Privacy Policy

The Associazione Italiana per la Lotta al Neuroblastoma O.N.L.U.S. tax code: 95032940108 in the person of its legal representative pro tempore, with registered office at the Istituto G. Gaslini in largo G. Gaslini 5, 16147 Genova as the Data Controller in accordance with the EU Regulation 2016/679- General Data Protection Regulation (hereinafter “GDPR” or “Applicable Legislation”) recognizes the importance of the protection of personal data and considers its protection one of the main objectives of its activity.

Before disclosing any personal data, the Data Controller invites you to carefully read this privacy policy (“Privacy Policy”), as it contains important information on the protection of personal data and the security measures taken to ensure its confidentiality in full compliance with the Applicable Legislation.

Furthermore, this Privacy Policy:

• is to be understood as Information provided pursuant to Article 13 of the Applicable Legislation to those who provide personal data to the Data Controller also through, for example, paper data collection forms or who interact with the site https://neuroblastoma.org (“Site”), while it does not apply to other websites that may be consulted through external links;
• complies with Recommendation No. 2/2001 on minimum requirements for online data collection in the European Union, adopted on May 17, 2001 by the Article 29 Working Party.

The Data Controller informs that the processing of your personal data will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality. Your personal data will therefore be processed in accordance with the legislative provisions of the Applicable Legislation and the confidentiality obligations therein.

1. DATA CONTROLLER AND PERSONAL DATA PROTECTION OFFICER (ALSO DATA PROTECTION OFFICER or DPO)

In light of the Applicable Regulations, the Data Controller of the Site is the Associazione Italiana per la Lotta al Neuroblastoma O.N.L.U.S. with registered office at the Istituto G. Gaslini in largo G. Gaslini 5, 16147 Genova as more defined above. For any information inherent to the processing of personal data, including the list of data processors, you may contact the Data Controller, addressing requests to the Horus S.r.l. Società Benefit (Data Protection Officer or “DPO”) available at dpo@horusconsulenza.it.

2. PERSONAL DATA SUBJECT TO PROCESSING

“Personal Data” means any information relating to an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, mental, economic, cultural, or social identity.

The Personal Data collected are as follows:

NAVIGATION DATA

The Site’s computer systems collect certain Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with you, but which by its very nature could, through processing and association with data held by third parties, allow you to be identified. Among these are the IP addresses or domain names of the devices used to connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to your operating system and computer environment. These data are used in order to obtain anonymous statistical information on the use of the Site and to check its correct functioning; to allow – given the architecture of the systems used – the correct provision of the various functions you requested, for security reasons and to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site or third parties and are deleted after 7 days.

DATA VOLUNTARILY PROVIDED

Through the Sites (e.g. filling out the “Contact Us” form, sending an email to the addresses listed, making a purchase/donation, filling out the “Become a Volunteer” form, etc.) or by sending a photo or through paper data collection forms filled out by personnel authorized by the Data Controller, has the opportunity to voluntarily provide Personal Data such as first name, last name, address, telephone, date of birth, address, social security number, e-mail, photo, request information, make a donation and/or purchase a gift or to associate, become a testimonial. The Data Controller will process these data in compliance with the Applicable Legislation, assuming that they refer to you or to third parties who have expressly authorized you to give them based on a suitable legal basis that legitimizes the processing of the data in question. With respect to such hypotheses, it stands as an autonomous data controller, assuming all the obligations and responsibilities of the law.

In this sense, it confers on this point the widest indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the Data Controller from third parties whose Personal Data have been processed through its use of the Site in violation of the Applicable Regulations.

COOKIES AND RELATED TECHNOLOGIES

The Owner collects Personal Data through cookies. More information about the use of cookies and related technologies is available in the menu on the right side.

3. PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING

The Personal Data you provide through the Site or through the completion of paper forms will be processed by the Data Controller for the following purposes:

1. purposes inherent to the performance of a contract to which you are a party or to the execution of pre-contractual measures taken at your request (e.g.: request for contact through the Contact Us form, to make a gift purchase, to make a donation, to join, to become a volunteer, subscribe to the newsletter);
2. purposes of statistical research/analysis on aggregated or anonymous data, thus without the possibility of identifying the user, aimed at measuring the functioning of the Site, measuring traffic and evaluating usability and interest;
3. purposes related to the fulfillment of a legal obligation to which the Data Controller is subject;
4. purposes necessary to establish, exercise or defend a right in court or whenever judicial authorities exercise their jurisdictional functions;
5. purposes of direct marketing;
6. purposes of sending informative/advertising material;
7. becoming a testimonial.

