Privacy Policy

Personal data protection information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679)

ADVENTIST INSTITUTE OF BIBLICAL CULTURE, headquartered at Via del Pergolino n.12 – 50139 Florence, P.IVA/C.F. n. 03886561004 – Tel. 055-412014 – e-mail privacy@villaaurora.it , As the data controller (hereinafter,the “Company“ or the “Holder“), provides below information common to the processing of personal data carried out in the context of its institutional website accessible electronically from the address: www.villaaurora.it (hereinafter, the “Site“).

In this regard, it should be noted that the information is provided only for the Site and not also for other websites that may be consulted through hypertext links or widgets (e.g. social networks) posted on the Site, but referring to resources outside the Owner’s domain or the processing that may result from the voluntary posting.

Categories of data subjects and personal data processed

The Owner processes the personal data of individuals (identified or identifiable) who visit and consult the Site or who within the Site voluntarily perform actions of interaction with the Owner (hereinafter, the “Users“).

The personal data processed are:

Browsing data: the computer systems and software procedures used to operate the Site acquire, in the course of their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses or domain names of computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the users’ operating system and computing environment;
Data reported: the optional, explicit, and voluntary sending of messages by filling out and forwarding the form present on the Site and/or to the Company’s contact addresses or institutional profiles/pages on social media (where this possibility is provided) involves the acquisition of the User’s contact data necessary to respond, as well as any additional and possible personal data included in the form of registration or in communications. Specific disclosures will be posted on pages of the Site showing the form or prepared for the provision of certain services.
Cookies and other tracking systems: for more information on the types of cookies used, their management of use and purposes, see the cookie policy on the Site https://villaaurora.it/cookies/

(hereinafter, all, “Personal Data“).

Purpose of Processing and Legal Basis:

The Owner processes Personal Data collected in the context of the Site for the purposes and under the legal bases indicated in the following table:

	What are the PURPOSES of the treatment?	What are the LEGAL BASIS of the treatment?
1)	Fulfillment of a legal obligation related to civil, fiscal and administrative provisions, Community legislation, standards, codes or procedures approved by Authorities and other competent Institutions, as well as to comply with requests from the competent administrative or judicial authority and, more generally, public subjects in compliance with legal formalities.	Fulfillment of a legal obligation to which the Owner is subject.
	To assert and defend its rights, including through extrajudicial initiatives and also through third parties, as well as to prevent and detect fraudulent activities or misuse of the Site (for potentially criminal purposes, such as for identity theft, computer crimes, etc.).	Pursuit of the legitimate interest of the Owner.
	To enable Users to access and navigate the Site optimally and to handle requests received through the Site.	Execution of pre-contractual measures taken at the request of the User.
	Limited to Users’ browsing data sub para 1(a), for purposes of securing the Owner’s systems and to obtain statistical information about the use of the Site (such as the Site pages most frequently visited, average time spent on each page), as well as to monitor and administer the operation of the Site and improve the services provided.	Pursuit of the legitimate interest of the Owner.
	To manage the contact section of the site and thus to respond to any user requests received through the completion of any forms or by sending communications to the Holder’s email address	Execution of pre-contractual measures taken at the request of the User.

Mandatory release of requested data and consequences of non-release

Except as specified for browsing data (and, in the appropriate policy, for the management of cookies), users are free to provide their personal data (via any form – in the pages that allow it – or by other means to the contacts of the Holder) to send requests for information or to receive commercial communications.

It is understood that their failure to provide them, even partially, may prevent the Controller from carrying out the User’s requests and communication activities, as well as from fulfilling any related obligations.

Method of treatment

Personal Data will be processed by means of both manual and computerized automated tools exclusively by authorized and specially trained individuals.

Recipients/categories of recipients of personal data

For the purposes stated in this policy:

to companies and third-party professionals appointed to enforce rights, interests, claims of the owner arising from the relationship with Users;
to State Administrations, judicial or administrative authorities, public and private entities, including as a result of inspections and audits;
to individuals who can access the data by virtue of legal provisions or secondary or EU regulations.

Only the category of recipients is indicated, as it is subject to continuous updates. To find out the updated list of recipients, Users may contact the Controller directly by writing to the contact details given in Section 9 of this policy.

Personal data retention periods

Personal Data will be kept by the Owner for the time strictly necessary for the purpose for which it was collected; specifically, the Owner will keep:

Users’ browsing data (indicated in par. 1, lett. a) for the duration of the browsing session and in any case not more than seven days, except in the case of malfunctions in the systems, in which case they will be kept until the issue is resolved;
Data disclosed by Users (mentioned in par. 1(b)):
regarding personal data communicated by filling out the forms on the website, for the time necessary to process the relevant request;
Personal Data whose processing is necessary in connection with legal obligations for the duration of the law;

And in any case, for the purposes stated in par. 2, no. 2, for no longer than a period equal to the limitation period of the relevant shares increased by a prudential period of six months, in order to ensure the Company’s right of defense with reference to possible future litigation in judicial or administrative proceedings.

In all cases, after the respective terms have expired, all Personal Data will be deleted or anonymized. It is understood that the terms indicated may be extended in cases where storage for a further period is required in connection with any litigation, requests by the competent authorities or pursuant to applicable regulations.

Transfer Of personal data to a third country or international organization

As part of the above purposes, it is possible that your data may be transferred to countries within the EU.

Rights

Users, if the circumstances apply, may exercise the following rights against the Controller:

Right of Access: allows Users to obtain confirmation from the Data Controller that Personal Data concerning them is or is not being processed and, if so, to obtain access to their Personal Data;
Right of Rectification: allows Users to obtain rectification/integration of inaccurate/incomplete Personal Data;
Right to erasure: allows Users to obtain, in the cases provided for in the legislation, the erasure of their personal data;
Right to limitation of processing: allows Users to obtain, in the cases provided for in Art. 18(1) of the GDPR, the restriction (i.e., marking personal data stored with the aim of limiting their processing in the future) of the processing of one’s personal data;
Right to data portability: allows Users – in cases where the processing is carried out by automated means on the legal basis of contract or consent – to receive in a structured, commonly used and machine-readable format, limited to the data provided to the Controller, personal data concerning them and similarly the right to transmit such data to another data controller.

In addition, Users are entitled to:

to object to the processing of their Personal Data for the purposes indicated in paragraph 2;
as well as, if believe that the processing of Personal Data relating to them carried out through this Site is in violation of the provisions of the GDPR, to lodge a complaint under Art. 77 of the GDPR, to the National Supervisory Authority of the European Union member state where the Data Subject has his or her habitual residence or place of work or where the alleged violation of his or her right occurred (in case that state is Italy, the person to whom he or she may turn is the Italian Data Protection Authority) or to take appropriate legal action (Article 79 of the GDPR).
Contact

To exercise all rights, the data subject may submit an appropriate application by contacting the Controller in the following ways:

by mail c/o ISTITUTO AVVENTISTA DI CULTURA BIBLICA at Via del Pergolino n.12 – 50139 Florence;
By sending an e-mail to the ordinary e-mail mailboxprivacy@villaaurora.it

Changes

This privacy policy was updated on 12/23/2022

The Company reserves the right to partially or fully amend this notice or update its contents, e.g., due to changes in applicable law. Therefore, the Company invites the User to regularly consult the policy to know its latest updated version so that they are always informed about the way Personal Data is collected and used.

GDPR