Cat Eye Syndrome International Onlus (hereinafter also “Cat Eye Syndrome International” or “CESI onlus”) is aware of the importance of safeguarding privacy and the rights of people and because the Internet is a potentially powerful tool for the circulation of your data personal, wanted to seriously engage in complying with rules of conduct – in line with European Regulation 679/2016 of the European Parliament and of the Council, of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data, as well as to the free circulation of such data (hereinafter “GDPR”) – which guarantee a safe, controlled and reserved web navigation.
This policy of protecting the confidentiality of information may change over time, also depending on the integrations and legislative and regulatory changes on the subject or for our institutional decisions, therefore, we invite you to periodically consult this section of our site.
Thank you, therefore, for seeing the rules that our organization has imposed on us in collecting and processing personal data and always providing a satisfactory service to the users of our sites.
carry out the processing (article 4, paragraph 2, GDPR: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, or ‘organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, the limitation, cancellation or destruction “) of personal data (art. 4, paragraph 1, GDPR:” any information concerning an identified or identifiable natural person (“interested”); the natural person who can be identified can be directly identified or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more elements characteristic of his physical, physiological, genetic, mental, economic, cultural or social identity “) exclusively for the purposes and according to the methods illustrated in the information to be provided which are presented to the user from time to time who accesses a section of the site in the which is expected to provide, directly or indirectly, personal data;
- use the data that was spontaneously released by the user;
- use technical cookies to facilitate site navigation and analytical cookies for statistical purposes;
- use profiling cookies only if the user has consented to such use;
- transmit the data to third parties (data processors – Article 4, paragraph 8, GDPR: “Article 4, paragraph 8, GDPR:” the natural or legal person, public authority, service or other body that processes data personal data on behalf of the data controller “) exclusively for instrumental purposes to those expressly requested and carefully selected by us;
- communicate the data to third parties for activities related to what is of interest or if this is imposed by law, regulation or legislation;
- if applicable and subject to explicit consent (art. 4, paragraph 11, GDPR: “any manifestation of free, specific, informed and unequivocal will of the interested party, with which he expresses his consent, by unequivocal declaration or positive action, that the personal data concerning him are subject to processing “), communicate the data to third parties for their independent processing;
- respond to requests for access to personal data, rectification or cancellation of the same, of exercising the right to oblivion, limitation of treatment or the right to oppose their treatment. Ensure the exercise of the right to data portability as well as oppose the processing of data for informational communication purposes on our projects and requests for economic contributions in support of our institutional activities, surveys and research, make known the possibility of making a complaint to the supervisory authority;
- ensure a correct and lawful processing of your data, safeguarding your confidentiality, as well as applying appropriate security measures to protect the confidentiality, integrity and availability of the data.
- Purposes of data processing and processing methods – legal basis of processing – data collection criteria
Purpose of data processing
As better explained in the sections that allow you to adhere – by releasing your personal data – to the services reserved to the users of our site, the requested data is used to respond to requests expressly made by the user. In particular, all data collection and subsequent processing activities are aimed at pursuing the institutional aims of CESI onlus and, in particular for:
- regular and one-off donations, performed in various ways (credit card, bank direct debit, PayPal or other);
- request for collaboration with CESI onlus;
- signing of petitions, initiatives or specific projects and activities of CESI onlus;
- information on testamentary legacies;
- to know how to donate the 5xmille to CESI onlus in the context of its own tax return and to make use of the related tax deductions;
- request for information;
- direct the user to our social channels;
- comply with laws, regulations and legislation;
- send promotional, advertising material about our mission and awareness actions / projects, carry out surveys and research;
As reported in the list above, personal data may be processed for purposes other than those for which the user has issued them.
In any case, CESI onlus will not use the data provided for purposes other than those connected to the service to which the user has subscribed, and, in any case, only within the limits indicated from time to time in the information to be provided pursuant to art. 13, GDPR.
Data processing methods
All processing operations performed on this site will be carried out using both paper and electronic or telematic tools, with logic related to the purposes for which the data was collected and in compliance with the applicable safety standards, for the purposes specified by time in time in the information to be provided pursuant to art. 13, GDPR.
