Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

[/vc_column_text]

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

[/vc_column_text]

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

[/vc_column_text]

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

[/vc_column_text]

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Holder of the treatment

Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides in which way and for what reasons, communicated in the information to be provided to the interested parties, collect and use the personal data provided by the user, as well as with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability, subjecting themselves to the obligations and responsibilities provided for by art. 24, GDPR.

[/vc_column_text]

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Place of data processing

The treatments connected to the web services of this site take place at the aforementioned headquarters in Fonte di Speranza and are handled by personnel authorized to process them. In case of need, the personal data collected through the site can be processed by the staff of third-party companies that take care of the maintenance of the technological part of the site (responsible for processing pursuant to art. 28, GDPR), at its offices.

[/vc_column_text]

Holder of the treatment

Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides in which way and for what reasons, communicated in the information to be provided to the interested parties, collect and use the personal data provided by the user, as well as with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability, subjecting themselves to the obligations and responsibilities provided for by art. 24, GDPR.

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Criteria used to define the limit of data retention

The data will be kept in our archives (art. 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether this set is centralized, decentralized or distributed functionally or geographically”) according to criteria variables according to the category of data, the nature of the treatment and the purposes of the treatment itself. The criteria or the precise retention limit are described in the information to be provided pursuant to art. 13, GDPR at the time of providing personal data.
In principle, the following assessments by Fonte di Speranza apply to establish the data retention criterion:

  1. all data with respect to the various forms of donation are kept as long as the relationship remains active and for a number of years equal to that which laws, regulations, including EU regulations, impose for administrative and accounting purposes. In addition, they will be kept for the time strictly necessary for the pursuit of the legitimate interest of Fonte di Speranza in the case of asserting or defending a right in court or otherwise ordered by law enforcement, judiciary and supervisory bodies for their institutional activities. For administrative and accounting purposes, the data will be mandatory for n. 10 (ten) years.
  2. all the data of the donors or interested in our activity processed for marketing purposes are kept for the period of time necessary to provide the information services reserved to said people. This right and interest of information are acquired upon joining any initiative that demonstrates the user’s sharing of the principles of Source of Hope, whether this involves donation or is an action of interest and participation in our institutional philosophy . This period is also justified by Fonte di Speranza’s legitimate interest in keeping the relationship established with the person constant in order to keep it informed on what projects could be financed with freely paid contributions or on the awareness actions that it is considered useful to make known for demonstrate their constant commitment to carrying out their humanitarian and social solidarity projects. This legitimate interest is allowed and by recital C47, GDPR and by Opinion no. 6/2014 Article 29 Data Protection Working Party, par. III.3.1. as an alternative condition to the explicit consent of the interested party. Obviously, this retention period is extended as long as the person’s interest in remaining in contact with Fonte di Speranza lasts: if he no longer has interest, it is sufficient to communicate it through the methods referred to in the paragraph “Rights of the interested parties with respect to the data that they concern them “and Fonte di Speranza will take the appropriate technical and organizational measures to not disturb the person anymore.
  3. all the data used for marketing activities with profiling, the treatment of which is supported by a positive action of the person to such treatment, explicitly declaring that he wants it, are kept as long as the profile of the interested party is in line with the personalized communications created through the crossing of the information available to us and, therefore, as long as Fonte di Speranza pursues its beneficial causes with projects, initiatives, actions and activities that require economic contributions or that encourage awareness (e.g. solicitation of adhesion to initiatives and events , requests for opinions and surveys) which are of interest to the person who has expressed a desire to receive information of this content and which reflect the characteristics and behavior of the same and are, therefore, of his specific interest and not of disturbance. Again, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to this direct marketing.

Once the above periods have elapsed, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but which are useful for adapting the projects, initiatives and actions for the realization and achievement of the statutory and institutional objectives of Fonte di Speranza. The personal data (identification of the person) will therefore be destroyed.

[/vc_column_text]

Place of data processing

The treatments connected to the web services of this site take place at the aforementioned headquarters in Fonte di Speranza and are handled by personnel authorized to process them. In case of need, the personal data collected through the site can be processed by the staff of third-party companies that take care of the maintenance of the technological part of the site (responsible for processing pursuant to art. 28, GDPR), at its offices.

Holder of the treatment

Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides in which way and for what reasons, communicated in the information to be provided to the interested parties, collect and use the personal data provided by the user, as well as with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability, subjecting themselves to the obligations and responsibilities provided for by art. 24, GDPR.

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Purpose of data processing and methods of treatment – legal basis of treatment – data collection criteria

Purpose of data processing
As better explained in the sections that allow you to join – by releasing your personal data – to the services reserved for users of our site, the requested data are used to respond to requests expressly made by the user. In particular, all data collection – and subsequent processing – activities are aimed at pursuing the institutional purposes of Fonte di Speranza and, in particular for:

  1. regular and one-time donations;
  2. request for collaboration with Fonte di Speranza (through volunteering);
  3. know how to donate the 5xmille in favor of Fonte di Speranza in the context of your tax return and to benefit from the relative tax deductions and request to receive a reminder on our tax code;
  4. direct the user to our social channels;
  5. comply with laws, regulations and community legislation;
  6. make promotional contacts on updates, news, initiatives, events, information on our humanitarian projects and support for people and countries in difficulty that also require financial support from individuals and fundraising initiatives for our mission, and for surveys and market research;
  7. make personalized contacts proposing adherence to actions or soliciting donations in line with the characteristics of behavior, interest and preference, only if the person has expressed a desire for such contact personalization.

As reported in the list above, personal data may be processed for purposes other than those for which the user has released them. In particular, they may be processed for marketing purposes (point 6), that is, for the purpose of promotional contacts on events, initiatives, awareness-raising and dissemination projects of our causes, solicitation of donations, surveys and research, based on the condition of the ” legitimate interest “(art. 6, paragraph 1, letter f, GDPR, recital C47 and Opinion 6/2014 of the Working Party 29) of Fonte di Speranza. This legitimate interest lies in keeping the relationship established with the interested party constant, in order to keep him / her informed on the awareness actions that it is considered useful to make known in order to demonstrate one’s constant commitment to carrying out one’s mission of collective and social interest throughout the world. This legitimate interest is admitted pursuant to art. 6, paragraph 1, letter f), GDPR and from recital C47, GDPR and from the Opinion n. 6/2014 Article 29 Data Protection Working Party, par. III.3.1., As an alternative condition to the explicit consent of the interested party. This legitimate interest is acquired by Fonte di Speranza (and counterbalanced by the interest of the person) to the extent that – through its actions on the site (e.g. participation in the project, donation) – the user has shown that he is interested in and share the principles of Fonte di Speranza. For these direct marketing activities, the data will be kept in our archives for the period of time necessary to provide these information services insofar as Fonte di Speranza continues its mission with causes equal to or similar to those for which the person has expressed interest. . This period will be reduced if the person’s interest in staying in touch with us persists: if he no longer has any interest, it is sufficient to be communicated through the methods explained below and the appropriate technical and organizational measures will be taken to no longer disturb the person.

