PRIVACY NOTICE PURSUANT TO ARTICLE 13 GDPR FOR BENEFICIARIES AND EXTERNAL PARTIES
AND CONSENT TO DATA PROCESSING
Privacy notice pursuant to Articles 13 and 14 of EU Regulation 2016/679 on the protection of personal data (“GDPR”),
we hereby inform you as follows.
Purpose and legal basis of processing.
The Association will process your personal data, either collected from you or concerning you, for the purpose of
managing your contact request and sending you updates or information strictly related to The INSPIRE PA Project –
INtroducing Social Practices to Improve the REsilience of Public Administration.
The legal basis for the processing is your consent pursuant to Article 6(1)(a) of the GDPR.
Methods and principles of processing.
Processing will be carried out in compliance with the GDPR and Legislative Decree no. 196/03 (“Personal Data
Protection Code”), as well as in accordance with the principles of lawfulness, fairness, transparency, adequacy and
relevance. Data will be processed both on paper and electronically by persons authorized by the Association, using
appropriate protection measures to ensure data security and confidentiality. No automated decision-making process
will be carried out.
Necessity of providing data.
The provision of data is necessary as it is strictly related to the organization of the service and the management of the
contract or relationship. If the service involves participation in events, courses or activities organized by the
Association, photographic or video images of you may be collected and published on the Association’s official
website, social networks, or printed informational materials, only with your prior explicit and separate consent.
Communication and transfer of data abroad.
Data may be communicated to subjects responsible for carrying out the requested services and activities (e.g.,
external trainers), and to parties to whom the Association is legally required to disclose such data (e.g., accountant,
insurer, system administrator, etc.). Data may also be transferred to recipients located outside the EU who have
entered into agreements ensuring an adequate level of personal data protection, or where it has been verified that
the recipient provides adequate protection measures. Where necessary or appropriate, subjects to whom data are
transmitted to perform activities on behalf of the Association will be appointed as external Data Processors pursuant
to Article 28 GDPR.
Data retention period.
Data will be processed for no longer than is necessary for the purposes for which they were collected (execution of
the service or request), subject to legal, accounting, or tax obligations, or for the protection of the Association’s legal
rights. Data will not be disclosed to third parties and will in any case be processed in accordance with the principles of
proportionality and data minimization.
Data subject’s rights.
As a data subject, you are entitled to all rights provided under Articles 15–20 of the GDPR, including the right to
access, rectify, and erase your data, the right to restrict or object to processing, the right to withdraw consent to
processing (without prejudice to the lawfulness of processing based on consent before its withdrawal), and the right
to lodge a complaint with the Italian Data Protection Authority if you believe that the processing of your personal
data infringes the GDPR or applicable Italian law. These rights may be exercised by sending a written request via
email, certified email (PEC), fax, or registered letter to the Association’s registered office.
Data Controller.
The Data Controller is Ashoka Italia Onlus, with registered office at Via Soperga 36, 20127 Milan – email:
italy@ashoka.org.
