Privacy and cookie policy

PRIVACY

Notice pursuant to and for the effects of Article 6, EU Regulation No. 679/16, Articles 13-14, EU Regulation 2016/679 (hereinafter, GDPR).

The EU Regulation for the protection of personal data No. 679/16 aims to ensure that the processing of your personal data is carried out in compliance with the rights of fundamental freedoms and the dignity of individuals, with particular reference to confidentiality and personal identity. Therefore, it is our duty to inform you about our policy regarding data privacy management.

Biomedical University Foundation (hereinafter the Foundation or Data Controller), represented by its legal representative, Data Controller of the related personal data processing, located at Via Alvaro del Portillo, 21 00128 Rome, Italy, email info@biomedicalfoundation.org/, informs you, pursuant to and for the effects of Articles 13-14 GDPR, that your data will be processed in the manner and for the purposes indicated in point 2.

Any further requests regarding the use of your personal data and to exercise at any time the rights granted to you as a data subject by GDPR (Articles 15-22 GDPR: for instance, access, rectification, deletion, limitation, updating, objection, etc.), as well as to request the updated list of any designated Data Processors, can be sent to the email address info@biomedicalfoundation.org/.

The Biomedical University Foundation is committed to respecting and protecting the personal data you voluntarily and explicitly provide in accordance with legal provisions aimed at ensuring the security, accuracy, updating, and relevance of the data concerning the stated institutional purposes of our entity. The personal data provided by users who submit requests is used solely to fulfill the specific request made and is communicated to third parties only if strictly necessary and functional for that purpose.

1. Subject of Processing

The subject of processing includes the data of individuals and legal entities that have decided to contribute to the activities of the Entity with a donation. The contribution or payment for the received service may occur in the form of a bank transfer, postal account deposit, cheque, cash, or a payment through other admissible payment methods.

The data included in the Processing are or may be: name, surname, company name, amount donated, reason, email address, tax code/VAT number, postal address, phone number.

2. Purposes of Processing

Your personal data is processed:

A) without your explicit consent (pursuant to Article 6, par. 1 GDPR) for the following service purposes:

• concluding data collection for the formulation of the Controller’s service offer;
• fulfilling pre-contractual, contractual, and tax obligations arising from relationships with you;
• complying with legal obligations, regulations, community legislation, or orders from authorities;
• exercising the rights of the Controller, such as the right of defense in court;

B) only upon your specific and distinct consent (pursuant to Article 7 GDPR), for the following purposes of communication regarding services and cultural and training activities:

• sending you via email, mail, and/or SMS and/or phone contacts communications and/or information from third parties authorized and controlled by us in terms of reputation and privacy.
• sending you via email, mail, and/or SMS and/or phone contacts to inform you about initiatives, activities, and projects, newsletters, and informational material reserved for supporters in both paper and digital formats, as well as to request adherence to fundraising campaigns and raise awareness on statutory issues.

1. Nature of Data Provision, Legal Bases, and Consequences of Refusal to Respond

The provision of data for the purposes outlined in point 2.A) is mandatory. In their absence, we will not be able to guarantee you the requested Services. The legal basis is Article 6, paragraph 1, letter b) and Article 6, paragraph 1, letter c), GDPR since the processing is aimed at fulfilling pre-contractual or contractual obligations in which the data subject is involved. Specifically, to allow the user to adhere to the referred services and, therefore, to satisfy a request expressly made by the user or of specific interest to them. The legal basis is also Article 6, paragraph 1, letter c), GDPR as the processing is aimed at fulfilling legal obligations to which the Controller is subject. In the case of donations, for the transmission of the tax code and donation elements to the Revenue Agency, the legal basis is, in this case, provision No. 34431 of the Revenue Agency – Communication to the tax registry of data relating to donations under the decree of the Minister of Economy and Finance of January 30, 2018 and the decree of the Minister of Economy and Finance of February 3, 2021 (Prot. Revenue Agency 49889/2021).

The provision of data for the purposes outlined in point 2.B) is instead optional. You can decide not to provide any data or to subsequently deny the possibility of processing already provided data: in this case, you will not receive newsletters, communications, and informational material regarding the Services offered by the Controller. You will still have the right to the Services outlined in point 2.A).