The legal basis for the processing of Personal Data for the purposes in point a) is the provision of a service or response to a request that does not require consent under Applicable Law.

The purpose in point b) does not involve the processing of Personal Data, the purpose in point c) relates to fulfillments of a legal obligation while the purpose in point d) represents legitimate processing of Personal Data within the meaning of the Applicable Legislation in that, once Personal Data has been conferred, the processing is indeed necessary to fulfill a legal obligation to which the Data Controller is subject, the purpose in point e) and f) represent processing of legitimate interest (Art.6(1)(f), GDPR, recital C47, GDPR and Opinion 09 April 2014, No. 6 of Working Party 29, para. III.3 .1.) of the Associazione Italiana per la Lotta al Neuroblastoma O.N.L.U.S. and the Fondazione Italiana per la Lotta al Neuroblastoma O.N.L.U.S., in keeping active the relationship established by the donor who, with his or her act of donation, has manifested liking and sharing of our causes in support of the implementation of programs to defeat Neuroblastoma and Pediatric Solid Tumors through innovative research projects aimed at identifying new and effective therapies and personalized treatments. The Holder will, therefore, inform the person about its activities and, in particular, about which projects could be financed with financial contributions or about the awareness actions that it is considered useful to make known in order to demonstrate its constant commitment to the realization of its mission; the contacts will allow the person to learn about these opportunities and to decide, if he/she wishes, to join them. This is counterbalanced by the person’s expectation to receive information regarding topics of his/her interest and, therefore, of his/her manifested liking, activating himself/herself by donating and, therefore, sharing the mission and projects of the Associazione Italiana per la Lotta al Neuroblastoma O.N.L.U.S. and the Fondazione Italiana per la Lotta al Neuroblastoma O.N.L.U.S. In addition, another legal basis with respect to the processing of the e-mail address for promotional purposes is represented by Article 130, paragraph 4, d. lgs 196/2003 as amended by d. lgs 101/2018, which admits to send promotional e-mails to interested parties who in the purchase process (such as donation) have conferred the e-mail provided that they have not objected immediately or upon receipt of the promotional e-mail and messages of that tenor. In the case of contacts made through instant messaging (e.g., WhatsApp), the legal basis is the consent of the data subject (Article 6(1)(a) GDPR), or similar unambiguous formula.

The purpose at point g) is only allowed with your consent, which can be revoked at any time.

The provision of your Personal Data for the purposes listed above is optional, but failure to provide it may make it impossible to fulfill a request of yours (e.g. purchase, donation, contact, etc.) or to comply with a legal obligation to which the Controller is subject.

4. METHODS OF PROCESSING

The data processing is carried out, by means of the operations indicated in art..4, point 2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

The Personal Data of the data subjects are processed by means of suitable electronic, computer and telematic tools (e.g. the Site and the servers where the user is registered), or by manual paper processing (e.g. filling in paper forms), with logic strictly related to the purposes for which the Personal Data have been collected and, in any case in such a way as to ensure the security and confidentiality of the data.

No use is made of automated processes (e.g., profiling).

The contacts referred to in points e) and f) of the chapter “PURPOSE, LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF THE PROCESSING” may take place through traditional means of communication (e.g., paper mail, landline or mobile phone with operator) or electronic means (e.g., e-mail). Contacts may also be made through instant messaging systems (e.g.: WhatsApp).

5. PARTIES WHO CAN ACCESS THE DATA

The Personal Data will be processed by the Owner’s personnel in charge of processing the personal information collected:

• employees authorized to manage the Site and provide related services, as data processors and/or systems administrators;
• employees in the marketing, finance, administration, and accounting departments, in their capacity as data processors.

