1. INTRODUCTION
Rehab4us Onlus is an Association founded in 2014 by Stefano Desiderioscioli (rehabilitation therapist since 1994).
Rehab4us Onlus as the Data Controller of the Personal Data, informs you that access to the website and/or registration to the various sections of it and/or any requests for information or services require the provision of personal data that will be processed in full compliance with the European Regulation 2016/679 (herafter “GDPR”). Through this information, users will be able to know, in advance, the methods of treatment necessary to use certain areas of the website and/or to subscribe to the newsletter. In accordance with the law, this treatment will be based on the principles of fairness, lawfulness and transparency, protecting your privacy and your rights. The policy is effective exclusively for this site and does not extend to other websites that may be consulted by the user through external links.
2. PRIVACY POLICY
DATA STORAGE LOCATION
Personal Data is processed primarily at the Data Controller’s office and/or in the places where the Managers are located. For more information, users can contact the Data Controller by writing an email to info@rehab4us-onlus.org.
THE PURPOSE OF THE DATA PROCESSING AND LEGAL BASE
According to the needs of the user at the time they access the various sections of the Site (and with the exception of special rules and information for individual operations that involve the delivery of specific personal data, published from time to time on the Website), listed hereunder are the purposes of processing personal data, i.e. those provided directly by users by filling out online forms or direct access, via link, to the e-mail address for the required service, that is, those auto-captured during navigation (see the following section “Categories of Personal Data processed”) (hereafter “Personal Data”):
1. Respond to requests received by direct request (web area “Work with us”). Legal basis for treatment: implementation of pre-contractual measures;
2. To send newsletters to people who signed up through the form on the website;
MEANS OF PROCESSING
erations, carried out with or without the aid of electronic means or otherwise automated, relating to the collection, registration, organization, storage, processing, modification, extraction, comparison, use, communication, dissemination, interconnection, blocking, erasing, destruction and selection of the data themselves.
Personal Data will be treated in a predominantly automated but also paper form, with means closely related to the above purposes, through data bases, electronic platforms managed by the Data Controller or by third parties appointed as managers of data processing (for the updated list the user can contact the Data Controller at the address indicated) and/or integrated computing systems and/or websites property of or used by Rehab4us Onlus. The Data Controller has taken appropriate technical and organizational security measures to protect users against the risk of loss, abuse or alteration of Data. In particular, it uses the protected protocols of transmitting data known as HTTPS. It also stores user data on Server sites in the European territory. Servers are subject to an advanced and daily system of back up and disaster recovery.
DURATION OF TREATMENT
The data communicated are kept for a period of time no longer than necessary to achieve the purposes for which personal data is processed, or for a longer period, for purposes permitted by law, and in any case deleted without unjustified delay. For the purpose of requesting information: in relation to the type of request for the time it takes to comply with the regulatory obligation of preservation and/or for any legal requirements. For general requests up to 12 months..
CATEGORIES OF PERSONAL DATA PROCESSED
In addition to the Personal Data provided directly by users (such as first name, surname, postal address, e-mail address, etc.), when connecting to the Site, the computer systems and software procedures in charge of the operation of the Site itself automatically and/or automatically and indirectly acquire some information that could constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (such as, by way of example C.D.s “cookies” (as specified hereafter), “IP” addresses, domain names of computers used by users connecting to the Site, the “Url” addresses of the requested resources, the time of the request to the server, navigation on the Site.
FIELD OF COMUNICATION OR DISCLOSURE OF OF USERS’ PERSONAL DATA
Personal Data will not be disclosed to third parties or disseminatedy.
NON-EU TRANSFER OF USERS’ PERSONAL DATA
Personal Data will not be transferred to non-EU countries.
CASES FOR USING THE PERSONAL DATA
Users may exercise the rights of articles. 16-21 European Reg. 2016/679 (Right to rectify, right to be forgotten, right to restrict processing, right to data portability, right of opposition). Finally, users will be able to complain to the Guarantor Authority if necessary, or contact them to request information about exercising their rights arising from the European Regulation 2016/679. Specifically:
- The right of access: to obtain confirmation or rectification of their personal data and to obtain access to that data and to specific information (e.g. the purpose of processing, categories of data in question, the recipients to whom the data will be communicated);
- The right to rectification: to obtain the correction of inaccurate data that relates to it without unwarranted delay. In this case, the Data Controller is obliged to report the adjustment to all recipients to whom the data has been transmitted, unless this involves disproportionate effort;
- The right to cancellation: in order to obtain the cancellation of the data concerning the user without unjustified delay and the Data Controller has an obligation to delete them without unjustified delay if there are certain reasons (e.g. personal data are no longer necessary for the purposes for which they were collected; if the user withdraws their consent; if they need to be cancelled for a legal obligation). In this case, it is the duty of the Data Controller to communicate the cancellation to all recipients to whom the data has been transmitted, unless this involves disproportionate effort;
- The right to restrict processing: the user may request that the Data Controller have restrictions on the processing of their data, for example, limited to the sole retention with the exclusion of any other use, in certain cases (e.g. if the treatment is unlawful and the user is opposed to the cancellation of the data; if the user disputes the accuracy, within the limits of the verification period of the accuracy…). In this case, the Data Controller is obliged to communicate the limitation of processing to all recipients to whom the data has been transmitted, unless this involves disproportionate effort;
- The right to portability of data: to obtain the return of personal data provided and transmitted to others or to request transmission from one controller to another, if technically feasible;
- The right to opposition: to oppose treatment at any time for purposes of public interest or for legitimate interest; marketing purposes; scientific, historical or statistical research.
Those concerned can make a complaint if necessary to the Garantor Authority at www.garanteprivacy.it, or simply contact the latter for information relating to the exercise of their rights as recognised by the EU Reg. 2016/679.
3. COOKIES
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
NECESSARY COOKIES (ALL SITE VISITORS)
- cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
- PHPSESSID: To identify your unique session on the website.
NECESSARY COOKIES (ADDITIONAL FOR LOGGED IN CUSTOMERS)
- wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
- wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
- wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
NECESSARY COOKIES (ADDITIONAL FOR LOGGED IN CUSTOMERS)
The user may block the acceptance of cookies by the browser. However, this may make less efficient or prevent access to certain features or pages of the Site. Below are the modes offered by the main browsers to block the acceptance of browsing cookies: