PURSUANT TO ARTICLE 13 OF ITALIAN LEGISLATIVE DECREE 196/2003 AND ARTICLE 13 OF REGULATION (EU) 2016/679
A) Identity and contact details of the Controller and of the Data Protection Officer
The Data Controller is Fondazione Telethon, with registered office in Via Varese 16/B, Rome, in the person of its Representative Ms. Francesca Pasinelli, appointed by a resolution of the Board of Directors on 7 February 2013 (hereinafter the “Data Controller” or “Controller”). The DPO is Ms. Michela Maggi, whose contact details are: Piazza del Liberty 8, City: Milan, Postal code: 20121, Province: MI, Telephone: +39 0249450269; Fax: +39 0247977003; Website: www.maggilegal.it, E-mail firstname.lastname@example.org Certified e-mail address: email@example.com.
B) Purposes and Methods of processing
Your data will be processed for the purposes of providing the assistance service. This service, drawing on medical and scientific advice provided by two specialists in medical genetics, will consist in responding by e-mail to questions submitted by those who have been diagnosed with a rare genetic disease or people who would like information about ongoing research products or for archiving purposes in the field of scientific research.
In accordance with Article 9 of Regulation (EU) 2016/679 (GDPR), processing will also regard special categories of personal data concerning your health, which will only be processed insofar as strictly relevant to the aforesaid purpose.
Legal basis: the above processing of your personal data for the purpose of registering for the service will only be possible if and to the extent that you have given your free and explicit consent pursuant to the provisions of point (a) of Article 6(1) and Article 9 of Regulation (EU) 2016/679 (GDPR) in conjunction with Article 23 of Italian Legislative Decree 196/03. Processing for archiving purposes is instead deemed necessary in order for the Controller to fulfil its institutional role which, in view of its significance for the community, can be seen as serving the public interest or protecting the vital interests of the data subject or of another natural person, by making it possible to trace that person’s records so that these can then also be used to meet future requests for assistance. The above pursuant to points (d) and (e) of Article 6(1) of Regulation (EU) 2016/679 (GDPR).
Your personal data will be processed by manual and electronic means using IT tools and will stored, in digital form, in a database owned by the Controller or held thereby under a licensing agreement with third parties.
C) Recipients or categories of recipients to whom your personal data will be disclosed
Your personal data will not be disclosed or passed on to third parties but may only be disclosed to and shared with the Data Controller’s own staff, with particular reference to employees and co-workers carrying out specific activities involving data processing and authorised to process personal data.
D) Period for which personal data will be stored
Your personal data will be stored for the period necessary for the performance of the activity. When processing data for archiving purposes in the field of scientific research, appropriate safeguards will be put in place, in accordance with the GDPR, to ensure the rights and freedoms of the data subject. These will include technical and organisational measures in particular in order to ensure respect for the principle of data minimisation insofar as these do not render impossible or seriously impair the achievement of the specific purpose.
E) Rights of the data subject
In relation to the above processing of your personal data, you may exercise the rights referred to in Article 13 of Regulation (EU) 2016/679 (GDPR) and described in more detail in Articles 15-16-17-18-20-21 and 22 of Regulation (EU) 2016/679 (GDPR). Specifically, you have the right to:
- obtain confirmation of the existence or otherwise of personal data concerning you, regardless of whether or not such data have been registered, and communication of such data in intelligible form;
- request from the Data Controller access to your personal data, as well as the right to data portability;
- ask for your data to be updated, rectified or, if necessary, supplemented;
- object, wholly or partially: a) on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose for which they were obtained; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for conducting market research or sending commercial information;
- have any unlawfully processed personal data erased, made anonymous or blocked, including data that do not need to be kept in relation to the purposes for which they were collected or subsequently processed;
- withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- lodge a complaint with a supervisory authority;
- obtain confirmation that the actions referred to in points 4 and 6 above, including their content, have been brought to the attention of each recipient to whom the personal data were communicated or disclosed, unless this proves impossible or involves the use of means that are manifestly disproportionate with respect to the protected right. Note that, pursuant to Article 17 of the GDPR, the right to obtain erasure may not be exercised to the extent that data are processed for archiving purposes in the field of scientific research.
F) Nature of providing personal data and consequences of refusing to provide such data
The provision of personal data in relation to the assistance service for which consent is required is not mandatory and, where provided, such data will not be processed without your consent.