Pursuant to Article 13 of the Regulation (EU) 2016/679 relating to the processing of personal data (“GDPR”)

Distretto Rotaract 2031 pays the utmost attention to the security and confidentiality of personal data. Therefore, Distretto Rotaract 2031 hereby provides information regarding the processing of the personal data of the users (hereinafter also referred to as “Users” or, in the singular, as “User”) that are collected surfing through the portal https://www.rotaract2031.it/ (hereinafter also referred to as the “Site”).

  1. Data Controller

The data controller is Distretto Rotaract 2031, with registered office in Santhià, Via Talucchi n. 5 (hereinafter referred to as the “Data Controller” or “District”).

For any need regarding the processing of personal data, or to exercise your rights, you can contact the Data Controller at the following address: segreteria@rotaract2031.it

  1. For what purposes does District process personal data

Through the Portal, District collects certain personal data relating to Users, either voluntarily provided by them or collected in the normal operation of the same, which are processed for the purposes described below.

The Portal also makes use of cookies and other tracking tools. Please refer to the Cookie Policy for further information and to manage your preferences in this regard at any time.


Purposes of Processing

Categories of data processed

Legal Basis and provision


To provide access to the reserved area of the Site with the relative operational management of the same and purposes strictly related to these. In order to create a profile that allows access to the reserved area made available on the Site, District collects certain personal data necessary to identify the User and allow the operational management of the Site itself.

Personal and contact data (name, surname, telephone number, mobile phone number, e-mail address, username and password); Data provided voluntarily by you (information you voluntarily provide on the Site); Navigation data (information on how you use the Site, open or forward our communications, including information collected through cookies).

Performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR). The provision of data is necessary (except for the data provided voluntarily by you) because if it is not provided, the District will not be able to provide registration on the Site and access to the reserved area.


Managing and responding to your requests for information. The District processes your personal data in order to manage and respond to your requests for contact and/or information or for the possible establishment and execution of pre-contractual or contractual relations for the possible provision of the services requested.

Personal and contact data (name, surname, telephone number, mobile phone number, e-mail address); Data provided voluntarily by you (information you voluntarily provide on the Site in the form present on the Site in the “Contacts” and “Assistance and Support” sections).

Performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR). The provision of data is necessary (except for the data provided voluntarily by you) because without it the District will not be able to handle your request and/or respond to you.


Defending its rights The District may process personal data in order to defend its rights in the course of judicial, administrative or extrajudicial proceedings and in the context of disputes arising in connection with the services.

Personal data collected for purposes 1 to 4 will be processed as necessary.

Legitimate interest of District in protecting its rights (art. 6 (1) (f) GDPR). A new and specific provision is not required as the District will pursue this further purpose, where necessary, by processing the data collected for the above purposes.


Fulfilment of legal obligations District may process personal data in order to fulfil its obligations under laws, regulations or Community legislation, or under provisions/requirements of authorities empowered to do so by law and/or supervisory and control bodies.

Personal data collected for purposes 1 to 4 will be processed as necessary.

Fulfilment of a legal obligation (art. 6 (1) (c) GDPR). The provision of personal data for this purpose is necessary as otherwise the District will be unable to fulfil specific legal obligations.

  1. How we keep personal data secure

The District takes appropriate security measures to ensure the protection, security, integrity and accessibility of Users’ personal data. The appropriate security measures are designed to prevent unauthorised access, disclosure, modification or destruction of personal data.

All personal data is held on the District’s secure computer systems (or appropriately stored hard copies) or those of our suppliers, and it may be accessible and usable in accordance with our standards and security policies (or equivalent standards for our suppliers).

  1. How long we keep personal data

The District retains the User’s personal data only for as long as it is necessary to achieve the purposes for which it was collected or for any other related legitimate purpose.

Personal data that is no longer needed, or for which there is no longer a legal basis for its retention, will be irreversibly anonymized (and in this way preserved) or safely destroyed.

If the data processing serves several purposes, the data will be deleted or anonymised as soon as the retention period for the last purpose has expired.

In particular, the data processed to manage access to the Site will be stored until the relevant profile is closed or in case of inactivity of the same for two years. On the other hand, personal data processed to manage and respond to requests for information made by the User will be stored for two years.

With particular reference to the judicial protection of our rights or in case of requests by the authorities, the data processed will be kept for the time necessary to process the request or to pursue the protection of the right.

In any event, for technical reasons, the termination of processing and the consequent definitive cancellation or irreversible anonymisation of the relevant personal data shall be definitive within thirty days of the aforementioned deadlines.

  1. With whom we may share personal data

Personal data may be accessed by duly authorised employees and collaborators, as well as by external suppliers, appointed, as necessary, as data processors, who provide support for the provision of services, related to the relationship between you and the District and/or on the Site.

You can contact District as indicated in the paragraph n.1 if you wish to request to see the list of data processors and other entities to whom we disclose your personal data.

In any case, any communication of your personal data will take place in full compliance with the provisions of the GDPR and the Privacy Code.

  1. Transfer to third countries

The District guarantees that the Data relating to this Contract will be processed exclusively within countries belonging to the European Union (EU) or the European Economic Area (EEA).

  1. Personal data protection rights and the right to lodge complaints with the Personal Data Protection Authority

Each User, subject to the existence of the legal basis for the request, is entitled to obtain from the District:

– the access to personal data, as provided for in Article 15 of the GDPR;

– the rectification or integration of personal data held by the District that are considered inaccurate, as provided for in Article 16 of the GDPR;

– the deletion of personal data for which the District no longer has any legal grounds for processing, as provided for in Article 17 of the GDPR;

– the restriction of the way in which personal data are processed, if one of the cases provided for in Article 18 of the GDPR applies;

– the copy of the personal data provided to the District, in a structured, commonly used and machine-readable format and the transmission of such data to another data controller (so-called portability), as provided for by Article 20 of the GDPR.

Right to object: in addition to the rights listed above, the User may, at any time, object to the processing of his/her data by the data controller for the pursuit of his/her own legitimate interest. In addition, he/she may always object, at any time, if personal data are processed for marketing purposes.

The exercise of such rights, which can be done through the addresses indicated in point 1, is free of charge and it is not subject to formal requirements. It will be the responsibility of the District to verify that the User is entitled to exercise such rights and to reply, as a rule, within one month.

In the event that the User considers that the processing of his/her personal data is in breach of the provisions of the GDPR, he/she has the right to lodge a complaint with the competent Personal Data Protection Authority, or to take appropriate legal action.

Last update: November, 2021