Privacy notice

1. Fondazione Generali The Human Safety Net ONLUS processes your personal data
Fondazione Generali The Human Safety Net ONLUS (hereinafter also referred to as "Fondazione THSN"), with registered office at Piazza Duca degli Abruzzi 2, 34132, Trieste, Italy, processes your personal data in its capacity as Data Controller.

If you wish to receive more information, you can use the following postal address:
Fondazione Generali – The Human Safety Net ONLUS, Piazza Duca degli Abruzzi, 2, 34132 Trieste.

If you have any questions or if you wish to exercise your rights regarding the processing of your personal data, you can contact our Data Protection Officer:
by e-mail at: dpothsn@thehumansafetynet.org 
by traditional mail at: Fondazione Generali – Fondazione Generali – The Human Safety Net ONLUS, Piazza Duca degli Abruzzi, 2, 34132 Trieste, Italy.

2. How and why do we use your personal data?
We process your personal data in order to fulfil your request to make a donation in favour of one of the Initiatives sustained by THSN Foundation, in particular for:
1.    manage your donation and send you the related communications, such as the tax receipt, updates on the Initiatives carried out thanks to your donation, etc. 
2.    execute any related regulatory obligations (such as, for example, those concerning anti-money laundering and anti-terrorism controls); 
3.    if necessary, prevent, detect and / or persecute any fraud.
The processing of your personal data for purpose 1 is necessary to implement your request; the processing for purpose  2 is necessary to comply with the legal obligations to which THSN Foundation is subject; the processing for purpose 3 is based on the legitimate interest of THSN Foundation to prevent and identify possible fraud and to put in place a more effective management of our relationships; your data are processed to the extent strictly necessary for the pursuit of this legitimate interest and on the basis of an appropriate balance with your fundamental rights and freedoms. Please note that you are entitled to object to the processing at any time (See 8. Your right to object to the processing of your personal data).

3. Why do we ask you to provide your personal data?
The use of your personal data is necessary for the purposes specified above. Failure to communicate your data, or the partial or inaccurate communication of the same may result in the impossibility to carry out the activities required.

4. Which type of personal data do we use?
We only process personal data for the achievement of the above-mentioned purposes. We mainly process your:
-    biographical and identification data, gender included 
-    Contact data
-    Payment (credit card number, iban, etc. depending on the payment method chosen) 
-    in addition to any other personal data provided by you, if any.

5. Who is your data shared with?
Our staff processes your personal data according to methods and procedures, also in electronic form, that are appropriate to ensure an adequate level of security. Your personal data can only be shared with third parties entrusted with activities concerning the management of the relationship with Fondazione THSN. Depending on the activity carried out, these third parties may act as Data Processors, Joint Controllers or Autonomous Data Controllers. Both our staff and third parties which process your personal data for the above purposes – except for autonomous Data Controllers – receive proper instructions about the correct processing methods.

With particular reference to the management of your donation (point 1), the THSN Foundation uses an online donation platform, which offers you various secure online payment methods (credit card, bank transfer, etc.) to choose from.
The donation platform is provided by iRaiser who acts as THSN Foundation’s data processor. iRaiser uses the secure payment methods provided by Stripe.
These service providers are the only ones that directly collect and process your payment data in order execute your request to donate. 

6. Where is your personal data transferred to?
As a general rule, we do not transfer your personal data to Countries outside the European Economic Area. In exceptional cases, and limited to the purposes indicated above, we may transfer your personal data to a third party described above or to a public agency requesting it, including in Countries outside the European Economic Area.
In any case, the transfer of your personal data is performed in compliance with the applicable laws and international agreements in force, as well as on the basis of appropriate safeguards (such as, for example, transfer to a country that ensures an adequate level of protection or that adopts standard contractual clauses approved by the EU Commission).

