INFORMATION PURSUANT TO ARTICLES 13-14 OF EU REGULATION NO. 2016/679 ON THE PROCESSING OF PERSONAL DATA
Dear navigator,
The International Association Le Vie di Leonardo Da Vinci – ETS hereby informs you that, pursuant to Articles 13 and 14 of European Regulation no. 2016/679 (GDPR), the data acquired and/or provided by you will be processed in compliance with the regulations referred to below.
ROLES
The Data Controller is: International Association “Le Vie di Leonardo Da Vinci – ETS, Via Giorgio la Pira 1 Vinci 50059 FI, leviedileonardoadavinci@gmail.com
TREATMENT METHODS
Processing consists, for example, in the collection, recording, organization, storage, retrieval, consultation, use, communication, and deletion of personal data. It is carried out, for the aforementioned purposes, in accordance with the principles (pursuant to Article 5 of GDPR No. 2016/679) of lawfulness, fairness, transparency, data minimization, and accuracy. The data is processed using telephone, paper, computer, and electronic means. Processing is carried out using appropriate tools and appropriate technical and organizational measures to ensure security, integrity, and confidentiality, particularly avoiding the risk of loss, unauthorized access, unlawful use, and dissemination, in compliance with the provisions of Article 32 of GDPR No. 2016/679, by the data subjects and in compliance with the provisions of Article 29 of GDPR No. 2016/679 and Article 2-quaterdecies of the Privacy Code.
NATURE OF THE DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND
Providing data for mandatory purposes does not require explicit consent. Without this data, we will not be able to provide our services. Providing data for other purposes is optional and requires your explicit consent. If you do not provide consent, you will not receive newsletters, informational materials, or commercial communications regarding the services offered by the Data Controller or third-party companies. However, you will still have access to our services.
We process your personal information only when there is a legal basis for such processing. Legal bases include:
- Your consent to the processing activities in question
- Compliance with legal obligations that we are required to meet
- The execution of rules dictated by laws or regulations, or by contracts, agreements or other legal instruments
- Studies conducted by research institutions, preferably on anonymized personal information
- The execution of a contract and related pre-contractual obligations, if you are a party to such contract
- Exercising our rights in court, administrative proceedings or arbitration
- The defense or protection of your physical safety or that of a third party
- Health protection, in the context of procedures implemented by healthcare entities or professionals
- Our legitimate interests, provided that your fundamental rights and freedoms do not override those interests
- Credit protection.
DATA ACCESS
Your data may be made accessible for the purposes listed below:
- To the Data Controller's employees and collaborators in their capacity as data processors and/or system administrators;
- To third-party companies or other entities (for example: professional firms, consultants, software houses that provide management software, credit institutions, insurance companies, etc.) that perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
Among the types of Personal Data collected by this Website, either independently or through third parties, there are: Trackers; Usage Data; name; email address; website; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); number of Users; city; device information; session statistics; browser information; answers to questions; clicks; keypress events; motion sensor events; mouse movements; position relative to scrolling; touch events.
DATA COMMUNICATION
The Data Controller may disclose your data to public administrations, supervisory bodies, and/or judicial authorities, as well as to any other parties to whom disclosure is mandatory or required by law. Your data will not be disclosed.
DATA RETENTION
All personal data provided will be processed in compliance with the principles of lawfulness, fairness, relevance, and proportionality, exclusively using the necessary methods, including computerized and electronic means, to pursue the purposes described above. Personal data will be retained for a period of 6 years following the last contact with the data subject or until the data subject requests deletion. In this case, data related to the data controller's legitimate interests or necessary to fulfill legal obligations may still be retained. Please note that the information systems used to manage the information collected are configured, from the outset, to minimize the use of personal data.
RIGHTS OF THE INTERESTED PARTY
As the data subject, you have the rights set forth in Articles 15 et seq. and 77 of the GDPR, specifically the rights to:
- Obtain confirmation from the data controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
- Obtain from the data controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement;
- Obtain information from the controller without undue delay concerning your personal data where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); the personal data have been unlawfully processed; the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- Obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; the data subject has objected to processing pursuant to Article 21, paragraph 1, pending the verification whether the legitimate grounds of the controller override those of the data subject;
- Receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the processing is carried out by digital means. In exercising his or her right to data portability, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible;
- Object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her pursuant to Article 6, paragraph 1, letters e) or f), including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such marketing;
- Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
- Right to lodge a complaint with a supervisory authority pursuant to Article 77.
HOW TO EXERCISE YOUR RIGHTS
You may exercise your rights at any time by contacting the Data Controller at the following email address: leviedileonardoadavinci@gmail.com
EXTERNAL MANAGERS AND APPOINTED PERSONS
The updated list of external managers and data processors is kept at the registered office of the Data Controller.
MODIFICATION OF THE CURRENT INFORMATION
This policy was drafted on October 3, 2025 and may be subject to change over time, including as a result of additions or amendments to applicable laws and regulations. Interested parties are encouraged to consult this page frequently.
Icons Of Atlantic Srl. licensed CC BY 4.0. Free use without deleting this mention