fresh foundation

Privacy Policy – Fresh Foundation

Privacy Notice pursuant to Articles 13–14 of Regulation (EU) 2016/679

Data Subjects: Users submitting information requests and/or contact inquiries via the “Contact” page of the website www.ffresh.it

Fondazione Fresh, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679 (hereinafter “GDPR”), hereby informs you that the aforementioned legislation provides for the protection of data subjects with regard to the processing of personal data, and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and protection of your privacy and rights.

Your personal data will be processed in compliance with the legal provisions of the above-mentioned regulation and the confidentiality obligations therein.

Purpose and legal basis of processing: in particular, your data will be used for purposes related to the performance of contractual or pre-contractual obligations, such as processing requests for information submitted through the “Contact” form available on the Foundation’s website.

Methods of processing. Your personal data may be processed in the following ways:

  • by means of electronic data processing systems;
  • manually, through paper-based filing systems.

All processing is carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures.

Your data will be processed exclusively by personnel expressly authorized and trained by the Data Controller, in particular by staff of the Administration Office.

Disclosure of data:
Your data may be disclosed to external parties for the proper management of the relationship, including, in particular, the following categories of recipients, all duly appointed as Data Processors where required:

  • web service providers for the management and maintenance of the platform;
  • subcontractors, also appointed as sub-processors.

Data dissemination: Your personal data will not be disclosed in any way.

Your personal data may be transferred, limited to the purposes indicated above, to the following countries:

  • EU countries (Republic of Ireland).

Data retention period. In accordance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, your personal data will be retained:

  • for a period not exceeding that necessary to achieve the purposes for which the data are collected and processed for the performance of contractual purposes;
  • for a period not exceeding the provision of the requested services. Without prejudice to your right to unsubscribe from mailing lists (opt-out) and to request the erasure of your data by exercising your rights, the retention period may also vary depending on the number of interactions you have with the communications sent, as well as on the frequency with which you or your organization purchase services provided by Fondazione Fresh.

Data Controller: The Data Controller, pursuant to the law, is Fondazione Fresh (Via Provinciale Cotignola n. 17, 48022 Lugo (RA), Italy; VAT No.: 01209030334), in the person of its legal representative pro tempore, who can be contacted at: info@ffresh.it

You have the right to obtain from the Data Controller the erasure (right to be forgotten), restriction, updating, rectification, portability of your personal data, as well as to object to their processing. More generally, you may exercise all the rights provided for under Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subject

  1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exist, even if not yet recorded, to receive such data in an intelligible form, and to lodge a complaint with the Supervisory Authority.
  2. The data subject has the right to obtain information regarding:
  1. the origin of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied in the event of processing carried out with the aid of electronic instruments;
  4. the identification details of the Data Controller, Data Processors, and the representative designated pursuant to Article 5(2);
  5. the entities or categories of entities to whom the personal data may be disclosed or who may become aware of such data in their capacity as designated representatives within the territory of the State, data processors, or authorized persons.
  1. The data subject has the right to obtain:
  1. the updating, rectification, or, where interested, integration of the data;
  2. the erasure, anonymization, or restriction of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  3. certification that the operations referred to in points (a) and (b) have been notified, including their content, to those to whom the data have been disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right being protected;
  4. data portability.
  1. The data subject has the right to object, in whole or in part:
  1. on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of the collection;
  2. to the processing of personal data concerning them for the purposes of sending advertising materials, direct sales, market research, or commercial communications.