As per point 7 of the above list, these promotional contacts may also involve a “profiling” process (art. 4, paragraph 4, GDPR – “any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person “) and will be carried out only if the interested party has expressly desired – and therefore, unequivocally consented – to be subjected to such treatment. In this case, as it is not lawful to apply the condition of legitimate interest, the legal basis of the processing will be the consent, also in the form of an unequivocal desire, manifested by the person (art.6, paragraph 1, letter a, GDPR). This process will involve the selection of the archived information with respect to the interested party, crossed to determine a profile that reflects the characteristics and behaviors of the person, so that he receives communications of his interest and in line with his preferences, actions and personal characteristics (e.g. amount donated, frequency of donation, adherence to initiatives, type of advanced requests) and, therefore, are of specific interest and not disturbing. The data will be kept as long as it is believed that the person maintains this profile and, therefore, the personalized contacts created with profiling are actually to his liking. Also in this case, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for profiling to the extent that it is connected to direct marketing.
In any case, Fonte di Speranza will not use the data provided for purposes other than those connected to the service to which the user has joined, and, in any case, only within the limits indicated from time to time in the information to be provided pursuant to art. . 13, GDPR.

Methods of data processing
All the treatments carried out within this site will be carried out with both paper and electronic or telematic tools, with logic related to the purposes for which the data were collected and in compliance with the current security regulations, for the purposes specified from time to time. time in the information to be provided pursuant to art. 13, GDPR.

Criteria for data collection
The forms to be filled in include both data that are strictly necessary to comply with what is of interest and the failure to indicate which does not allow the request to be processed, and optional data. Therefore, the user is free to provide personal data contained in the request forms or indicated in contacts with Fonte di Speranza to request information or for the other purposes listed above. In these cases of mandatory data provision, their absence can make it impossible to obtain what is requested. The need to request data as mandatory for joining individual projects or initiatives or to make requests has been considered in compliance with the provisions of art. 25, GDPR (“Data protection by design and protection by default” – “Data Protection by design and by default”), which require to evaluate in advance the appropriate technical and organizational measures, such as “pseudonymisation” (art. 4 , paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information is stored separately and subject to technical measures and organizational measures intended to ensure that such personal data are not attributed to an identified or identifiable natural person “), aimed at effectively implementing data protection principles, such as minimization, and integrating the necessary guarantees in the treatment in order to satisfy GDPR requirements and protect the rights of data subjects. In addition, Fonte di Speranza has implemented adequate technical and organizational measures to ensure that only the personal data necessary for the specific purpose of the processing deriving from the project to which the interested party has voluntarily adhered is processed by default.

[/vc_column_text]

Criteria used to define the limit of data retention

The data will be kept in our archives (art. 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether this set is centralized, decentralized or distributed functionally or geographically”) according to criteria variables according to the category of data, the nature of the treatment and the purposes of the treatment itself. The criteria or the precise retention limit are described in the information to be provided pursuant to art. 13, GDPR at the time of providing personal data.
In principle, the following assessments by Fonte di Speranza apply to establish the data retention criterion:

  1. all data with respect to the various forms of donation are kept as long as the relationship remains active and for a number of years equal to that which laws, regulations, including EU regulations, impose for administrative and accounting purposes. In addition, they will be kept for the time strictly necessary for the pursuit of the legitimate interest of Fonte di Speranza in the case of asserting or defending a right in court or otherwise ordered by law enforcement, judiciary and supervisory bodies for their institutional activities. For administrative and accounting purposes, the data will be mandatory for n. 10 (ten) years.
  2. all the data of the donors or interested in our activity processed for marketing purposes are kept for the period of time necessary to provide the information services reserved to said people. This right and interest of information are acquired upon joining any initiative that demonstrates the user’s sharing of the principles of Source of Hope, whether this involves donation or is an action of interest and participation in our institutional philosophy . This period is also justified by Fonte di Speranza’s legitimate interest in keeping the relationship established with the person constant in order to keep it informed on what projects could be financed with freely paid contributions or on the awareness actions that it is considered useful to make known for demonstrate their constant commitment to carrying out their humanitarian and social solidarity projects. This legitimate interest is allowed and by recital C47, GDPR and by Opinion no. 6/2014 Article 29 Data Protection Working Party, par. III.3.1. as an alternative condition to the explicit consent of the interested party. Obviously, this retention period is extended as long as the person’s interest in remaining in contact with Fonte di Speranza lasts: if he no longer has interest, it is sufficient to communicate it through the methods referred to in the paragraph “Rights of the interested parties with respect to the data that they concern them “and Fonte di Speranza will take the appropriate technical and organizational measures to not disturb the person anymore.
  3. all the data used for marketing activities with profiling, the treatment of which is supported by a positive action of the person to such treatment, explicitly declaring that he wants it, are kept as long as the profile of the interested party is in line with the personalized communications created through the crossing of the information available to us and, therefore, as long as Fonte di Speranza pursues its beneficial causes with projects, initiatives, actions and activities that require economic contributions or that encourage awareness (e.g. solicitation of adhesion to initiatives and events , requests for opinions and surveys) which are of interest to the person who has expressed a desire to receive information of this content and which reflect the characteristics and behavior of the same and are, therefore, of his specific interest and not of disturbance. Again, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to this direct marketing.

Once the above periods have elapsed, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but which are useful for adapting the projects, initiatives and actions for the realization and achievement of the statutory and institutional objectives of Fonte di Speranza. The personal data (identification of the person) will therefore be destroyed.

Place of data processing

The treatments connected to the web services of this site take place at the aforementioned headquarters in Fonte di Speranza and are handled by personnel authorized to process them. In case of need, the personal data collected through the site can be processed by the staff of third-party companies that take care of the maintenance of the technological part of the site (responsible for processing pursuant to art. 28, GDPR), at its offices.

Holder of the treatment

Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides in which way and for what reasons, communicated in the information to be provided to the interested parties, collect and use the personal data provided by the user, as well as with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability, subjecting themselves to the obligations and responsibilities provided for by art. 24, GDPR.