Data collection criteria
The forms to be filled out – online or to be downloaded – include both data that are strictly necessary to adhere to what is of interest and whose non-indication does not allow the request to be executed, and optional conferment data. Therefore, the user is free to provide personal data contained in the application forms or indicated in contacts with CESI onlus non-profit organization to request information or for other purposes first listed. In these cases of mandatory data provision, their absence may make it impossible to obtain what is requested.
Criteria used to define the limit of data retention
The data will be kept in our archives (Article 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether this set is centralized, decentralized or distributed in a functional or geographical manner”) according to criteria variable according to the data category, the nature of the processing and the purposes of the processing itself. The precise conservation criteria or limit are described in the information to be provided pursuant to art. 13, GDPR when providing personal data.
In principle, the following evaluation by CESI onlus is valid to establish the data retention criterion:
all the data with respect to the various forms of donation are kept as long as the relationship remains active and for a number of years equal to that which laws, regulations, even community ones, impose for administrative and accounting purposes. Furthermore, they will be kept for the time strictly necessary to pursue the legitimate interest of CESI onlus non-profit organization in the case of enforcing or defending a right in a court of law or otherwise ordered by law enforcement, judiciary and control bodies for their institutional activities. For administrative and accounting purposes, the data will be kept for no. 10 (ten) years.
After the above periods have elapsed, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but which are useful for adapting the projects, initiatives and actions for the realization and achievement of the statutory and institutional objectives of CESI onlus. Personal data (personal identification data) will therefore be destroyed.
For purposes related to the provision of the service to which the user has adhered, the data could be made available to third parties, which will act as autonomous data controllers, and which provide instrumental services to satisfy the user’s request (for example, credit institutions or credit card issuers to manage donation payments) or to whom the communication of data is necessary to comply with laws or regulations.
Place of data processing
The processing operations connected to the web services of this site take place at the aforementioned CESI onlus headquarters and are handled by authorized technical personnel. In case of need, the connected data can be processed by the personnel of third-party companies that take care of the maintenance of the technological part of the site (data controller in accordance with art. 28, GDPR), at its offices.
Cat Eye Syndrome International Onlus – with registered office in Via Molteni 149, 00125 Rome (RM) – is the data controller (Article 4, paragraph 7, GDPR: “the natural or legal person, the public authority, the service or other body that, individually or together with others, determines the purposes and means of processing personal data of personal data “), pursuant to and for the purposes of the GDPR, since it decides how and for what reasons, communicated in the information to provide to the interested parties, collect and use the personal data provided by the user, as well as with which tools to treat them and which security procedures to activate to guarantee the integrity, confidentiality and availability, subjecting to the obligations and responsibilities provided by the art. 24, GDPR.
Data Protection Officer
The Data Protection Officer is the person that CESI onlus involves in many questions regarding the protection of personal data and that supports CESI onlus in controlling, where required, how to treat and protect data. It is also the point of contact for interested parties who want to know details about the processing of their data. The Data Protection Officer of CESI onlus can be contacted at firstname.lastname@example.org
Data processors and authorized persons for treatment
If deemed necessary, your personal data may be processed, either manually or electronically or telematically, either directly by CESI onlus or by third parties who, having experience, technical skills, professionalism and reliability, carry out processing operations on our behalf, in respect of the security and confidentiality of the information and constantly monitored by us in their work. The controller is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (Article 4, paragraph 8, GDPR) will be bound by CESI onlus contractually, with definition of the operational limits on the data, of the data that can be processed and of the categories of data subjects to which they refer, of the nature and purpose of the processing, of the limits of data storage, of the obligations and rights that SI has towards the manager , and with the prohibition of using them differently from the assignment. It may, if authorized, formally, generally or specifically, by CESI onlus, make use of other managers, who are contractually bound by the initial manager directly appointed by CESI onlus: the violations committed by these other managers fall under the responsibility of the initial manager and not of CESI onlus.
The complete and up-to-date list of data processors (and, if applicable, the managers appointed by the initial manager, subject to our authorization) can be requested at email@example.com (alternatively, by writing to Cat Eye Syndrome International Onlus ℅ Sylvie Renault – Via Molteni 149, 00125 Rome (RM).
The personal data collected will be made available to persons authorized by CESI onlus pursuant to art. 29, GDPR that carry out indispensable processing activities for the pursuit of the purposes indicated above; the categories of persons authorized to treat are, from time to time, specified in the information to be provided pursuant to art. 13, GDPR. In general, these are the persons in charge of providing specific services, administration, management of information services, relations with actual and potential donors, organizers of information campaigns on our actions or projects.
