Checkout

TERMS AND CONDITIONS

This information notice is provided pursuant to Article 13 of Legislative Decree No. 196 of 30 June 2003 (“Personal Data Protection Code”) and Article 13 of EU Regulation No. 2016/679 (“General Data Protection Regulation”).

ZEROCENTO Società Cooperativa Sociale ONLUS, having its registered office at Viale delle Ceramiche 43 – 48018 – Faenza (Italy), VAT No. 01012750392, in the person of Arianna Marchi, acting as Data Controller (hereinafter, “Controller”), hereby informs you, pursuant to Article 13 of Legislative Decree No. 196/2003 (hereinafter, “Privacy Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR”), that your personal data will be processed in the manner and for the purposes set out below.

1. Object of the Processing

The Controller ensures the protection of your personal data and complies with the applicable personal data protection laws (Privacy Code and GDPR 2016/679).
Your personal data are processed confidentially and are transferred to third parties only in accordance with this Policy or with your consent.
We process the personal data you provide when using the website and/or after registering on the website.

In particular, we process:

• Personal, identifying and non-sensitive data (specifically: name, surname, tax code, VAT number, email address, telephone number — hereinafter “personal data” or “data”) provided directly by you upon registering on the website and/or when requesting access to specific socio-educational and socio-assistance services offered; nominal data of minor users.

• Data not directly provided by you — and in any case acquired within the limits of Article 14, paragraph 5, GDPR — whose transmission is linked to the use of Internet communication protocols (by way of example only: page access logs, amount of data transferred, status messages after access, session ID numbers, IP addresses, URL addresses, etc.). Such data allow the reconstruction of your navigation path on the website.

2. Purpose of the Processing

Your personal data are processed:

A) Without your express consent (pursuant to Article 24, letters a), b), c), of the Privacy Code and Article 6, letters b), e), of the GDPR) for the following Service Purposes:

• to process a contract request or a pre-contractual request;

• to implement pre-contractual measures adopted at your request;

• to prepare internal statistics;

• to comply with tax obligations arising from existing relationships;

• to fulfil obligations provided by law, regulation, EU legislation or orders of the Authority;

• to safeguard the vital interests of the data subject or of another natural person;

• to perform tasks carried out in the public interest or in the exercise of official authority vested in the Controller;

• to prevent or detect fraudulent activities or abuses harmful to the website;

• to pursue a legitimate interest of the Controller or of third parties, within the limits and under the conditions referred to in Article 6, letter f), GDPR;

• to exercise the Controller’s rights (by way of example, the right of defence in court).

B) Only with your specific and unequivocal consent (pursuant to Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR) for the following Marketing Purposes:

• to send via email newsletters, commercial communications and/or advertising material on products and/or services, different and/or dissimilar from those already purchased, offered by the Controller.

3. Nature of the Provision of Personal Data

The provision of your Data for the purposes described under point 2, letter A), items i) and ii), is mandatory.
Failure to provide such Data will make it impossible for us to register you on the Website or to fulfil your requests.

The provision of Data for the purposes described under point 2, letter B), is instead optional.
You may therefore choose not to provide any Data or to revoke the authorization to process previously provided Data.
In this case, you will no longer receive our newsletters, while you will continue to benefit from our services and maintain the right to remain registered on the website.

4. Methods of Processing

The processing of your personal data is carried out through the operations indicated in Article 4 of the Privacy Code and Article 4, paragraph 2, of the GDPR, namely:
collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.

The processing of your Data will be based on the principles of correctness, lawfulness, and transparency, and may also be performed using automated methods for their storage, management, and transmission.
Processing will be carried out using tools suitable — according to reasonableness and current technology — to ensure security and confidentiality through the use of appropriate procedures that prevent risks of loss, unauthorized access, unlawful use, and dissemination.

5. Data Retention Period

The Controller will process personal data for the time strictly necessary to fulfil the purposes indicated above and for no longer than two (2) years from the collection of the data for marketing purposes.
Once this retention period has expired, the data will be destroyed or rendered anonymous.

6. Access to Data

The personal data processed by the Controller will not be disclosed, meaning they will not be made available to indeterminate subjects in any form, including by making them available or for mere consultation.
They may, however, be communicated to employees working under the Controller and to certain external entities collaborating with it.

In particular, your data may be made accessible to:

• employees and collaborators of the Controller, consultants authorized to manage the website and provide the related services (by way of example: customer service, IT department, etc.), in their capacity as internal Data Processors and/or Persons in Charge of the processing of personal data and/or System Administrators;

• third-party companies or other entities (by way of example only: banking institutions, professional firms, consultants, insurance companies, etc.) performing outsourcing activities on behalf of the Controller, in their capacity as external Data Processors and/or Persons in Charge of the processing of personal data.

Your data may also be communicated, within the strictly necessary limits, to those entities lawfully entitled to access them by virtue of legal provisions, regulations, or EU legislation.

7. Data Disclosure

Without your express consent (pursuant to Article 24, letters a), b), d), of the Privacy Code and Article 6, letters b), c), of the GDPR), the Controller may disclose your data for the purposes mentioned above to:

• supervisory bodies,

• judicial authorities,

• and all other entities to whom disclosure is mandatory by law for the fulfilment of said purposes.

8. Data Transfer

The management and storage of personal data will take place on servers owned by the Controller and/or by third-party companies duly appointed as Data Processors, located within the European Union, in compliance with Articles 45 et seq. of the GDPR.
Currently, the servers are located within the European Union, and data will not be transferred outside the EU.

However, should it become necessary to transfer the server location within Italy and/or the European Union and/or non-EU countries, such relocation will always take place in accordance with Articles 45 et seq. of the GDPR.

In any event, the Controller guarantees that any transfer of data to non-EU countries will be carried out in compliance with applicable legal provisions, by stipulating, if necessary, agreements that ensure an adequate level of protection and/or adopting the Standard Contractual Clauses approved by the European Commission.