Privacy and Cookies Policy

PRIVACY POLICY

NOTICE

This page describes how this website https://www.fondapi.it/ is managed with regard to the processing of personal data of users who consult it. This is a notice provided pursuant to European Regulation 679/2016 concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter also referred to as the Regulation) for users of our website services provided via the internet. This notice does not apply to other websites that may be accessed through our links, for which the Fund is not responsible in any way.

DATA CONTROLLER

The Data Controller of your personal data is FONDAPI National Supplementary Pension Fund for workers of small and medium-sized enterprises (hereinafter Fondapi or Pension Fund or Fund) with registered office in Piazza Cola di Rienzo, 80/A – Rome

DATA PROTECTION OFFICER

The Data Protection Officer (DPO) can be contacted at the following email address dpo_fondapi@protectiontrade.it

PURPOSE OF PROCESSING AND LEGAL BASIS

This website collects personal data such as the user’s IP address to allow navigation through the site itself, as well as identification data such as name, surname and email address to respond to any user requests sent through the email addresses present on this website. The legal basis for processing is the execution of pre-contractual/contractual activities in favor of the data subject and responding to their requests. Specific summary information notices will be progressively reported or displayed on the website pages set up for particular services on request.

TYPES OF DATA PROCESSED

“Personal Data” means information suitable for identifying, directly or indirectly, a natural person, in this case, the user browsing the Website (the “Data”). In particular, the Fund processes the Data indicated below:

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects but could, by its nature, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s computer environment.

These data are used only to obtain anonymous statistical information about website usage and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data voluntarily provided by the user

Voluntarily provided data includes identification data, contact information and data present in emails sent to addresses on this website.

OPTIONAL NATURE OF DATA PROVISION

Apart from what is specified for navigation data and what is specified in the specific information notices present in other sections of this website, the user is free to provide personal data to request information about the Entity’s services. Failure to provide such data may make it impossible to obtain the requested information.

PROCESSING METHODS

Personal data is processed primarily through automated means and will be stored in such a way as to minimize, through the adoption of appropriate and preventive security measures, the risks of destruction or loss, including accidental, unauthorized access, or processing that is not permitted or does not comply with the purposes of collection.

DATA RECIPIENTS

The Fund’s specifically authorized personnel and external parties appointed as data processors under Art. 28 of EU Regulation 2016/679 may become aware of your personal data exclusively for the pursuit of the aforementioned purposes.

The data collected through this website, including those derived from your navigation on the Site, may be communicated to subjects who deal with site management, technological and instrumental partners whom the Controller relies on for the provision of services requested by users, as well as to subjects who have the right to access the data by law and/or secondary legislation.

The Controller may use suppliers or sub-suppliers who do not reside in the European Union; in this regard, it is guaranteed that the transfer may only take place to subjects who ensure an adequate level of data protection and/or to countries for which the competent Authorities have issued an adequacy decision, as well as to subjects who have provided suitable guarantees for data processing through adequate regulatory/contractual instruments such as the signing of standard contractual clauses. To obtain information in this regard, you can send an email todpo_fondapi@protectiontrade.it.

RETENTION PERIODS

Personal data is processed with manual and automated tools, in compliance with the Regulation’s requirements. Data will be retained only for the time necessary to achieve the purpose for which it was collected (to allow navigation through the site and respond to data subjects’ requests), unless different needs arise from legal obligations. Subsequently, personal data will be deleted. For retention periods of data collected in specific sections of this website, please refer to specific summary information notices that will be progressively reported or displayed on the site pages set up for particular services on request.

For cookie retention times, please refer to the section on Cookies.

MINORS

No personal data should be entered on the site by minors without prior consent from parents or guardians. The controller encourages all parents and guardians to instruct minors on the safe and responsible use of their personal data on the Internet. The controller, however, commits not to knowingly store or use any personal data collected from minors for any purpose, including disclosure to third parties.

LINKS TO OTHER WEBSITES

The site may contain hyperlinks to other websites, proposed to provide better service to users. The controller is not responsible in any way for the content of websites that users might access through its site. The existence of a hyperlink to another site does not imply approval or acceptance of responsibility by the controller regarding the content of the new site being accessed, including in relation to the policy adopted for personal data processing and its use.

RIGHTS OF DATA SUBJECTS

We inform the data subject that, subject to the limitations on the exercise of data subjects’ rights under Articles 2-undecies and 2-duodecies of the Personal Data Protection Code (Legislative Decree 196/03), they may exercise the rights provided by the Regulation in their favor by writing to dpo_fondapi@protectiontrade.it.. In particular, they may:

• access your personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the significance and possible consequences for the data subject, where not already indicated in the text of this Notice;
• obtain without delay the rectification of inaccurate personal data concerning you;
• obtain, in cases provided by law, the deletion of your data;
• obtain the limitation of processing or object to it, when permitted based on the legal provisions applicable to the specific case.

Where deemed appropriate, the data subject may file a complaint with the supervisory authority.

SOCIAL MEDIA POLICY

Fondapi is present on social media to present the pension fund, promoting the culture of supplementary pension schemes and providing support to members and potential enrollees. The Controller uses some social media to promote Fund events and services, to collect comments and suggestions on user experience, and to respond to information requests (e.g., Instagram, LinkedIn, WhatsApp). Social media profiles are managed by the Controller’s collaborators appointed as Authorized Persons for processing and/or by external companies appointed as Data Processors pursuant to Art. 28 of EU Reg. 2016/679. The processing of users’ personal data is carried out according to the policies in use on the platforms used. Personal or special category data inserted in public comments or posts within social channels may be removed. As an example but not limited to, users are invited not to publish spam, commercial/advertising proposals, misleading, deceptive, or legally prohibited content on the Fund’s channels, which would be deleted. Users are also asked not to publish personal information (e.g., phone numbers, email addresses, personal identification code). Instead, users are asked to share opinions without violating the privacy or rights of people or other subjects. Data shared by users through private messages sent directly to channel managers will be processed in compliance with current personal data protection regulations and this privacy policy.