Foreword
#Every Child Is My Child ETS (also "#ECIMC") is a non-profit, socially useful association attentive to the needs of children and the protection of their rights.
#ECIMC pays particular attention to the use of personal data also in the light of the use that can be made of them via the Internet. In compliance with Regulation (EU) 2016/679 ("GDPR") and national legislation on the protection of individuals with regard to the processing of personal data and the free movement of such data ("Regulations Applicable"), #Every Child Is My Child ETS intends to ensure that users of its site can browse the site safely and confidentially. Below is some information on what data is processed by #Every Child Is My Child ETS. The information contained in this policy may be updated periodically, including as a result of regulatory updates, so please re-read it regularly. The information concerns only the website of #Every Child Is My Child ETS and not other websites of third parties that may be consulted by the user through links present on the site.
For further information please contact
#Every Child Is My Child ETS
Via di S. Anselmo, 14
00153 - Rome (RM)
Tax code and VAT no.: 97941100584
E-mail: segreteria@everychildismychild.it
Note to Minors
#Every Child Is My Child ETS is particularly sensitive to protecting the privacy of children and young people, whether they are users of the site or recipients of the Association's activities.
We therefore encourage parents to support their children in their use of the Internet, telling them the importance of not providing their personal data without permission, thus helping to protect their privacy.
The site does not collect or process data from minors. In accordance with applicable law, the person exercising parental responsibility is required to provide consent for the collection of personal data of minors. Should the data of minors be unintentionally submitted, the owner will delete them in a timely manner.
Data Collection and Processing
The #Every Child Is My Child ETS Association is the data controller of personal data, pursuant to and for the purposes of the GDPR, and therefore determines how and for what reasons to collect and use the personal data provided by the user, with what tools to process them and what security procedures to activate to guarantee their integrity, confidentiality and availability.
The computer systems and software procedures used to operate the website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site. For further information, please refer to the text of the extended cookie policy.
Among the data that the user may voluntarily enter are those required to fill in online forms for registration to newsletters, to join specific campaigns and/or activities, as well as data relating to fundraising activities for the purposes of the Association and for commercial activities aimed at the sale of products concerning the Association.
Purpose of processing
The use of the user's data is limited to the following processing:
- Sending newsletters for marketing purposes;
- Sending Institutional Communications;
- Sending information in connection with requests by visitors to the site;
- Management and donor relations;
- Purpose of selling merchandising products.
Legal basis for processing
- Newsletter for marketing purposes: the user may expressly and freely request #ECIMC, by voluntarily entering his/her e-mail address, to receive newsletters for marketing purposes relating to #ECIMC or to news, events, projects relating to the Association. The legal basis is consent, which can be revoked at any time by writing to segreteria@everychildismychild.it (art. 6.1, lett. a GDPR);
- Institutional communications: sending communications relating to the Association's activities addressed to donors and associates. The processing is necessary for the pursuit of the legitimate interest of the Data Controller (Art. 6.1, lett. f GDPR);
- Data provided voluntarily by the user: The personal data entered in the contact form are processed exclusively for the purpose of responding to the request, i.e. for the provision of the holder's services. The legal basis is the fulfilment of pre-contractual, contractual or tax obligations (Art. 6.1, letter b GDPR). The user is free to enter his or her e-mail address in the contact form, and if the user does not communicate the identifying and personal data correctly, the data controller may not be able to process requests, in whole or in part.
- Management and donor relations: personal data are processed in order to carry out activities related to the formalisation of online donations, for which there is a procedure through a specific form on the website. All the data collected are processed to enable the subsequent administrative operations necessary to formalise the donation itself, as well as to send communications relating to the payment and use of the sums collected. The legal basis that makes the processing lawful is the execution of the contract to which the data subject is party (art. 6.1, lett. b) GDPR), the fulfilment of legal obligations to which the data controller is subject (art. 6.1, lett. c) GDPR).
