INFORMATION ON THE PROCESSING OF PERSONAL DATA

This page describes how to manage the site with reference to the processing of personal data of users who access and consult it. Only people accredited with a username and password can access the portal and there are different levels of access based on the role performed within the Focolare Movement. According to the indicated legislation, all treatments will be based on principles of correctness, lawfulness, transparency and protection of the privacy and rights of Users. This is an information notice that is provided on the subject of privacy pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation" or "GDPR") to those who have been accredited to the portal at the address: https:// indy.focolare.org/.

The "owner" of their treatment - i.e. the legal entity that determines the purposes and means of processing personal data - is P.A.F.O.M with registered office in Rocca di Papa (Rome - Italy), Via Frascati, 306.

Following consultation of this platform, data relating to identified or identifiable persons may be processed.

The Data Protection Officer (RPD) is the lawyer. Sergio Barbaro who can be reached at the following address: Personal Data Protection Officer, via Frascati n. 306, Rocca di Papa (Rome-Italy), e-mail: privacy@focolare.org .

All personal data provided will be processed in a lawful, correct and transparent manner in order to provide the requested services.

Navigation data

The computer systems and software procedures used to operate the portal acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses used by the connection, the addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.). These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

Data provided voluntarily by the user

The data provided voluntarily by the user such as name, surname, e-mail, country, region, city, gender, notes, commitment in the Movement Organization and how he learned about Indy are stored in the authentication LDAP server and can be viewed by those in charge for the confirmation of qualification.

The optional, explicit and voluntary sending of data to the addresses indicated on this site involves the subsequent acquisition and processing of the data necessary to offer the requested service and/or respond to requests, as well as any other personal data entered. Personal data, collected and stored in databases, will be processed by employees and appointees of the data controller, and will not be disclosed or communicated to third parties, except in the cases provided for by law and in the manner permitted by it.

The interested party has the right to exercise the rights provided for in this information.

No third-party or profiling cookies are used, but only some technical cookies to provide the requested services, specifically session cookies. The use of so-called session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. The so-called Session cookies used on this site avoid the use of other IT techniques potentially prejudicial to the confidentiality of users' browsing and do not allow the acquisition of personal identification data of the user.

Personal data is processed exclusively for the provision of Indy services or for the fulfillment of the provisions of the law or regulation. Within the scope of these purposes, the processing may concern the data necessary for the management of relationships including the data provided at the time of registration or use of online services.

The legal basis of the processing is given by the user's consent expressed through a request for accreditation to the portal.

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and are stored in an LDAP authentication system located at the headquarters of the Organization. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Furthermore, due to the consent expressed by the user, where required for specific services, it is possible that the same will be contacted via e-mail that the same user has indicated to confirm the regular registration and for the periodic change of the password.

The data will be processed by persons in charge under the supervision of the internal data processing managers, specifically appointed by the Body, and may be brought to the attention of other external persons operating as persons in charge of the management or maintenance of electronic instruments or other external subjects where the communication is required by law or regulation or is necessary for the performance of institutional tasks and purposes.

The personal data collected and processed according to this Information will be kept by the Data Controller for the period necessary for the provision of the service and in any case for the time necessary for the execution of any obligations required by law or regulation.

The Applicable Law grants users a series of rights including, by way of example, the right:

(i) to access their Personal Data

(ii) to request its rectification

(iii) to request the update and cancellation, if incomplete, erroneous or collected in violation of the law

(iv) to request that the treatment be limited to a part of the information concerning them

(v) to transmit to them or to third parties indicated by them the information concerning them (so-called "data portability")

(vi) to oppose their treatment for legitimate reasons

(vii) to revoke their consent at any time by sending a written request without formalities to P.A.F.O.M. to the indicated contacts.

P.A.F.O.M. remember that, where the response to requests cannot be considered satisfactory, the user can contact and lodge a complaint with the Guarantor Authority for the Protection of Personal Data (www.garanteprivacy.it) in the ways provided for by the Applicable Regulations.

It is therefore possible to contact P.A.F.O.M. for each request, clarification or response on the application of the legislation on the protection of personal data and for the concrete exercise of the rights of the interested party, better indicated in the previous paragraph, even in the event that it becomes necessary to update, modification, integration, correction and/or deletion of data, as required by the regulatory provisions or in relation to the assessment of the specific needs explicitly stated by the interested party.

To this end, to facilitate the interested party in the exercise of their rights and in interacting with the Focolare Movement, the following contact details are provided to contact in the event of complaints: e-mail address: privacy@focolare.org; 00040 Rocca di Papa (RM), Via Frascati, 306.