Privacy policy and data transmission

Updated informations – Latest update on March 20th, 2020

In accordance with the article 13 of the Regulation (EU) 2016/679

WGA is committed to your privacy, we developed a policy on privacy that regulates all the modalities of collection, use, disclosure, transfer and storage of personal data.

The Policy on privacy is effective of all services offered by WGA, all services are not for profit but only for organization and sustainability,  and you can consult it online at the dedicated address on the www.whygroup.org. We ask you to read this document to know the policies on privacy.

WHY THIS NOTICE 

Because through the creation of WGA Account, WGA uses users’ data and they accept the whole WGA set of forms in order to have a proper distribution of services. 

Sometimes we collect and use some of the personal data to identify the users or to contact them. We may ask you to share with us your personal data every time you get in contact with WGA or any societies affiliate to WGA. WGA and its affiliate societies may share these data and use them in compliance with the Policy on privacy. The data may be combined with other data to improve products, services, contents or advertising material. You do not have to share your data with us, however in many cases we would not be able to offer you support and/or consulting.

After the consulting of the site mentioned above, the data related to physical/juridical persons who have been identified or are identifiable may be processed.

OWNER OF THE PROCESSING

In this page we describe the modalities of site management in reference to the processing of the personal data belonging to the users who consult the site. This report is in accordance with the Regulation (UE) 2016/679 –  and it is handed to anyone who interacts with our services for the protection of personal data, accessible via electronic transmission and not on the domain: www.whygroup.org, related to applications to a subdomain/subfolder of the site itself or other applications related to WGA society.

 

The owner of the processing is:

WGA or Why Group Association registered in Alba with ID CF90057270044

Email contact: communication@whygroup.org or info@whygroup.org

 

JURIDICAL BASIS OF THE PROCESSING 

Personal data mentioned in this page are processed by the owners while they perform their tasks or the personal data are anyway related to the execution of their activity, including the commitment of raising the awareness and helping the public understanding of the risks, the regulations, the warranties and the rights in relation to the processing and also raising the awareness of the owners of the processing and of the person in charge of the processing about the duties the Regulation (art. 57, section. 1, (b) and (d), of the regulation) imposes to them.

PERSONS IN CHARGE OF THE PROCESSING

The persons in charge of the processing sign the consent form and are appointed by our society in the field of the management of the required service and during the planned marketing activities they will be informed of the shared data. The persons in charge confirm they were properly trained for managing the data and they take on the whole responsibility of data use.

RIGHTS OF THE CONCERNED ENTITIES

In relation to the processing of their personal data executed through this site, in the capacity of concerned entity you will exercise the rights envisaged on the GDPR any time. In particular you will be allowed to:

  • access to your own personal data and obtain evidence of the goals pursued by the owner, of the categories of the involved data, of the persons/entities the data may be shared with, of the period of applicable storage, of the existence of automatized processes of decision, including the profiling and, at least in these very cases, a significant information of the logic of which has been made use, in addition to the importance and the possible consequences for the concerned entities, where this has not been already mentioned in the text of this report;
  • obtain with no lateness the rectification of any wrong personal data related to your person;
  • obtain the limitation of the processing or oppose to it, when this is permitted in base of legal predictions applicable to the specific case;
  • in the cases envisaged by the law require the portability of the data you share with the owner, i.e. receive them in a structured format, of common use and readable on any automatic device, and also require the transmission of the data to another owner, when this is technically practicable;
  • complain to the control authority, when you consider it opportune.

In the capacity of concerned entity you can revoke the consent for the processing of personal data, when the juridical basis of the data processing is the consent, and in particular exercise your right of opposing to direct marketing. To exercise the said rights, you shall contact the owner of the processing and refer to the contact data written at the beginning of this Report. To have much information about your rights and the general notice on privacy we suggest you to visit the website of the Guaranteeing Authority for the protection of personal data at the address https://www.garanteprivacy.it/

 

PURPOSES OF THE PROCESSING

The personal data shared with us will be processed to:

  • execute only the indispensable operations and carry on the distribution of the service you possibly asked for, including web surfing on the site pages;
  • consulte, formulate and elaborate the answer or the transmission of Contracts and promotions following a request for information or an offer of services and products;
  • fulfill physical, accounting and administrative duties dictated by law;
  • meet company operative and management demands related to the offered service.

 

The data automatically acquired by the computer system will be used only to:

  • obtain anonymous statistical information about the use of the site;
  • verify the proper functioning of the computer system.

The computer systems and the software procedures designated for the functioning of WGA applications acquire, during their regular action, some personal data whose transmission is implicit in the use of Internet communication protocols. These information are not collected to be associated with the identified concerned entities, but for their very nature they may allow, through elaborations and associations with the data in possession of third parties, the identification of the users. This category of data include IP addresses or domain names of the computers used by the users while connecting to a site, addresses with URI (Uniform Resource Identifier) notation of the required resources, the time of the request, the method used to submit the request to the server and other parameters concerning the operative system and the computer environment of the user. These data are used only to obtain anonymous statistical information about the use of site and to make sure of the good  functioning of the site and they are deleted right after the processing. The data may be used to verify the responsibility in case of hypothetical computer crimes against the site: this eventuality aside, the data are not stored for more than seven days.

