A.S.I.A. Via San Martino Della Battaglia, 31 00185 Roma CF 03556801003
rev. 00 del 27/07/2018 Pagina 2 di 5
A.S.I.A. is constantly committed to protecting the privacy of its Data Subject through compliance with the provisions of the “European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data, as well as free circulation of such data “. This policy outlines the management, treatment, collection, use, and purpose of data of Data Subjects, as well as the rights of Data Subjects.
1. Data Controller
The Data Controller and Data Processor is A.S.I.A., in the person of its legal representative, with registered office in Via San Martino Della Battaglia, 31 00185 Rome. A.S.I.A. is always reachable, for clarification, at the e-mail address: firstname.lastname@example.org
2. Legal basis of processing
The Data Controller processes Personal Data relating to the Data Subject in the event that one of the following conditions exists:
• the Data Subject has given consent for one or more specific purposes; Note: in some jurisdictions, the Data Controller may be authorized to process Personal Data without the consent of the Data Subject or another of the legal bases specified below, as long as the Data Subject does not object (“opt-out”) to this treatment. However, this is not applicable if the processing of Personal Data is regulated by European legislation regarding the protection of Personal Data;
• processing is necessary for the execution of a contract with the Data Subject and/or the execution of pre-contractual measures;
• the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
• processing is necessary for the performance of a task carried out in the public interest or for the exercise of public authority;
• processing is necessary for the pursuit of the legitimate interest of data Controller or third parties.
In any case, it is always possible to ask the Controller to clarify the concrete legal basis of each treatment and to specify whether the treatment is based on the law, required by a contract or necessary to conclude a contract.
3. Purposes of the processing
The Data of the Data Subject is collected to allow the Controller to provide its services and carry out its institutional activities. Specifically, data processing is carried out for the following purposes:
a) Manage the activities related to regular and one-off donations;
b) Request and / or allow access to distance adoption projects and support for the initiatives of A.S.I.A.;
c) To subscribe and request membership in petitions, fundraising, surveys and awareness projects on issues related to the activities of A.S.I.A.;
d) Informing about the activities carried out by A.S.I.A.;
e) Manage subscriptions to the Newsletter;
f) Perform profiling activities;
g) Responding to requests for information;
h) Respond to requests for collaboration with A.S.I.A.;
i) Manage contractual and legal obligations;
j) Ensure the security of the website.
4. Type of data processed
A.S.I.A., as Data Controller, deals with the following types of data to carry out the purposes related to in the previous article. A.S.I.A. Via San Martino Della Battaglia, 31 00185 Roma CF 03556801003
rev. 00 del 27/07/2018 Pagina 3 di 5
4.1. Website navigation data
The IT systems and the technical and software procedures underlying the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the functioning mechanisms and protocols in use on the Internet.
Every time the Data Subject accesses this site and every time he invokes or requests a content, the access data is stored in our systems and potentially also by the person in charge of data processing and by the data processors, in the form of data files or linear (within appropriate log files), structured and / or unstructured.
4.2. Data voluntarily provided by the Data Subject
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender’s address and other data supplied, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services and/or processing purposes, and, where necessary, explicit requests for consent are also present.
5. Data recipient
Within the limits relevant to the processing purposes indicated, the data collected may be communicated to business partners appointed by the Data Controller or for legal obligations or to fulfil your specific requests. In addition, the Data Subject data may be made available to third parties, independent data Controllers, for purposes related to the provision of services of interest such as banks, and online platforms to allow the necessary transactions (eg PayPal).
Your data will not in any way be disseminated outside the purposes referred to in Article 3.
7. Transfer of personal data to third countries or international organisations
If not strictly necessary for activities related to distance adoptions in non-EU countries, the data collected are not transferred abroad outside the European Union. Specifically, the data of the Data Subject participating in the distance adoption project will be transferred outside the European Union to allow the activities of A.S.I.A. to take place in the countries where it operates.
To allow a correct operation, the website https://asia-ngo.org/ could still share some of the data collected with services located outside the European Union. The transfer will be authorized based on specific decisions of the European Union and of the Italian Data Protector Supervisor considering the European Decision 1250/2016 (Privacy Shield) for which no further consent is required.
8. Location of data processing
rev. 00 del 27/07/2018 Pagina 4 di 5
the website https://asia-ngo.org/). The personal data provided by the Data Subject who send requests for information material are used only to perform the service or provision requested and will not be disclosed to third parties.
9. Methods of processing
The Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using computer and / or electronic and / or paper means, with organizational methods and with logic strictly related to the purposes indicated.
With explicit consent, communications sent by A.S.I.A. can be carried out through profiled marketing activities, which allows you to automatically customize communications with the aim of providing content in line with the preferences of the Data Subject.
10. Website security measures for data protection
For the management of both digital and paper data, specific security measures have been adopted, aimed at ensuring the availability, integrity and confidentiality of the information. All data received as a result of requests for information and necessary for the provision of services / contracts are stored at the headquarters of A.S.I.A. in compliance with the appropriate security measures.
11. Data stored period
Data of the Data Subject will be kept in compliance with the proportionality principle and according to variable criteria in relation to the type of data processed and the purposes of the processing.
Regarding the purposes related to donations (letters a) and g) of article 3) the data will be kept as long as the financial support will be in place and for the retention period required by current legislation for administrative and accounting purposes.
With regard to the purposes referred to in letters b), c), d), e), f), g) of Article 3, for which an explicit consent has been acquired, the data of the Data Subjects will be kept for a period 10 years since the last contact with A.S.I.A. to allow the legitimate interest of A.S.I.A. to pursue its institutional goals. After this deadline, the data will eventually be anonymized and therefore it will no longer be possible to identify the Data Subject.
As for the data acquired to respond to requests for collaboration with A.S.I.A. (letter h) of Article 3) the data will be kept for a period of 36 months from the last contact with A.S.I.A..
For all types of data, at the end of the retention period, the data will be deleted. Therefore, at the end of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised. The interested party can always request at any time the deletion and/or limitation of data as well as the rights referred to in Article 12 of this policy.
12. Rights of the Data Subject
Pursuant to Article 13 of European Regulation 2016/679 (GDPR) and thenational legislation, the Data Subject may, in accordance with the procedures and within the limits established by current legislation, exercise the following rights (provided from the Article 16 to the Article 21):
• request confirmation of the existence of personal data concerning him (right of access);
• know its origin;
• receive the intelligible communication;
• to have information about the logic, methods, and purposes of the processing;
• request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected; A.S.I.A. Via San Martino Della Battaglia, 31 00185 Roma CF 03556801003
rev. 00 del 27/07/2018 Pagina 5 di 5
• in cases of consent-based processing, receive their data provided to the Controller, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
• the right to lodge a complaint with the Supervisory Authority.
13. Right to withdraw the consent
The Data Subject has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation.
14. Rules of exercise the rights
The Data Subject may at any time exercise the rights by sending an email to: email@example.com
15. Legal references
This privacy statement is drawn up on the basis of multiple legislative systems, including articles 13 and 14 of the Regulation (EU) 2016/679.