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Basic principles of the privacy policy of Fonte di Speranza

  1. perform the processing (art. 4, paragraph 2, GDPR: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, l organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction “) of personal data (art. 4, paragraph 1, GDPR:” any information concerning an identified or identifiable natural person (“interested”); the natural person who can be directly identified is considered identifiable or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements i of his physical, physiological, genetic, psychic, economic, cultural or social identity “) exclusively for the purposes and according to the methods illustrated in the information to be provided that is presented to the user from time to time who accesses a section of the site in the which is the provision, direct or indirect, of personal data;
  2. use the data that was spontaneously released by the user;
  3. use technical cookies to facilitate navigation on the site and analytical cookies for statistical purposes;
  4. transmit data to third parties (data processors – art. 4, paragraph 8, GDPR: “art. 4, paragraph 8, GDPR:” the natural or legal person, public authority, service or other body that processes data personal data on behalf of the data controller “) exclusively for purposes instrumental to what is expressly requested and carefully selected by us;
  5. communicate data to third parties for activities related to what is of interest or if this is required by law, regulation or community legislation;
  6. if applicable and with prior explicit consent (art. 4, paragraph 11, GDPR: “any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses its consent, through unequivocal declaration or positive action, that the personal data concerning him are processed “), communicate the data to third parties for their independent processing;
  7. respond to requests for access to personal data, rectification or cancellation of the same, to exercise the right to be forgotten, to limit the processing or the right to object to their treatment. Ensure the exercise of the right to data portability as well as, object to the processing of data for the purpose of informative communications on our projects and requests for financial contributions in support of our institutional activities, surveys and research, make known the possibility of making a complaint to the supervisory authority;
  8. ensure correct and lawful processing of your data, safeguarding your confidentiality, as well as apply suitable security measures to protect the confidentiality, integrity and availability of the data.

[/vc_column_text]

Purpose of data processing and methods of treatment – legal basis of treatment – data collection criteria

Purpose of data processing
As better explained in the sections that allow you to join – by releasing your personal data – to the services reserved for users of our site, the requested data are used to respond to requests expressly made by the user. In particular, all data collection – and subsequent processing – activities are aimed at pursuing the institutional purposes of Fonte di Speranza and, in particular for:

  1. regular and one-time donations;
  2. request for collaboration with Fonte di Speranza (through volunteering);
  3. know how to donate the 5xmille in favor of Fonte di Speranza in the context of your tax return and to benefit from the relative tax deductions and request to receive a reminder on our tax code;
  4. direct the user to our social channels;
  5. comply with laws, regulations and community legislation;
  6. make promotional contacts on updates, news, initiatives, events, information on our humanitarian projects and support for people and countries in difficulty that also require financial support from individuals and fundraising initiatives for our mission, and for surveys and market research;
  7. make personalized contacts proposing adherence to actions or soliciting donations in line with the characteristics of behavior, interest and preference, only if the person has expressed a desire for such contact personalization.

As reported in the list above, personal data may be processed for purposes other than those for which the user has released them. In particular, they may be processed for marketing purposes (point 6), that is, for the purpose of promotional contacts on events, initiatives, awareness-raising and dissemination projects of our causes, solicitation of donations, surveys and research, based on the condition of the ” legitimate interest “(art. 6, paragraph 1, letter f, GDPR, recital C47 and Opinion 6/2014 of the Working Party 29) of Fonte di Speranza. This legitimate interest lies in keeping the relationship established with the interested party constant, in order to keep him / her informed on the awareness actions that it is considered useful to make known in order to demonstrate one’s constant commitment to carrying out one’s mission of collective and social interest throughout the world. This legitimate interest is admitted pursuant to art. 6, paragraph 1, letter f), GDPR and from recital C47, GDPR and from the Opinion n. 6/2014 Article 29 Data Protection Working Party, par. III.3.1., As an alternative condition to the explicit consent of the interested party. This legitimate interest is acquired by Fonte di Speranza (and counterbalanced by the interest of the person) to the extent that – through its actions on the site (e.g. participation in the project, donation) – the user has shown that he is interested in and share the principles of Fonte di Speranza. For these direct marketing activities, the data will be kept in our archives for the period of time necessary to provide these information services insofar as Fonte di Speranza continues its mission with causes equal to or similar to those for which the person has expressed interest. . This period will be reduced if the person’s interest in staying in touch with us persists: if he no longer has any interest, it is sufficient to be communicated through the methods explained below and the appropriate technical and organizational measures will be taken to no longer disturb the person.

As per point 7 of the above list, these promotional contacts may also involve a “profiling” process (art. 4, paragraph 4, GDPR – “any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person “) and will be carried out only if the interested party has expressly desired – and therefore, unequivocally consented – to be subjected to such treatment. In this case, as it is not lawful to apply the condition of legitimate interest, the legal basis of the processing will be the consent, also in the form of an unequivocal desire, manifested by the person (art.6, paragraph 1, letter a, GDPR). This process will involve the selection of the archived information with respect to the interested party, crossed to determine a profile that reflects the characteristics and behaviors of the person, so that he receives communications of his interest and in line with his preferences, actions and personal characteristics (e.g. amount donated, frequency of donation, adherence to initiatives, type of advanced requests) and, therefore, are of specific interest and not disturbing. The data will be kept as long as it is believed that the person maintains this profile and, therefore, the personalized contacts created with profiling are actually to his liking. Also in this case, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for profiling to the extent that it is connected to direct marketing.
In any case, Fonte di Speranza will not use the data provided for purposes other than those connected to the service to which the user has joined, and, in any case, only within the limits indicated from time to time in the information to be provided pursuant to art. . 13, GDPR.

Methods of data processing
All the treatments carried out within this site will be carried out with both paper and electronic or telematic tools, with logic related to the purposes for which the data were collected and in compliance with the current security regulations, for the purposes specified from time to time. time in the information to be provided pursuant to art. 13, GDPR.

Criteria for data collection
The forms to be filled in include both data that are strictly necessary to comply with what is of interest and the failure to indicate which does not allow the request to be processed, and optional data. Therefore, the user is free to provide personal data contained in the request forms or indicated in contacts with Fonte di Speranza to request information or for the other purposes listed above. In these cases of mandatory data provision, their absence can make it impossible to obtain what is requested. The need to request data as mandatory for joining individual projects or initiatives or to make requests has been considered in compliance with the provisions of art. 25, GDPR (“Data protection by design and protection by default” – “Data Protection by design and by default”), which require to evaluate in advance the appropriate technical and organizational measures, such as “pseudonymisation” (art. 4 , paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information is stored separately and subject to technical measures and organizational measures intended to ensure that such personal data are not attributed to an identified or identifiable natural person “), aimed at effectively implementing data protection principles, such as minimization, and integrating the necessary guarantees in the treatment in order to satisfy GDPR requirements and protect the rights of data subjects. In addition, Fonte di Speranza has implemented adequate technical and organizational measures to ensure that only the personal data necessary for the specific purpose of the processing deriving from the project to which the interested party has voluntarily adhered is processed by default.

