CONTATTI

Privacy Policy

Thank you for visiting the creasysyouthfoundation.org website. The following Privacy Policy has been drafted pursuant to Article 13 of EU Regulation 679/2016 (“GDPR”) to explain how we process, protect, and store the data of each visitor to our institutional website (“the User”). For further questions, please contact us by sending an email to info@creasysyouthfoundation.org.

1. GENERAL INFORMATION REGARDING THE SITE'S PRIVACY POLICY

1.1 This section contains information about the management of the website www.creasysyouthfoundation.org (hereinafter referred to as the “Site”) regarding the processing of data of Users who access it.

1.2 The Site represents the activities and services of the Creasys Youth Foundation, based in Rome, Piazza Albania No. 10, and can also be contacted via the ordinary email address info@creasysyouthfoundation.org and the certified email address.

1.3 This policy (a) is provided pursuant to Article 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation), concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data; (b) applies exclusively to data collected through the Site www.creasysyouthfoundation.org and to cookies (both first-party and third-party) used for navigation, but not to any other websites that the User may visit through links contained within the Site; (c) aims to provide information regarding the types of data processed, the processing methods, the data retention periods, the nature of the information, and any other relevant aspects that data controllers must disclose to Users according to both national and European legislation.

2.1 The Data Controller is the natural or legal person, public authority, or other body that, individually or together with others, determines the purposes and means of processing personal data. This entity is also required to identify and adopt the appropriate technical and organizational measures to ensure a level of security appropriate to the risk generated by the processing operations.

2.2 With reference to this Site, the Data Controller is the Creasys Youth Foundation, represented by its legal representative pro tempore, who can be contacted for any information at the addresses specified in Article 1.2 above.

3.1 The Data Controller (as indicated in Article 2.2 above) adopts, in accordance with technical and organizational measures, all suitable actions (a) to ensure, in line with the provisions of Article 32 of Regulation (EU) 2016/679, that the processing of Users’ personal data is carried out in compliance with the applicable law; (b) to prevent unauthorized access, disclosure, alteration, or destruction of the data.

3.2 The processing is carried out using IT tools, and only residually with paper-based methods, through organizational and logical procedures strictly related to the stated purposes.

3.3 In addition to the Data Controller, in some cases, other parties involved in the organization of the Site (such as administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data. These external parties may also be appointed as necessary; in all cases, the Data Controller ensures the adoption of security measures as outlined in Article 8 below.

3.4 The collected data will not be disclosed, sold, or exchanged with third parties without the express consent of the data subject, except in cases where such communication is necessary to fulfill legal obligations or obligations arising from the relationship with the data subject, or where third parties act as data processors

4.1 The personal data collected by this Site are used for the following purposes:

4.1.1 Registration on the Site;

4.1.2 Providing the services offered by the Site;

4.1.3 Sending newsletters to the email address provided by the User via the relevant form on the Site;

4.1.4 Sending advertising and commercial communications regarding products and services provided/managed by the Site;

4.1.5 Responding to assistance and/or information requests;

4.1.6 Fulfilling any legal, accounting, and tax obligations;

4.1.7 Enforcing or defending rights in court in case of abuse in the use of the Site and/or services provided, or for disputes of a contractual or extracontractual nature;

4.1.8 Improving service quality and optimizing the functionality of the Site;

4.1.9 Understanding user behavior to improve online communication;

4.1.10 Preparing statistical information regarding the use of the Site.

4.2 In this regard, it is specified that the contractual services offered by the Data Controller and subject to the agreement with the User do not in any way constitute an invitation to invest or an offer, nor a recommendation to buy or sell instruments belonging to any type of investment services; it is understood that neither the Data Controller nor any company affiliated with it engage in activities within the sectors mentioned above.

4.3 If the Data Controller intends to process personal data for a purpose different from the one for which they were collected, the data subject will be provided with information about that different purpose and any other necessary information before such processing occurs.

5.1 The legal basis for the processing of personal data is the contractual relationship concerning the services offered by the Data Controller.

6.1 Personal data may be freely provided by the User or, in the case of usage data, collected automatically during the use of the Site.

6.2 Unless otherwise specified, all data requested by the Site are mandatory and necessary for the User to use the Site.

6.3 If certain data are marked as optional, the User is free to refrain from providing them without any consequences on the availability of the service or the functionality of the Site. Users who have doubts about which data are mandatory can freely contact the Data Controller.

6.4 Any use of cookies (both proprietary and third-party) unless otherwise specified, aims to provide the service requested by the User, in addition to the further purposes described in Article 15 below.

6.5 The information that Users choose to make public through the services and tools provided by the Site is provided voluntarily and consciously by the User, with the Data Controller being exempt from any liability. It is the User’s responsibility to ensure they have permission to input personal data of third parties obtained, published, or shared through the Site.

7.1 Like all websites, this Site also makes use of log files in which information collected automatically during User visits is stored. This transmission is implicit in the use of internet communication protocols such as, for example:

  • 7.1.1 Internet Protocol (IP) address;
  • 7.1.2 Type of browser and parameters of the device used to connect to the Site;
  • 7.1.3 Name of the Internet Service Provider (ISP);
  • 7.1.4 Date and time of the visit;
  • 7.1.5 Web page of origin of the visitor and exit page;
  • 7.1.6 Potentially the number of clicks.

