Triple Helix Association - Privacy Policy

Introduction

Triple Helix Association (“THA”, “we”, “us”) protects your personal data in accordance with the European Union’s General Data Protection Regulation (GDPR). As an organization based in Turin, Italy, we follow these regulations for all data processing activities. THA is the data controller of the personal data you provide through our Website. This Policy explains what we collect, why we collect it, how we store it, and your rights.


What Data We Collect

We only collect personal data that is necessary for the operation of our website and the provision of our services. The types of personal information we may collect include:

  • Contact Information: When you fill out our Contact Us form or other inquiry forms, we collect your name, email address, phone number (if provided), and any other information you include in your message. This data is used to respond to your inquiries or requests.
  • Membership Application Data: If you apply for individual or organisational membership via our website forms, we collect information such as your name, email, affiliation/organization, role/title, postal address, and any other details requested on the membership form. This is used to process your membership application and maintain our member registry.
  • Event Registration Data: For event registrations (e.g., conferences, summits), we may collect your name, contact details, organization, and other relevant information. Note: Event registrations may be handled through third-party platforms, for example, via Google Forms or our host’s event management system. If you register via Google Forms, your data will be collected and processed by Google on our behalf, under Google’s privacy terms and the host’s local regulations. If the registration is handled by our website host’s system, your data will be processed in line with the host’s policies and local laws.
  • Newsletter Signup: If you opt in to our mailing list by checking the “Sign me up for the mailing list” box on our Contact form, we collect your name and email address to send you our newsletters or updates.
  • Website Usage Data: Like most websites, we collect certain technical information when you visit our site. This may include IP address and basic device/browser information, collected through cookies or similar technologies strictly required for the Website to function.

We do not intentionally collect any sensitive personal data through our website. We also do not create user accounts or profiles on our site; all data is provided directly by you through forms. Our services are intended for general audiences. We do not target or knowingly collect data from children under the age of 14. In line with Italian law, minors under 14 years old should not provide personal data through our site without parental consent.


How We Use Your Data

We process personal data for specific purposes and only as necessary for our legitimate organizational functions or with your consent. The primary purposes for which THA uses your data include:

  • Responding to Inquiries: We use the contact details and message you provide in our contact form to communicate with you and answer your questions or requests. For example, if you ask about membership or events, we will use your data to provide the requested information.
  • Membership Management: If you apply to become a member, we use your personal information to evaluate and process your membership, register you as a member, and provide membership benefits (such as access to newsletters, events, or member communications). We may also use your contact information to send you membership-related communications (e.g., renewal notices, member surveys, or important association announcements).
  • Event Organization: For event sign-ups, we use the provided data to register you for the event, organize event logistics, communicate event details or changes, and, when applicable, follow up after the event (e.g., to send certificates, materials, or feedback surveys).
  • Newsletter and Updates: With your consent, we use your email address to send you our newsletter and updates about THA activities, events, or publications. You may opt out at any time by requesting removal via email to info@triplehelixassociation.org.
  • Legal Compliance and Operations: We may process personal data as required to fulfill our legal obligations or for our legitimate interests related to the association’s operations. For instance, we may retain certain records to comply with financial reporting or tax laws applicable to non-profit associations, or to establish or defend legal claims if needed.

We will not use your personal data for purposes incompatible with the above without obtaining your permission. We do not sell or rent your personal information to third parties for marketing or any other purposes.


