Fondazione RIC

Uniti dalla fiducia per la ricerca

Progetto: Gestione a distanza dello scompenso cardiaco

Privacy Policy

Introduction

The Fondazione Ricerca e Innovazione Cardiovascolare (in the following, also “Fondazione R.I.C.”) is aware of the importance of safeguarding privacy and people’s rights, and since the internet is a potentially strong tool for the circulation of your personal data, it intended to make a serious commitment to respecting rules of conduct – in line with the European Regulation 679/2016 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (referred to as “GDPR”) – that guarantee safe, controlled and confidential browsing on the web.

This policy for the protection of the confidentiality of information may be subject to change over time, also as a result of additions and changes to the laws and regulations on the subject or due to our institutional decisions, therefore, we invite you to periodically consult this section of our website.

We therefore thank you for taking note of the rules that our organization has adopted for the collection and processing of personal data, always providing a satisfactory service to the users of its websites.

Basic principles of the privacy policy of the Fondazione R.I.C. 

  1. Perform the treatment (art. 4, paragraph 2, GDPR: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination,  limitation, erasure or destruction”) of personal data (art. 4, paragraph 1, GDPR: “any information relating to an identified or identifiable natural persondata subject»); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”) exclusively for the purposes and in the manner illustrated in the information to be provided, which is presented to the user from time to time when he or she accesses a section of the site in which the direct or indirect provision of personal data is envisaged;
  2. Use data that has been voluntarily released by the user;
  3. Use technical cookies to facilitate navigation on the site and analytical cookies for statistical purposes;
  4. Use profiling cookies only if the user has given consent to such use;
  5. Transmit the data to third parties (data processors) – art. 4, paragraph 8, GDPR: “art. 4, paragraph 8, GDPR: “the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller“) exclusively for purposes that are instrumental to what is expressly requested and carefully selected by us;
  6. Communicate the data to third parties for activities related to what is of interest or if this is required by law, regulation or EU legislation;
  7. where applicable and subject to explicit consent (art. 4, paragraph 11, GDPR: “any freely given, specific, informed and unambiguous expression of intent by the data subject, by which he or she expresses his or her consent, by means of an unequivocal statement or affirmative action, that personal data concerning him or her are being processed“), communicate the data to third parties for their autonomous processing;
  8. Respond to requests for access to personal data, rectification or deletion of the same, to exercise the right to be forgotten, to limit processing or the right to object to their processing. To ensure the exercise of the right to data portability as well as, to object to the processing of data for the purposes of information communications on our projects and requests for financial contributions in support of our institutional activities, surveys and research, to make known the possibility of making a complaint to the supervisory authority;
  9. Ensure the correct and lawful processing of your data, safeguarding your confidentiality, as well as apply appropriate security measures to protect the confidentiality, integrity and availability of the data.

Purposes of data processing and methods of processing – legal basis of the processing – data collection criteria

Purpose of data processing

As explained in more detail in the sections where you can register – by providing your personal data – for the services reserved for users of our website, the requested data will be used to respond to requests expressly made by the user. All data collection – and its subsequent processing – is aimed in particular at pursuing the institutional purposes of the company Fondazione R.I.C. and especially for:

  1. Registration on the site to use the services provided by the same;
  2. Regular and one-time donations, made in various ways (credit card, direct debit, PayPal or other);
  3. Request for collaboration with the Fondazione R.I.C. (as a volunteer or as an employee for open positions);
  4. Know how to donate the 5xmille in favor of the Fondazione R.I.C. in the context of your tax return and to take advantage of the related tax deductions and request to receive a reminder on our tax code;
  5. Request for information on various topics related to our mission and of interest to you;
  6. Direct you to our social media channels;
  7. Send comments and request information from the expert via blog;
  8. Comply with laws, regulations and EU legislation;
  9. Send promotional material, advertising on our mission and on medical-scientific dissemination and awareness-raising actions, carry out surveys and research;
  10. Make personalized contacts by proposing adherence to actions or soliciting donations in line with the characteristics of behavior, interest and preference, only in the event that the person has expressed a desire for such personalization of contact.

