Privacy

INFORMATION ON PERSONAL DATA PROCESSING
for users visiting UBILIBER website

PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 – GDPR

Reasons for providing this information
Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”), this page describes the personal data processing policy implemented for users vising the UBILIBER website accessible electronically.

This information does not concern any other website, page or online service accessible through any hyperlink posted on the website but relating to resources residing outside of UBI’s domain.

Data Controller
As a result of the consultation of the websites listed above, data concerning identified or identifiable natural persons can be processed.
The Data Controller is Unione Buddhista Italiana – Ubiliber, Fiscal Code n. 97039730151, VAT registration n. 15823611007, with registered office located in Vicolo dei Serpenti 4/A – 00184 Rome – [email protected]

Place and purposes of data processing
The data processing connected with the web services of this website shall take place at the headquarters of our Internet Service Provider (appointed as external maintenance manager) and shall be carried out by employees/collaborators of Ubiliber.
No data derived from web services shall be disclosed or disseminated to any third party.
The personal data provided by users who send requests for services via e-mail shall only be used for the purpose of providing the requested service or performance and shall not be disclosed to any third party unless such disclosure is required by the law or is strictly necessary for fulfilling the relevant requests.

Data processing types

Browsing data
During their regular operation, the IT systems and software procedures operating this website collect some personal data the transmission of which is implicit in the use of Internet communication protocols. Such information is not collected in order to be associated to any identified subject but, by its very nature, might enable, through processing and associations with data held by third parties, the identification of users.
This data category includes the IP addresses or domain names of the computers used by the users accessing the website, and the time of the request. As to the potential use of such information by any third party, please refer to the Cookies section. The data could be used for establishing liabilities in case of hypothetical cybercrimes perpetrated against the website.

Data provided voluntarily by the user
The optional, explicit and voluntary delivery of e-mails to the addresses indicated in this website implies the subsequent acquisition of the sender’s address, which is required in order to reply to the requests, and of any other personal data included in the e-mail communication.
In the event of requests concerning specific services where the user is invited to fill out a dedicated form with some required data (e.g. registration for the Newsletter, request of the Magazine), the user shall be explicitly invited to provide his/her consent. Therefore, the legal basis for such data processing is the consent of the data subject (article 6 paragraph 1 letter a) of the GDPR. The data transmitted through the form shall only be processed for the purpose of allowing the subject to receive the chosen services.

Optionality of the provision of data
Except for the requirements established for browsing data, the user shall be free to provide personal data in order to request the services offered or otherwise indicated in the “Contacts” for any request and/or communication.
Failure to provide data may prevent the user from obtaining the requested service.
With regard to the data that the user is mandatorily required to provide through the data entry page in order for the user to enjoy the service or have the request fulfilled, failure to accept the provision thereof and of the simultaneous consent for the stated purposes shall result in the user being prevented from obtaining the requested service.

Data processing methods
Personal data shall be processed with automated IT instruments, for as long as it is necessary to fulfil the purpose for which they were collected. More specifically, it should be pointed out that, since such personal data were collected upon explicit consent of the data subject, they shall be stored until the data subject specifically requests deletion thereof.
Specific security measures are implemented in order to prevent data losses, unlawful or incorrect uses thereof and unauthorized access thereto.

Rights of the data subjects
At any time, the data subject shall be entitled to exercise, pursuant to articles 15 through 22 of Regulation (EU) 2016/679, the right to:
a) ask for confirmation of whether or not his/her personal data are being processed;
b) obtain information on the purposes of the data processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the period for which the personal data will be stored;
c) obtain rectification or erasure of the data;
d) obtain restriction of data processing;
e) obtain data portability, namely to receive them from a data controller in a structured, commonly used, machine-readable format and to transmit them to another data controller without hindrances;
f) object to the data processing at any time; the data subjects should be aware that, where their personal data are processed for direct marketing purposes, they shall have the right to object to such processing without giving any reasons for that;

1. g) ask the data controller to grant access to the personal data and rectification or erasure thereof or restriction of processing of the personal data concerning him/her or to object to their processing, in addition to the right to data portability;
   h) withdraw his/her consent at any time, without prejudice for the lawfulness of the data processing based on the consent given before withdrawal;
   i) file a complaint with a supervisory authority. The data subject shall have the right to file a complaint with the Personal Data Protection Supervisor headquartered in Rome, via di Monte Citorio 121 (Phone +39 06696771), following the procedures and instructions published on the Authority’s website garanteprivacy.it

All requests/notices shall be addressed to the Data Controller identified above via ordinary mail, telephone (phone number +39 349 2543115) or e-mail (e-mail address: [email protected])