Information on the processing of data for fundraising pursuant to Article 13 Reg. 679/2016/EU In order to ensure a processing ([1]) that is lawful, fair, and transparent regarding personal data, the Data Controller provides the necessary information below, as required by Article 13 of Legislative Decree 196/2003 and Article 13 of Reg. 679/2016/EU.
1) Identity and contact details of the Data Controller The Data Controller is identified as “ASSOCIAZIONE INSIEME A TE” Odv (voluntary organisation), based in Faenza, Via San Giovanni Bosco, 1, email: info@insiemeate.org (hereinafter “Data Controller”, “Controller” or “Association”).
2) Purposes and methods of processing The Data Controller informs the data subject that their data will be processed for the following purposes:
a) Management of membership registrations for the Association
Pursuant to Article 6, paragraph 1, letter b) Reg. 679/2016/EU, the collection of data from the data subject and subsequent processing thereof are aimed at the registration of members. Payment of the membership fee can be made via credit card, PayPal, bank and/or postal transfer, or Satispay, and the processing of acquired data is aimed at carrying out all phases related to payment, such as operations functional to the collection thereof, including instrumental activities such as issuing receipts.
b) Sending information regarding the services provided by the Association
Pursuant to Article 6 paragraph 1 letter a) Reg. 679/16/EU and Article 23 Legislative Decree 196/03, the Controller processes the data obtained following contact through contact forms, the reservation management form, or email addresses on the site solely for the purpose of providing the requested information through the aforementioned tools. This purpose will be pursued, as far as possible, with technical and organizational measures that ensure compliance with the principle of data minimization.
3) DATA CONFERRAL AND REFUSAL The provision of personal data related to the processing connected to membership management is necessary for the performance of the activity itself, and refusal and/or the provision of inaccurate and/or incomplete information by the data subject will prevent the pursuit of the purposes set out in point 2). The provision of data in relation to processing for sending information is optional. The absence of consent for the processing of data for this purpose will prevent the sending of communications.
4) RECIPIENTS OR CATEGORIES OF RECIPIENTS AND AREAS OF DISSEMINATION OF PERSONAL DATA The Data Controller adopts all security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data. In addition to the controller, the data of the data subject may be communicated and acquired: i) by the staff of the Associazione Insieme a Te for the above purposes; ii) by third parties (appointed, where prescribed by legal provisions, as Data Processors by the Controller) who provide instrumental services to satisfy the donation request (for example, credit institutions or credit card issuers to manage donation payments) or those that allow more effective management of contact with the data subject (for example, email platform managers) or to whom communication of data is necessary to comply with legal obligations or regulations. An updated list of any Data Processors may be requested at any time from the Data Controller.
5) PERIOD OF CONSERVATION OF PERSONAL DATA AND DISSEMINATION OF PERSONAL DATA The Controller informs that the personal data of the data subject will be retained for a period of 10 years from the last use, unless the data must be retained for legal obligations or to assert a right in judicial proceedings. At the end of the retention period, the personal data will be deleted, and consequently, the right of access, deletion, rectification, and portability of the data can no longer be exercised.
6) PAYMENT MANAGEMENT Payment management services allow this site to process payments via credit card, bank transfer, or other instruments. The data used for payment are acquired directly by the payment service provider without being processed in any way by this Application. Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding the payment. PayPal (Paypal) PayPal is a payment service provided by PayPal Inc., which allows the User to make payments online. Personal Data collected: various types of Data as specified in the privacy policy of the service. Location of processing: See the privacy policy of PayPal – Privacy Policy. PayPal button and widget (Paypal) The PayPal button and widget are services for interacting with the PayPal platform, provided by PayPal Inc. Personal Data collected: Cookies and Usage Data. Location of processing: See the privacy policy of PayPal – Privacy Policy.
7) RIGHTS OF THE DATA SUBJECT Pursuant to Article 13 Reg. 679/2016/EU, the data subject is informed that they may, at any time, exercise the rights detailed in Articles 15-16-17-18-20-21 and 22 of the Regulation, specifically they have the right to:
- obtain confirmation of the existence or absence of personal data concerning them, even if not yet recorded, and their communication in an intelligible form;
- request access to personal data from the Data Controller, as well as the right to data portability;
- obtain the updating and rectification or, when they have an interest, the integration of the data;
- object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection; b) to the processing of personal data concerning them for the purposes of sending advertising material or direct sales or for carrying out market research or commercial communication;
- obtain deletion and transformation into anonymous form or blocking of data processed in violation of the law, including those for which retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- revoke consent (for the only processing for which consent is the legal basis) at any time without affecting the lawfulness of the processing based on the consent granted before the revocation;
- file a complaint with a supervisory authority;
- obtain confirmation that any deletions, corrections, or limitations on the processing of personal data have been communicated to each of the recipients to whom the aforementioned data were transmitted.
[1] Pursuant to Article 4 n. 2) Reg. 679/2016/EU, “processing means any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.
Feel free to let me know if you need any further modifications or assistance!