Notes on the protection of users’ personal data in accordance with the EU General Data Protection Regulation (GDPR) 679/2016.
Updated to: January 2022 and published on the website www.ffbetania.net
This notice provides an overview of the processing of personal data and the rights, in accordance with the data protection regulations, of users accessing the website and the services provided by it, for the purpose of carrying out charitable, religious and cultural activities, in conformity with the respective statutory purposes.
The type of personal data processed depends on the services and products used.
1 – Data controllers
2 – Purpose of the processing and juridical basis
3 – Categories of data
4 – Possible transfer of personal data
5 – Existence of automated decision-making, including profiling
6 – Your rights
7 – Data security
8 – Retention period
1 – Information on Data Controllers
In compliance with Article 4, paragraph 7 and Article 26 GDPR, the Data Controllers are:
Fondazione Betania Onlus, C.F. 93346130722, in person of the President pro tempore, and the Franciscan Fraternity of Betania, C.F. 93017320727, in person of the Superior General pro tempore, both with registered office in Terlizzi (Ba), at Via Pasquale Fiore 143 cap. 70038.
E-mail address: email@example.com
1.1 – Place
The processing of data connected to the web services of the site, takes place at the headquarters of the Joint Data Controllers through the intervention of the persons in charge, under the direct authority of the Joint Data Controllers, to carry out site maintenance and updating activities.
2 – Purpose of the processing and juridical basis
Below we wish to inform you of what personal data we process and for what purposes.
Fondazione Betania Onlus and Fraternità Francescana di Betania inform you that navigation on the site, interaction with social networks and the use of external crowdfunding platforms involve data processing. In particular, for the activities of participation in prayer groups, projects, the activities of the co-owners, for fundraising and in cases where information on the life of the fraternity is requested, common personal data such as name, surname, tax code, address and city of residence, email address are processed.
Data processing is carried out, according to the principle of data minimisation (Art. 5 GDPR 679/2016), within the limits of the statutory purposes, through the intervention of designated individuals, under the direct authority of the Co-owners.
2.1 Juridical basis
The data provided are, thus, necessary for the correct and complete execution of all the activities and charitable projects of the Co-owners aimed at the consecrated life and the support of the underprivileged and those in a state of hardship.
The legal basis for the processing is the execution of a contract to which the data subject is a party, in this particular case, it is the fulfillment of the statutory purposes dedicated to the assistance and human-spiritual formation of young people in difficult situations, reception and prayer; also the fulfillment of legal and tax obligations for the execution of statutory activities of charitable, social, religious and cultural interest; and, furthermore, the pursuit of the legitimate interest of the data controller under Article 6 GDPR: execution of orders imposed by the Authorities or other administrative body (Art. 6.1 lett. e); pursuit of the legitimate interest of the Data Controller in order to protect its rights and grounds, including before the courts, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail -(Art. 6.1 lett. f).
3 – Category of data
Below we would like to inform you about the personal data we process
3.1 Type of data
In order to browse our website it is not necessary for you to provide your data.
The provision of data is only necessary if you want to carry out specific actions such as: making donations or requesting information about the activities of the Co-owners.
When you use the website, we ask you for and collect the following personal data: first and surname, address and country of residence, email address.
This information is necessary for the proper performance of the service and enables us to act in accordance with our legal obligations. Without this data, we may not be able to provide you with the requested services.
3.2 Browsing data
The computer systems and software procedures used to run this site acquire, during their normal operation, certain personal data (such as the name of the website visited, time, date, type of browser and operating system used, page previously visited and IP address) whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interests, but by its very nature could, through processing and association with data held by third parties (e.g. facebook), allow users to be identified. We do not control, supervise or answer for the way your personal data is processed by these third parties, so any enquiries regarding the disclosure of your personal information should be addressed directly to these parties.
This data, in accordance with art 6 (1) f) GDPR, is used for the purpose of obtaining anonymous statistical information on the use of the site in order to check its functionality and is kept for the minimum time required by law. The data could also be used to establish liability in the event of hypothetical computer crimes to the damage of the site.
3.3 Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the necessary acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message. The processing of special data is excluded except in cases of explicit consent.
The main types of cookies we use are:
- Technical cookies: technical cookies are those used for the sole purpose of ‘carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an Information Society service explicitly requested by the user or subscriber to provide such service’. They are not used for any further purposes and are normally installed directly by the website owner or operator.
- Analytics cookies: these are assimilated to technical cookies where they are used directly by the website operator to collect information, in aggregate form, on the number of users and how they visit the site itself.
