Skip to content
Donate now

Privacy Policy

PRIVACY NOTICE of STILL I RISE APS WEBSITE

Pursuant to Articles 13 and 14 of EU REGULATION No. 2016/679 (GDPR)

 

This notice is provided in accordance with the legislation on the protection of individuals with regard to the processing of personal data as set out in EU Regulation 2016/679 (GDPR) “General Data Protection Regulation” and aims to inform you about the processing of the personal data you have provided and that has been acquired by Still I Rise APS.

The Data Controller is Still I Rise APS (VAT No. 91015070633), with its registered office at Via Adelaide Ristori, No. 44 – 00197 ROME.

  • DEFINITIONS.

Processing: Refers to any operation or set of operations performed on personal data, whether by automated means or not, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison or interconnection, restriction, erasure, or destruction.

Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”); a person is considered identifiable if they can be identified, directly or indirectly, particularly with reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Data Controller: The entity that determines the purposes and means of processing the personal data of the Data Subject.

Data Processor: A natural or legal person, public authority, service, or other body that processes data on behalf of the Data Controller.

Data Subject: Users who visit the Still I Rise website, accessible online at the following address: www.stillirise.org.

Cookie: Small text strings that websites visited by the user send to their device (typically to the browser), where they are stored and then retransmitted to the same websites during the user’s subsequent visits. Users can accept, reject, or modify their cookie preferences through the banner/icon that appears on the homepage or through their browser’s preferences. Modifying cookie settings may result in limitations in the display or functionality of the site. For a complete list and description of cookies, please refer to the specific information in the cookie banner.

Third-Party Services: Any service or technology provided by an external entity to the site owner that is integrated or used on the site to enhance functionality, analytics, security, or other aspects of the user experience.

  • PURPOSES, LEGAL BASIS, AND RETENTION PERIODS.

Personal data will be processed for the following purposes, together with the relevant legal bases. The data retention periods indicated are understood to be in addition to the time necessary for the prescription periods related to mutual rights and the time for backup retention.

➤ Allowing full use of the website’s features, a legitimate purpose based on the need to execute a contract or pre-contractual measures, pursuant to Article 6, paragraph 1, letter b) GDPR. In this case, the data will be retained by the Data Controller according to the retention period defined in the cookie policy.

➤ Allowing the analysis of the website and related traffic, as well as optimization to ensure usability, displaying third-party content related to social media (e.g., Facebook), and/or showing third-party advertisements based on the user’s interests, a legitimate purpose based on the consent of the data subject for one or more specific purposes given through the cookie banner, pursuant to Article 6, paragraph 1, letter a) GDPR. In this case, the data will be retained by the Data Controller according to the retention period defined in the cookie policy.

➤ Responding to user requests, a legitimate purpose based on the need to execute a contract or pre-contractual measures, pursuant to Article 6, paragraph 1, letter b) GDPR. In this case, the data will be retained by the Data Controller for 2 years from the year of the request.

➤ Monitoring engagement and performance metrics, as well as managing user interactions, legitimate purposes based on the need to execute a contract or pre-contractual measures, pursuant to Article 6, paragraph 1, letter b) GDPR, or based on the consent of the data subject, pursuant to Article 6, paragraph 1, letter a) GDPR. In this case, the data will be retained by the Data Controller for 2 years from the year of the last interaction.

➤ Carrying out informational and promotional activities related to Still I Rise’s activities (e.g., sales of products or services such as initiatives, projects, events) or conducting market research and surveys, a legitimate purpose based on the consent of the data subject, pursuant to Article 6, paragraph 1, letter a) GDPR. In this case, the data will be retained by the Data Controller for up to 2 years from the year of the last interaction.

➤ Carrying out informational and promotional activities related to Still I Rise’s activities (e.g., sales of products or services such as initiatives, projects, events) similar to those purchased, requested, or participated in, a legitimate purpose based on the legitimate interest of the Data Controller in promoting its activities, pursuant to Article 6, paragraph 1, letter f) GDPR. In this case, the data will be retained by the Data Controller for 2 years from the year of the last interaction.