As set out in the list above, personal data may be processed for purposes other than those for which the user provided them. In particular, they may be processed for marketing purposes (point 9), i.e., for the purpose of promotional contacts on events, initiatives, awareness-raising and scientific dissemination projects, solicitation of donations, surveys and research, based on the condition of “legitimate interest” (art. 6, paragraph 1, letter f, GDPR, recital C47 and Opinion 6/2014 of the Working Party 29) of Fondazione R.I.C. This legitimate interest lies in maintaining the relationship established with the data subject, to keep him or her informed about the awareness-raising actions that it is considered useful to make known in order to demonstrate its constant commitment to the achievement of its mission of collective and social interest in the medical field. This legitimate interest is permissible pursuant to art. 6, paragraph 1, letter f, GDPR and recital C47, GDPR and from Opinion n. 6/2014 art. 29 Data Protection Working Party, by. III.3.1., as an alternative mechanism to the explicit consent of the data subject. This legitimate interest is acquired by the Fondazione R.I.C. (and counterbalanced by the interest of the person) to the extent that – through their actions on the site (e.g.: adhesion to a project, donation) – The user has shown that he/she is interested in and shares the principles of the Fondazione R.I.C. for such direct marketing activities, the data will be kept in our archives for the period of time necessary to provide such information services. Obviously, this retention period is extended for as long as the person’s interest in maintaining contact with the Fondazione R.I.C.: If he or she is no longer interested, it is sufficient to communicate it through the methods explained below and the appropriate technical and organizational measures will be taken to no longer disturb the person.

As per point 10 of the above list, these promotional contacts may also involve a process of “profiling” (art. 4, paragraph 4, GDPR – “any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance,  the economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person“) and will only be carried out if the data subject has expressly wished – and therefore, unequivocally consented – to be subjected to such processing. In this case, since it is not lawful to apply the condition of legitimate interest, the legal basis of the processing will be the consent given by the person (art. 6, paragraph 1, letter a, GDPR).  This process will involve the selection of the information stored with respect to the data subject, cross-referenced to determine a profile that reflects the characteristics and behaviors of the person, so that he/she receives communications of interest to him/her and in line with his/her preferences, actions and personal characteristics (e.g.: amount donated, frequency of donation, adherence to initiatives, type of requests made) and, are,  therefore, of specific interest and not of disturbance. The data will be kept as long as it is believed that the person maintains this profile and, therefore, the personalized contacts created with profiling are actually to his/her liking. Also, in this case, this storage will cease if he/she object at any time to the processing of personal data concerning he/she carried out for profiling to the extent that it is related to direct marketing.

In any case, la Fondazione R.I.C. will not use the data provided for purposes other than those related to the service to which the user has subscribed, and, in any case, only within the limits indicated from time to time in the information to be provided pursuant to art. 13, GDPR.

Methods of data processing

All processing performed within this site will be carried out with both paper and electronic or telematic tools, with logics related to the purposes for which the data were collected and in compliance with current security regulations, for the purposes specified from time to time in the ffinformation to be provided ex art. 13, GDPR.

Data Collection Criteria

The forms to be filled in – online or to be downloaded – include both data that are strictly necessary to adhere to what is of interest and whose failure to indicate does not allow the request to be processed, and optional data to be provided. Therefore, the user is free to provide the personal data contained in the request forms or in any case indicated in contacts with the Fondazione R.I.C. to request information or for the other purposes listed above. In these cases where the provision of data is mandatory, their absence may make it impossible to obtain what has been requested. The need to request the data as mandatory for adherence to individual projects or initiatives or to make requests has been considered in compliance with the provisions of art. 25, GDPR (“Data Protection by design and by default“), which require the prior assessment of appropriate technical and organizational measures, such as “pseudonymization” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organisational measures designed to ensure that such personal data is not attributed to an identified or identifiable natural person”),  to effectively implement data protection principles, such as minimisation, and to integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR and protect the rights of data subjects. In addition, the Fondazione R.I.C. has put in place appropriate technical and organisational measures to ensure that, by default, only the personal data necessary for the specific purpose of the processing deriving from the project to which the data subject has voluntarily subscribed are processed.