The Controller may also require its service providers to perform certain data processing operations on their behalf, according to the instructions provided to them and in line with this Privacy Policy. The aforementioned providers will process personal information in their capacity as Data Processors on the basis of appropriate contractual commitments, and include, by way of example, providers of services for the management of the Information Systems and the Site (hosting providers, e-mail management, 2000net S.r.l.- providers of database management and maintenance services, website management and maintenance, Pinworth S.r.l.).

Suppliers of services related to the shipping and delivery of purchased products (couriers and freight forwarders), companies or other professionals, to whom we turn for services of a professional nature (freelancers or companies providing legal or tax advice and assistance, banking operators), will instead process the data, as autonomous Data Controllers.

Purchase transaction information is handled securely through suppliers who also, as autonomous Data Controllers, guarantee to take the most appropriate security measures. The Data Controller will not have access to any information regarding the user’s credit card (e.g., card number) used by the user to make the payment, as the payment will be made by directly accessing the website of the online payment service provider.

The use of data by the autonomous Data Controllers is not governed by this Privacy Policy.

The updated list of Data Processors and Autonomous Holders, is available by contacting the Data Protection Officer at privacy@neuroblastoma.org.

6. THIRD PARTIES TO WHOM INFORMATION MAY BE DISCLOSED

The Personal Data collected may also be communicated to third parties for the following reasons:

• in order to fulfill obligations under laws, regulations, protocols and national or European legislation;
• in order to implement regulations required by Public Authorities;
• in order to enable the Holder’s defense in court, for example in the case of violations by network users.

The mentioned parties will process the information as autonomous Data Controllers. The use of the data by the mentioned third parties will therefore not be governed by this Privacy Policy.

The data will not be disseminated under any circumstances.

7. TRANSFERS

Your Personal Data will not be transferred to Recipients outside the European Economic Area. Should they be in the future, the Data Controller ensures that the electronic and paper processing of your Personal Data will take place in compliance with Applicable Law. Indeed, transfers will be based alternatively on an adequacy decision or Standard Model Clauses approved by the European Commission. More information and copies of these agreements will be available from the Data Controller by contacting the Data Protection Officer.

8. DATA RETENTION

The Data Controller will process your Personal Data for as long as is strictly necessary to achieve the purposes indicated in point 3). By way of example, the Data Controller will keep your Personal Data for the service of sending the newsletter and for sending informative/advertising material until you decide to unsubscribe from the service, for being a testimonial until you revoke your consent, while on the other hand, as far as the informative, fundraising activities are concerned, your Data will be kept as long as you support the Association and/or the Foundation (up to ten years after your last donation, also given the ex lege obligation to preserve the records) and thereafter for the period of 10 years given the interest of the Association and/or the Foundation in receiving economic support and sharing in its initiatives from all the people available to support the activities of the Association and/or the Foundation, of course you may exercise at any time the rights set forth in point 10 below. Notwithstanding the above, the Association will process your Personal Data for as long as permitted by Italian law to protect its interests (Art. 2947(1)(3) c.c.). More information regarding the retention period of Personal Data and the criteria used to determine this period may be requested by contacting the Data Protection Officer at privacy@neuroblastoma.org.

9. SOCIAL NETWORK INTERACTION

Directly from the page of the website https://neuroblastoma.org you can make interactions with social networks (e.g. Facebook), or with other external platforms.

The interactions and information acquired are in each case subject to the privacy settings of the data subject related to each social network.

When an interaction service with social networks is present, it is possible that, even in the case that data subjects do not use the service, it collects traffic data related to the pages where it is installed.

Since the installation of third-party Cookies through the services used within the Site cannot be controlled by the Data Controller, any specific reference to Cookies and tracking systems installed by third parties is to be considered indicative.

In this regard, we encourage you to always refer to the privacy policies provided by the respective social networks.

FACEBOOK PERMISSIONS REQUIRED BY WEBSITE

This website may require certain Facebook permissions that allow it to perform actions with the User’s Facebook account and collect information, including Personal Data, from it. This service allows this site to connect with the User’s account on the social network Facebook, provided by Facebook Inc.

For more information about the following permissions, you may refer to the Facebook permissions documentation and Facebook’s privacy policy.