In addition to the above, as part of the activities necessary for the proper management of the organization, your personal data will also be processed by authorized internal or external personnel for:

  1. Management and maintenance of the network and IT systems, when processing is done through automated means, even partially (for example, when data pass through Still I Rise’s IT systems), based on the legitimate interest in protecting these systems and for the obligations related to information security. Data will be retained in accordance with security implementations and the provisions for the main processing activities described above.
  2. Managing compliance and governance activities, as required by law or based on the legitimate interest of the Data Controller to pursue control and efficiency within the Organization, in accordance with the retention periods established for the main processing activities or according to applicable regulations.
  3. Preventing and detecting abuse and defending the rights and interests of the Data Controller, by retaining the data until the expiration of the prescription periods, unless litigation is involved (in which case, data will be retained until the dispute is definitively resolved), based on the legitimate interest of the Data Controller in protecting its rights and interests.
  • TYPES OF DATA PROCESSED.

The Data Controller primarily processes the following categories of personal data (hereinafter referred to as the “Data”): data related to the provision of an electronic communication service: traffic data, data related to Internet navigation, IP addresses or domain names of the computers used by users connecting to the site, time of the request, method used to submit the request to the server, numeric code indicating the status of the server’s response (success, error, etc.), other parameters related to the operating system and browser used by the user, personal identification and contact data, data related to other ongoing or past relationships with Still I Rise APS, and any other data that the user may voluntarily provide to the Data Controller.  

  • SOURCES OF DATA COLLECTION

The data is collected by the Data Controller directly from the data subject during navigation (see also the cookie table), or automatically through navigation and the use of the online registration form, or through communications sent by the data subject and/or from publicly accessible sources, such as social networks.

  • PROVISION OF DATA.

The data that must be provided due to legal or contractual obligations are indicated at the time of collection (e.g., marked with an asterisk). Failure to provide such data may result in legal or contractual consequences. The failure to provide optional data does not have any consequences, except for the inability to proceed with the processing for which the data is required.

  • AUTOMATED PROCESSES AND PROFILING.

For the pursuit of some of the purposes mentioned above, the Data Controller may use automated processes (decision-making processes carried out through technological tools, without human intervention), including profiling. This involves collecting information about you to analyze your characteristics and categorize you into groups, or to make evaluations, such as sending personalized advertising material based on your previous consumption choices or predictions.

  • TRANSFER OF DATA OUTSIDE THE EU.

Although the Data Controller is committed to selecting services that minimize the processing of users’ personal data, the processing of personal data for the purposes outlined above, which involves the use of cookies and other tracking tools, may result in the transfer of certain data, which is only indirectly identifiable, to countries outside the European Union (EU) or the European Economic Area (EEA).

The servers where the above-mentioned data is stored are located in Italy and within the European Union.

However, it is understood that the Data Controller, if necessary, has the right to move the location of the archives and servers within Italy and/or the European Union and/or to countries outside the European Economic Area. In this case, the Data Controller ensures that such extra-EU transfers will be carried out in accordance with applicable legal provisions, and, if necessary, will enter into agreements that guarantee an adequate level of protection and/or adopt the standard contractual clauses provided by the European Commission.

  • RECIPIENTS OF THE DATA

The personal data processed will be communicated, where necessary and/or functional to the management of the established relationship and in order to pursue the purposes described above, to the following parties:

  • Data processors appointed by the Data Controller and regularly nominated pursuant to Article 29 of the GDPR (e.g., employees and collaborators of the organization);
  • Website manager and other parties duly nominated as data processors in accordance with Article 28 of the GDPR;
  • Third-party service providers, including:

– Google Analytics: collects and analyzes traffic and user behavior data on the website to generate reports and optimize the user experience.

– Google Tag Manager: manages and updates website tracking tags without direct modifications to the code, facilitating the implementation of analytics and monitoring tools.