Policies Used to Define the Data Retention Limit

The data will be stored in our archives (art. 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether such set is centralized, decentralized or distributed in a functional or geographical way”) according to criteria that vary according to the category of the data, the nature of the processing and the purposes of the processing itself. The criteria or the precise retention limit are described in the information to be provided pursuant to art. 13, GDPR at the time of providing personal data.

In principle, the following assessments apply: Fondazione R.I.C. to establish the data retention policy:

  1. All data with respect to the various forms of donation are kept as long as the relationship remains active and for a number of years equal to that imposed by laws, regulations, including EU regulations, for administrative and accounting purposes. In addition, they will be kept for the time strictly necessary to pursue the legitimate interest of the Fondazione R.I.C. in the case of asserting or defending a right in court or otherwise ordered by law enforcement, judiciary and supervisory bodies for their institutional activities. For administrative and accounting purposes, the data will be kept for 10 (ten) years.
  2. All data of donors or those interested in our activity processed for marketing purposes are kept for the period of time necessary to provide the information services reserved for these persons. This right and interest in information are acquired at the time of joining any initiative that demonstrates the user’s sharing of the principles of the Fondazione R.I.C, whether this involves a donation or is an action of interest and participation in the institutional philosophy of the Fondazione R.I.C. that period is also justified by the legitimate interest of the Fondazione R.I.C. to maintain a constant relationship with the person to keep him informed about the projects that could be financed with the contribution of donors or about the awareness-raising actions that he/she considers useful to make known to demonstrate his/her constant commitment to the realization of his/her scientific projects in the field of research. This legitimate interest is permissible pursuant to art. 6, paragraph 1, letter f), GDPR as an alternative mechanism to the explicit consent of the data subject. Obviously, this retention period is extended for as long as the person’s interest in maintaining contact with the Fondazione R.I.C.: if he/she is no longer interested, it is sufficient to communicate it through the methods set out in the paragraph “Rights of data subjects with respect to data concerning them” and the Fondazione R.I.C. will take the appropriate technical and organisational measures to ensure that the person is no longer disturbed. In the event that the “legitimate interest” mechanism is not applicable and the consent of the data subject has been requested, even though forms of similar content that unequivocally demonstrate the user’s wish, the retention criteria will in any case be those illustrated in this point
  3. All data used for marketing activities with profiling, the processing of which is supported by a positive action of the person to such processing, explicitly declaring that he or she wishes to do so, are kept as long as the profile of the data subject is in line with the personalized communications created through the cross-referencing of the information available to us and, therefore, as long as the Fondazione R.I.C. pursues its institutional research objectives with projects, initiatives, actions and activities that require financial contributions or that stimulate awareness (e.g.: solicitation of adhesion to initiatives and events, requests for opinions and surveys) that are of interest to the person who has expressed the desire to receive information of this nature and that reflect the characteristics and behaviors of the same and are,  therefore, of specific interest and not of disturbance. Also in this case, this storage will cease if he/she objects at any time to the processing of personal data concerning he/she carried out for these purposes, including profiling to the extent that it is related to such direct marketing.

After the expiry of the periods set out above, the identification data are transformed into anonymous form and used only for statistical reports that do not allow the identity of the person to be traced but which are useful for adapting projects, initiatives and actions for the realization and achievement of the statutory and institutional objectives of Fondazione R.I.C. personal data (personally identifiable) will therefore be destroyed.

Place of data processing

The processing connected to the web services of this site takes place at the aforementioned office of Fondazione R.I.C. and are handled by technical personnel authorized to process them. If necessary, the related data may be processed by the staff of third-party companies that take care of the maintenance of the technological part of the site (data processor pursuant to art. 28, GDPR), at their offices.

Data Controller

Fondazione Ricerca e Innovazione Cardiovascolare – Via Sollecito Arisi 14, 26900 Lodi (LO) – is the data controller (art. 4, paragraph 7, GDPR: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”), pursuant to and for the purposes of the GDPR, since it decides in what manner and for what reasons, communicated in the information to be provided to data subjects,  collect and use the personal data provided by the user, as well as with which tools to process them and which security procedures to activate to ensure their integrity, confidentiality and availability, subject to the obligations and responsibilities provided for by art. 24, GDPR.

