GDPR – Introduction and Objectives
We have written this document to help you understand our privacy policies. To make that as easy as possible, we use clear language and a simple structure.
As the General Data Protection Regulation (EU 2016/679) comes into force, we are making a number of improvements to the use of SOSORT Website. Although many of these rules apply only to users in the European Union (EU), the changes will affect all users.
We will provide you with all the information you need to use the services provided by SOSORT. You will learn in this document what data we collect, for what reason, for how long and where we store that information.
We manage your data, and we help you to manage it yourself. We recognize that protecting your information and giving you control over it is a great responsibility.
As expressly required by the GDPR, when you use our services you can exercise your rights at any time and in total transparency. We invite you to read carefully the following instructions and to pay close attention to those areas of greatest interest to you.
Who we are
SOSORT is a non profit Association based in Italy – Via Bellarmino n. 13/1, 20141 MILANO
At SOSORT we also act as data controllers but only when we collect your personal data to consult some reserved pages or to send you the newsletter. In that instant, we establish a direct relationship between you and us.
As data controllers we guarantee compliance with the rules concerning the protection of personal data. We provide all useful information about the processing of data, both information communicated directly and voluntarily and any information collected by the system while navigating on the site.
Specifically, the data processor for SOSORT is its pro-tempore administrator, assisted by the Data Protection Officer (DPO), who guarantee compliance with the rules imposed by the GDPR.
The data processor can always be contacted by mail.
How SOSORT collects data
Data provided voluntarily for the use of the login and registration service
When you use browse on the website, our system log files may collect information about you, such as:
- your IP address;
- your operating system;
- your ID and your browser type;
- GPS coordinates.
Even your browsing activity on our site can be traced, through:
- tracking technologies (such as Google Analytics) or similar on our website that are used to analyze trends, administer the website. We don’t use targeted advertising;
For security reasons, the confirmation of the registration is manual and is carried out once a week.
Data retention – Times and methods of treatment
At SOSORT we do our best to keep your data accurate, up-to-date, and limited to the information you provide. We will keep your information for as long as your account is active or for the time necessary to provide our services.
We may also retain and use your information to comply with our legal obligations, resolve disputes, prevent abuse and enforce our agreements.
The data we collect to meet our contractual obligations, and the information about how and when you use our services are stored in active databases, log files or other types of duly protected and encrypted data storage systems.
In particular personal data collected to access our services, by username and password of the individual’s account, will be stored on our servers via a database accessible from an active account. Subsequently, they will be stored by means of secure backup on our servers for as long as you use the service, or stored for 12 months in case of cancellation.
The data received from the contact form for general information will be processed in the ways and times provided to give feedback to the type of contact. During that period, the information will be stored and accessible only to staff.
Access, export, modify and remove information
Right of access, rectification, and opposition
We have established mechanisms and procedures that, at any time and for legitimate reasons, guarantee you the ability to:
- oppose the processing of data;
- request cancellation, modification or updating of all your personal information in our possession.
SOSORT also lets you change your data whenever you want by accessing your profile through our portals or by contacting us at the email address indicated in the privacy section of the website to which the specific service refers.
You can unsubscribe from our newsletter or choose not to receive commercial communications via email. Just use the unsubscribe link included in every email.
You can forward requests for the cancellation, modification or updating of all personal information electronically using the appropriate forms or by informing us by email.
These requests will be processed within a maximum period of 30 days, unless there is a justified delay.
Right to be forgotten
We have generated all the necessary procedures to guarantee your right to be forgotten, which allows you to correct your personal data.
In response to your legitimate request we will delete your data which will no longer be subjected to any type of processing. Nor will we use your data for any purpose other than those necessary for which the data were previously collected or processed.
You have the right to withdraw your consent or oppose the processing of data if you believe that the latter does not comply with this regulation.
To take advantage of this right you will have to prove that you are eligible to make the request by sending us documents proving your identity. Please remember to explain your decision.
Once we have received your communication, we will respond as soon as possible to confirm and demonstrate the cancellation of your data.
Right to data portability
To further strengthen the control of any data processed automatically, you will have the right to download such data from our applications.
The data will be available in a structured format, commonly used and readable by an electronic device (such as computers, smartphones, tablets, etc.)
The files with your personal data can be transmitted to another similar data controller, ensuring your right to data portability.
Right of withdrawal of consent to data processing
If you no longer wish to receive our emails, you can follow the instructions for removal from our contact list included in each email.
Remember: the withdrawal of consent to the processing of data, limited to the use of a service offered free of charge, suspends ipso jure the supply.
SOSORT assigns the utmost importance to the security and integrity of your personal data.
In accordance with the GDPR, we commit ourselves daily to take all the necessary precautions to preserve the security of your data and, in particular, to protect them from:
- accidental or illicit destruction;
- accidental or illicit loss;
- accidental or illicit corruption;
- circulation or disclosure to unauthorized persons;
- unauthorized access;
- unlawful processing.
To this end, we have adopted industry-standard technical security measures, including:
- a multilevel firewall;
- proven antivirus and intrusion detection software;
- encrypted transmission of data through SSL / HTTPS / VPN technology.
To protect personal data from unauthorized disclosures, we have used specially developed coding methods, as well as algorithms that ensure the security of transactions, accesses and data backups.
We guarantee the accuracy and correct use of data:
- with appropriate electronic, physical and management procedures in order to safeguard and preserve the data collected through our services;
- with the appropriate training of any staff members who have obtained specific authorization to access the data in compliance with the provisions of the GPDR.
However, there is no absolute defense against piracy attacks or hackers. In the event of a breach of security (a “data breach”), we are committed to informing you without undue delay and will work to the best of our ability to neutralize the intrusion and minimize the impact. In the event that you suffer a loss due to a security breach, we are committed to providing you with all the assistance you need to be able to assert your rights.
As the user of our services, applications or software, you must perform the following actions:
- check the authentication of people accessing the data;
- use a unique and sufficiently secure password, remembering to change it regularly and to never leave it unattended.
The purpose of these technical measures is to make your data incomprehensible or inaccessible to unauthorized persons.
Minimization of data processing and archiving
We have prepared technical and organizational measures to guarantee the principle of minimization of data processing. Any data processing will always be adequate, relevant and limited to achieving the stated purposes.
The processing of data for statistical purposes, archiving in the public interest, scientific or historical research is subject to guarantees appropriate to the rights and freedoms of the interested party in accordance with the provisions of the GDPR.