DONATIONS PRIVACY POLICY

European General Data Protection Regulation 679/2016 (GDPR)


Categories and data processed

The processing concerns the individuals (and legal entities) who have decided to contribute to the activities of the Fondazione Valter Baldaccini. The contribution may be made by bank transfer, payment to a postal giro account, or cheque. Payments may also be made by credit card through the Foundation’s website.
The data included in the processing are, or may be: donor’s first and last name, amount donated, date of the donation, reason, e-mail address, tax code, IBAN code, and mailing address.

Purposes for which the data are collected and purpose of the processing

Your first and last name and the amount donated are clearly necessary to complete the donation.
Your tax code is necessary to prepare the receipts needed to obtain a tax deduction.
Your IBAN code and mailing or e-mail address are not strictly necessary, but may be processed in order to be able to send you a receipt and thank-you letter, to keep you up to date on the Foundation, to send you future requests for support, and for other communication activities.
The purpose of the processing is the funding of the Fondazione Valter Baldaccini in a way that is easy and convenient for donors.

Processing method

The data concerning the donations are entered into a database. The Foundation prepares a receipt/thank-you letter and draws up the required documentation, which is sent to the donor by internal post, normal post, or directly at the Foundation’s offices.
The data are stored on the UMBRAGROUP S.p.A. servers with the best security measures. With regard to online donations, for the automatic sending of the thank-you letter and tax receipt for the donation, the data are also stored by Copiaincolla.com. 

Consent to the data currently processed

Processing of the data is implicit in the very decision to take part in the donation. Therefore, the Data Controllers do not deem it necessary to request further consent from the persons who have already made this decision. However, when adhering to the GDPR, the Foundation will inform the Data Subjects:
•    that it has several categories of personal data regarding them;
•    of the processing method;
•    of the purposes of this processing and its legitimacy;
•    of the data subject’s rights (access, rectification, erasure);
•    of the existence of a Privacy Policy Statement for the data subject.

Exercise of rights

The Data Controller agrees to accept immediately, or within 10 days at most, the requests for access, rectification, or erasure of personal data or objection to further processing if such requests come from the data subject, and it has prepared a form for the purpose that is available at its headquarters. In any case it will also accept requests – provided they are in writing and signed – that may arrive in any other way. 

Risks for the Data Subject

In the event of loss or dissemination of the data, the damage for the privacy of the data subject would be extremely limited.

Risk minimization measures

Various measures intended to limit risk have been devised.
Data are not subject to further processing by third parties.
Data are not shared with any individual or legal entity outside of the Foundation.
Within the Foundation and the Company, only specific persons formally indicated by internal documents have access to the file containing the data and/or may update it. 
UMBRAGROUP S.p.A. servers do not use cloud architectures and are protected by the best hardware and software security measures. The main hardware and servers and the backup devices are located within the European Union.

Transfer of personal information outside the EU

As far as online donations are concerned, the processor of the data connected with online donations (Copiaincolla.com s.r.l.) does not have its own servers, but uses Amazon Web Services (sub-processor). The users’ data (with the exception of information on payments and credit cards, which are the responsibility of the Bank and do not go through the website) are stored in a database on an Amazon server which is accessible only from the server itself and remotely only from our company network.
Amazon Web Services uses a cloud architecture, so it is not able to guarantee that the data will be kept within the European Union. However, Amazon Web Services:
•    has certified its compliance with the EU-U.S. Privacy Shield Framework (for information: https://www.privacyshield.gov). Its activities are therefore considered subject to a quality supervision equal to that which is expected of an entity operating in the EU;
•    has certified its adherence to CISPE Code of Conduct for Cloud Infrastructure Service Providers. The Code ensures that the cloud provider uses data protection measures that meet the GDPR requirements;
•    has certified its compliance with the Cloud Computing Compliance Controls Catalog (C5), a standard created by the German Authority to verify the consistency between the GDPR requirements and  cloud architectures.

Duration of the data processing

Data are destroyed at the end of 10 years.