Data Protection Officer

The Data Protection Officer is the person who Fondazione R.I.C. involves him/her in many issues concerning the protection of personal data and supports him/her in controlling, where required, how to process and protect data. It is also the point of contact for data subjects who want to know details about the processing of their data. The Data Protection Officer can be contacted at the email segreteria@fondazioneric.org .

Data Processors and Persons Authorised to Process

Your personal data may be processed, either manually, electronically, or directly by the Fondazione R.I.C. and by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in compliance with the security and confidentiality of the information and constantly checked by us in their work. The controller is “the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller” (art. 4, paragraph 8, GDPR) and is bound by the Fondazione R.I.C. contract, with the definition of the limits of operation on the data, the data that can be processed and the categories of data subjects to whom they refer, the nature and purpose of the processing, the limits of data retention, the obligations and rights that the Fondazione R.I.C. has towards the person in charge, and with the prohibition of using it other than the task entrusted. It may, if authorised, formally, in a general or specific manner, by the Fondazione R.I.C., make use of other processors, who are contractually bound by the initial processor appointed directly by the Fondazione R.I.C.: Violations committed by such other controllers are the responsibility of the original responsible party and not of the Fondazione R.I.C..

The complete and up-to-date list of data processors (and, where applicable, of processors appointed by the original processor, subject to our authorization) can be obtained at segreteria@fondazioneric.org alternatively, by writing to Fondazione Ricerca e Innovazione Cardiovascolare – via Sollecito Arisi 14, 26900 Lodi (LO).

The personal data collected will be made available to persons authorised by the Fondazione R.I.C. pursuant to art. 29, GDPR that carry out processing activities that are essential for the pursuit of the purposes indicated above; the categories of persons authorised to process the data are, from time to time, specified in the information to be provided pursuant to art. 13 of the GDPR. Generally, they are the persons in charge of providing specific services, administration, management of information services, relations with actual and potential donors, organizers of information campaigns on our projects and institutional activities in support of our social and collective interest initiatives.

Third parties to whom your data is communicated

For purposes related to the provision of the service to which the user has subscribed, the data may be made available to third parties, who will act as independent data controllers, and who provide services instrumental to satisfy the user’s request (for example, issuers of credit cards or PayPal for transactions related to donations) or to whom the communication of data is necessary to comply with laws or regulations.

Your data may also be made available to control bodies, police forces and the judiciary by virtue of laws and regulations that provide for the communication and performance of their institutional activities.

In addition, the data may be communicated to third parties, non-profit organizations, project partner companies, institutions, for autonomous uses (as independent data controllers) for their institutional purposes: this “communication” will only take place if the data subject has given his or her explicit consent. The dissemination of data, subject to the user’s explicit consent, may be consequent to the type of service or initiative to which the user has subscribed.

Other third parties who collaborated with the Fondazione R.I.C.

The Fondazione R.I.C., in the context of its activities to raise awareness and present its institutional activities, as well as to improve the services provided to persons who have relations with the Fondazione R.I.C. or in any case interested in and close to our institutional principles, may turn to third-party services that collaborate with and receive from the Fondazione R.I.C. information and data held in its own archives.

It is clarified here that these transmissions of information and data always take place anonymously or using “pseudonymization” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures designed to ensure that such data are not attributed to an identified or identifiable natural person“). Such anonymized data are processed, by way of example and not limited to:

  1. Facebook (privacy policy at  https://www.facebook.com/policy.php)
  2. Twitter (privacy policy at https://twitter.com/it/privacy)

In addition, as better defined in the “Cookie policy”, the Fondazione R.I.C. uses Facebook pixels for retargeting actions, i.e., to show the user with certain characteristics manifested during web surfing, advertisements and banners that refer to our foundation.