– Google Conversion Linker: tracks conversions from clicks on ads, retaining the data necessary for monitoring advertising campaigns on Google Ads.

– Cloudflare: protects the website from DDoS attacks and improves network performance, also providing a content delivery network (CDN).

– Facebook Pixel, Conversions Tracking, SDK: monitor user activity on the site to optimize advertising campaigns on Facebook and analyze interactions.

– Facebook Custom Audiences: the Facebook Custom Audiences service creates custom audience segments based on user data or behaviors to optimize Facebook advertising campaigns.

  • Other parties to whom the data must be communicated in compliance with legal obligations, including, by way of example and not limitation, public authorities.
  • RIGHTS OF THE DATA SUBJECTS.

The individuals to whom the aforementioned personal data refer (so-called “data subjects”) have the right to exercise their rights according to the methods and within the limits provided by the applicable privacy laws. In relation to the processing of their personal data, the data subject has the right to request from Still I Rise APS:

  • Access: To confirm whether or not personal data concerning them are being processed, and to obtain further clarification regarding the information in this Privacy Policy, as well as to receive the data itself, within reasonable limits based on the common sense of a reasonably diligent person;
  • Rectification: To rectify or complete the data they have provided or that is otherwise in the possession of the Data Controller, where such data is inaccurate;
  • Erasure: To request the deletion of their data, which have been acquired or processed by Still I Rise APS, when they are no longer necessary for the purposes of the association or if there are no ongoing disputes or controversies; further, in case of withdrawal of consent, opposition to processing, unlawful processing, or if there is a legal obligation to delete the data;
  • Restriction: To request the limitation of processing of their personal data, in accordance with Article 18 of the GDPR; in this case, the data will not be processed, except for storage purposes, without the data subject’s consent, except as stated in the same article, paragraph 2;
  • Objection: To object at any time to the processing of their data based on a legitimate interest of the association, unless there are legitimate reasons for Still I Rise APS to proceed with processing that override the data subject’s interests, such as the exercise or defense of the association’s rights in court; the objection of the data subject will always take precedence over the legitimate interest of the APS in processing the data for promotional purposes;
  • Data Portability: To request to receive their data or have it transmitted to another controller specified by the data subject, in a structured, commonly used, and machine-readable format.

Finally, pursuant to Article 7, paragraph 3, GDPR, the data subject may withdraw their consent at any time, without affecting the lawfulness of the processing based on the consent given prior to the withdrawal.

The data subject also has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Garante per la Protezione dei Dati Personali, located at Piazza Venezia 11, 00187 – Rome – https://www.garanteprivacy.it/.

  • EXERCISE OF RIGHTS. 

For the exercise of the rights referred to in the previous point 9, or to report any issues or request clarifications regarding the processing of personal data, the Data Subject can send their request by mail to the Data Controller, Still I Rise, Via Adelaide Ristori, 44 – 00197 Rome, specifying the subject of the request, or by email to the following address: [email protected].

The response time to the Data Subject is one (1) month, extendable by two (2) months in cases of particular complexity; in such cases, the Data Controller will provide at least an interim communication to the Data Subject within one (1) month. The exercise of rights is, in principle, free of charge; however, the Data Controller reserves the right to request a fee for manifestly unfounded or excessive (including repetitive) requests, in accordance with the guidelines provided by the Data Protection Authority.

  • CHANGES TO THE PRIVACY NOTICE.

Changes to the personal data processing described above or the entry into force of new national and international legal and regulatory provisions, including specific legislation concerning third-sector entities, may require modifications to the methods and terms described in this Privacy Notice. Therefore, this document may be updated over time to ensure it remains accurate.

Any changes will be reflected in the updated date at the bottom of the document. We recommend regularly reviewing the privacy notice, and you can also request a copy from the Data Controller.

Rome, 26/11/2024

Still I Rise APS

 

Support
Still I Rise

With your regular donation you can change the fate of the most vulnerable children in the world.

Donate now