The legal basis for the processing of data outlined in point 2.B) is the consent of the data subject pursuant to Article 6, paragraph 1, letter a) GDPR as well as the legitimate interest of the Controller pursuant to Article 6, paragraph 1, letter f), GDPR in maintaining the active relationship established by the data subject with the Foundation. The Controller will thus inform the data subject about its activities and, in particular, about which projects may be funded by financial contributions or about awareness actions that it is deemed useful to communicate to demonstrate its ongoing commitment to fulfilling its mission; furthermore, it may contact the person to request opinions on the services provided, involving them in surveys and research. Such contacts will allow the individual to become aware of these opportunities and to decide. Additionally, the legal basis of “legitimate interest” (Article 6, paragraph 1, letter f), GDPR, of the Controller underlies the processing involved in disseminating information and experiences of actual and potential donors, users, and those interested in its institutional activity and making known its institutional activities and their development. The Controller guarantees that testimonials and statements will be communicated solely for the purposes allowed by current laws, as well as in respect of the decorum, dignity, and reputation of the individuals involved.

4. Processing Methods

Pursuant to Article 5 GDPR, the processing of your Data will be based on the principles of fairness, lawfulness, and transparency and may also be carried out through automated methods suitable for storing, managing, and transmitting them (by means of the operations indicated in Article 4 no. 2) GDPR and will occur using tools suitable for ensuring safety and confidentiality through appropriate procedures to prevent the risk of loss, unauthorized access, illegal use, and dissemination.

Your personal data is subject to both paper and digital processing.

5. Retention Periods

Your personal data will be retained unless revoked or specifically needed to fulfill a legal obligation, for the time necessary to carry out the existing relationships between the parties; ordinary personal data, particularly names and residence/domicile addresses and email, will be retained as long as the Data Subject supports the activities of the Foundation, but in any case, for no longer than 10 years from the termination of the existing service provision relationship as per legal requirements.

For the purposes outlined in points 3 and 4), data will be retained as long as it is deemed relevant to manifest and represent its institutional initiatives and the statements of individuals interacting with the Foundation and the development of its activities and pertaining to the institutional objectives of the Controller. For greater clarification, images, sounds, and testimonials will be kept in our archives as long as the communication activity and the context of the recordings are objectively significant to represent institutional events and their developments. Subsequently, they will be deleted through their destruction and will no longer be reconstructable or retraceable to the individuals involved. Although over a broader timeframe, the contents here referred to will be retained for training purposes and for the use of a historical archive aimed at representing the evolution of institutional activity and the successes of expansion and realization of the Foundation’s projects.

6. Data Collection Criteria

The online forms to be filled out – or downloaded – include both data strictly necessary to adhere to the areas of interest, whose lack of indication does not allow the request to be processed, and data for optional provision. In the case of donations, the tax code can be optionally provided, should the donor wish to request a donation receipt for tax deductibility. Furthermore, subject to the right to object, it will be transmitted to the Revenue Agency for managing the pre-filled mod. 730. Therefore, the user is free to provide the personal data indicated in the request forms or otherwise mentioned in contacts to request information or for the other purposes listed above. In cases where data provision is mandatory, their absence may result in the inability to obtain the requested outcome.

7. Third parties to whom your data may be communicated

For purposes related to the provision of the service to which the user has subscribed, the data may be made available to third parties who will act as autonomous data controllers and who provide instrumental services to fulfill the user’s request (for example, credit card issuers or PayPal for transactions related to donations) or to whom communication of the data is necessary to comply with legal norms or regulations.

Your data may also be made available to control bodies, police forces, and judicial authorities on the basis of laws and regulations that require such communication and the execution of their institutional activities.

Furthermore, the data may be communicated to third non-profit organizations, project partner companies, and entities for their autonomous uses (as autonomous data controllers) for their institutional purposes: such “communication” will only occur if the individual has expressed explicit consent. The dissemination of data, subject to the explicit consent of the user, may result from the type of service or initiative to which the user has subscribed.