Rights of data subjects with regard to their data

They can be practiced, at any time, at segreteria@fondazioneric.org (alternatively, by writing to Fondazione Ricerca e Innovazione Cardiovascolare – Via Sollecito Arisi 14, 26900 Lodi (LO)) the rights pursuant to art. 15-22 of the GDPR as follows: 

Right of access (Article 15, GDPR)

The individual has the right to request whether his or her personal data is being processed and, therefore, has the right to access information concerning him or her and to obtain information about:

  1. Purpose of the processing (e.g.: management of a donation);
  2. Categories of personal data; (e.g.: personal data, behavioural data)
  3. Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. Where possible, the envisaged retention period of the personal data or, if this is not possible, the criteria used to determine that period;
  5. The existence of the right to request the rectification or erasure of personal data or the restriction of the processing of personal data or to object to their processing;
  6. The right to lodge a complaint with a supervisory authority;
  7. If the data is not collected directly from the individual, all available information about its origin;
  8. The existence of automated decision-making, including profiling and meaningful information about the logic used, as well as the significance and expected consequences of such processing for the individual. (e.g.: if the person has associated a profile of donation habits by cross-referencing donation amount with frequency and campaign).

Right to rectification (Article 16, GDPR)

The individual shall have the right to obtain the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the individual shall have the right to obtain the completion of incomplete personal data, including by providing a supplementary statement.

Right to erasure (“right to be forgotten”) (Article 17, GDPR)

You have the right to obtain the erasure of your personal data if you have an obligation to erase your personal data without undue delay, for one of the following reasons:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. The consent on which the processing is based is revoked and if there is no other legal basis for the processing (e.g.: legitimate interest, regulatory or contractual obligations);
  3. You object to the processing for marketing and profiling purposes and there is no overriding legitimate reason to proceed with the processing;
  4. The personal data has been unlawfully processed;
  5. The personal data must be erased in order to comply with a legal obligation under Union or Member State law to which you are subject.

Right to restriction of processing (Article 18, GDPR)

You have the right to obtain the restriction of the processing of your personal data where one of the following grounds applies:

  1. The data subject contests the accuracy of the personal data, for the period necessary to verify the accuracy of the personal data;
  2. The processing is unlawful and the individual opposes the erasure of the personal data and requests instead that its use be restricted; (e.g.: it does not mean that the processing is carried out for marketing purposes but only for managerial and administrative purposes)
  3. Although the data is no longer required for the purposes of processing, the personal data are necessary for the establishment, exercise or defence of legal claims;
  4. The data subject has objected to the processing if the processing is based on his or her legitimate interests, pending verification as to whether his or her legitimate grounds prevail over those of the individual.

Obligation to notify in the event of rectification or erasure of personal data or restriction of processing (Article 19, GDPR)

The individual shall have the right to request that the rectification or erasure of data or restriction of processing be communicated by the Fondazione R.I.C. to other subjects to whom the data may have been communicated. The Fondazione R.I.C. may not comply with the request, if the means to be employed are disproportionate to the right to privacy invoked by the person.

Right to data portability (“data portability”) (article 20, GDPR)

This right allows the data subject to receive in a structured, commonly used and machine-readable format the personal data concerning him or her that he or she has provided to a data subject who processes his or her data and has the right to wish to transmit such data to a data subject for the latter’s use without hindrance from the entity to whom he or she has provided them. This right can be exercised in the following cases:

  1. The processing is based on consent or on a contract or on pre-contractual measures requested by the same person and, at the same time,
  2. The processing is carried out by automated means.

The individual has the right to have his or her data transferred directly from one person to another (from the one to whom he or she has provided them to the one to whom he or she wants them to be transmitted), if technically feasible.

Right to object (Article 21, GDPR)

You have the right to object to the processing of your data for the purposes of the legitimate interests of the Fondazione R.I.C. or of third parties, provided that the interests or fundamental rights and freedoms of the individual who require the protection of personal data, including for profiling purposes, are not overridden.

If personal data is processed for marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling to the extent that it is related to such marketing activity.

Automated decision-making relating to natural persons, including profiling (Article 22, GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In particular, you have the right to object to the profiling to which you are subjected through automated processes.

You may not exercise this right if the decision:

  1. It is necessary for the conclusion or performance of a contract;
  2. It is authorised by Union law or the law of the Member State to which you are subject, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the individual;
  3. It is based on explicit consent.

The person has the right to express his or her opinion and to challenge the decision of the Fondazione R.I.C..

