Privacy Policy of www.ferpa.online

In accordance with Regulation (EU) 2016/679 (hereinafter referred to, for brevity, as the “GDPR”), FERPA, in its capacity as Controller, hereby provides information on the processing of personal data collected from subjects (hereinafter referred to as “Data Subjects”) navigating its website, accessing or using the contents of the social platforms managed by the Controller, sending e-mails to the Controller, etc..

Data Controller

European Federation of Retired and Elderly People Fédération Européenne des Retraités et des Personnes Agées, Boulevard du Roi Albert II, 5, B-1210 Bruxelles, represented by its Secretary General pro tempore  [name details not required, as identifiable]

Data Controller’s email address: JMONTIEL@ETUC.ORG

[if  FERPA has appointed a Data Protection Officer pursuant to Article 37 et seq. of the GDPR, the relevant contact details, and particularly the e-mail address, should be specified]

The Controller processes personal identification data (hereinafter “Personal Data” or also “Data”) directly or through an external data processor.

Types of Data collected

Among the Personal Data collected by this Application, either independently or through third parties, there are: email, first name, last name, cookies and usage data.

The provision of data is mandatory, as otherwise navigation of the website is impossible.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or by specific information notices displayed before the data is collected.

Personal Data may be freely provided by the User or, in case of Usage Data, collected automatically during use of this Application.

Unless otherwise specified, all Data required by this Application is not mandatory. If a User refuses to provide Data indicated as mandatory, this Application may be unable to provide the Service. In cases where this Application indicates certain Data as optional, Users are free to refrain from providing such Data, without this affecting the availability of the Service or its operation.

Any use of Cookies – or other tracking tools – by this Application or by third party service providers used by this Application, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the other purposes described in the Cookie Policy.

Method and place of processing of the collected Data

Method of processing  

The Data Controller shall adopt appropriate security measures to prevent any unauthorised access, disclosure, modification or destruction of the Personal Data.

Data processing shall be carried out using IT and/or telematic tools, with organisational methods and logics strictly related to the purposes set out below. In addition to the Data Controller, other parties involved in the organisation of this Application (e.g. administration, sales, marketing, legal and system administration staff, authorised data processors) or external parties (e.g. third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), also appointed, if necessary, as Data Processors by the Data Controller, may in some cases have access to the Data. An updated list of Data Processors can always be requested from the Data Controller.

Transfer of Data

The Data Controller shall not transfer data to natural and/or legal persons outside the European Union but shall use computer systems and services of third parties that collect information from users through the website and computer systems of the Data Controller or by e-mail. Such data may be transferred by such service providers outside the European territory.

The Data Controller is a mere end user and the technology used is the property of said service providers; therefore, to receive more detailed information about any further processing carried out by the latter, you should contact them directly.

The Data Controller avails itself of the services of:

  • Google Analytics for statistical and analytical purposes (informativa https://policies.google.com/privacy?hl=it) • Aruba S.p.a. for data storage in the company’s Cloud (informativa https://www.aruba.it/informativa_arubaspa.pdf ) • Microsoft Office 365 for the management of all email communications and the sharing of documents with data processors and persons in charge of the processing (informativa privacy https://privacy.microsoft.com/it-it/privacystatement)

Legal basis for the processing

The Data Controller shall process Personal Data relating to the User if any of the following conditions is met:

  • the User has given his/her consent for one or more specific purposes;
  • the processing is necessary for the performance of a contract to which the User is a party and/or in order to take steps prior to entering into a contract;
  • the processing is necessary for compliance with a legal obligation to which the Controller is subject;
  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.

It will be, in any event, always possible to ask the Controller to clarify the concrete legal basis of each type of processing and in particular to specify whether the processing is based on law, required under contract, necessary to conclude a contract or otherwise.

Place

The Data is processed at the operational headquarters of the Data Controller and in any other place where parties involved in processing are located. Personal Data and data of other subjects will not be transferred outside the European Union by the Data Controller, however some data may be transferred by the providers used to other EU countries than Italy and outside the EU.

Retention period

The Data is processed for the time required for performing the service requested by the User [please specify. For example, for data related to navigation only, one might say 30 days] or required by the purposes described in this document, and the User can always request the interruption of the Processing or erasure of the Data.

Purposes of the Processing of the collected Data

The User’s Data is collected for the following purposes:

  • allowing the Application to provide its services;
  • allowing, where required, to contact the User;
  • preventing or detecting fraudulent activity or abuse harmful to the website;
  • allowing the Controller to exercise its rights, such as the right of defence in legal proceedings;
  • understanding the use and improving the usability of the services provided by the Data Controller through its websites;
  • carrying out statistical searches.

Any Data that is not strictly necessary for the pursuit of the aforementioned purposes will not be processed.

