Information to the interested party ``Donors / Beneficiaries specialized service``

Categories and Data object of the Treatment

The object of the treatment are the natural (and legal) persons external to the Data Controllers who have decided to contribute to the activities of the Body with a donation or have benefited from a specialized service. The contribution or payment for the service received can take the form of a bank transfer, a payment to a postal account, a check, cash, a payment through the website paid by credit card, prepaid or Paypal.

The data included in the treatment are or can be: name, surname, sum donated, reason, email address, tax code / VAT number, postal address, telephone number.

 

Purposes and methods of treatment

The data were collected as clearly necessary to finalize the transaction and to draw up the necessary documentation relating to and consequent to the donation and / or specialist service. The data can be processed in order to send the interested party a receipt and a thank you letter. The Joint Data Controllers process the data collected exclusively for the purpose of carrying out their normal activities and disseminating knowledge and raising awareness of the interested party on the specific activities and purposes of the organization.

The data are processed to inform about joint venture initiatives, activities and projects, to send the newsletter and information material reserved to supporters in paper and digital format, as well as to request participation in fundraising campaigns and raise awareness on the statutory issues. The fundraising activity of the joint owners includes social enterprise activities, the data can therefore be processed to disseminate commercial proposals only in order to ensure the achievement of the statutory objectives of the joint holders.

The consent forms are kept in paper form in a special classifier at the headquarters of the Data Processor or in the offices of the Joint Controllers except for the forms collected via the website.

The collected data are inserted in archiving files and in a specific program for newsletter management. The Joint Data Controllers prepare the necessary documentation relating to and consequent to the donation and / or specialist service that is delivered to the interested party by ordinary mail, by email, directly at the headquarters of the Association or by hand.

The information communications relating to the initiatives, activities and projects of the Joint Controllers, as well as the proposal to participate in fundraising and / or commercial campaigns will be sent to the interested party in paper and digital format. In the case of specific fundraising and / or commercial campaigns, the interested party may be contacted by phone.

 

Consent to the data currently processed

The consent to the processing of data is implicit in the choice itself to adhere to the donation and / or receive a health service. The Joint Controllers therefore do not believe that they must proceed to request a new consent from the people who have already made this choice if the contribution or payment for the service received has taken the form of a bank transfer, a payment to a postal account, a check, of cash and as a free initiative of the interested party without prior direct knowledge of joint holders.

However, the Joint Data Controllers undertake in compliance with Regulation (EU) 2016/679 to protect the data collected and communicate to the interested party in digital or paper form:

  • Who have certain categories of personal data related to them
  • The methods of treatment of the same
  • The purposes of this treatment and its legitimacy
  • The rights of the interested party (access, rectification, cancellation)
  • The existence of an information to the interested party.

In the case of donation through the website paid by credit card, prepaid or Paypal, specific consent is provided for the processing of data.

 

Exercise of access rights, modification, cancellation

Pursuant to articles 13, paragraph 2, letters (b) and (d), 15.16, 17.18, 19, 20 and 21 of the Regulation, we inform you that the main rights of the interested party are:

  • The interested party has the right to ask the data controller to access personal data and to correct or cancel them or limit the processing that concerns them or to oppose their processing, in addition to the right to data portability;
  • The interested party has the right to lodge a complaint with the supervisory authority and in particular with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority on www.garanteprivacy.it
  • The interested party has the right to obtain from the Data Controller confirmation whether or not data is being processed and to obtain access to it and the consequent information: the purposes of the processing, the categories of personal data in question , the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients; where possible, the expected data retention period; the existence of the right of the interested party to ask the Data Controller to correct or delete personal data or limit processing; the right to lodge a complaint with a supervisory authority; if the data is not collected from the interested party, all information available on their origin.

At any time the interested party can request if we have data concerning him and which, to modify or delete them in whole or in part via the form available at his offices. However, he will also accept requests – provided they are written and signed – that are received in another way. The Più di un Sogno Foundation and the Joint Controllers undertake to fulfill this request as quickly as possible.