Legal Bases for Processing

Under GDPR, we must have a valid legal basis to process your personal data. Depending on the context, our processing relies on one or more of the following legal grounds:

  • Consent: We rely on your consent for certain processing activities. When you voluntarily submit information via our forms, we treat that as consent to use the information to respond to you or provide the service requested. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing already carried out.
  • Contractual or Pre-Contractual Necessity: When you apply for membership or register for an event, we process your data as necessary to fulfill our obligations to you in that context (i.e., to provide membership benefits or allow your participation in the event). This is considered processing to perform a contract with you or to take steps at your request before entering a contract.
  • Legitimate Interests: We may process certain data for the legitimate interests of our association, provided such processing is not overridden by your personal rights and interests. Our legitimate interests include communicating with members and stakeholders, ensuring the security and functionality of our website, and promoting our non-profit objectives. When we rely on this basis, we ensure that our interests are balanced with your rights.
  • Legal Obligation: In some cases, we must process or retain personal data to comply with a legal obligation. For instance, Italian laws may require us to keep certain membership or transaction records for a period of time, or we may need to disclose data if required by judicial authorities or government agencies under law. In such cases, the law constitutes the basis for processing.

If we ever need to process your personal data for a new purpose that is not compatible with the original purpose we collected it for, we will seek your consent or provide you with notice explaining the legal basis, as required by law.


Cookies and Tracking Technologies

Our website uses cookies and similar technologies to ensure basic functionality and security. Cookies are small text files placed on your computer or device when you visit a website.

We use the following categories of cookies on our site:

  • Strictly Necessary Cookies: These cookies are essential for the website to function properly. They enable basic features like page navigation and secure operation. Without these cookies, the site may not perform as intended.
  • Third-Party Cookies (only where embedded content is used): Our site may include embedded content or services from third parties that may set their own cookies. These cookies are governed by the respective providers’ policies.

We do not use analytics cookies, profiling cookies, or advertising cookies. You can manage cookies through your web browser settings. Most browsers allow you to view, disable, or delete cookies. Please note that if you disable cookies entirely, some features of our site (and other websites) may not function properly.


Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not share your personal information with third parties for their own marketing or commercial purposes. However, we do rely on certain third-party services and may share data with them under strict conditions, as detailed below:

  • Website Hosting Provider: Our website (helixsociety.org) and databases are hosted by Nominalia (our web hosting provider). Any personal data you submit through the site (e.g., via the contact form or membership form) is stored on Nominalia’s servers. Nominalia will therefore process and store that data on our behalf as a “data processor.” We have ensured that Nominalia has appropriate legal and security measures in place. Your data stored at our host is subject to the data protection regulations of the host’s jurisdiction (Nominalia operates within the EU, so GDPR and related laws apply).
  • Email and Communications: We use email services provided by Nominalia to correspond with you (for example, when you email us or when we reply to your messages). This means your contact details and message content may be processed and transmitted through our email hosting provider. We take reasonable measures to protect our email accounts and communications. If you subscribe to our mailing list, we may send newsletters either through our own email system or through a mailing tool. In all cases, your email address is used solely to send THA communications you have requested or subscribed to.
  • Event Management Services: As noted, some event registrations are done via Google Forms or possibly through our hosting platform’s event management system. When you submit a Google Form for an event, the information is directly collected by Google on our behalf. Google acts as a data processor, and their services comply with applicable privacy laws (Google’s privacy policy will apply for the data collection on the form interface). We access the form responses stored in Google’s platform to manage the event. If our host’s system is used for event sign-up, the data is similarly handled by the host’s infrastructure. In both cases, we ensure that such third parties only use the data to provide services to us and not for other purposes.
  • Payment Processing: We use PayPal to process membership or other payments. When you make a payment through PayPal, your payment information is collected and processed directly by PayPal in accordance with PayPal’s own privacy and security policies. THA does not receive or store full payment card details. We receive payment confirmation and limited transaction details necessary for accounting, membership administration, and compliance purposes.
  • Bank Transfers: We may receive membership or other payments via bank transfer to an account held with Intesa Sanpaolo. In this case, personal data included in the payment flow (such as account holder name, IBAN, and payment reference/description) is processed by the bank in accordance with Intesa Sanpaolo’s policies and applicable banking regulations. THA uses the received payment information solely for payment reconciliation, membership administration, accounting, and legal compliance.
  • Social Media and External Platforms: If you interact with THA via social media (such as LinkedIn, Instagram, or Facebook links on our site), those platforms may collect personal data (your profile, any messages you send us, etc.). Such interactions are governed by the privacy policies of the respective platforms. We do not export or otherwise transfer your data from those platforms into our systems, except to respond to you if you contact us via those platforms.
  • Legal Requirements: We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, law enforcement inquiry). We will also disclose data if necessary to establish or exercise our legal rights or defend against legal claims, in compliance with applicable laws.
  • Association Partners: In general, we do not share your data with other organizations. However, if you register for an event co-organized by THA and partner institutions, we might need to share attendee information with those co-organizers strictly for event management purposes. If such sharing is necessary, we will inform you within the event registration form or materials.