RECIPIENTS OF THE DATA

The collected data will be processed only for the above-mentioned purposes. In compliance with the appropriate safety measures, put into effect by the Owner, the data of third parties might be also communicated to entities dealing with public security and to other public and private entities for the fulfillment of fiscal, administrative, financial obligations and the like, provided for by law. In no case the data will be disclosed.

MODALITIES OF THE PROCESSING 

The data processing will be executed both by hand and by using computer and telematic means such as mail and email. The data will be stored both in paper archives and electronic archives for the time needed to achieve the purposes they were collected for.

Filling in the forms with the users’ personal data is facultative: without the complete compilation of all data marked with a star as “mandatory”, the required Service cannot be provided. The lack of data that are not marked as “mandatory” will allow the obtention of the Service. Users’ personal data might be communicated to third parties to fulfill legal obligations, that is to respect the orders coming from public authorities, that is to exercise a right in a court of law. Personal data of the users will not be disclosed.

KINDS OF DATA WE HAVE THE RIGHT TO PROCESS

Personal information such as:

    • first name, last name, birthdate, email or other data filled in by users themselves;
    • access credentials, such as user name and password;
    • IP address;
    • media data elaborated on behalf of users, such as photos, pdf, drawings or images;
    • positioning information;
    • browsing history;
    • product preferences;
    • data coming from the cookies;
    • non personal data as well, such as language, profession, phone area code, zip code, etc.

 

HOW WE USE YOUR PERSONAL DATA

We have the right to elaborate your personal data for the following purposes:

    • we collect your data to keep you up to date about any news, communication and upgrades concerning our services and events. If you do not want to be on our mailing list, you can opt-out anytime.
    • We use personal data also to create, develop, use, provide and improve our services, contents and advertising materials, and to avoid losses and frauds. Besides, we might use them to guarantee the safety of the account.
    • Personal data might be used to verify the identity of WGA Account holder.

We might use your personal data to send important notices, such as notices about some changes in our terms, conditions and policies. These data are important to interact with WGA and therefore you cannot opt out of receiving these notices.

Moreover, we have the right to use personal data for internal purposes, such as verifications, analyses of the data and researches to improve our services and the communications.

ORIGIN OF THE PERSONAL DATA COLLECTED BY OTHER SOURCES 

 It is possible we get your personal data from other people, indirectly, through gift cards or other products sent to you through an invitation to take part in WGA services.

If you did not provide us your personal data by yourself, we can give you a piece of information about the source that communicated them to us. Once we get these data, we do it in compliance with the laws applicable in legal proceedings. While using these data for the research and development we never try to identify the people they belong to.

DISCLOSURE TO THIRD PARTIES

It may happen that WGA provides some personal data in order to offer or improve its own services, also to meet a demand of support towards clients. In these cases the operation will be managed in compliance with the laws concerning the third parties. For no reason the personal data will be disclosed to third parties for their own purposes of marketing. 

    • Service providers

WGA reserves the right to share users’ personal data with societies providing services such as data elaboration, credit authorization, management and improvement of clients’ data, client assistance, evaluation of the interest in our services and market researches or surveys on users satisfaction. These societies are required to protect your data.

    • Others

If necessary, for reason of national security or other issues of public relevance, we might disclose your data in accordance with the law. This action can include the disclosure of data to public or governmental authorities. Besides, in case of reorganization, fusion or sale, we might transfer to third parties, interested in these operations, all the personal and non personal data we collected.

HOW LONG THE DATA ARE STORED 

In regard to the principles of proportionality and necessity, the data will not be stored for any period longer than what is indispensable for the realization of the purposes mentioned above and, thus, for the services offered or for the specific regulations on the subject. The data coming from contact forms are stored for the period necessary to fulfill the request of the user, the other data are not stored in our records but they might be retained by third parties in compliance with their own privacy policies.

PROTECTION OF THE PERSONAL DATA

At WGA we consider the security of your personal data an extremely important issue. All WGA services are provided with a two-factor authentication during the login and the applications are protected by encoding technologies, such as SSL certificate, to protect your personal data during the transmission. For a greater security all login data are filed in crypto-graphed databases through hash, even in the cases where we use solutions of filing belonging to third parties.

RESPONSIBLE FOR THE PROCESSING FOR THIRD PARTIES, WHETHER AND WHEN 

In accordance with a Contract stipulated between a Client and WGA or an effective maintenance of the services provided, the Owner of the data processing of the activity (Client) have the right to use WGA as Responsible of the data processing. The Owner of the processing can ask WGA for the fulfillment of marketing services with the consequent responsibility for the processing of the personal data if they are indeed processed.