 

7.2 The above data is used automatically and solely for the purpose of gathering anonymous statistical information about the use of the Site and for monitoring its correct operation.

7.3 For security purposes (anti-spam filters, firewalls, virus detection), the automatically recorded information and data may be used to block attempts to damage the Site or other harmful activities based on the legitimate interests of the Data Controller, in accordance with the applicable law.

7.4 These data are therefore never used for the identification or profiling of the User, except in the case where this is necessary to fulfill legal obligations or by order of the judicial authorities.

8.1 The personal data provided voluntarily by the User (e.g., by filling in the various forms provided on the Site to access specific services voluntarily requested) are used solely for the purpose of fulfilling the service they refer to.

8.2 If the User refuses to provide personal data, the consequence is the inability to execute the contractual relationship related to the services offered by the Data Controller. In this case, therefore, the provision of data is mandatory as it is essential for the execution of the contractual relationship concerning the services offered by the Data Controller, and any refusal to provide such data will result in the inability to carry out the aforementioned contractual relationship.

8.3 The provision of personal data by minors under the age of 18 is not permitted unless authorized by a parent or legal guardian. Therefore, the Data Controller does not intentionally collect personal information about minors.

8.4 If information about minors is unintentionally recorded, the Data Controller will promptly delete it, either ex officio or at the request of the Users.

9.1 This Site processes Users’ data in a lawful manner and in compliance with the applicable regulations, adopting appropriate security measures to prevent violations of personal data, such as unauthorized access, disclosure, modification, and unauthorized destruction.

9.2 To this end, processing is carried out using computer and/or telematic tools, with organizational methods and according to logics strictly related to the purposes connected to the functioning of the Site.

10.1 The Data Controller does not process sensitive data.

11.1 The data is processed at the Data Controller’s operational offices and at any other location where the parties involved in the processing are located.

11.2 For this purpose, the Data Controller uses servers located within the European Union as well as IT systems located at the Data Controller’s premises, and no transfer outside the European Union is foreseen.

12.1 The data is processed and stored (in electronic archives) for the time required by the purposes for which it was collected and, in any case, in compliance with legal terms.

12.2 At the end of the retention period, the personal data will be deleted, and consequently, the rights referred to in the following Article 14 can no longer be exercised.

13.1 The data subject may, at any time, exercise the following rights (as per Articles 15-22 of the GDPR):

  • 1.1 Right of access, meaning the right to obtain confirmation from the data controller as to whether or not personal data concerning the data subject is being processed and, if so, to access the following information: a) the purposes of the processing; b) the categories of personal data being processed; c) recipients or categories of recipients to whom the personal data have been or will be disclosed; d) the retention period; e) the existence of automated decision-making processes, including profiling, and in such cases, information on the logic involved;
  • 1.2 Right to rectification, meaning the right to obtain from the data controller the correction of personal data concerning the data subject;
  • 1.3 Right to erasure, meaning the right to obtain from the data controller the deletion of personal data concerning the data subject if a) they are no longer necessary for the purposes for which they were collected or otherwise processed; b) consent on which the processing is based has been withdrawn and there is no other legal basis for the processing; c) the personal data has been processed unlawfully; d) the deletion is necessary to comply with a legal obligation of the data controller;
  • 1.4 Right to restriction, meaning the right to request the restriction of the processing of data when a) their accuracy is contested; b) the processing is unlawful and the data subject opposes deletion, requesting instead that its use be limited; c) the personal data are necessary for the establishment, exercise, or defense of legal claims by the data subject; d) the data subject has objected to the processing, pending verification of the potential overriding legitimate grounds of the data controller;
  • 1.5 Right to data portability, meaning the right to receive the personal data concerning the data subject in a structured, commonly used, and machine-readable format, to transmit it to another data controller without hindrance;
  • 1.6 Right to object, meaning the right of the data subject to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them.

 

13.2 To exercise the aforementioned rights, users can send a request directly to the data controller via email at info@creasysyouthfoundation.org and/or alternatively by registered mail to the following address:

CREASYS YOUTH FOUNDATION

Piazza Albania, n. 10

00153 – Rome (RM)

13.3 The requests are processed free of charge and fulfilled by the data controller as quickly as possible, and in any case, within one month.

13.4 The data subject also has the right to lodge a complaint with the Data Protection Authority in accordance with Article 77 of the GDPR.

14.1 The personal data of individual Users may be used by the Data Controller in legal proceedings for the defense against abuses in the use of the Site or the related services by the User.

15.1 This privacy policy may be subject to changes or updates due to the evolution of the relevant legislation.

15.2 Any updates will be communicated to Users through a specific notice, also via a dedicated message posted on the website www.creasysyouthfoundation.org, with appropriate visibility and, in any case, with specific notifications to Users.

15.3 This privacy policy was update on March 6, 2025 and is in compliance with the applicable provisions in the matter.

Facebook Linkedin Youtube Instagram
Tutti i diritti riservati Creasys Youth Foundation ETS 2020 - 2025 | Condizioni generali, Privacy Policy e Cookie Policy.