Data Processing and Data Protection PolicyLast Revised: 5 February 2024

The purpose of this Policy is to inform you about how we process your personal data.

Un Ponte Per ETS (UPP) is committed to complying with the rules of conduct – in line with the European Regulation 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") – which guarantee a secure,  controlled and confidential web browsing. This policy for the protection of the confidentiality of information may be subject to change over time, also as a result of additions and changes to the laws and regulations on the subject or due to our institutional decisions, therefore, we invite you to periodically consult this section of our website.

 

UPDATE YOUR CONSENT TO DATA PROCESSING

User's rights

Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, the User has the right to:

  • Withdraw your consent at any time.
  • Object to the processing of your Data.
  • Access their Data (the User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed).
  • Verify and request rectification (the User can verify the correctness of his/her Data and request its updating or correction).
  • Obtain the restriction of processing, when certain conditions are met (the User may request the restriction of the processing of their Data, in which case the Data Controller will not process the Data for any other purpose than their storage, provided that this fulfills the additional obligations provided for by law of the Data Subject).
  • Obtain the erasure or removal of their Personal Data (when certain conditions are met, the User may request the deletion of their Data by the Data Controller).
  • Receive his/her Data and/or have it transferred to another controller (the User has the right to receive his/her Data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain its transfer without hindrance to another controller; this provision is applicable when the Data are processed with automated tools and the processing is based on the User's consent,  on a contract to which you are a party or on contractual measures related to it).
  • Lodge a complaint (you may lodge a complaint with the competent data protection supervisory authority or take legal action)

To exercise the above rights, requests should be addressed to the physical address of the Data Controller or by email privacy[at]unponteper.it.The
privacy[at]unponteper.it email address  is managed by:

  • Head of the Communication and Fundraising Department and
  • by the Directorate-General,

as Responsible for any Complaint, Request and Rectification process according to the policies of this Organization.
See: Complaint and Response Mechanisms Policy

Data Protection Ownership and Responsibility

Un Ponte Per ETS is the name of our association, which has its registered office in Rome, via Angelo Poliziano 18 – 20 – 22.
The association Un Ponte Per ETS is the data controller pursuant to and for the purposes of EU Regulation 2016/679 (GDPR).
We publish our content through websites: one, main, whose address is www.unponteper.it
a second www.sostegniadistanza.unponteper.it, third www.figlidellostessomondo.it site, fourth www.30anni.unponteper.it site, fifth www.iraqicivilsociety.org site, sixth www.indifesadi.org, seventh www.liberedirompere.unponteper.it, eighth www.iraqwithoutwater.org; ninth www.interventicivilidipace.org.

Through a YouTube channel, a Facebook profile, Twitter, Instagram, Linkedin.

For information on data processing, in addition to what is published on this page, you can contact the following email address: privacy[at]unponteper.it.

Methods of data collection and processing

UPP takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.

In addition to the Data Controller, in some cases, other parties involved in the organization of the following may have access to the Data:

  • the Website (UPP staff, system administrators) or external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller.

The updated list of Data Processors is available upon request, at the e-mail address of the Data Controller privacy[at]unponteper.it.

We use a number of third parties to provide us with the services necessary to operate our business or to help us process information on our behalf (data processors). These include the following:

  • Telephone providers (TIM, Fastweb).
  • Email provider (Microsoft 365, Seeweb).
  • Mailing list providers (NPSolutions; GNU Mailman).
  • IT service providers (ongoing consulting with professional, Aruba).
  • Web developers (ongoing consultation with professionals).
  • Hosting provider (Seeweb).
  • Service providers for personnel management and payment of social security contributions (mandatory).
  • Providers of health and safety services for employed and volunteer personnel (mandatory).
  • Service providers for the insurance protection of employees and volunteers and our activities (recommended).
  • Provider of postal services (SMILE, TNT, Poste Italiane).
  • Banca Etica's online service provider with Nexi Payments.

Information will only be shared with these service providers where and for as long as necessary to enable us to operate our business.

What personal data we collect and why we collect it

The data of the users concerned are processed in order to be able to respond to the requests expressly made by them. We also use this data to send informative communications relating to UPP's activities and initiatives.

All data collection and subsequent processing activities are aimed at pursuing the following purposes:

  • General request for information

Through our contact email info[at]unponteper.it we collect requests for general information in order to be able to provide the service requested by the user (request for information).

The legal basis for the processing of personal data for these purposes is Art. 6.1.b) of the GDPR as the processing is necessary for the provision of services or for the response of requests from the data subject.

This data is kept for a period of 10 years.

  • Subscribe to the newsletter

By subscribing to our newsletter, through the site mentioned above, we collect the email address of the user who wishes to subscribe.

The legal basis for the processing is precisely the explicit and active consent, article 6.1.a) of the GDPR, which the user gives by requesting their subscription to the newsletter service.

We use a third-party service to send our electronic newsletter, managed through the GIVE Newsletter software owned by NP Solutions (Italy), therefore adhering to the requirements of the GDPR. You can access their privacy policy by clicking here.

The information you send us to subscribe to our newsletter will be stored and processed in GIVE owned by NP Solutions (Italy). For more information on security measures with respect to data processing by GIVE, click here.

This data is kept for a period of 10 years, even in the event of inactivity of the data subject.

