Information on the processing of personal data

Information pursuant to Article 13 of the European Data Protection Regulation 2016/679 (hereinafter the “GDPR”) - Donations.

The Antonio Emanuele Augurusa Foundation, with registered office in Filogaso (VV) at Via Gallippi Antonio, 11, in the person of the legal representative p.t, as the Data Controller of personal data, informs, in accordance with the provisions of Article 13 of the GDPR, that all processing activities will be carried out in compliance with the applicable legislation on the subject.

Data controller

The “data controller,” in accordance with Article 4, paragraph 1, no. 7 of the GDPR, is the Antonio Emanuele Augurusa Foundation, with registered office in Filogaso (VV) at via Gallippi Antonio, 11, in the person of the legal representative p.t.

Categories of data processed

For the purposes described in the following paragraph, the Holder will process the following donor data:

  1. Personal biographical data of the donor (first and last name);
  2. Bank and/or payment information (e.g., IBAN – only in the case of donation by wire transfer);
  3. Contact information (e-mail);
  4. Browsing information (IP addresses, cookie data).

No processing of special data or any kind of profiling will be carried out.

Purpose and manner of processing - Legal basis

The purposes related to the data processing carried out are as follows:

  1. Perform pre-contractual and contractual obligations, and, in this case, manage the donation in all its phases and activities instrumental thereto (such as, for example, communications about the donation and regularity in its activation or changes communicated by the donor, donation summaries, issuance of donation receipts for tax deductibility, etc.)
  2. To comply with administrative and other regulations that are mandatory under applicable national law or under decisions of the European Union.
  3. Send information materials on Foundation events and educational activities.
  4. Perform statistical processing of donations.

Method of treatment

Personal data are processed by the Data Controller in paper and (mostly) electronic form and are stored within its management system. Suitable security measures are observed to prevent loss or alteration of data – including accidental – illegal or incorrect use and unauthorized access.

Legal basis for processing

Depending on the processing purposes set forth in the chapter “Source and Purpose of Processing,” the legal bases are:

  1. for the purposes mentioned in point 1, the legal basis is Article 6(1)(b) GDPR since the processing is aimed at fulfilling pre-contractual or contractual obligations to which the data subject is a party. Therefore, it will not be necessary to seek your consent.
  2. For the purposes mentioned in point 2, the legal basis is Article 6(1)(c) GDPR since the processing is aimed at fulfilling legal obligations to which the Controller is subject. Therefore, it will not be necessary to seek your consent.
  3. for the purposes referred to in point 3, the legal basis is the “legitimate interest” (Art. 6, paragraph 1, letter f), GDPR, recital C47, GDPR and Opinion 09 April 2014, No. 6 of Working Party 29, par. III.3.1.) of the Foundation in maintaining active the relationship established by the donor who, with his or her act of donation, has shown appreciation and sharing of our causes and programs. The Holder will, therefore, inform the donor about its activities and, in particular, about which projects could be financed with financial contributions or about the awareness actions that are deemed useful to make known in order to demonstrate its constant commitment to the realization of its mission; it will also contact the donor to ask for opinions about its activities by involving it in surveys and research. Such contacts will allow the interested party to learn about these opportunities and decide, if he or she wishes, to join. This is counterbalanced by the donor’s expectations to receive information regarding topics of his or her interest and, therefore, of his or her manifested liking, activating himself or herself by donating and, therefore, sharing the Foundation’s causes. Therefore, it will not be necessary to seek your consent.
  4. for the purposes referred to in point 4, the legal basis is the “legitimate interest” (Art. 6, paragraph 1(f), GDPR, recital C47, GDPR and Opinion 09 April 2014, No. 6 of Working Party 29, para. III.3.1.) of the Foundation to assess the characteristics of people who have an interest in and have joined its institutional activities. This will allow the Holder to analyze, in each case, anonymously the propensity to donate and its characteristics in order to improve, supplement or modify its forms. Therefore, it will not be necessary to seek your consent.

General rules in relation to the type of contribution

It is mandatory to provide: identification data (name and congome), e-mail address, since without them the donation cannot be activated nor administratively managed. The Foundation has put in place appropriate technical and organizational measures to ensure that only the personal data necessary to enable the person to make the donation and the Foundation to process it are processed by default.

Data processors, persons authorized to process data, autonomous data controllers - Data communication.

The Foundation trains and licenses staff in donor service, institutional activities, administration, information and data security systems.

The data will also be processed by the data processors in charge of services related to points 1., 3., 4 of the purposes stated in this policy.

The data will also be processed by third parties, autonomous data controllers, for purposes instrumental to the management of donations or related administrative activities (e.g.: companies and/or administrative and tax consulting firms, banking institutions), and, to the extent not indicated herein, required to make the information to be provided ex art. 13, GDPR. The treatments performed by them concern points 1. and 2. of the stated purposes. They will also be processed by the operators of Internet connections, as autonomous data controllers.

The data may be communicated to public bodies, the judiciary, or law enforcement agencies where required by law, regulation, or EU legislation, who will act as autonomous data controllers.

The donor’s donation and tax code data will be processed by the Internal Revenue Service, by virtue of the law, for the administration of the pre-filled 730 form, in its capacity as an autonomous data controller, if the donor has not exercised the right to object to this operation.

Data are not disclosed to other associations, companies or entities for their direct marketing or profiling purposes. The data will not be disseminated.

Period of data retention

The Data Controller has established the following data retention periods according to the purposes pursued:

  • for the purposes mentioned in 1. the period of data retention is determined according to the time period necessary to execute the donation and pre-contractual obligations or, in any case, for 10 years after making the donation;
  • For the purposes mentioned in point 2, the period of data retention is determined according to individual national and EU regulations that impose legal obligations to which the Data Controller is subject. Therefore, for administrative, tax and accounting purposes, data are kept for a period of No. 10 years;
  • for the purposes mentioned in point 3, the data are kept for the period necessary to maintain the relationship established with the donor and inform him/her about our institutional activities, events, initiatives and projects, fundraising campaigns in support of our mission. This period of retention will be interrupted when the person concerned expresses his or her wish not to receive further information from the Foundation, by sending communication to that effect to the email address: privacy@fondazioneagurusa.org
  • for the purposes of point 4, the data will be kept anonymously and, as such, no longer subject to the requirements of the GDPR.

Rights of the data subject

In accordance with the conditions set forth in the GDPR, the data subject may exercise, against the data controller, the rights provided for in Articles 15 et seq. of the GDPR, if compatible. For example, the data subject has the right to request:

  • data access;
  • Correction of inaccurate data and supplementation of incomplete data;
  • Deletion of data, such as when they are no longer needed for the above purposes or are not processed in accordance with the regulation, in permitted cases;
  • restriction of processing in the prescribed cases, such as when the accuracy of the data is disputed and verification of its accuracy is required;
  • portability, i.e., the right to receive, in applicable cases, one’s own data in a structured, commonly used and machine-readable format and to transmit such data to another data controller;
  • Opposition to processing, in permitted cases.

To exercise the above rights, you can contact the Foundation’s DPO by sending a request to: privacy@fondazioneagurusa.org

In addition, under Article 77 of the GDPR, if a data subject believes that the processing of his or her personal data does not comply with the EU Regulation 2016/679, he or she has the right to lodge a complaint with the Data Protection Authority, following the procedures and directions available at www.garanteprivacy.it.

Updates

This information is effective as of the date of publication. In order to best meet the needs for updated disclosures and to comply with evolving industry regulations, this information may be subject to updates and changes.