Whenever we share data with a third-party service provider, we ensure there is a proper legal agreement in place to protect your data (e.g., Data Processing Agreements under GDPR). Our processors are obligated to process personal data only for our purposes and following our instructions, and to implement adequate security measures. We will never sell your personal data to third parties. We also won’t share it for others’ marketing purposes. Any third-party processing of your data (hosting, forms, email, event registration, or payments) is solely to support THA’s operations as described.


International Data Transfers

Triple Helix Association primarily processes data within Italy and the European Union. Our main website servers (Nominalia) are located within the EU. However, some of the third-party services we use might involve transferring data internationally. If you are accessing our site from outside the EU, note that any information you submit will be transferred to our servers in the EU. We will treat it with the same protection as within the EU. Similarly, if we communicate with you (e.g., sending a newsletter) and you reside outside the EU, your data is still processed according to this policy. We take steps to ensure that international data transfers comply with applicable laws. This includes using providers that are under adequacy decisions or using the European Commission’s Standard Contractual Clauses, as appropriate. If you have questions about cross-border data, feel free to contact us.


Data Retention

We retain the personal data we collect for an indefinite period, including data obtained through our Contact Us form, membership applications, and event registrations (via Google Forms or our hosting provider systems). This retention is solely intended to maintain an internal historical record of members and contacts for future THA communications. We do not use this data for profiling or analysis, and we do not distribute it to third parties for marketing purposes. You may request the removal of your personal data from our records at any time by contacting us at info@triplehelixassociation.org.


Your Rights as a Data Subject

Under the GDPR, you have the right to request access to your personal data, correct inaccurate information, request deletion, restrict or object to certain processing, and, where applicable, request data portability, as well as withdraw any consent you have provided. We do not use automated decision-making or profiling. To exercise your rights, contact us at info@triplehelixassociation.org; we may verify your identity and will respond within the legal timeframes. If you believe your data has been handled unlawfully, you may file a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or your local EU supervisory authority.


Security of Your Data

We take appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.  Our hosting provider Nominalia maintains industry-standard security practices for the infrastructure where your data is stored. We also keep our website platform and software up-to-date to patch vulnerabilities. Internally, we ensure that any physical or digital records are stored securely. Despite our efforts, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of information. However, we continuously review and improve our security measures to adapt to new threats. If, in the unlikely event, we experience a data breach that poses significant risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.


Links to Other Websites

Our website content may contain links to external sites (for example, links to partner organizations, event hosts, or relevant resources). Please note that these external websites are not operated by us, and clicking those links will take you to third-party sites. We have no control over the content or privacy practices of those external sites. We provide those links for your convenience or information, but it does not imply any endorsement or affiliation with those external organizations. We encourage you to review the privacy policies and terms of any third-party websites you visit via links from our site.


Updates to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices or due to legal requirements. When we make changes, we will revise the “last updated” date at the top or bottom of this Policy. If the changes are significant, we may also provide a more prominent notice (such as on our website homepage or via email notification). We reserve the right to make these changes without prior notice, but we will not apply material changes retroactively without your consent. We encourage users to periodically review this Policy to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to the Policy constitutes acceptance of those changes.


If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at info@triplehelixassociation.org.


Last Updated: 21 January, 2026