Criteria used to define the limit of data retention

The data will be kept in our archives (art. 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether this set is centralized, decentralized or distributed functionally or geographically”) according to criteria variables according to the category of data, the nature of the treatment and the purposes of the treatment itself. The criteria or the precise retention limit are described in the information to be provided pursuant to art. 13, GDPR at the time of providing personal data.
In principle, the following assessments by Fonte di Speranza apply to establish the data retention criterion:

  1. all data with respect to the various forms of donation are kept as long as the relationship remains active and for a number of years equal to that which laws, regulations, including EU regulations, impose for administrative and accounting purposes. In addition, they will be kept for the time strictly necessary for the pursuit of the legitimate interest of Fonte di Speranza in the case of asserting or defending a right in court or otherwise ordered by law enforcement, judiciary and supervisory bodies for their institutional activities. For administrative and accounting purposes, the data will be mandatory for n. 10 (ten) years.
  2. all the data of the donors or interested in our activity processed for marketing purposes are kept for the period of time necessary to provide the information services reserved to said people. This right and interest of information are acquired upon joining any initiative that demonstrates the user’s sharing of the principles of Source of Hope, whether this involves donation or is an action of interest and participation in our institutional philosophy . This period is also justified by Fonte di Speranza’s legitimate interest in keeping the relationship established with the person constant in order to keep it informed on what projects could be financed with freely paid contributions or on the awareness actions that it is considered useful to make known for demonstrate their constant commitment to carrying out their humanitarian and social solidarity projects. This legitimate interest is allowed and by recital C47, GDPR and by Opinion no. 6/2014 Article 29 Data Protection Working Party, par. III.3.1. as an alternative condition to the explicit consent of the interested party. Obviously, this retention period is extended as long as the person’s interest in remaining in contact with Fonte di Speranza lasts: if he no longer has interest, it is sufficient to communicate it through the methods referred to in the paragraph “Rights of the interested parties with respect to the data that they concern them “and Fonte di Speranza will take the appropriate technical and organizational measures to not disturb the person anymore.
  3. all the data used for marketing activities with profiling, the treatment of which is supported by a positive action of the person to such treatment, explicitly declaring that he wants it, are kept as long as the profile of the interested party is in line with the personalized communications created through the crossing of the information available to us and, therefore, as long as Fonte di Speranza pursues its beneficial causes with projects, initiatives, actions and activities that require economic contributions or that encourage awareness (e.g. solicitation of adhesion to initiatives and events , requests for opinions and surveys) which are of interest to the person who has expressed a desire to receive information of this content and which reflect the characteristics and behavior of the same and are, therefore, of his specific interest and not of disturbance. Again, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to this direct marketing.

Once the above periods have elapsed, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but which are useful for adapting the projects, initiatives and actions for the realization and achievement of the statutory and institutional objectives of Fonte di Speranza. The personal data (identification of the person) will therefore be destroyed.

Place of data processing

The treatments connected to the web services of this site take place at the aforementioned headquarters in Fonte di Speranza and are handled by personnel authorized to process them. In case of need, the personal data collected through the site can be processed by the staff of third-party companies that take care of the maintenance of the technological part of the site (responsible for processing pursuant to art. 28, GDPR), at its offices.

Holder of the treatment

Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides in which way and for what reasons, communicated in the information to be provided to the interested parties, collect and use the personal data provided by the user, as well as with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability, subjecting themselves to the obligations and responsibilities provided for by art. 24, GDPR.

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Premise

Associazione Fonte di Speranza Onlus (hereinafter also “Fonte di Speranza” or “the owner”) pays attention and intends to respect the protection of privacy of the private sphere and the rights of people and therefore undertakes to apply specific and protective rules of conduct – in line with the European Regulation 679/2016 of the European Parliament and of the Council of 27 April 2016, concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data (hereinafter “GDPR “) – which guarantee safe, controlled and confidential browsing on the net.
This policy to protect the confidentiality of information may change over time, also depending on the additions and legislative and regulatory changes in the matter or for our institutional decisions, therefore, we invite you to periodically consult this section of our site.
Thank you, therefore, for viewing the rules that our organization has imposed itself in collecting and processing personal data and in always providing a satisfactory service to users of its sites.

[/vc_column_text]

Basic principles of the privacy policy of Fonte di Speranza

  1. perform the processing (art. 4, paragraph 2, GDPR: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, l organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction “) of personal data (art. 4, paragraph 1, GDPR:” any information concerning an identified or identifiable natural person (“interested”); the natural person who can be directly identified is considered identifiable or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements i of his physical, physiological, genetic, psychic, economic, cultural or social identity “) exclusively for the purposes and according to the methods illustrated in the information to be provided that is presented to the user from time to time who accesses a section of the site in the which is the provision, direct or indirect, of personal data;
  2. use the data that was spontaneously released by the user;
  3. use technical cookies to facilitate navigation on the site and analytical cookies for statistical purposes;
  4. transmit data to third parties (data processors – art. 4, paragraph 8, GDPR: “art. 4, paragraph 8, GDPR:” the natural or legal person, public authority, service or other body that processes data personal data on behalf of the data controller “) exclusively for purposes instrumental to what is expressly requested and carefully selected by us;
  5. communicate data to third parties for activities related to what is of interest or if this is required by law, regulation or community legislation;
  6. if applicable and with prior explicit consent (art. 4, paragraph 11, GDPR: “any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses its consent, through unequivocal declaration or positive action, that the personal data concerning him are processed “), communicate the data to third parties for their independent processing;
  7. respond to requests for access to personal data, rectification or cancellation of the same, to exercise the right to be forgotten, to limit the processing or the right to object to their treatment. Ensure the exercise of the right to data portability as well as, object to the processing of data for the purpose of informative communications on our projects and requests for financial contributions in support of our institutional activities, surveys and research, make known the possibility of making a complaint to the supervisory authority;
  8. ensure correct and lawful processing of your data, safeguarding your confidentiality, as well as apply suitable security measures to protect the confidentiality, integrity and availability of the data.

Purpose of data processing and methods of treatment – legal basis of treatment – data collection criteria

Purpose of data processing
As better explained in the sections that allow you to join – by releasing your personal data – to the services reserved for users of our site, the requested data are used to respond to requests expressly made by the user. In particular, all data collection – and subsequent processing – activities are aimed at pursuing the institutional purposes of Fonte di Speranza and, in particular for:

  1. regular and one-time donations;
  2. request for collaboration with Fonte di Speranza (through volunteering);
  3. know how to donate the 5xmille in favor of Fonte di Speranza in the context of your tax return and to benefit from the relative tax deductions and request to receive a reminder on our tax code;
  4. direct the user to our social channels;
  5. comply with laws, regulations and community legislation;
  6. make promotional contacts on updates, news, initiatives, events, information on our humanitarian projects and support for people and countries in difficulty that also require financial support from individuals and fundraising initiatives for our mission, and for surveys and market research;
  7. make personalized contacts proposing adherence to actions or soliciting donations in line with the characteristics of behavior, interest and preference, only if the person has expressed a desire for such contact personalization.