  • Sending and receiving CVs

Also for the legal basis referred to above, art. 6.1.b) GDPR 679/2016, where the processing is necessary for the provision of services, the collection of personal data takes place and is regulated when the user sends us their curriculum vitae to apply for one or more open positions and communicated on the specific page of the site:
www.unponteper.it/vacancy
or to apply spontaneously, both for open positions and for the voluntary activities of the association through the email:
vacancy[at]unponteper.it

Consent to the processing of the requested service (application and selection) is expressed explicitly and actively by sending the CV. In any case, it is requested to specify in the documents sent (CV and Letter of Motivation/Presentation) the wording:

"I authorize the processing, as described in the UPP Data Processing and Data Protection Policy, especially for the "Sending and Receiving of Curricula Vitae" part of 25 May 2018, of all the data reported above or in any case verifiable pursuant to GDPR 679/2016. In faith"

with a signature.

The data acquired in this way will only be used for the purpose of selecting applications and, if necessary, for the contractual part in the event of successful selection.
The persons responsible for receiving this data are:

  • HR Manager UPP
  • UPP General Management

The Data Processors are:

  • HR Manager UPP
  • UPP General Management
  • Head of UPP Administration Department (only in the case of positions in this UPP Department or at the time of the contract offer)
  • Supervisors at the open position who must be involved in the selection process.

The persons responsible for maintaining this data are:

  • HR Manager UPP.
  • UPP General Management (only where there is an effective inclusion in the staff, whether it is a worker or a volunteer of the association).
  • Head of the UPP Administration Department (only if there is an effective inclusion in the staff, whether it is a worker or
     a volunteer of the association).

No further access to the data collected in this way is allowed at any time, from the acquisition to the end of the relationship.

Anyone applying for any position (salaried or voluntary) at UPP accepts that the data expressed in the CV, in the Letter of Motivation/Presentation or those of the forms expressing interest in voluntary activity may be used to verify the statements contained therein (references, general and particular checks) in compliance with the policies of this organization for the safety of personnel,  of UPP associates and beneficiaries.
Failure to do so will not be accepted.

The data are stored for an average period of 10 years unless a specific request for deletion is made, provided that it is not necessary to maintain for contribution purposes, management transparency required by law and by donors or providers of employment, contribution, insurance protection and occupational health and protection services.

Any other further use of the data collected in this way is excluded unless further consents are expressed for the receipt of information and connection with the membership lists that Un Ponte Per ETS maintains.
For the deletion of the data and clarifications on its processing, please write to:
 privacy[at]unponteper.it.

  • Donations and Membership Fees

The personal data normally required for donations or membership fees are personal data, contact data and data relating to payment instruments and coordinates.

The optional, explicit and voluntary sending of e-mails to the addresses indicated on the association's website or the compilation of electronic contact forms, or the sharing of personal and contact data on the occasion of events and collections of this association, involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.

Data is captured securely (specify) only from:

  • Head of the Sponsorship Programme.
  • Fundraising Manager.
  • Head of the Communication and Fundraising Department.
  • Responsible for data acquisition (only in the case of direct collection on the occasion of events and celebrations of
     this association).
  • Accounting clerk in the Administration Department.

The data are entered into an automated internal accounting system that processes the data for the sole purpose of bookkeeping, donation administration and fundraising transparency of UPP:
GIVE and COGE of NP Solutions (Italy) here the data protection policy of the accounting service provider.

The data is processed directly only by:

  • Distance Sponsorship Program Manager and Specific Delegates
  • Fundraising Manager.
  • Head of the Communication and Fundraising Department.
  • Employees (2) Administration Department
  • Head of Administration Department

All other staff and associates of UPP do not have direct access to the data collected for this purpose and are only informed of the progress in anonymized form and by groupings.

These data are kept for a period of 10 years (in order to comply with the obligations to keep accounting records) but the interested party has the right to have a version kept restricted to the sole compliance with the above requirements and that there is no further processing of the data other than keeping it for legal obligations and related obligations.

Transfers of information outside the European Economic Area

UPP is hosted outside the EU, in particular in the United States of America (US), for the management of the associative mailing list (GNU Mailman).

All data transmitted via this platform is therefore transferred beyond the EU.

On July 12, 2016, the European Commission adopted a decision on the so-called Privacy Shield, the agreement that regulates the transfer of data between the European Union and the United States.

The agreement protects the fundamental rights of individuals in the EU whose personal data is transferred to the United States, and lays down clear rules for companies that transfer data across the Atlantic.
The new rules provide:

  • stringent protection obligations for companies transferring data;
  • U.S. Government data access security measures;
  • specific instruments for the protection of individuals;
  • the joint annual review of the agreement to monitor its implementation.

Redirects to external sites

UPP's websites use so-called plug-ins to link to their social media accounts.

All plug-ins on the site are marked with the logo owned by the social network (Facebook, Google, Twitter, YouTube).
When you visit a page of our websites and click on the logo (e.g. click on the "Like" button), the corresponding information is transmitted by the browser software directly to the social network and stored by it.

For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, as well as how to exercise your rights, please consult the privacy policy adopted by the individual social network.

Navigation data

We use Google applications (Analytics and Ads) that record the browsing paths of users during their visit to the pages of our sites during their normal operation, this category of data includes: IP addresses, the type of browser used, the operating system, the domain name, type of device, and the addresses of websites from which access was made,  information on the pages visited by users within the site, the time of access, the time spent on a single page, the analysis of the internal path and other parameters relating to the operating system and the user's IT environment.

To learn more about what information Google collects, how it uses this information, and how to control the information submitted to Google, you can see the partners page of Google's Privacy Policy by clicking here.

Cookies

UPP's websites do not only use profiling cookies.
For the use of cookies on the association's websites, please refer to the information published: Information on the use of the sito_Cookies.

Embedded content from other websites

Articles on Un Ponte Per ETS websites may include embedded content (e.g. videos, images, articles, etc.). Content embedded by other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

 

UPDATE YOUR CONSENT TO DATA PROCESSING