Privacy notice for Human Safety Net's Donors

1. The Human Safety Net Foundation  processes your personal data
Fondazione Generali – The Human Safety Net ONLUS (hereinafter, also THSN Foundation), with registered office at Piazza Duca degli Abruzzi 2, 34132 in Trieste processes your personal data as Data Controller.

If you wish to receive more information, you can use the following postal address:
Fondazione Generali – The Human Safety Net ONLUS, Piazza Duca degli Abruzzi no. 2, 34132 Trieste.

For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can contact our Data Protection Officer:

  • By email atdpoag@generali.com
  • By traditional mail at: Assicurazioni Generali, Piazza Tre Torri no. 1, 20145 Milano to the attention of the Data Protection Officer.


2. How we use your personal data and on the basis of which ground
We process your personal data in the context of digital donations with the purpose of performing all necessary activities for managing your digital donations including, for example:

(i)  Issuing a receipt for fiscal purposes;
(ii)  Keeping you informed about THSN Foundation activities;

Processing of your personal data for the purposes indicated under the previous points is a processing necessary to enable you to make the donation and to allow the THSN Foundation to comply with the contractual obligations as well as the legal requirements. The processing of personal data for the purposes of sending updates on our initiatives and activities is based on the legitimate interest of THSN Foundation, as strictly necessary in the pursuit of the said legitimate interest, and is suitably balanced against your fundamental rights and freedoms.

3. Why the provision of your personal data is required
For managing our relationship, communication of your personal data is mandatory, as it is necessary for a proper implementation of your donation to THSN Foundation. 
 
Therefore, the failure in the communication or the partial or inaccurate communication may have, as consequence, the impossibility to to carry out the requested activities and could prevent THSN Foundation from fulfilling its obligations.
 

4.    Which personal data we use
We process only the personal data strictly necessary to achieve the purposes above indicated. We mainly process: 

(i) Identification data;

(ii) E-mail address,

in addition to any other personal data provided by you, if any.
 

5. With whom we share your personal data
Our staff processes your personal data with modalities and procedures, also in electronic form, appropriate to ensure an adequate level of security.

Your personal data can be shared only with third parties which have been assigned with the task to perform some activities concerning your relationship with the Company. Depending on the activity performed, such third parties may act as  Data ProcessorsJoint Controllers or autonomous Data Controller. 

Our staff and third parties which process your personal data for the purposes above indicated – exception for autonomous Data Controllers – receive proper instructions about the correct modalities of the processing. Your personal data are not disseminated.

6. Where we transfer your personal data
As a general rule, we do not transfer your personal data in Countries outside the European Economic Area.

In exceptional cases, limitedly for the purposes indicated above, we may transfer your personal data to a third party above described or to a public body requesting it, also in Countries outside the European Economic Area.

In any case, the transfer of Your personal data is performed in compliance with the applicable laws and international agreements in force, as well as on the basis of appropriate and suitable safeguards (such as, for example, transfer to a Country ensuring an adequate level of protection or adopting the standard contractual clauses approved by the EU Commission).

7. The rights you can exercise in respect of the processing of your personal data
You can exercise the following rights in respect to your personal data:
-  Access – you may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing;
-  Rectify – you may ask the Company to correct personal data that is inaccurate or incomplete;
-  Erase – you may ask the Company to erase personal data where one of the following grounds applies;
   a. Where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   b. You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
   c. You object to automated decision-making and there are no overriding legitimate grounds for the processing;
   d. The personal data have been unlawfully processed;
   e. The personal data have to be erased for compliance with legal obligation in Union or Member State law to which the Company is subject;
    f. The personal data have been collected in relation to the offer of information society services.
-  Restrict – you may ask the Company to restrict how it processes your personal data, requesting only their storage, where one of the following applies;
   a. You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data;
   b. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  c. The Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
 d. You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for the Company override those of you.
-  Portability – you may ask the Company to transfer the personal data you have provided us to another organisation or / and ask to receive your personal data in a structured, commonly used and machine readable format.

In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the data have been made available.

You can exercise your rights by contacting our Data Protection Officer at the contact details above indicated. The request of exercise of rights is free of charge, unless the request is manifestly unfounded or excessive.

8. Your right to object to the processing of your personal data
You have the right to object to the processing of your personal data and request the stop of the processing operations when they are based on the legitimate interest (refer to How we use your personal data and on the basis of which ground).

9. Your right to lodge a complaint to the Supervisory Authority
In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint to the Italian Personal Data Protection Authority – Garante per la Protezione dei Dati Personali with the modalities indicated on the Authority’s website (www.garanteprivacy.it)

10. How long we retain your personal data
Your personal data can be retained for the duration of your relationship with us, in accordance with current legislation, unless specific regulations require a longer retention period.

Changes and updates of the privacy notice
Also considering possible amendments of the applicable privacy laws, THSN Foundation may integrate and/or update, wholly or partially, this privacy notice. Any changes, integrations or updates will be communicated in compliance with applicable laws also through the THSN website, www.thehumansafetynet.org

 

Glossary

To help you understanding our privacy notice, please find below the meaning of the main terms contained therein: 

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.

Personal data means any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).

Special categories of data are the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person's sex life or sexual orientation.

Genetic data are the personal data relating to the inherited or acquired genetic characteristics of a person which give unique information about the physiology or the health of said person and which result, in particular, from the analysis of a biological sample from the person in question.

Biometric data are the personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a person, which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data. 

Data concerning health are the personal data related to the physical or mental health of a person, including the provision of health care services, which reveal information about his or her health status.

Judicial data data are the personal data related to criminal convictions and offences or to the connected security measures afflicted to a person.

Data subject is the person whose personal data are processed.

Data controller is the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).

Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.

Data Processor  means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).

Consent  means any data subject's wish, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to him or her. For the consent to be valid, the data subject’s wish needs to be freely given, specific for each processing operation, collected upon the provision of a privacy notice and clearly distinguishable from any other declarations.

Personal data breach breach means a breach of security (physical or IT) leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

The Garante per la Protezione dei Dati Personali is the Italian Supervisory Authority for the protection of personal data.