As reported in the list above, personal data may be processed for purposes other than those for which the user has released them. In particular, they may be processed for marketing purposes (point 6), that is, for the purpose of promotional contacts on events, initiatives, awareness-raising and dissemination projects of our causes, solicitation of donations, surveys and research, based on the condition of the ” legitimate interest “(art. 6, paragraph 1, letter f, GDPR, recital C47 and Opinion 6/2014 of the Working Party 29) of Fonte di Speranza. This legitimate interest lies in keeping the relationship established with the interested party constant, in order to keep him / her informed on the awareness actions that it is considered useful to make known in order to demonstrate one’s constant commitment to carrying out one’s mission of collective and social interest throughout the world. This legitimate interest is admitted pursuant to art. 6, paragraph 1, letter f), GDPR and from recital C47, GDPR and from the Opinion n. 6/2014 Article 29 Data Protection Working Party, par. III.3.1., As an alternative condition to the explicit consent of the interested party. This legitimate interest is acquired by Fonte di Speranza (and counterbalanced by the interest of the person) to the extent that – through its actions on the site (e.g. participation in the project, donation) – the user has shown that he is interested in and share the principles of Fonte di Speranza. For these direct marketing activities, the data will be kept in our archives for the period of time necessary to provide these information services insofar as Fonte di Speranza continues its mission with causes equal to or similar to those for which the person has expressed interest. . This period will be reduced if the person’s interest in staying in touch with us persists: if he no longer has any interest, it is sufficient to be communicated through the methods explained below and the appropriate technical and organizational measures will be taken to no longer disturb the person.

As per point 7 of the above list, these promotional contacts may also involve a “profiling” process (art. 4, paragraph 4, GDPR – “any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person “) and will be carried out only if the interested party has expressly desired – and therefore, unequivocally consented – to be subjected to such treatment. In this case, as it is not lawful to apply the condition of legitimate interest, the legal basis of the processing will be the consent, also in the form of an unequivocal desire, manifested by the person (art.6, paragraph 1, letter a, GDPR). This process will involve the selection of the archived information with respect to the interested party, crossed to determine a profile that reflects the characteristics and behaviors of the person, so that he receives communications of his interest and in line with his preferences, actions and personal characteristics (e.g. amount donated, frequency of donation, adherence to initiatives, type of advanced requests) and, therefore, are of specific interest and not disturbing. The data will be kept as long as it is believed that the person maintains this profile and, therefore, the personalized contacts created with profiling are actually to his liking. Also in this case, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for profiling to the extent that it is connected to direct marketing.
In any case, Fonte di Speranza will not use the data provided for purposes other than those connected to the service to which the user has joined, and, in any case, only within the limits indicated from time to time in the information to be provided pursuant to art. . 13, GDPR.

Methods of data processing
All the treatments carried out within this site will be carried out with both paper and electronic or telematic tools, with logic related to the purposes for which the data were collected and in compliance with the current security regulations, for the purposes specified from time to time. time in the information to be provided pursuant to art. 13, GDPR.

Criteria for data collection
The forms to be filled in include both data that are strictly necessary to comply with what is of interest and the failure to indicate which does not allow the request to be processed, and optional data. Therefore, the user is free to provide personal data contained in the request forms or indicated in contacts with Fonte di Speranza to request information or for the other purposes listed above. In these cases of mandatory data provision, their absence can make it impossible to obtain what is requested. The need to request data as mandatory for joining individual projects or initiatives or to make requests has been considered in compliance with the provisions of art. 25, GDPR (“Data protection by design and protection by default” – “Data Protection by design and by default”), which require to evaluate in advance the appropriate technical and organizational measures, such as “pseudonymisation” (art. 4 , paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information is stored separately and subject to technical measures and organizational measures intended to ensure that such personal data are not attributed to an identified or identifiable natural person “), aimed at effectively implementing data protection principles, such as minimization, and integrating the necessary guarantees in the treatment in order to satisfy GDPR requirements and protect the rights of data subjects. In addition, Fonte di Speranza has implemented adequate technical and organizational measures to ensure that only the personal data necessary for the specific purpose of the processing deriving from the project to which the interested party has voluntarily adhered is processed by default.

Criteria used to define the limit of data retention

The data will be kept in our archives (art. 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether this set is centralized, decentralized or distributed functionally or geographically”) according to criteria variables according to the category of data, the nature of the treatment and the purposes of the treatment itself. The criteria or the precise retention limit are described in the information to be provided pursuant to art. 13, GDPR at the time of providing personal data.
In principle, the following assessments by Fonte di Speranza apply to establish the data retention criterion:

  1. all data with respect to the various forms of donation are kept as long as the relationship remains active and for a number of years equal to that which laws, regulations, including EU regulations, impose for administrative and accounting purposes. In addition, they will be kept for the time strictly necessary for the pursuit of the legitimate interest of Fonte di Speranza in the case of asserting or defending a right in court or otherwise ordered by law enforcement, judiciary and supervisory bodies for their institutional activities. For administrative and accounting purposes, the data will be mandatory for n. 10 (ten) years.
  2. all the data of the donors or interested in our activity processed for marketing purposes are kept for the period of time necessary to provide the information services reserved to said people. This right and interest of information are acquired upon joining any initiative that demonstrates the user’s sharing of the principles of Source of Hope, whether this involves donation or is an action of interest and participation in our institutional philosophy . This period is also justified by Fonte di Speranza’s legitimate interest in keeping the relationship established with the person constant in order to keep it informed on what projects could be financed with freely paid contributions or on the awareness actions that it is considered useful to make known for demonstrate their constant commitment to carrying out their humanitarian and social solidarity projects. This legitimate interest is allowed and by recital C47, GDPR and by Opinion no. 6/2014 Article 29 Data Protection Working Party, par. III.3.1. as an alternative condition to the explicit consent of the interested party. Obviously, this retention period is extended as long as the person’s interest in remaining in contact with Fonte di Speranza lasts: if he no longer has interest, it is sufficient to communicate it through the methods referred to in the paragraph “Rights of the interested parties with respect to the data that they concern them “and Fonte di Speranza will take the appropriate technical and organizational measures to not disturb the person anymore.
  3. all the data used for marketing activities with profiling, the treatment of which is supported by a positive action of the person to such treatment, explicitly declaring that he wants it, are kept as long as the profile of the interested party is in line with the personalized communications created through the crossing of the information available to us and, therefore, as long as Fonte di Speranza pursues its beneficial causes with projects, initiatives, actions and activities that require economic contributions or that encourage awareness (e.g. solicitation of adhesion to initiatives and events , requests for opinions and surveys) which are of interest to the person who has expressed a desire to receive information of this content and which reflect the characteristics and behavior of the same and are, therefore, of his specific interest and not of disturbance. Again, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to this direct marketing.