- Sale of merchandising products: Personal data provided by the user or collected at the time of purchasing merchandising products will be used to manage, administer and process product purchases, sales and after-sales services, e.g. administrative activities, accounting, returns, guarantees, refunds, and for any problems relating to the management of the order or subsequent requests relating to the order. The legal basis that makes the processing lawful is the performance of the contract and pre-contractual measures to which the data subject is party (Art. 6.1(b) GDPR) and the fulfilment of legal obligations to which the data controller is subject (Art. 6.1(c) GDPR).
Personal data retention period
Personal data processed for the purpose of sending newsletters as referred to in point I) are retained as long as the user has shown an interest in receiving it. In this regard, a criterion for the data retention period has been established which provides for a 'periodic check' by the data controller. According to this criterion, a user who does not show interest in the Association (no donations, no participation in events/new projects) for 24 consecutive months will be automatically deleted from the mailing list.
The user's personal data sent in connection with the generic request for information under points II and III are processed by the data controller only for the period of time necessary to achieve the purposes of the processing, after which they are retained solely for the purpose of complying with the relevant legal obligations, for administrative purposes and/or for asserting or defending one's own rights.
The data for donation and sales purposes referred to in points IV) and V) are processed for the time provided for by legal obligations (10 years) to achieve the purposes for which they were collected either directly by the #Every Child Is My Child ETS Association or by third parties who, in possession of the requisites of experience, technical capacity, professionalism and reliability, carry out the processing operations on behalf of the Association.
To this end, we would like to point out that the latter data may be made available to credit or equivalent institutions in order to allow the necessary transactions for the donation, or to designated bodies and institutions for the fulfilment of legal requirements.
Methods of processing personal data
Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access. #ECIMC adopts, pursuant to Article 32 of the GDPR, appropriate and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data.
Data collected through the site will not be transferred, shared or used in any way other than as described here. Data are not disclosed to third parties for marketing purposes. The Association does not carry out any solely automated decision-making processes on personal data, including profiling. All data requested from the user are necessary exclusively for the purpose of carrying out the Association's activities and, therefore, failure to provide such data voluntarily may prevent the provision of certain services.
Transfer of personal data to third countries outside the EU
Personal data are not transferred to non-EU countries or to an international organisation. Data is stored on servers located in the EU. The data controller may, where necessary, have the right to move the location of the servers, ensuring that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering into agreements guaranteeing an adequate level of protection and/or by adopting the standard contractual clauses required by the European Commission.
Rights of data subjects
Pursuant to Articles 15 et seq. of the GDPR and current legislation, the user has the right, in addition to lodging a complaint with the Italian Data Protection Authority and revoking any consent given at any time, to:
- a) obtain confirmation of the existence or otherwise of personal data concerning him/her and their communication in an intelligible form, receiving them in a structured, commonly used and readable format with the possibility of transmitting them to another data controller ('Right to portability');
- b) obtain indications on: (i) the origin of the personal data, the purposes and methods of processing, the logic applied in the event of processing carried out with the aid of electronic instruments; (ii) the identification details of the data controller and of the data processor(s); (iii) the subjects or categories of subjects to whom the data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, data processor(s) or person(s) in charge of processing;
- (c) obtain (i) the updating, rectification or integration of the data concerning him/her or, in the event of a dispute as to whether the data is correct, the restriction of the processing of the same for the time necessary for the appropriate checks, (ii) the transformation into an anonymous form or the blocking of data processed in breach of the law, including data whose storage is necessary in relation to the purposes for which the data was collected or subsequently processed (iii) certification to the effect that the operations as per the preceding points have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- d) object, in whole or in part, to the processing of data concerning him/her, even if pertinent to the purpose of collection;
- (e) obtain erasure without undue delay if the data are no longer necessary for the purposes for which they were collected or otherwise processed, if they have been processed unlawfully or if the user (i) requests or (ii) objects to the processing in whole or in part;
- (f) obtain the restriction of the processing in the event that the data (i) are unlawfully processed but the User objects to their deletion, (ii) are necessary for the establishment, exercise or defence of a right, (iii) an assessment of the legitimate grounds for processing by the Controller is pending.
The above-mentioned rights may be exercised by making a request to the holder at the e-mail address segreteria@everychildismychild.it.