Third parties to whom your data is communicated
For purposes related to the provision of the service to which the user has adhered, the data could be made available to third parties, which will act as autonomous data controllers, and which provide instrumental services to satisfy the user’s request (for example, credit institutions or credit card issuers to manage donations) or to whom the communication of data is necessary to comply with laws or regulations.
Your data may also be made available to control bodies, police forces and the judiciary by virtue of laws and regulations that provide for their communication and for carrying out their institutional activities.
Furthermore, the data may be disclosed to third-party non-profit organizations, project partner companies, organizations, for autonomous use (as independent data controllers) for their institutional purposes: this “communication” will only take place if the interested party has expressed your explicit consent. The dissemination of the data, subject to the explicit consent of the user, could be consequent to the type of service or initiative to which the user has adhered (eg: list of the subscribers of an online petition).
Transfer of personal data to third countries
The eventual transfer of personal data to third countries (outside the EU), for instrumental treatments for the management of the user’s action or adhesion or for reasons of data processing optimization, will take place by adopting the contractual clauses prescribed by the decision 05/02 / 2010 of the European Commission, as a mechanism allowed by law as an alternative to the explicit consent of the interested party, as well as in order to provide appropriate and appropriate guarantees pursuant to articles 46 or 47 or 49 of the GDPR.
Other third parties that work with Cat Eye Syndrome International
CESI onlus, in the context of its own activities of awareness raising and presentation of its mission, as well as to improve the services rendered to people who have relationships with CESI onlus or in any case interested and close to the institutional principles of CESI onlus, can turn to third-party services that they collaborate with and receive information and data from CESI onlus held in their own archives.
Here it is clarified that these transmissions of information and data always take place in an anonymous way or with “pseudonymisation” techniques (art. 4, paragraph 5, GDPR (“the processing of personal data so that personal data can no longer be attributed to a specific interested party without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures intended to ensure that such personal data is not attributed to an identified or identifiable natural person “). anonymized data are treated, by way of example and not limited to:
Rights of data subjects with respect to the data concerning them
You can exercise, at any time, at firstname.lastname@example.org (alternatively, by writing to Cat Eye Syndrome International Onlus ylv Sylvie Renault – Via Molteni 149, 00125 Rome (RM)) the rights ex artt.15- 22, GDPR below:
Right of access (article 15, GDPR)
The person has the right to request if his personal data is being processed and, therefore, has the right to access the information concerning him and to have news on: purpose of the processing (eg: management of a donation); categories of personal data; (ex .: personal data, behavioral data); recipients or categories of recipients to whom personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations; when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period; existence of the right to request the rectification or cancellation of personal data or the limitation of the processing of personal data or to oppose their processing; right to lodge a complaint with a supervisory authority; if the data is not collected directly by the person, all the information available on their origin;
Right of rectification (Article 16, GDPR)
The person has the right to obtain the rectification of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, even providing a supplementary declaration.
Right to cancellation (“right to oblivion” – “right to be forgotten”) (article 17, GDPR)
The person has the right to obtain the deletion of the personal data concerning him and he has the obligation to delete personal data without unjustified delay, for one of the following reasons: personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; the consent on which the treatment is based is revoked and if there is no other legal basis for the processing (eg .: own legitimate interest, regulatory or contractual obligations); we oppose the processing for marketing and profiling purposes and there is no legitimate prevailing reason to proceed with the treatment; personal data have been processed illegally; personal data must be deleted in order to fulfill a legal obligation under the law of the Union or of the Member State to which one is subject.
Right to limitation of treatment (article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists: the person disputes the accuracy of personal data; the processing is unlawful and the person opposes the deletion of personal data and instead requests that its use be limited; (eg: does not intend that the processing is carried out for marketing purposes but only for management and administrative purposes) although data are no longer needed for the purposes of processing, personal data is necessary for the person to ascertain, exercise or defend a right in court; the person has opposed the treatment if the treatment is based on their own legitimate interests, pending verification regarding the possible prevalence of their legitimate reasons with respect to those of the person. Obligation to notify in the event of rectification or cancellation of personal data or limitation of processing (article 19, GDPR) The person has the right to request that the correction or deletion of the data or limitation of the processing be communicated by CESI onlus to other subjects to whom the data may have been communicated. CESI onlus may not comply with the request, if the means to be used are disproportionate with respect to the right to privacy invoked by the person.