Once the above periods have elapsed, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but which are useful for adapting the projects, initiatives and actions for the realization and achievement of the statutory and institutional objectives of Fonte di Speranza. The personal data (identification of the person) will therefore be destroyed.

Place of data processing

The treatments connected to the web services of this site take place at the aforementioned headquarters in Fonte di Speranza and are handled by personnel authorized to process them. In case of need, the personal data collected through the site can be processed by the staff of third-party companies that take care of the maintenance of the technological part of the site (responsible for processing pursuant to art. 28, GDPR), at its offices.

Holder of the treatment

Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides in which way and for what reasons, communicated in the information to be provided to the interested parties, collect and use the personal data provided by the user, as well as with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability, subjecting themselves to the obligations and responsibilities provided for by art. 24, GDPR.

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.

[/vc_column][/vc_row]

Premise

Associazione Fonte di Speranza Onlus (hereinafter also “Fonte di Speranza” or “the owner”) pays attention and intends to respect the protection of privacy of the private sphere and the rights of people and therefore undertakes to apply specific and protective rules of conduct – in line with the European Regulation 679/2016 of the European Parliament and of the Council of 27 April 2016, concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data (hereinafter “GDPR “) – which guarantee safe, controlled and confidential browsing on the net.
This policy to protect the confidentiality of information may change over time, also depending on the additions and legislative and regulatory changes in the matter or for our institutional decisions, therefore, we invite you to periodically consult this section of our site.
Thank you, therefore, for viewing the rules that our organization has imposed itself in collecting and processing personal data and in always providing a satisfactory service to users of its sites.

Basic principles of the privacy policy of Fonte di Speranza

  1. perform the processing (art. 4, paragraph 2, GDPR: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, l organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction “) of personal data (art. 4, paragraph 1, GDPR:” any information concerning an identified or identifiable natural person (“interested”); the natural person who can be directly identified is considered identifiable or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements i of his physical, physiological, genetic, psychic, economic, cultural or social identity “) exclusively for the purposes and according to the methods illustrated in the information to be provided that is presented to the user from time to time who accesses a section of the site in the which is the provision, direct or indirect, of personal data;
  2. use the data that was spontaneously released by the user;
  3. use technical cookies to facilitate navigation on the site and analytical cookies for statistical purposes;
  4. transmit data to third parties (data processors – art. 4, paragraph 8, GDPR: “art. 4, paragraph 8, GDPR:” the natural or legal person, public authority, service or other body that processes data personal data on behalf of the data controller “) exclusively for purposes instrumental to what is expressly requested and carefully selected by us;
  5. communicate data to third parties for activities related to what is of interest or if this is required by law, regulation or community legislation;
  6. if applicable and with prior explicit consent (art. 4, paragraph 11, GDPR: “any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses its consent, through unequivocal declaration or positive action, that the personal data concerning him are processed “), communicate the data to third parties for their independent processing;
  7. respond to requests for access to personal data, rectification or cancellation of the same, to exercise the right to be forgotten, to limit the processing or the right to object to their treatment. Ensure the exercise of the right to data portability as well as, object to the processing of data for the purpose of informative communications on our projects and requests for financial contributions in support of our institutional activities, surveys and research, make known the possibility of making a complaint to the supervisory authority;
  8. ensure correct and lawful processing of your data, safeguarding your confidentiality, as well as apply suitable security measures to protect the confidentiality, integrity and availability of the data.

Purpose of data processing and methods of treatment – legal basis of treatment – data collection criteria

Purpose of data processing
As better explained in the sections that allow you to join – by releasing your personal data – to the services reserved for users of our site, the requested data are used to respond to requests expressly made by the user. In particular, all data collection – and subsequent processing – activities are aimed at pursuing the institutional purposes of Fonte di Speranza and, in particular for:

  1. regular and one-time donations;
  2. request for collaboration with Fonte di Speranza (through volunteering);
  3. know how to donate the 5xmille in favor of Fonte di Speranza in the context of your tax return and to benefit from the relative tax deductions and request to receive a reminder on our tax code;
  4. direct the user to our social channels;
  5. comply with laws, regulations and community legislation;
  6. make promotional contacts on updates, news, initiatives, events, information on our humanitarian projects and support for people and countries in difficulty that also require financial support from individuals and fundraising initiatives for our mission, and for surveys and market research;
  7. make personalized contacts proposing adherence to actions or soliciting donations in line with the characteristics of behavior, interest and preference, only if the person has expressed a desire for such contact personalization.

As reported in the list above, personal data may be processed for purposes other than those for which the user has released them. In particular, they may be processed for marketing purposes (point 6), that is, for the purpose of promotional contacts on events, initiatives, awareness-raising and dissemination projects of our causes, solicitation of donations, surveys and research, based on the condition of the ” legitimate interest “(art. 6, paragraph 1, letter f, GDPR, recital C47 and Opinion 6/2014 of the Working Party 29) of Fonte di Speranza. This legitimate interest lies in keeping the relationship established with the interested party constant, in order to keep him / her informed on the awareness actions that it is considered useful to make known in order to demonstrate one’s constant commitment to carrying out one’s mission of collective and social interest throughout the world. This legitimate interest is admitted pursuant to art. 6, paragraph 1, letter f), GDPR and from recital C47, GDPR and from the Opinion n. 6/2014 Article 29 Data Protection Working Party, par. III.3.1., As an alternative condition to the explicit consent of the interested party. This legitimate interest is acquired by Fonte di Speranza (and counterbalanced by the interest of the person) to the extent that – through its actions on the site (e.g. participation in the project, donation) – the user has shown that he is interested in and share the principles of Fonte di Speranza. For these direct marketing activities, the data will be kept in our archives for the period of time necessary to provide these information services insofar as Fonte di Speranza continues its mission with causes equal to or similar to those for which the person has expressed interest. . This period will be reduced if the person’s interest in staying in touch with us persists: if he no longer has any interest, it is sufficient to be communicated through the methods explained below and the appropriate technical and organizational measures will be taken to no longer disturb the person.

As per point 7 of the above list, these promotional contacts may also involve a “profiling” process (art. 4, paragraph 4, GDPR – “any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person “) and will be carried out only if the interested party has expressly desired – and therefore, unequivocally consented – to be subjected to such treatment. In this case, as it is not lawful to apply the condition of legitimate interest, the legal basis of the processing will be the consent, also in the form of an unequivocal desire, manifested by the person (art.6, paragraph 1, letter a, GDPR). This process will involve the selection of the archived information with respect to the interested party, crossed to determine a profile that reflects the characteristics and behaviors of the person, so that he receives communications of his interest and in line with his preferences, actions and personal characteristics (e.g. amount donated, frequency of donation, adherence to initiatives, type of advanced requests) and, therefore, are of specific interest and not disturbing. The data will be kept as long as it is believed that the person maintains this profile and, therefore, the personalized contacts created with profiling are actually to his liking. Also in this case, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for profiling to the extent that it is connected to direct marketing.
In any case, Fonte di Speranza will not use the data provided for purposes other than those connected to the service to which the user has joined, and, in any case, only within the limits indicated from time to time in the information to be provided pursuant to art. . 13, GDPR.