To obtain further detailed information on the purposes of the processing and on the Personal Data concretely relevant for each purpose, the User may refer to the relevant sections of this document.

Details on the processing of Personal Data

Personal Data is collected for the above purposes and using the following services:

Contacting the User

Contact Form (This Application)

By filling out the contact form with his/her Data, the User consents to its use to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.

Personal data collected: email address, first name and last name.

User’s  Rights

Users may exercise certain rights with reference to the Data processed by the Data Controller:

Right of access by the data subject (Article 15, of the GDPR)

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and to certain information specified in Article 15 of the GDPR.

Right to rectification (Article 16 of the GDPR)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (“right to be forgotten”) (Article 17 of the GDPR)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay, unless there are reasons preventing the exercise of that right.

Right to restriction of processing (Article 18 of the GDPR)

The data subject shall have the right to obtain, where possible, from the controller restriction of processing where any of the cases specified in Article 18 of the GDPR occurs.

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort (Article 19 of the GDPR).

Right to data portability (Article 20 of the GDPR)

The data subject, if the processing is based on consent or on a contract and is carried out by automated means,  shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller or have the personal data transmitted directly from the controller, where technically feasible.

Right to object (Article 21 of the GDPR)

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her pursuant to point (e) of Article 6 (1), of the GDPR or  based on the controller’s legitimate interest  (point (f) of Article 6 (1), of the GDPR). The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the rights of the data subject or for the establishment, exercise or defence of legal claims.

Automated individual decision-making, including profiling (Article 22 of the GDPR)

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The data controller in any event does not use automated decision-making.

Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR)
Without prejudice to any other administrative or judicial remedy, every data subject who considers that the processing of personal data relating to him or her infringes  Regulation (EU) 2016/679 shall have the right to lodge a complaint with the Data Protection Authority.

Where the data is processed on the basis of the consent given by the data subject regarding the processing of the data for one or more specific purposes, the data subject may at any time withdraw such consent without prejudice to the lawfulness of the processing based on the consent given before the withdrawal of consent.

Details on the right to object

Where Personal Data is processed in the public interest or in the exercise of official authority vested in the Controller or to pursue a legitimate interest of the Controller, Users shall have the right to object to the processing on grounds relating to their particular situation.

Users are reminded that, if their Data is processed for direct marketing purposes, they may object to the processing without providing any reasons. To find out whether the Controller processes data for direct marketing purposes, Users can refer to the relevant sections of this document.

How to exercise the rights

To exercise their rights, Users can send a request to the contact details of the Controller specified in this document. Requests are filed free of charge and processed by the Controller as soon as possible, in any event within one month.

Additional information on Data processing

Defence in court

The User’s Personal Data may be used by the Controller in court or in the preliminary stages of any proceedings to defend against abuse by the User in the use of this Application or the related Services.

The User declares that he/she is aware that the Controller may need to disclose the Data by order of public authorities.

Specific information

At the User’s request, in addition to the information included in this privacy policy, this Application may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System logs and maintenance

For needs relating to operation and maintenance, this Application and any third Party services used by it may collect system logs, which are files that record interactions and may also contain Personal Data such as the User IP address.

Information not included in this policy

More information on the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time notifying Users thereof on this page. Therefore, please consult this page regularly, referring to the date of the last amendment shown at the bottom hereof. In case of non-acceptance of the changes made to this privacy policy, the User is required to stop using this Application and may request the Data Controller to delete his/her Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that time.

Definitions and legal references

Personal Data (or Data):

Any information that enables a natural person to be identified or identifiable, directly or indirectly, also in connection with any other information, including a personal identification number.

Usage Data:

The personal data automatically collected by the Application (or by the third party applications used by the same), including the IP addresses or domain names of the computers used by the User to connect to the Application, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to forward the request to the server, the file size obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various time details of the visit (for example the time spent on each page) and the details relating to the path followed within the Application, and particularly the sequence of the pages consulted, the operating system parameters and the User’s computer environment.

User:

The individual who uses this Application, who must coincide with, or be authorised by, the Data Subject, and whose Personal Data is being processed.

Data Subject:

The natural or legal person to whom the Personal Data refers.

Data Processor (or Processor)

The natural or legal person, public authority or other body that processes Personal Data on behalf of the Controller, in accordance with this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority or other body that, alone or jointly with others, determines the purposes and means of the personal data processing and the tools used, including the security measures relating to the operation and use of this Application. The Data Controller is the owner of this Application, unless otherwise specified.

This Application

The hardware or software tool through which the Users’ Personal Data is collected.

Cookies

A small portion of data stored on the User’s device.

Legal references

Notice to European Users: this privacy policy is drawn up in compliance with the requirements of Regulation (EU) 2016/679 as well as with the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, concerning Cookies.

This privacy policy applies exclusively to this Application.

 

Last amended: 17/06/2020