 

Risks for the interested party

The Joint Data Controllers note that there is a reduced risk that the data concerning the interested party will be accessed and disclosed by third parties in an illegal manner by computer or other means. The financial data acquired or transmitted through the execution of donations by bank transfer, payment on a credit card, credit cards are particularly delicate data.

The joint holders have identified these sources of risk:

  • Accidental or voluntary changes to personal data
  • Illegitimate database violation
  • Use of data incorrectly or differently from what is declared to users
  • Unauthorized destruction, loss, damage, modification or disclosure
  • Unauthorized access to IT tools
  • Unauthorized access to the premises where the data is processed
  • Treatment not allowed
  • Risk reduction measures

The Joint Data Controllers adopt suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of personal data.

There are several measures put in place to limit risk:

  • The data are not subject to further processing by third parties except the Joint Data Controllers and Managers
  • The data are not shared with any natural or legal person external to the Joint Controllers and Managers
  • Within the Foundation and the joint holders, only persons authorized to process personal data can access such data under the direct authority of the owner or manager through specific authorizations to access the various server folders.
  • Metis servers are protected by hardware and software security measures
  • The paper documentation containing the data is kept in special cabinets
  • All staff employed and collaborated are adequately trained for the purposes of the GDPR
  • The Joint Controllers guarantee the maximum confidentiality and security of the financial information collected for the purposes of acquiring the donations made through credit cards or bank transfers or other payment systems. The Joint Controllers keep the information only strictly necessary to follow up on the requested service

The data are processed with the aid of IT tools, through paper and stored in a database. This database is accessed only by people expressly indicated by the association “Un sogno per la vita” and by the Joint Controllers who will access it only with their password.

 

Duration of data processing

The data will be kept, unless revoked or specific need to fulfill legal obligation, until the purposes of the processing have been pursued. The data will be kept as long as the Data Subject will support the Joint Data Controllers and subsequently given the interest of the Joint Data Controllers to receive economic support and sharing of their initiatives by all the people available to support projects of social and collective interest. The paper consent forms are kept for 10 years by the Joint Controllers.

 

Data Breach

In the event that the Joint Data Controllers suffer the theft of data and have reason to believe that sensitive personal data has been disclosed (data breach) it will activate – if necessary – a report to the Guarantor Authority and communicate the incident to all interested parties.

 

Legitimacy and legal basis of data processing

The treatment in question involves a sensitive risk for the privacy of the interested party.

However, considering that:

  • The data are necessary for the best execution of the requested services
  • The data will never be shared with any other legal or natural person except the joint owners and managers
  • Security procedures are in place which reduce the risk of undue access or disclosure of data
  • A detailed information notice has been prepared and made available
  • Data subjects have been sent a GDPR-compliant communication
  • It is possible at any time to exercise the right of access, modification and cancellation of data
  • The interested parties signed an explicit and specific consent
  • The Joint Controllers believe that the Data Processing in question is legitimate and in accordance with the spirit and letter of the
  • European regulation for the protection of personal data 679/2016 and believe they have the legal basis to continue it.

 

Co-owners, Manager, Dpo

Joint holders of the treatment called “Donors” are:

  • “Un sogno per la vita” ONLUS – based in Salita al promontorio, 11 – 34123 Trieste, is the Data Controller of personal data. The contact details are as follows: Tel. 347 2432513, E-mail: info@unsognoperlavita.org

Responsible for the treatment is the “Un sogno per la vita” ONLUS

Given the scale of the data processed, the Joint Controller does not currently consider it necessary to appoint a Data Protection Officer (DPO). Any reason for dissatisfaction can be reported by you to the Guarantor Authority for the protection of personal data, Piazza Venezia, 11 – 00187 Rome, tel .: 06.696771, e-mail: garante@gpdp.it.