Methods of data processing
All the treatments carried out within this site will be carried out with both paper and electronic or telematic tools, with logic related to the purposes for which the data were collected and in compliance with the current security regulations, for the purposes specified from time to time. time in the information to be provided pursuant to art. 13, GDPR.

Criteria for data collection
The forms to be filled in include both data that are strictly necessary to comply with what is of interest and the failure to indicate which does not allow the request to be processed, and optional data. Therefore, the user is free to provide personal data contained in the request forms or indicated in contacts with Fonte di Speranza to request information or for the other purposes listed above. In these cases of mandatory data provision, their absence can make it impossible to obtain what is requested. The need to request data as mandatory for joining individual projects or initiatives or to make requests has been considered in compliance with the provisions of art. 25, GDPR (“Data protection by design and protection by default” – “Data Protection by design and by default”), which require to evaluate in advance the appropriate technical and organizational measures, such as “pseudonymisation” (art. 4 , paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information is stored separately and subject to technical measures and organizational measures intended to ensure that such personal data are not attributed to an identified or identifiable natural person “), aimed at effectively implementing data protection principles, such as minimization, and integrating the necessary guarantees in the treatment in order to satisfy GDPR requirements and protect the rights of data subjects. In addition, Fonte di Speranza has implemented adequate technical and organizational measures to ensure that only the personal data necessary for the specific purpose of the processing deriving from the project to which the interested party has voluntarily adhered is processed by default.

Criteria used to define the limit of data retention

The data will be kept in our archives (art. 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether this set is centralized, decentralized or distributed functionally or geographically”) according to criteria variables according to the category of data, the nature of the treatment and the purposes of the treatment itself. The criteria or the precise retention limit are described in the information to be provided pursuant to art. 13, GDPR at the time of providing personal data.
In principle, the following assessments by Fonte di Speranza apply to establish the data retention criterion:

  1. all data with respect to the various forms of donation are kept as long as the relationship remains active and for a number of years equal to that which laws, regulations, including EU regulations, impose for administrative and accounting purposes. In addition, they will be kept for the time strictly necessary for the pursuit of the legitimate interest of Fonte di Speranza in the case of asserting or defending a right in court or otherwise ordered by law enforcement, judiciary and supervisory bodies for their institutional activities. For administrative and accounting purposes, the data will be mandatory for n. 10 (ten) years.
  2. all the data of the donors or interested in our activity processed for marketing purposes are kept for the period of time necessary to provide the information services reserved to said people. This right and interest of information are acquired upon joining any initiative that demonstrates the user’s sharing of the principles of Source of Hope, whether this involves donation or is an action of interest and participation in our institutional philosophy . This period is also justified by Fonte di Speranza’s legitimate interest in keeping the relationship established with the person constant in order to keep it informed on what projects could be financed with freely paid contributions or on the awareness actions that it is considered useful to make known for demonstrate their constant commitment to carrying out their humanitarian and social solidarity projects. This legitimate interest is allowed and by recital C47, GDPR and by Opinion no. 6/2014 Article 29 Data Protection Working Party, par. III.3.1. as an alternative condition to the explicit consent of the interested party. Obviously, this retention period is extended as long as the person’s interest in remaining in contact with Fonte di Speranza lasts: if he no longer has interest, it is sufficient to communicate it through the methods referred to in the paragraph “Rights of the interested parties with respect to the data that they concern them “and Fonte di Speranza will take the appropriate technical and organizational measures to not disturb the person anymore.
  3. all the data used for marketing activities with profiling, the treatment of which is supported by a positive action of the person to such treatment, explicitly declaring that he wants it, are kept as long as the profile of the interested party is in line with the personalized communications created through the crossing of the information available to us and, therefore, as long as Fonte di Speranza pursues its beneficial causes with projects, initiatives, actions and activities that require economic contributions or that encourage awareness (e.g. solicitation of adhesion to initiatives and events , requests for opinions and surveys) which are of interest to the person who has expressed a desire to receive information of this content and which reflect the characteristics and behavior of the same and are, therefore, of his specific interest and not of disturbance. Again, this retention will cease if there is opposition at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to this direct marketing.

Once the above periods have elapsed, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but which are useful for adapting the projects, initiatives and actions for the realization and achievement of the statutory and institutional objectives of Fonte di Speranza. The personal data (identification of the person) will therefore be destroyed.

Place of data processing

The treatments connected to the web services of this site take place at the aforementioned headquarters in Fonte di Speranza and are handled by personnel authorized to process them. In case of need, the personal data collected through the site can be processed by the staff of third-party companies that take care of the maintenance of the technological part of the site (responsible for processing pursuant to art. 28, GDPR), at its offices.

Holder of the treatment

Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides in which way and for what reasons, communicated in the information to be provided to the interested parties, collect and use the personal data provided by the user, as well as with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability, subjecting themselves to the obligations and responsibilities provided for by art. 24, GDPR.

Data processors and persons authorized to process

Your personal data can be processed, both manually and electronically or electronically, either directly from Fonte di Speranza or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with safety and the confidentiality of information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (art. 4, paragraph 8, GDPR) and is bound by Fonte di Speranza contractually, with a definition of the operating limits on the data, the data it can process and the categories of data subjects to which they refer, the nature and purpose of the processing, the data retention limits, the obligations and rights that Fonte di Speranza has towards the manager, and with the prohibition to use it differently from the assignment. It can, if formally authorized, in a general or specific way, by Fonte di Speranza, make use of other managers, who are contractually bound by the initial manager directly appointed by Fonte di Speranza: the violations committed by these other managers fall under the responsibility of the manager initial and not from Fonte di Speranza.
The complete and updated list of data processors (and, if applicable, of the managers appointed by the initial manager, subject to our authorization) can be requested at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI).
The personal data collected will be made available to persons authorized by Fonte di Speranza pursuant to art. 29, GDPR which carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons authorized to process are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. Generally speaking, these are the persons responsible for the provision of specific services, the administration, the management of information services, relations with actual and potential donors, the organizers of information campaigns on our projects and institutional activities to support our initiatives social and collective interests.

