INFORMATION PURSUANT TO ARTICLE 13 OF EU REGULATION (EU) NO. 679/2016 (‘GDPR’)
This privacy notice describes which of your personal data are collected by ResQ Onlus, for which purposes and how they are processed. Below you will also find the necessary information to enforce your rights provided for by GDPR.
In general, we collect your personal data when you email us, when you subscribe to the newsletter, when through the website www.resq.it (hereinafter ‘Website’) you decide to become a member or make a donation. We hereby inform you that the personal data collected during such procedures will be processed in order to reply to your requests, to allow you to benefit from the services offered on the Website, as specified below.
- Who processes your data: Data Controller
ResQ – Onlus, with registered office in viale Regina Margherita 30, Milano (MI) – Italy Tax Code: 97863650152, firstname.lastname@example.org (hereinafter ‘ResQ’ o ‘Data Controller’, which may also be referred to with the expressions ‘we’, ‘us’ or ‘our‘) is the controller of the processing of your personal data.
- Which data we process – Type of processed data
Your contact data. We will retain the contact details you provide us with (e.g., name, last name, address, telephone number, e-mail address, country of residence, cell phone number, date of birth, gender, Tax Code) when you contact us, subscribe to the newsletter, ask to become a member or decide to make a donation.
Your payment data. We will retain the payment data that you provide us with (e.g., credit card number).
Information on the use of the Website. Your use of our Website implies the processing of the browsing data and the device that you are using and your IP address (i.e. the number that identifies a specific device connected to the internet and is required in order for your device to communicate with websites). Moreover, ResQ may analyse the website you browsed from, what you did and what you did not do on our Website.
- Where do we get your data – Data collection methods:
Directly from you. For instance, if you decide to subscribe to the newsletter, to become a member or to make a donation. If you do not provide us with your data, you will not be able to use the services on the Website.
- Why and for how long we process your data – Purpose and legal basis for data processing; data retention period
- a) To allow you to make donations. ResQ will process your personal data, including payment data, whenever you decided to make a donation through the Website, using the functionalities in the section ‘Donate’.
The legal basis of such data processing is the performance of your request to make a donation.
The data retention period of your data is equal to the period required to allow you to make the donation.
- b) To allow you to become a member of ResQ. We will process your personal data in order to allow you to become a member of ResQ through the ‘Become a member’ section.
The legal basis of such data processing is the performance of your request, following your review and acceptance of the Statute.
The retention period of your data, in addition to what is necessary to process your request, shall be equal to the period during which you will be a member of ResQ.
- c) To respond to your requests received through e-mail contacts. ResQ may use your data to respond to your requests by sending you an e-mail.
The legal basis of such data processing is the performance of your request.
The retention period of your data in relation to this processing is equal to the time necessary to process your request.
- d) To manage your administrative status correctly. We will process your data for accounting, administrative and tax purposes, directly connected to ResQ’s activity and as required by the applicable legislation.
The legal basis of such data processing is the compliance with legal obligations.
The retention period is equal to that required by law (specifically, tax, anti-money laundering, banking and public security law).
- e) To prevent or control unlawful conducts or to protect and enforce rights. For instance, we may use your data to prevent infringement of our intellectual property rights (e.g., counterfeiting of our trademarks and/or our partners’) or theft (including but not limited to credit card cloning) or other unlawful acts, as allowed by applicable law.
The legal basis for such data processing is the legitimate interest of the Data Controller.
The period of retention of your data is equal to the time reasonably necessary to enforce our rights from the moment we become aware of the offence or the potential commission of it.
- f) For marketing / newsletter subscription purposes. Upon your prior consent, ResQ may contact you via e-mail, sms, telephone or other telematic communication means with information or promotions relating to its activities and potential scheduled events (including the newsletters), also following your subscription to the newsletter by entering your email address.
The legal basis for such data processing is your explicit consent which, as far as only the subscription to the newsletter is concerned, consists of entering your personal e-mail address.
The retention period of your data is equal to 24 months from the collection of your data.
- Nature of the provision of personal data
For the purposes of subparagraphs from a) to e) above, the provision of data is necessary to allow you to comply with your requests, to make donations and to become a member.
For the purposes of subparagraph f), the provision of data is optional, a refusal shall not cause any prejudice for the purposes of subparagraphs from a) to e). You may withdraw your consent at any time, but this shall not affect the lawfulness of the processing carried out before such a withdrawal.
- Where your data are processed – transfer of data
Data shall be processed and stored at the offices of ResQ and of its suppliers within the European Union.
Personal data may also be communicated to third-party service providers – duly appointed as data processors pursuant to art. 28 of the GDPR – which have their registered office outside of the European Union as well.
Such data transfers shall be authorized either upon:
- an adequacy decision, adopted by the European Commission pursuant to art. 45 of the GDPR, referred to the Extra-EU country where personal data are transferred to; or
- appropriate guarantees provided for by articles 46, 47 and 49 of the GDPR (namely, standard contractual clauses approved by the European Commission, binding corporate rules, contractual or covenant guarantees provided for by the involved data controllers, or by way of derogation to the prohibition of the transfer, which are applicable under certain circumstances).
- Who we share your data with – recipients of personal data
Provided that, where required by law, we will obtain your prior consent and comply with any formalities required by law, we may share your data with third parties, such as our service providers, although in such a case we shall enter into an agreement pursuant to art. 28 of the GDPR aimed at protecting your data. These parties shall only be in possession of the data required to perform their functions and shall only use them for the purpose of providing services on behalf of the Data Controller or complying with the law. You may find out the details of such data processors, pursuant to Article 28 of the GDPR, by contacting ResQ.
Where permitted or required by law, ResQ may also share the personal data requested by a government agency or by another authorised third party or organisation, in order to protect or enforce its rights or those of third parties, or to limit or prevent fraud and other offences.
Our Website is not intended for minors under the age of 16, but for adults. If you are a parent or guardian and you believe that your child may have sent us some personal data, please contact us.
- Security Measures
We adopt the security measures required by law.
We adopt security measures in order to protect your data. The standard security measures that we use depend on the type of data that we process, and such measures meet the requirements provided for by law and by the standards of European government agencies.
- Your rights
You may contact ResQ in order to request the access to, the rectification or erasure or restriction of the processing of your personal data, to object such processing and to request the portability of your data; you may also withdraw your consent at any time (and this shall not affect the lawfulness of the processing based on consent granted before such a withdrawal).
When you exercise your right of access, you have the right to know whether your data is being processed or not, as well as the purpose of the processing, the categories of data being processed, the recipients or categories of recipients who your data have been disclosed with (and, if they are located in a third country, the guarantees in place), the retention period of your data (or the criteria in order to determine such a retention period), whether an automated processing is being carried out or not (e.g., through profiling), the logic involved behind such a processing, and the source of the data (when not initially collected by ResQ).
You have the right to lodge a complaint with the Italian Data Protection Authority and to request to the Data Controller, at any time, information about the data processors and the parties that are authorised by the data controllers to process your data.
You may exercise your rights by contacting ResQ at the above-mentioned addresses.
You may withdraw your consent to receive marketing communications. In order for you to stop receiving marketing communications, you may follow the instructions shown in the promotional message that you receive. Alternatively, you may withdraw your consent by contacting the Data Controller at the above-mentioned addresses.
- What happens if we amend this Policy
Version updated to June 28 2021