The required permissions are as follows:

• BASIC INFORMATION: The basic information of the User registered on Facebook which normally includes the following Data: id, name, image, gender and language of location and, in some cases, Facebook “Friends.” If the User has made additional Data publicly available, the same will be available.
• SHARING: Sharing in place of the user.
• INSIGHT: Provides access to Insight data for pages, applications and domains that the user owns.
• LIKE: Provides access to the list of all pages that the user has liked.

10. SECURITY MEASURES

The Data Controller adopts appropriate and preventive security measures to safeguard the confidentiality, integrity, completeness, and availability of Personal Data. The Data Controller has put in place technical, logistical and organizational measures with the aim of preventing, preventing or limiting the risk of loss, alteration or misuse of Data.

The Owner is committed to protecting all Personal Data received. The Data Controller informs that the password is one of the account protection mechanisms, so users are encouraged to use a sufficiently secure password kept in a safe place, limiting access to the account to their own computers and browsers, logging off after visiting the site.

The Owner is committed to protecting the information received from users. All personal information provided is stored on secure servers.

The Owner uses appropriate security measures to protect information from unauthorized access or modification, and transmission or distribution of data. In order to prevent unauthorized access, maintain data accuracy, and ensure the proper use of information, the Owner uses appropriate physical, electronic, and managerial procedures to safeguard and secure the information and data stored in its system.

The Owner uses the standard SSL (Secure Sockets Layer) connection in order to protect the confidentiality of the user’s personal information. Although no computer system is completely secure, the Owner believes that the measures taken reduce the possibility of security problems to a level appropriate for the type of data involved.

11. INFORMATION OF A FINANCIAL NATURE

The Holder ensures the utmost confidentiality and security of information of a financial nature collected for purposes of acquiring donations and/or purchases etc, made through credit cards or bank transfer or other payment systems.

For example, information on purchase/donation transactions etc. performed online, by credit card, are handled securely, through selected providers who as autonomous Holders, guarantee to take the most appropriate security measures. The Holder does not have access to any information regarding the credit card and/or other financial information used by the user. These transactions will take place exclusively by automatically accessing the website of the online payment service provider.

12. DATA FROM USERS UNDER THE AGE OF 18

The Site is not directed to minors under the age of 18, and the Owner does not knowingly collect Personal Information from them and requests that such individuals do not provide their Personal Information through the Services.

In case of accidental registration of any information about minors, the Owner will promptly delete it.

13. RIGHTS

As a data subject, you have the right to obtain from the Data Controller confirmation of the existence of personal data concerning you and their communication in intelligible form; you may also request to know the origin of the data; the purposes and methods of processing; obtain the updating, correction or integration of the data. In addition, he/she can always revoke his/her consent, requesting the interruption of the processing, cancellation, anonymization or blocking of the processed information.

He/she may object, in whole or in part, to the processing: a) for legitimate reasons to the processing of data concerning him/her; b) for the purpose of sending advertising material or carrying out market research or commercial communications. It also holds the rights under Articles 15 – 22 GDPR (right to confirmation, right to be forgotten, right to restriction of processing, right to data portability, right to object).

The Owner also offers users the tools to update and modify the personal information provided. Indeed, each registered user can access and update his or her personal information (e.g., through the user account).

Pursuant to the Applicable Regulations, he/she has in any case the right to lodge a complaint with the competent supervisory authority (Data Protection Authority) as provided for in Art. 77 of the Regulations themselves, or to take appropriate legal action (Art. 79 of the Regulations).

Complaint to the Supervisory Authority: you have the right to lodge a complaint with the Supervisory Authority, which in Italy is the Guarantor for the Protection of Personal Data – Piazza Venezia 11, 00187 Rome (RM) – www.garanteprivacy.it, e-mail: protocollo@pec.gpdp.it, using the form available at https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw.

You may exercise the above rights at any time by contacting the Data Protection Officer by registered mail with return receipt at largo G. Gaslini 5, 16147 Genova, Italy, or by e-mail at privacy@neuroblastoma.org.

14. CHANGES

For legal and/or organizational reasons, this Privacy Policy may be subject to change; therefore, we recommend that you regularly check this Privacy Policy and consult the latest version of it published on the website.