Please note that this Policy shall apply to anyone who navigates and/or uses the Website, or otherwise interacts with the contents and services accessible through the Website (hereinafter the ‘User’).
All processing operations will be carried out by the Controller in full compliance with the applicable data protection legislation, including the General Data Protection Regulation (EU) no. 2016/679 (‘GDPR’).
- THE WEBSITE
The Website is configured in such a way as to minimize the collection and use of Users’ identification data, excluding the processing in all cases where the intended purposes can be achieved by other means.
- CATEGORIES OF PERSONAL DATA COLLECTED
- Data automatically collected by the Website
The systems and computer procedures that allow the functioning of the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with individual interested parties, but by their very nature could, through processing and association with data held by third parties, allow them to be identified.
This category of data includes, by way of example, the IP addresses or domain names of the computers used by Users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the relevant time, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment.
- Data provided directly form the User
There are few sections of the Website (e.g. “Donate”, “Contact”, “Store” and “Newsletter”) which allow the collection of those personal data which the User will decide to share with the Company, such as, for example, name, surname or e-mail address. It remains understood that, in this case, the Controller must collect the data provided by the User to fulfill the requests received and/or to provide the requested service. Accordingly, the User who prefers that the Controller does not collect his/her personal data, is invited not to submit any request, or, at least, to provide as little personal data as possible.
In any event, the Users will always be free, after having read this Policy to understand in detail how and for which purposes their personal data will be processed by the Company, to share their personal data by filling out the specific forms available on the Website.
- PURPOSES AND LEGAL BASIS OF THE PROCESSING
Personal data will be processed by the Data Controller exclusively within the limits and for the sole purposes of providing the services accessible through the Website, in particular for:
- allowing an appropriate navigation on the Website;
- performing statistic analysis in anonymous and aggregate form, to improve the navigability and the quality of the Website.
The processing activities listed in letter (a) and (b) above do not require the acquisition of the User’s prior consent, as they are based on a different legal basis, i.e. the legitimate interest of the Data Controller to facilitate the User’s browsing experience and offer him/her a smooth navigation without slowing down, as well as to better understand the aggregate behavior of the Users.
Moreover, the Data Controller may also process the User’s personal data in order to:
- allow the Users to create an account on the Website, manage it and use the services offered by the Controller to the registered Users;
- enjoy the services offered by the Controller through the Website, e.g. donate or purchase merchandising products from the Company’s store on the Website;
- answer and fulfil the Users’ requests.
For the purpose referred to in letter (c), (d) and (e), the legal basis of the processing is the need to perform a contract to which the User is part or to provide services which have been directly requested by the User. The provision of personal data by the User for these purposes is optional but, failing that, Democracy will not be able to fulfil the requests received and/or to provide the requested services.
In addition to the purposes listed above, the Data Controller may also process the User’s personal data to:
- send informative and promotional material regarding the products and the services of the Company, to perform market research or commercial communications, by signing to our newsletter (‘Newsletter’).
The processing for this purpose requires the User’s optional and freely given consent. It is understood that if the User does not intend to give the consent to the processing of personal data relating to him or her for this purpose by the Data Controller, this will not prevent him/her from accessing the Website, nor will it limit in any way his/her interactions with the services offered therein.
Personal data may be also processed for the following additional purposes, where necessary:
- to comply with a legal obligation applicable to the Controller and/or with requests or orders issued by competent authorities;
- for the establishment, exercise or defense of legal claims regarding the Controller’s rights before competent Courts.
The legal basis of the processing is, for the purpose referred to in letter (g), the need to ensure the compliance with legal obligations to which the Data Controller is subject, and, for the purpose referred to in letter (h), the legitimate interest of the Data Controller.
- METHODS OF PROCESSING AND DATA SECURITY
The Users’ personal data are collected and processed lawfully and fairly, solely for the purposes specified above and in accordance with the fundamental principles established by the applicable legislation. Processing operations may take place both manually and electronically, but in any case, under technical and organizational measures that ensure the security and confidentiality of the data, especially in view of reducing, on the one hand, the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the personal data and, on the other hand, any processing that is not compliant with the purposes set out above.
Processing activities will be carried out, under the authority of the Controller, only by personnel duly authorized to access and process personal data in accordance with the instructions provided by the Company, pursuant to the applicable data protection legislation.
Under no circumstances Users’ personal data may undergo automated decision-making processes, including profiling.
- COMMUNICATIONS TO THIRD PARTIES
The personal data collected through the Website will not be shared or communicated to third parties, unless upon specific consent of the User.
Should the data be made available by the Company to third party suppliers or partners (such as service providers, mail carriers, hosting providers, IT companies, communication agencies) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above, it will be responsibility of the Controller to appoint such third parties as data Processor by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the security of the data. The updated list of appointed data Processors can be accessed at any time by sending a written request to the Company, as specified below.
It remains understood that the Controller is entitled to make User’s personal data available to third parties, such as public or judicial authorities, to comply with binding orders and request, as well as with applicable legal provisions.
- DATA RETENTION
Personal data collected by the Website will be kept in a format that allows the User’s identification for no longer than necessary to fulfil the purposes for which the data have been originally collected and, in any case, within the time limits set forth by applicable laws and regulations, as well as to enforce or protect the rights of the Controller (consistent with the retention periods and statutes of limitations provided for by the law), where necessary.
When no longer necessary in accordance with the above, the data will be cancelled or anonymized.
- TRANSFER OF DATA ABROAD
For the sole purposes described above, the Users’ personal data may be transferred and so processed abroad by companies which are established both inside and outside the territory of the European Union.
In all cases when the data will be transferred to non-EU countries, the relevant transmission will be subject to specific data protection guarantees, as required by the applicable law.
- DATA SUBJECTS’ RIGHTS
The User can at any time exercise his/her rights, in accordance with the applicable data protection legislation, including the right:
- to access his/her personal data, obtaining evidence – among others – of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they may be disclosed, the applicable storage period, the existence of automated decision-making processes;
- to obtain the rectification of inaccurate personal data referred to him/her, without unreasonable delay;
- to obtain the erasure of his/her personal data in the cases provided for by the law;
- to withdraw his/her consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing itself is based on consent;
- to obtain the limitation of the processing activities, where possible;
- to object to the processing of his/her personal data;
- to request portability of the data provided to the Controller, i.e. receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by the Company, in all situations where it is required by the law in force;
- lodge a complaint to the competent Data Protection Authority.
- DATA CONTROLLER AND CONTACTS
The Data Controller, pursuant to the applicable data protection legislation, is Democracy at Work, a US law association, with registered office at PO Box 30941, New York NY 10011
- POLICY UPDATING
Below is highlighted the date when the last version of this Policy has been uploaded.
Last Update: [May 13, 2022]