Complaint to the supervisory authorities

It is possible to contact the supervisory authority, which for Italy is the Guarantor for the Protection of Personal Data, based in Piazza di Monte Citorio 121, 00186 Roma (RM) – www.garanteprivacy.it, using the downloadable form at the URL https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb display/docweb/4535524&zx=e0yn0riezmmw.  

What are cookies and how are they used by the Fondazione R.I.C.

Cookies are pieces of information that are stored on your computer’s hard drive and that are sent by your browser to a web server and that relate to your use of the network. As a result, they allow you to know the services, the sites you use and the options that you have been exposed to when you browse the net.

The data collected through cookies will be used for technical needs, in order to ensure easier, more immediate and faster access to the site and its services and easier navigation for the individual user.

Profiling cookies may also be used, subject to the user’s consent, to create user profiles based on the sections of the site or the actions performed by the user on this site or while browsing the web.

The use of so-called session cookies (which are not stored permanently on the user’s computer and are automatically deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. The so-called session cookies that are used on this site avoid the use of other computer techniques that could potentially compromise the confidentiality of users’ browsing and do not allow the acquisition of personal data identifying the user. Conversely, profiling cookies make it possible to know the user’s web browsing and detect their interests, expressed needs and preferences and then allow the creation of advertising campaigns or profiles to better target, in a personalized way, promotional, institutional and awareness-raising communications. In any case, you can configure your browser so that you are notified when you receive a cookie and then decide whether to accept it.

To learn about our cookie policy and third-party cookie policies, please read the extended information by clicking HERE.

Navigation data

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified users, but by its very nature could, through processing and association with data held by third parties, allow the users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful,  error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are only used to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

The security of your personal data

The Fondazione R.I.C. adopts appropriate and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures have been developed with the aim of preventing damage, loss, even accidental, alteration, improper and unauthorized use of your data.

In particular, the Fondazione R.I.C. has put in place technical and organisational measures to ensure a level of security appropriate to the risk that could affect the rights and freedoms of individuals, including the confidentiality and confidentiality of information concerning them. It adopts security policies that include, but are not limited to:

  1. The “pseudonymisation” (art. 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organisational measures to ensure that such personal data are not attributed to an identified or identifiable natural person“) and/or encryption of the data
  2. Systems that permanently safeguard the confidentiality, integrity, availability and resilience of processing systems and services
  3. Systems to restore the availability and access of personal data in a timely manner in the event of a physical or technical incident
  4. Procedures for regularly testing, verifying and evaluating the effectiveness of technical and organisational measures in order to ensure the security of processing.

Similar preventive security measures are adopted by third parties (data processors) the Fondazione R.I.C. has entrusted processing of your data on its own behalf.

On the other hand, the Fondazione R.I.C. It is not responsible for untruthful information sent directly by the user (e.g., correctness of the e-mail address or postal address or other personal data), as well as information concerning him or her that has been provided by a third party, even fraudulently.

Credit card and financial information required for donation

In the case of a donation made by credit card, the Fondazione R.I.C. guarantees maximum confidentiality and security. The financial information of the credit card (number, expiry date, personal details of the cardholder) can only be known by the issuing institution. The Fondazione R.I.C. will only have knowledge of a code (“token”) that cannot be traced back to the identity of the credit card holder or to the details of the credit card.

Similarly, the same criteria of confidentiality will be maintained in the case of a donation made by bank transfer, for which it is only required to enter a “reason code” at the time of making the transfer.

If the donation is made through PayPal, you will be redirected to the PayPal website and, therefore, the criteria of confidentiality and security are exclusively the responsibility of PayPal, excluding any responsibility on the part of the Fondazione R.I.C..

Finally, in general, the Fondazione R.I.C.  assumes no responsibility for unauthorized or fraudulent use by third parties of the information pertaining to the instruments used for the transaction related to the donation.

P3P

This privacy policy can be consulted automatically by the most recent browsers that implement the P3P (“Platform for Privacy Preferences Project“) standard proposed by the World Wide Web Consortium (www.w3c.org).

Every effort will be made to make the functions of this site as interoperable as possible with the automatic privacy control mechanisms available in some products used by users.

Considering that the state of perfection of the automatic control mechanisms does not currently make them free from errors and malfunctions, it should be noted that this document constitutes the “Privacy Policy” of this site which will be subject to updates.