
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the Site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the operating system and computer environment. These data, where necessary, are used only to obtain anonymous statistical information on the use of the Site to check its proper functioning, to identify anomalies and / or abuse, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site or third parties.
DATA PROVIDED VOLUNTARILY BY YOU
THIRD PARTY DATA VOLUNTARILY PROVIDED BY YOU
In the use of particular services may occur a processing of personal data of third parties, which you communicated to the Association. With respect to these hypotheses, it must be clear that you are the independent Data Controller, assuming all the obligations and responsibilities of the law. In this sense, you hereby indemnify us in the widest possible way in respect of all disputes, claims, requests for compensation for damage caused by processing, etc. that may reach the Data Controller from third parties whose personal data have been processed, through your use of the services of the Site, in violation of the applicable rules on the protection of personal data. In any case, if you provide or otherwise process personal data of third parties in the use of the Site, guarantees from now on – assuming all related liability – that this particular case of treatment is based on the acquisition – on your part – of the consent of the third party to the processing of information concerning him.
DATA PROCESSED IN INTERACTION WITH SOCIAL NETWORKS
Our website pages may contain links to social networking sites (e.g. Facebook). If you access one of our web pages equipped with such a plug-in, by clicking on it, your internet browser connects directly to the servers ofthe social network and the plug-in is displayed on the screen by connecting to the browser. If an interested social network user visits our web pages while they are linked to their social account, their personal information may be linked to their social account. Even if you use the functions of the plug-in, the information will be associated with your social account. Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the privacy of the person concerned in this context, can be found on the pages of thethe social network and the plug-in is displayed on the screen by connecting to the browser. If an interested social network user visits our web pages while they are linked to their social account, their personal information may be linked to their social account. Even if you use the functions of the plug-in, the information will be associated with your social account. Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the privacy of the person concerned in this context, can be found on the pages of thesocial networks of the account, on data protection. If you do not wish to associate your visit to our web pages with your social account, you must log off from the social network before visiting them.
Interaction with social networks and external platforms.
These services allow you to interact with social networks, or with other external platforms. The interactions andinformation acquired are in any case subject to the User’s privacy settings for each social network. If a service of interaction with social networks is installed, it is possible that, even if the Users do not use the service, it collects traffic data relating to the pages where it is installed.
By way of example: Facebook Like button and social widgets (Facebook)
SPECIAL CATEGORIES OF DATA
In the interaction with the Site, even though it deals with religious issues, no information is requested that could lead to the processing of data that fall within the particular categories of personal data referred to in art. 9 of EU Regulation2016/679.
nformation about the cookies served by the Site is available in the specific section dedicated to them, which we invite you to visit.
3. PURPOSE OF PROCESSING
Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:
3.1. to allow the navigation of the Site;
3.2. to find specific requests for information;
3.3. fulfil any obligations under applicable laws, regulations or Community legislation, or meet requests from authorities;
3.4. for statistical purposes, without it being possible to trace your identity.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
The legal basis for the processing of personal data for the purposes referred to in section 3.1, 3.2 is art. 6(1)(b) of the Regulation ([…] the processing is necessary for the execution of a contract to which the person concerned is a party or for the execution of pre-contractual measures taken at the request of the same), as the processing is necessary for the provision of the services requested. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the services requested.
The purpose referred to in section 3.3 represents a legitimate processing of personal data under Article. 6(1)(c) of the Regulation ([…] the processing is necessary to fulfil a legal obligation to which the Data Controller is subject). Once the personal data have been provided, in fact, the processing is indeed necessary to comply with legal obligations to which the Association is subject.
The processing of data referred to in section 3.4 is not performed on personal data and therefore can be freely carried out by the Association.
5. RECIPIENTS OF PERSONAL DATA
5.1. subjects who typically act as data processors, i.e.:i. persons, companies, associations or professional firms that provide assistance and advice to theAssociation on various subjects;ii. subjects delegated to carry out technical maintenance activities;
5.2. persons authorized by the Association to process personal data necessary to carry out activities strictly related to the provision of services, who are committed to confidentiality or have an adequate legal obligation of confidentiality.
6. TRANSFERS OF PERSONAL DATA
Personal data are stored on devices located at the headquarters of the Data Controller or at providers within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the data to countries outside the EU. In this case, the Data Controller hereby guarantees that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of contractual clauses and standard checks provided for by the European Commission.
As regards both the data present on its own devices and any data present at the provider, the Data Controller has put in place adequate technical and organizational measures to ensure an appropriate level of security, in full compliance with the provisions of art. 32 of the EU Regulation.
7. LINKS TO OTHER WEBSITES
Our site may contain links to third party websites. Please note that we are not responsible for the collection, use, management, sharing or disclosure of data and information by these third parties. If you provide information about, and use, third party sites, we will enforce the privacy policies and terms of service use of those sites. We encourage you to read the privacy statements of the websites you visit before submitting any personal information. In some cases, these sites may be jointly branded and display our logos or other trademarks. To find out if you are on our website, please check the URL of the page you are visiting.
8. SECURITY AND QUALITY OF PERSONAL DATA
The A.Me.Co. Association is committed to protecting the security of the user’s personal data and complies with the security provisions of the applicable legislation in order to prevent loss of data, unlawful or illicit use of data and unauthorized access to them. In addition, the information systems and computer programs used are configured in such a way as to minimize the use of personal and identification data; such data are processed only for the achievement of the specific purposes from time to time pursued. The Association uses security technologies and procedures to promote the protection of personal data of users; for example, personal data are stored on secure equipment located in places with protected and controlled access. The user can help and contribute to update and keep correct their personal data by communicating any changes related to their address, contact information, etc..