Third parties to whom your data are disclosed

For purposes related to the provision of the service to which the user has adhered, the data may be made available to third parties, who will act as independent data controllers, and who provide instrumental services to meet the user’s request (for example, Paypal for transactions related to donations) or to which the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to supervisory bodies, police forces and the judiciary by virtue of the laws and regulations that provide for their communication and for carrying out their institutional activities.
In addition, the data may be communicated to third-party non-profit organizations, project partner companies, entities, for independent uses (as autonomous data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has joined.

Other third parties who collaborate with Fonte di Speranza

Fonte di Speranza, in the context of its awareness-raising activities and the presentation of its institutional activity, as well as to improve the services rendered to people who have relationships with Fonte di Speranza or in any case interested and close to our institutional principles, can contact third-party services who collaborate with and who receive from Fonte di Speranza information and data held in their archives.
Here it is clarified that these transmissions of information and data always take place anonymously or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures aimed at ensuring that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at https://it-it.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)
  3. Google (privacy policy at https://policies.google.com/privacy)
  4. Youtube (privacy policy at https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines)
  5. Instagram (privacy policy at https://it-it.facebook.com/help/instagram/155833707900388/)

In addition, as better defined in the “Cookie policy”, Fonte di Speranza uses Facebook pixels for retargeting actions, that is, to show the user with certain characteristics manifested while surfing the net, advertisements and banners that refer to Fonte di Speranza.

Rights of the interested parties with respect to the data concerning them

You can exercise, at any time, at privacy@fontedisperanza.org (alternatively, by writing to Associazione Fonte di Speranza Onlus – Via Sebenico 22, 20124 Milan (MI)), the rights pursuant to articles 15-22, GDPR in reported below:

Right of access (article 15, GDPR)
The person has the right to request whether personal data is being processed and, therefore, has the right to access information concerning him and to have information on:

  1. purpose of the treatment (e.g. management of a donation);
  2. categories of personal data; (e.g. personal data, behavioral data)
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
  4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  5. existence of the right to request the correction or cancellation of personal data or the limitation of the processing of personal data or to oppose their treatment;
  6. right to lodge a complaint with a supervisory authority;
  7. if the data are not collected directly by the person, all available information on their origin;
  8. existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person. (e.g. if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).

Right of rectification (article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right to cancellation (“right to be forgotten” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of personal data concerning him; he is obliged to delete personal data without undue delay, for one of the following reasons:

  1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the consent on which the treatment is based is withdrawn and if there is no other legal basis for the treatment (e.g. own legitimate interest, regulatory or contractual obligations);
  3. you oppose the processing for marketing and profiling purposes and there is no prevailing legitimate reason to proceed with the processing
  4. personal data have been unlawfully processed;
  5. personal data must be erased in order to fulfill a legal obligation under Union or Member State law to which you are subject.

Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:

  1. the person disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data;
  2. the treatment is illegal and the person opposes the cancellation of personal data and instead requests that their use be limited; (e.g., it does not intend that the processing is
  3. carried out for marketing purposes but only for managerial and administrative purposes);
  4. although you no longer need the data for processing purposes, personal data are necessary for the person to ascertain, exercise or defend a right in court;
  5. the person has opposed the treatment if the treatment is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons compared to those of the person.

Notification obligation in case of rectification or cancellation of personal data or limitation of treatment (article 19, GDPR)
The person has the right to request that the correction or cancellation of data or limitation of processing be communicated by Fonte di Speranza to other subjects to whom the data may have been communicated. Fonte di Speranza may not comply with the request, if the means to be used are disproportionate to the person’s right to privacy.

Right to data portability (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without hindrance by the person to whom it supplied them. This right can be exercised in the following cases:

  1. the treatment is based on consent or on a contract or on pre-contractual measures requested by the same person and simultaneously
    the treatment is carried out by automated means.
  2. The person has the right to obtain that his data is transferred directly from one subject to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.

Right to object (article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of Fonte di Speranza or of third parties, provided that the interests or fundamental rights and freedoms of the person who request the protection of personal data do not prevail for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to this marketing activity.

Automated decision-making process relating to natural persons, including profiling (article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or which similarly significantly affects his person. In particular, it has the right to object to the profiling to which it is subjected through automated processes.
This right cannot be exercised if the decision:

  1. it is necessary for the conclusion or execution of a contract;
  2. is authorized by Union or Member State law to which you are subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the person;
  3. is based on explicit consent.

The person has the right to express his opinion and to contest the decision of Fonte di Speranza.

Response times
As established by the GDPR, Fonte di Speranza will respond to the person within a month of the request, unless complex procedures (or requests are numerous) that do not allow to respect this time have to be implemented. Full feedback is allowed within three months of the request, but we are obliged to inform you of it within one month of the request originally sent (art.12, paragraph 3, GDPR).

Complaint to the supervisory authorities

It is possible to contact the supervisory authority which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Rome (RM) – www.garanteprivacy.it, using the form downloadable at URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw to propose a complaint regarding the processing of your personal data.

What are Cookies and how they are used by Fonte di Speranza

Cookies are information saved on the hard disk of your PC and which are sent from your browser to a Web server and which refer to your use of the network. Consequently, they allow to know the services, the sites visited and the options that, surfing the net, have been shown.
This information is not, therefore, provided spontaneously and directly, but leaves a trace. The data collected through cookies will be used for technical needs, in order to guarantee easier, immediate and quick access to the site and its services and navigation. facilitated to the single user.
With the user’s consent, profiling cookies may also be used to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of so-called session cookies (which are not permanently stored on the user’s computer and are automatically eliminated by closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. I c.d. session cookies that are used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data. Vice versa, the profiling cookies allow to know the user’s browsing on the net and to detect his interests, the expressed needs and preferences and then allow to create advertising campaigns or create profiles to better target, in a personalized way, promotional, institutional communications and awareness. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our cookie policy and third-party cookie policies, please read the related information by clicking HERE.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The security of your personal data

Fonte di Speranza adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which have as their objective the prevention of damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
In particular, Fonte di Speranza has put in place technical and organizational measures aimed at guaranteeing a level of security adequate to the risk that could affect people’s rights and freedoms, including the confidentiality and confidentiality of the information that concerns them. Adopt security criteria which include, among others:

  1. the “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information are stored separately and subject to technical and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “) and / or data encryption
  2. systems that permanently safeguard the confidentiality, integrity, availability and resilience of treatment systems and services
  3. systems to promptly restore the availability and access of personal data in the event of a physical or technical accident
  4. procedures to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee the safety of the treatment.

Similar preventive security measures are adopted by third parties (data processors) to whom we have entrusted the processing of your data on our behalf.
On the other hand, Fonte di Speranza is not responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and that have been provided by a third party, even fraudulently.

Financial information needed for donation

In the case of a donation made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of Fonte di Speranza. In general, finally, Fonte di Speranza assumes no responsibility with reference to unauthorized or fraudulent uses by third parties of the information relating to the tools used for the transaction related to the donation.