Data breach

In the case where the Data Controller suffers a theft of the data and has reason to believe that sensitive personal data have been divulged (data breach), it will make – if deemed necessary – a report to the Personal Data Protection Authority and will inform all data subjects concerned of the breach.

Legitimacy of the data processing

The processing in question entails a risk that is sensitive, albeit improbable, for the customer’s privacy. Nevertheless, considering the fact that:
•    the data are necessary for the best performance of the services requested,
•    the data will never be shared with any other individual or legal entity,
•    security measures have been put in place that reduce the risk of wrongful access or dissemination of the data,
•    the Data Controller has a legitimate interest in organizing the personal data in such a way as to perform the procedures envisaged by the Bylaws and the laws on tax allowances and deductions of charitable donations,
•    a detailed Privacy Policy Statement has been prepared and made available to data subjects,
•    data subjects have been sent a communication compliant with the GDPR,
•    it is possible to exercise the right to access, modification, and erasure of the data at any time,

the Data Controller deems the data processing in question legitimate and in compliance with the spirit and wording of the European General Data Protection Regulation 679/2016, and that the legal basis to continue it exists. 

Data Controller, Processor, DPO

The Data Controller of the processing called “Donations” is Fondazione Valter Baldaccini, Via V. Baldaccini, 1 – 06034 Foligno (Perugia, Italy), Tel. +39 0742 348 428, e-mail: privacy@fondazionevb.org .
A Processor is UMBRAGROUP S.p.A., Via V. Baldaccini, 1 – 06034 Foligno (Perugia, Italy), Tel. +39 0742 3481, e-mail: info@umbragroup.com.
A Processor is Kudu Srl Società Benefit Via Cavour, 2 22074 Lomazzo(CO) Tel. +39 0236714480, mail: info@kudusrl.com.
A Processor is iRaiser Italia S.R.L. Via Felice Casati 20, 20124 Milano, mail: rgpd@iraiser.eu

The Data Controller, considering the nature and scale of the data processed, deems it unnecessary to appoint a Data Protection Officer (DPO).

The present version of the Privacy Policy Statement was updated on 18th February 2022.

LATEST NEWS OF THE FOUNDATION SEE ALL NEWS
20 December 2024

From the roots: the new issue is now available

The new issue of “From the roots” is out, the biannual magazine of the Valter Baldaccini Foundation...

READ THE NEWS
17 December 2024

The proceeds of the Eteria Fantasy Dinner will go...

On November 30, 2024, the Valter Baldaccini Foundation was involved in the second edition of the Fan...

READ THE NEWS
16 December 2024

At Christmas, give a future: stories from the proj...

The birth of a child is a journey into a new world, sometimes unknown, full of questions and uncerta...

READ THE NEWS
11 December 2024

Valter Baldaccini Foundation's Golden Heart Award:...

The Golden Heart Award has become the source of great joy for the friends and volunteers of the Valt...

READ THE NEWS
09 December 2024

Solidarity: the concrete help of the “Club Amici d...

Today the friends of the Club Amici del Bonsai of Foligno came to visit us, to deliver the donations...

READ THE NEWS
05 December 2024

Azienda Giusta: COMEAR and BSP also join the progr...

Following UMBRAGROUP’S recent initiative, today we are extremely happy to announce that COMEAR and B...

READ THE NEWS
20 November 2024

UMBRAGROUP is the first Azienda Giusta

UMBRAGROUP is the first to join Azienda Giusta, the Valter Baldaccini Foundation’s membership progra...

READ THE NEWS
30 October 2024

Aldo and Ibraim: two work grants to start a new li...

The Valter Baldaccini Foundation’s socio-work inclusion projects were designed to offer opportunitie...

READ THE NEWS
14 October 2024

A gesture of solidarity from the UMBRAGROUP footba...

On Saturday, September 14th, UMBRAGROUP’s soccer team, together with 17 other teams from all over th...

READ THE NEWS

SUBSCRIBE TO THE NEWSLETTER

Get all the updates on current projects and initiatives

DISCOVER THE WAYS TO DONATE

SUBSCRIBE
TO THE NEWSLETTER

Stay up to date on current projects and initiatives

Don't show this window again