8. Place of data processing

The data will be processed, both manually and electronically, at the headquarters of the Data Controller by authorized personnel (appointed). Consent forms, including those coming from the website, are kept in paper form in a specific folder at the headquarters of the Data Controller.

COOKIE POLICY

This information on the use of cookies on the website https://www.biomedicalfoundation.org is provided to the user in compliance with the provision of the Guarantor for the protection of personal data of May 8, 2014, “Identification of simplified methods for the information and acquisition of consent for the use of cookies” and in accordance with Article 13 of the Privacy Code (Legislative Decree No. 196/2003).

The information is prepared and updated by Biomedical University Foundation, manager of the website and Data Controller of personal data related to it, based in Via Alvaro del Portillo, 21 00128 Rome, Italy, email info@biomedicalfoundation.org.

Any further requests regarding the use of cookies on this website can be sent to the email address info@biomedicalfoundation.org.

You can use the same address to exercise at any time the rights granted to you by the GDPR as a data subject (Articles 15-22 GDPR: for example, access, deletion, updating, rectification, integration, etc.), as well as to request the updated list of any appointed data processors.

Your personal data is processed in any case by specific appointees of NSI and is not communicated or disseminated.

WHAT ARE COOKIES?

Cookies are small text strings that a website can send, during your browsing, to your device (whether it is a PC, notebook, smartphone, tablet; they are usually stored directly on the browser used for browsing). The same website that transmitted them can then read and record the cookies found on the same device to obtain various types of information. What types? Each type of cookie has a well-defined role.

HOW MANY TYPES OF COOKIES EXIST?

There are two fundamental macro-categories, with different characteristics: technical cookies and profiling cookies.

Technical cookies are generally necessary for the correct functioning of the website and to allow navigation; without them, you might not be able to correctly view the pages or use certain services. For example, a technical cookie is essential for keeping the user logged in throughout their visit to a website or for storing language settings, display preferences, and so on.

Technical cookies can be further distinguished into:

navigation cookies, which ensure normal navigation and enjoyment of the website (allowing, for example, to make a purchase or log in to access restricted areas);

analytics cookies, treated like technical cookies only if used directly by the website manager to collect information, in aggregate form, about the number of users and how they visit the website. Functionality cookies, which allow the user to navigate based on a series of selected criteria (such as language, selected products for purchase) to improve the service provided to them.

Profiling cookies are more sophisticated! These cookies are designed to profile the user and are used to send advertising messages in line with the preferences expressed by the user during their navigation.

Cookies can also be classified as:

session cookies, which are deleted immediately upon closing the browsing session;

persistent cookies, which – unlike session cookies – remain within the browser for a certain period of time. They are used, for example, to recognize the device connecting to the site, facilitating authentication operations for the user.

first-party cookies, that is, cookies generated and managed directly by the entity managing the website that the user is navigating.

third-party cookies, which are generated and managed by entities other than the website manager that the user is navigating (usually based on a contract between the website owner and the third party).

WHICH COOKIES DOES biomedicalfoundation.org USE?

We use technical cookies, aimed at ensuring the correct functioning of our site, without which your browsing experience would not be pleasant.

To improve our site and understand which parts or elements are most appreciated by users, we also use, as an anonymous and aggregated analytical tool, a third-party cookie, namely Google Analytics. This cookie is not our proprietary tool, for more information, please refer to the information provided by Google at the following address: http://www.google.it/policies/privacy/partners/

If you prefer that Google Analytics does not use the collected data in any way, you can:

use the anonymous browsing (Do Not Track option) of your browser. To know how to activate this option on the main search engines, click on the browser you use:

Internet Explorer,

Google Chrome,

Mozilla Firefox,

Apple Safari.

choose to disable Google Analytics by installing the add-on for disabling it on your browser. Click here to download it.

We also use profiling cookies in order to offer you the deals that interest you most without making indiscriminate and invasive advertising. Facebook Pixel allows us to monitor conversions occurring on your website as a result of the ads you are running on Facebook, collecting information that helps us understand the return on investment for advertising spending.