NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 GDPR 2016/679

We inform you that the data you provide will be used exclusively for the purpose of establishing and executing the relationship with Fondazione Roma Regeneration ETS – Ente Terzo Settore for volunteer activities. This data will be processed in compliance with applicable regulations, including Regulation (EU) 2016/679 ‘General Data Protection Regulation‘ (GDPR), as well as other applicable provisions on personal data protection.

  1. Data Controller Contact Information

The Data Controller of personal data is Fondazione Roma Regeneration ETS – Ente Terzo Settore (hereinafter, the “Controller” or the “Foundation“), headquartered in Rome, Via Claudio Monteverdi, 16 – 00198. You may contact the Controller via email at privacy@romaregeneration.it or by regular mail at the address provided above.

  • Personal Data categories

The personal data you provide (hereinafter also referred to as the ‘Data Subject‘) includes, by way of example and not limited to, your name, address, or other personal identification details related to the volunteer activities you carry out in favor of the Foundation.

In any case, if you provide personal data that is not relevant or pertinent to the volunteer relationship, the Foundation will refrain from processing such data and will delete it immediately.

  • Purpose and legal basis of the processing

The personal data you provide will be processed, directly and/or through third parties, for:

  • Management of volunteer activities. “Your personal data, provided in relation to the volunteer activities you carry out for the benefit of the Foundation, will be processed to fulfill obligations arising from the volunteer activity and related legal requirements.
  • Security and protection of the Foundation’s assets. Your personal data will also be processed for security purposes, the protection of the Foundation’s assets—including its informational resources—and the prevention of unlawful conduct, including through inspection activities (e.g., internal auditing) and whistleblowing tools.

All personal data you have provided for the performance of volunteer activities, as well as any other personal information provided during your volunteer work, if relevant, will be included in the processing activities carried out by the Data Controller.

​The aforementioned processing activities will be carried out, depending on the applicable requirements, on the following legal bases:

  • art. 6, par. 1, lett. b) GDPR – Execution of a contract to which the Data Subject is a party or pre-contractual measures taken at their request.
  • art. 6, par. 1, lett. c) GDPR – Compliance with legal obligations to which the Data Controller is subject;
  • .art. 6, par. 1, lett. f) GDPR – Processing necessary for the pursuit of a legitimate interest in the ‘Data Controller’ (e.g., security and protection of the Foundation’s assets)
  • Processing Methods

The processing of personal data is carried out for the above-mentioned purpose, in accordance with Article 5 of the GDPR, both in paper and digital formats, as well as through electronic or other automated means.

The processing is carried out directly by the Foundation, as the Data Controller, by its volunteers and collaborators who have been authorized to perform personal data processing operations related to the contractual relationship and have been instructed accordingly, as well as by external entities that, on behalf of the Foundation, provide various services, as further specified in section 7 below.

Your personal data will not be transferred outside the European Union and/or the Spazio Economico Europeo (“SEE”).

  • Provision of data and consequences of refusal

For the purposes outlined in paragraph 3, the provision of data is necessary for the proper establishment and execution of the contractual relationship, as well as for fulfilling the related contractual and legal obligations. Failure to provide the data may result in the inability to establish the contractual relationship or to fully or partially fulfill the related contractual and legal obligations.

  • ​Retention Period of Personal Data

Your personal data will be retained for the entire duration of the contractual relationship and, thereafter:

  • within the applicable statutory limitation periods. In the event of interrupting acts affecting the limitation period, the retention period will be extended accordingly.
  • within the limits established by regulatory provisions on data retention (e.g., tax declarations) to properly comply with any legal obligations;
  • for the period necessary to protect the rights of the Data Controller in the event of potential legal disputes.

Once this period has expired, your data will be deleted or removed from the Data Controller’s active systems.

  • ​Recipients of Personal Data

Within the scope of the purposes indicated in section 3, your personal data may be disclosed to the following categories of recipients. The complete list of such entities or categories of entities is available at the Data Controller’s registered office.

  • Data processors, pursuant to ex art. 28 of the GDPR, appointed from time to time;
  • Companies and professionals engaged by the Data Controller to fulfill obligations related to the execution of the contract to which the Data Subject is a party, legal obligations, or to protect its rights (e.g., accountants, lawyers, tax consultants, auditors, etc.);
  • ​Companies specializing in the technical management of networks and information systems;
  • public entities;
  • Foundation’s partners;
  • Judges and courts, in accordance with any request or as part of a legal proceeding;
  • Public authorities authorized by law, in the event of audits, inspections, and/or investigations.

Your personal data will not be subject to dissemination.

  • Rights of the Data Subject

You have the right to exercise at any time the rights recognized by Articles 15-21 of the GDPR, which are briefly summarized below:

  • Right of Access: You may request information regarding the processing of your data or confirmation that the Data Controller is processing your personal data. In this case, you may ask us to provide a copy of your data and verify which data we hold.
  • Right to Rectification: You have the right to request the correction of your personal data if it is inaccurate, including the right to request the completion of incomplete personal data.
  • Right to Erasure: You have the right to request the deletion of the data (or part of it) that you have provided to us, including data that is no longer necessary for the purposes for which it was collected or otherwise processed.
  • Right to Restriction of Processing: You may request us to restrict the processing of your personal data if the legal conditions are met.
  • Right to Object: You may object to the processing of your personal data, unless there is an overriding legitimate reason for continuing such processing.
  • Right to Data Portability: You may request the Foundation to provide, in a structured, commonly used, and machine-readable format, the personal data you have provided, for the purpose of transmitting them to another entity. This right applies when the Foundation processes such data through automated means, based on consent or for the purpose of providing services.
  • Withdrawal of Consent: If the processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of the processing carried out before the withdrawal.
  • Right to Lodge a Complaint with the Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent Supervisory Authority if you believe that the processing carried out violates the applicable data protection regulations.

Any requests made to exercise your rights can be sent to the Data Controller by writing to the email address provided in paragraph 1 of this notice.