7. What rights can you exercise regarding the processing of your personal data?
You can exercise the following rights regarding your personal data:
(i)    Access – you may request access to your personal data to receive information, for example, about which personal data Fondazione THSN is currently processing;
(ii)    Rectification – you may ask Fondazione THSN to correct personal data that are inaccurate or incomplete;
(iii)    Erasure – you may ask Fondazione THSN to delete your personal data where one of the following circumstances applies:
a.    your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b.    you withdraw the consent on which the processing is based and there are no other legal grounds for the processing;
c.    you object to automated processing and there are no overriding legitimate grounds for the processing;
d.    your personal data have been unlawfully processed;
e.    your personal data must be deleted in compliance with legal obligations under the European Union or Italian law to which Fondazione THSN is subject;
f.    your personal data were collected in relation to the offer of information society services;
(iv)    Restriction – you may ask Fondazione THSN to restrict how it processes your personal data, requesting only their storage, where one of the following applies:
a.    you question the accuracy of your personal data, and request the restriction for a period enabling Fondazione THSN to verify it;
b.    the processing is unlawful and instead of deleting your personal data you demand that their use be restricted;
c.    Fondazione THSN no longer needs to process your personal data for the above purposes, but they are required for the finding, exercise or defence of legal claims;
d.    you object to the processing of your personal data and demand that it be restricted while Fondazione THSN verifies that there are no overriding grounds for processing your personal data;
e.    Portability – you may ask Fondazione THSN to transfer the personal data you have provided to another organisation and/or ask to receive your personal data in a structured, commonly used and machine-readable format.
If you have consented to the processing of your personal data, you may withdraw this consent at any time, without prejudice to the validity of the processing carried out before the withdrawal of consent.
If your personal data are transferred outside the European Economic Area, you have the right to obtain a copy of these data as well as an indication of the Country(ies) where the personal data were made available.
You may exercise your rights by contacting our Data Protection Officer – Data Protection Officer, at the contact details given above. The request to exercise rights is free of charge, unless the request is manifestly unfounded or excessive.

8. Your right to object to the processing of your personal data
You have the right to object to the processing of your personal data and request a halt to the processing operations based on Fondazione THSN's legitimate interests (see How and why do we use your personal data?).

9. Your right to lodge a complaint with the Data Protection Authority
If you believe that the processing of your personal data infringes on applicable privacy laws, you have the right to lodge a complaint with the Italian Data Protection Authority as indicated on the Authority’s website (www.garanteprivacy.it).

10. How long do we retain your personal data?
Your personal data can be retained, in compliance with the current legislation, for a period of 10 years since the execution of your request to donate or, in case of disputes, for the statute of limitations set forth under the applicable laws, without prejudice to any longer storage periods provided for by specific laws.

Changes and updates to this privacy notice
In consideration of possible future amendments to the applicable privacy laws, Fondazione THSN may amend and/or update this privacy notice wholly or in part.
It is, however, understood that any amendments, additions or substantial updates will be communicated to you in accordance with the regulations in force, also by means of publication on Fondazione THSN's Corporate Portal www.thehumasfateynet.org.
 

Glossary

To help you understanding our privacy notice, please find below the meaning of the main terms contained therein:

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.

Personal data mean any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).

Special categories of data mean the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person’s sex life or sexual orientation.

Genetic data mean the personal data relating to the inherited or acquired genetic characteristics of a person which give unique information about the physiology or the health of said person and which result, in particular, from the analysis of a biological sample from the person in question.

Biometric data mean the personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a person, which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data.

Data concerning health mean the personal data related to the physical or mental health of a person, including the provision of health care services, which reveal information about his or her health status.

Judicial data mean the personal data related to criminal convictions and offences or to the connected security measures afflicted to a person.

Data subject means the person whose personal data are processed.

Data controller means the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).

Data Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.

Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).

Consent means any data subject’s wish, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to him or her. For the consent to be valid, the data subject’s wish needs to be freely given, specific for each processing operation, collected upon the provision of a privacy notice and clearly distinguishable from any other declarations.

Personal data breach means a breach of security (physical or IT) leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

Garante per la Protezione dei Dati Personali is the Italian Supervisory Authority for the protection of personal data.