The Responsible has the requisites of experience, ability and reliability to execute adequate technical and organizational measures and to perform the duties as external responsible for the processing of the personal data on behalf of the Owner.

WGA is responsible for the processing of Clients’ data and never, in no case, Owner of it, for a limited period and only when it interacts straight with the Clients data and only after the request of action made by the Clients themselves.

The Responsible must:

  • process the data in respect of the principles of data processing mentioned in the GDPR and only for the purposes indicated in the Contract or better as regards the specific intervention activated on behalf of the Client;
  • process the data according to the instruction received from the Owner;
  • guarantee that the authorized people of its own structure for the processing of personal data are formally committed to confidentiality or they have an adequate legal duty of confidentiality and they have been adequately trained on the subject of protection of personal data;
  • by considering the state of the art and the costs of realization as well as the nature, the object, the context and the purposes of the processing and the risk of varied probability and gravity for the rights and the freedom of the physical persons, execute adequate technical and organizational measures to guarantee a level of security adequate to the risk, in particular of:
  1. destruction, loss, modification, unauthorized divulgation, accidentally or illegally, of personal data disclosed, stored and anyway processed;
  2. processing of the data non allowed and not in compliance with the purposes of the processing operations;
  • inform and promptly involve the Owner in all the issues concerning the processing of personal data and, in particular, in case of requests of information, checks, inspections and access by the control authority;
  • by considering the nature of the processing, help the owner with adequate physical, technical and organizational measures, in as much as it is possible, to fulfill the duty of the Owner of following up the requests to exercise the rights of the concerned entity;
  • promptly inform the Owner when one of their instructions violates the GDPR, by considering the nature of the processing and the information at the disposal of the Responsible, and in particular collaborate by communicating the violations of personal data, fulfilling the impact assessments and preventive consultations. 

The Responsible, if he considers it appropriate, has the right to turn to a sub-responsible of the processing.

Anyway, WGA will never consider hold itself responsible if, in case of negligence of the Clients, following official mail or www.whygroup.org system application notices concerning the security, there will be no confirmation and/or acceptation of the related technical intervention from the Clients, in order to make up for eventual flaws that might show in their system, computer or not. For example, in case of a communication aiming at suggesting the expensive installation of a SSL certificate for the website of the Client and the Client ignores the dedicated notice, WGA will not hold itself responsible for the eventual loss of data or related damages.

AUTOMATED DECISIONAL PROCEDURES 

WGA never takes any decisions about the use of algorithms or profilings that may concern a singular user and in a significant way.

ACCESS TO PERSONAL DATA

You can manage your personal settings and your account contact information by accessing to the page of your account or sometimes by directly asking for a modification by certified e-mail from certified e-mail. If some of the data are not available online, we can guarantee you the access to the other personal data we store and give you a copy, so that you are able to execute any operation you want, for example ask us to correct the data in case they are not exact or delete them in case we are not required to store them by law or for legitimate commercial purposes. We have the right to refuse to execute such requests if we consider they may violate others’ privacy or they are extremely difficult to fulfill or if the access to the data is not anyway mentioned as legal by the local law. We have the right to refuse to fulfill any requests of elimination or access to the data when we consider that fulfilling these requests is contrary to the legitimate use of data for antifraud purposes and to guarantee the security, as mentioned above. Online tools used to change the data can vary according to the Country or the regulation of the Country itself.

CHILDREN, INTERDICTED OR INCAPACITATED PERSONS OR PEOPLE BENEFITTING FROM A SUPPORT ADMINISTRATION 

Very aware of the importance of adopting bigger precautions to protect children privacy and safety, we are extremely careful when we start any activity of interaction with children. Children under 13 cannot independently create one WGA Account if they are not expressly supervised by both parents and all actions must be verified by hand through a reliable and dedicated authorization (total release of liability form, on the site www.whygroup.org). The release of liability dedicated to weaker users is applied in all the cases where the application of the standard regulation mentioned above cannot be applied because of age limits or in any other case where the presence of other support figures is required, in order to not violate the privacy in a fraudulent way.   

SERVICES BASED ON THE POSITION

WGA offers some services based on the geographical position for commercial logics or logics related to technical impossibility, thus we feel obliged to process position data with extreme care, to provide proper sale information. Some of the services based on position need your personal data to guarantee a proper functioning.

SITES AND SERVICES OF THIRD PARTIES

Web sites, services, applications and generally WGA services may include links to web sites, products and services belonging to third parties. Besides, our products and services may offer or use products and services of third parties.

The data collected by third parties, which might include information about the geographical position or contact information, are regulated by the respective privacy policies. The regulation of the privacy of such third parties associated to our main domain always refer to the same policy.

QUESTIONS ABOUT THE PRIVACY

In case of questions or doubts in regard to the Privacy policy or the processing of the data, contact us. WGA may periodically upgrade its own Privacy policy. In case of significant modifications, we will post a notice on our website, together with the upgraded privacy policy. Moreover we will contact you through the recorded contact information, for example email, notification or another equivalent method.