The European Regulation (GDPR) and the new Privacy Code have prescribed, the obligation not to allow the direct provision of information society services to persons under 14 years of age, unless the consent of parents (it must be ensured that the consent is given by the operator of parental authority) or those who act on behalf of it.
The registration to an online service, therefore, is subject to the rules for the conclusion of contracts, for which it is necessary that the subject is able to appreciate the nature and consequences of his consent.
In any case, parental consent is not always necessary. Under Article 8 of the new European Regulation, parental consent is required only if the processing of children’s data is lawful on the basis of consent. If, on the other hand, the treatment has another legal basis, such as compliance with a legal obligation, legitimate interests, etc., the consent of the parents is not necessary.
Our website is not intended to intentionally request or collect personal data from persons under the age of 14. If we are informed or otherwise discover that a child’s personal data has been incorrectly collected, we will take commercially reasonable steps to delete that information.
10. STORAGE OF PERSONAL DATA
Personal data processed for the purposes referred to in section 3.1 and 3.2 will be kept for the time strictly necessary to achieve those same purposes. In any case, since these are treatments carried out for the provision of services, the Association will keep personal data for the period of time provided for and allowed by Italian law to protect their interests (Art. 2946 c.c. et seq.).
The personal data processed for the purposes referred to in section 3.3 will be kept until the time provided by the specific obligation or rule of law applicable.
It is envisaged that a periodical annual check will be carried out on the data processed and on the possibility of being able to delete them if they are no longer necessary for the purposes envisaged.
11. THE RIGHTS OF THE DATA SUBJECT
ART. 15 (RIGHT OF ACCESS), ART. 16 (RIGHT OF RECTIFICATION) OF EU REG.2016/679
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal dataconcerning him are being processed and, if so, to obtain access to the personal data and the following information:
a. the purposes of the processing;
b. the categories of personal data concerned;
c. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d. the expected period of retention of personal data or, if that is not possible, the criteria used to determine thatperiod;
e. the existence of the right of the data subject to request the controller to rectify or erase personal data or to restrict the processing of personal data concerning him or to object to their processing;
f. the right to lodge a complaint with a supervisory authority;
g. the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, and the importance of and the expected consequences of such processing for the data subject.
RIGHT UNDER ARTICLE 17 OF EU REGULATION 2016/679 – RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”)
The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or herwithout undue delay and the controller shall be obliged to erase personal data without undue delay if one of the following reasons applies:
a. personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b. the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a)or Article 9(2)(a) and if there is no other legal basis for the processing;
c. the data subject opposes processing pursuant to Article 21(1) and there are no overriding legitimate groundsfor processing, or opposes processing pursuant to Article 21(2);
d. the personal data have been processed unlawfully;
e. personal data must be erased in order to fulfil a legal obligation under Union law or the law of the MemberState to which the controller is subject;
f. the personal data have been collected in relation to the provision of information society services as referredto in Article 8(1) of EU Reg. 2016/679
RIGHT UNDER ART. 18 RIGHT TO LIMITATION OF TREATMENT
The data subject has the right to obtain from the Data Controller the restriction of the processing when one of thefollowing situations occurs:
a. the data subject contests the accuracy of the personal data for as long as it is necessary for the controller to verify the accuracy of such personal data;
b. the processing is unlawful and the data subject objects to the deletion of personal data and requests instead that their use be limited;
c. although the controller no longer needs it for the purposes of processing, personal data are necessary for thedata subject to establish, exercise or defend a right in court;
d. the data subject objected to the processing operation pursuant to Article 21(1) of Regulation (EC) No 2016/679 pending verification of whether the legitimate reasons of the Data Controller override those of thedata subject.
RIGHT UNDER ARTICLE 20 RIGHT TO DATA PORTABILITY
The data subject shall have the right to receive in a structured, commonly used and machine-readable format personaldata relating to him which are provided to a controller and shall have the right to transmit such data to another controllerwithout hindrance by the controller.
WITHDRAWAL OF CONSENT TO PROCESSING
The interested party has the right to revoke his or her consent to the processing of his or her personal data by sendinga registered letter with return receipt to the address given in the contact section, accompanied by a photocopy of hisor her identity document, with the following text: “revocation of consent to the processing of all my or her personaldata”. At the end of this operation your personal data will be removed from the archives as soon as possible, together with a photocopy accompanying the request.If you wish to have more information on the processing of your personal data, or to exercise the rights referred to in the previous point, you can send a registered letter with return receipt to the address given in the contact section. Before we can provide you with or change any information, it may be necessary to verify your identity and answer some questions. However, a response will be provided within a short period of time.The forms you can use to exercise your rights can easily be found at this link.
In any case, you always have the right to lodge a complaint with the competent supervisory authority (Guarantor for theprotection of personal data), pursuant to art. 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force.
To exercise the above rights or for any other request please write to:
Association for the Meditation of Awareness (VIipassanā) – A.Me.Co.
- Address: Vicolo d’Orfeo, 1 – 00193 Rome
- Telephone (+39) 06 68 65 148o
- Email: firstname.lastname@example.org