Right to data portability (“data portability”) (article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by automatic device, the personal data concerning him provided to a subject who submits his data to treatment and has the right to want to transmit such data to a subject for use of the latter without impediments on the part of the person to whom it was supplied. This right can be exercised in the following cases: the treatment is based on the consent or on a contract or on pre-contractual measures requested by the same person and, at the same time the processing is carried out by automated means. The person has the right to obtain that his data is transferred directly from one person to another (from the one to whom he gave them to the one he wants to be transmitted to), if technically possible.
Opposition right (Article 21, GDPR)
The person has the right to object to the processing of his / her data for the pursuit of the legitimate interest of CESI onlus or third parties, provided that the interests or the fundamental rights and freedoms of the person that require the protection of personal data do not prevail, even to profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning them for such purposes, including profiling to the extent that it is connected to such marketing activity.
Automated decision-making related to individuals, including profiling (Article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or that significantly affects his person. In particular, it has the right to oppose the profiling to which it is subjected through automated processes. This right cannot be exercised if the decision: it is necessary for the conclusion or execution of a contract; is authorized by the law of the Union or of the Member State to which one is subject, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the person; is based on explicit consent. The person has the right to express his opinion and to challenge the decision of CESI Onlus.
Complaint to the supervisory authorities
You can contact the supervisory authority that for Italy is the Guarantor for the Protection of Personal Data according to the methods indicated on the website of the Guarantor for the Protection of Personal Data accessible at: www.garanteprivacy.it.
What are cookies and how they are used by Cat Eye Syndrome International
Cookies are information stored on the hard disk of your PC and are sent from your browser to a Web server and refer to your use of the network. As a result, they allow to know the services, the sites visited and the options that, surfing the net, have been manifested.
This information is therefore not provided spontaneously and directly, but leaves a trace. The data collected through the cookies will be used for technical needs, in order to guarantee an easier, immediate and rapid access to the site and its services and an easy navigation to the individual user.
Profiling cookies may also be used, subject to the user’s consent, to create user profiles based on the sections of the site or the actions performed by the user on this site or by surfing the net.
The use of c.d. session cookies (which are not stored permanently on the user’s computer and are automatically deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient site exploration. I c.d. Session cookies that are used on this site avoid the use of other IT techniques that are potentially prejudicial to the privacy of users’ browsing and do not allow the acquisition of personal identification data of the user. Vice versa, profiling cookies allow users to know how to browse the web and detect their interests, expressed needs and preferences and then allow them to create advertising campaigns or create profiles to better target promotional and institutional communications in a personalized way and awareness. In any case, you can configure the browser so that you are notified when a cookie is received and then decide whether to accept it.
To learn about our policy on cookies and third-party cookies policies, we invite you to read the relevant extended information available on the site.
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, but by their very nature could, through processing and association with data held by third parties, allow identification of the users themselves. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s computer environment. These data are only used to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
The security of your personal data
CESI onlus adopts suitable and preventive security measures designed to safeguard the confidentiality, integrity, completeness and availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which aim to prevent damage, even accidental losses, alterations, improper and unauthorized use of the data concerning you.
Similar preventive safety measures are adopted by third parties (data processors) which CESI onlus has entrusted with processing operations of your data for its own account.
On the other hand, CESI onlus does not hold itself responsible for the untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and which are been provided by a third party, even fraudulently.
Credit card and financial information necessary for the donation
In the case of a donation made by credit card, CESI onlus guarantees maximum confidentiality and security. The financial information of the credit card (number, expiration, general information of the holder) may be known exclusively by the issuing institution. CESI onlus will have knowledge only of a code (“token”) that has no possibility of tracing back to the identity of the credit card holder or to the credit card details.
Similarly, the same criteria of confidentiality and confidentiality will be maintained in the event of a donation made by bank transfer, for which only a “causal code” is requested when making the transfer.
If the donation is made through PayPal, you will be redirected to the PayPal site and, therefore, the criteria of confidentiality and security compete exclusively with PayPal, excluding any liability on the part of CESI onlus.
In general, finally, CESI onlus does not assume any responsibility with regard to unauthorized or fraudulent use by third parties of information pertaining to the instruments used for the transaction connected to the donation.