The Data Controller is Compagnia di San Paolo, Corso Vittorio Emanuele II, 75 10128 Turin, Italy.
Purposes: Data will be processed for the following purposes:
- a) to send communications (emails, landing pages) to manage subscriptions to the newsletter (confirmation of subscription, confirmation of unsubscription, change of details, etc.)
- b) to send communications regarding the activities and initiatives of Compagnia di San Paolo and to reply to requests received by the Data Controller in response to the above communication (e.g. clicks on linked web pages, emails, etc.), recording them;
- c) to personalise the above communications based on the recipient’s interests: nature of the interest (personal or professional), professional sector, geographical area (province, municipality), relevant company/organisation, nature of Compagnia di San Paolo’s intervention (philanthropy, culture goal, people goal, planet goal)
Legal basis: (article 6.1(a) of European Regulation 679/2016) Free and explicit consent of the interested party provided by conclusive action (a) sending the form to request the newsletter, b) further confirmation by email, c) enabling profiling)
Retention period or criteria: The data will be stored: i) until the data subject unsubscribes from the newsletter service or, ii) in the event of no interaction due to hard bounce (i.e. three consecutive attempts to deliver the email that have failed)
The processing will always be based on principles of decency, lawfulness, transparency and protection of the privacy and rights of the parties involved. In particular, in order to verify the recipient's actual willingness to receive the newsletter, a double-opt-in mechanism will be used, whereby the recipient will receive an email containing a registration confirmation link: their data will not be used to send the newsletter until confirmation has been received, but they will be notified with further confirmation request notices for the next 3 days every 24 hours, after which they will no longer be on the waiting list and their data will be removed.
In ogni email della newsletter è indicato sia un link per la cancellazione, sia uno per la modifica dei dati; pertanto, nel caso il destinatario inoltri il messaggio ricevuto ad un suo contatto, quest’ultimo potrebbe disiscriverlo o modificare i suoi dati.
Every newsletter email contains both a link for unsubscribing and one for changing details; therefore, if
recipients forward the message received to one of their contacts, the latter can unsubscribe or change
their details.
Mandatory or optional nature of data provision. The provision of the requested data is optional, however any failure to provide the details required (name, surname, email) or the provision of incomplete or inaccurate details, may result in failure to subscribe to the newsletter.
Recipients or Categories of recipients. Personal data will be processed by the Data Controller, and by the persons it has strictly authorised to do this, or by the persons named as responsible for the processing (such as the mailing system providers)
The data will not be disseminated.
Right to complain to the supervisory authority. The data subject has the right to lodge a complaint with the Supervisory Authority (For Italy: Garante per la protezione dei dati personali www.garanteprivacy.it).
Rights of data subjects. Data subjects may at any time exercise the right to access the personal data, correct and delete it, restrict and object to the processing, and transfer it as stated in articles 15-22 of European Regulation 679/2016 by sending a request to email address privacy@compagniadisanpaolo.it . Details may also be amended by using the link contained in every newsletter email.
Right to revoke consent. The data subject has the right to revoke their consent at any time by sending a request by email to privacy@compagniadisanpaolo.it The unsubscribe link at the foot of every newsletter email can also be used for this purpose.
Existence of an automated decision-making process. The processing does not involve an automated decision-making process.
Transfer of data to a third country or international organisation. The Data Controller will not transfer their personal data to a third country or international organisation.