- Functionality cookies: these allow the user to navigate according to a series of selected criteria (e.g. language, products selected for purchase) in order to improve the service rendered to the user.To deny consent to the use of one or more cookies you can use the functions provided through the cookie management bar on the site and follow the information.
3.5 Interaction with social networks and external platforms
These services enable interactions with social networks (such as Facebook) or other external platforms (crowdfunding platforms), directly from the pages of this website. The interactions and information acquired by this website are in any case subject to the User’s privacy settings relating to any social network or platform. In the event that a social network interaction service is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages where it is installed, the Like button and Facebook (Facebook) social widgets.
3.6 Data recipients
We also inform you that the data collected will never be disclosed and will not be communicated without your explicit consent, except for necessary communications that may involve the transfer of data to public authorities, consultants or other parties for the fulfillment of legal obligations.
Personal data may be disclosed only to the individuals in charge of the data processing and may be divulged only for the purposes of the aforementioned data treatment to employees, external collaborators, system administrators for the maintenance and control of computer systems, professionals in order to fulfill legal obligations in tax and administrative matters and in general to all subjects for whom the communication is necessary for the correct fulfillment of the contractual obligation arising and for the purposes mentioned above. Personal data is not to be subjected to disclosure.
The service providers, external data processors, have been selected and have signed the Engagement Agreement ; they also undertake and are bound by the instructions of the Joint Data Controllers regarding data processing. The Joint Data Controllers have verified what technical and organizational measures are in place to protect the security of personal data processing.
3.7 Compliance with the law, response to requests from public authorities, prevention and protection of our rights.
Betania Foundation Onlus and the Franciscan Fraternity of Bethany may disclose your data, including personal data, to courts, public authorities, government authorities or authorized third parties if and to the extent that it is required or authorized to do so by law or where such disclosure is reasonably necessary: (i) to comply with legal duties; (ii) to comply with legal process and to respond to claims made against the Data Holders; (iii) to meet requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity likely to expose the Data Holders to any risk whatsoever; (iv) to protect the rights, property or personal safety of the Data Holders, its employees, its Members or the general public.
4 -Transfer of personal data
The management and storage of data takes place on paper files and on the servers/databases of the Data Controllers and/or third party companies appointed as Data Processors (System Administrators). The servers/databases on which the above-mentioned data are stored are located in Italy and within the European Union and use databases with Mongo DB technology on Linux Debian 10 64 bit operating system.
Personal data is not to be transferred outside the European Union.
It is in any case acknowledged that the Data Controllers, should it become necessary, will have the faculty to move the location of the archives and servers to Italy and/or to the European Union and/or to non-EU countries. In this case, the Joint Data Controllers hereby guarantee that the transfer of data outside the EU will be carried out in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
We do not sell any personal data to third parties.
However, we reserve the right to disclose your information if we are required to do so by law or if we are requested to do so by authorities or law enforcement agencies (e.g. police, public prosecutor’s office).
5 – Existence of an automated decision-making process
Fondazione Betania Onlus and the Franciscan Fraternity of Bethany do not adopt automated or semi-automated decision-making processes.
6 – Your rights
You have the right to ask us at any time for information about your personal data stored by us and their provenance, the recipients or categories of recipients to whom this data is forwarded or made accessible to, the purposes of storage and processing, the expected storage period, the decisions taken by us automatically, the right to data portability, the existence of the right to rectification, erasure, restriction of processing or revocation of processing and the possible right to submit a complaint to a control authority.
In addition, you have the right to request the rectification of incorrect data and, if the legal prerequisites are met, to the blocking and deletion as well as the restriction of data processing.
All requests for information, access, revocation of consents, objections, and all other requests concerning data processing can also be sent by e-mail to firstname.lastname@example.org.
You have the right to raise complaints regarding the data processing activities carried out by the Data Protection Authority (Garante per la Protezione dei Dati, based in Rome, at Via Monte Citorio 121), following the procedures and instructions published on the Authority’s website www.garanteprivacy.it.
7 – Data security
We take appropriate technical and organizational measures to ensure data security, in particular to protect your personal data and prevent it from being disclosed to third parties, accidentally or maliciously altered, lost or destroyed.
These measures are periodically reviewed and updated to the latest state of the art.
8 – Retention period
In principle and in accordance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Art. 6 GDPR 2016/679, your personal data will be kept for the period of time necessary to achieve the purposes for which they are collected and processed, subject to compliance with any specific legal obligations.
If the data is no longer necessary to fulfill contractual or legal obligations, it will be routinely deleted, unless its further limited processing is necessary to fulfill the above purposes.