Privacy policy_en | Pro Ecclesia in Asia

INFORMATION ON THE PROCESSING OF PERSONAL DATA (intended for donors in accordance with Article 13 EU Regulation 2016/679)

Dear Benefactor, for the purposes envisaged by EU Regulation 2016/679 (hereinafter the Regulation or GDPR) on the protection of individuals with regard to the processing of personal data, we inform you that the personal data provided by you and acquired by the Association Pro Ecclesia in Asia (hereinafter the Association), will be processed in compliance with the regulations envisaged by the aforementioned Regulation in respect of the rights and obligations arising therefrom.

Data Controller: The Data Controller is the Association Pro Ecclesia in Asia, with registered office in via degli Orti di Trastevere 34, 00153 - Rome. The person responsible for data protection is Mr Ronaldo Baccelli who can be contacted at the email address: rbaccelli@gmail.com.

Legal basis Purpose of the processing: the processing is necessary for compliance with a legal obligation to which the data controller is subject. (Art. 6 par 1 letter c). Ensure compliance with legal and regulatory obligations and EU rules to which the controller is subject. Fulfilling accounting and tax obligations in order to manage your donation. Processing is necessary for the pursuit of the legitimate interests of the data controller or of third parties. (Art. 6 par 1 lett. f).

Your personal data will be processed for the following purposes:
A. fundraising;
B. management of operations relating to and resulting from donations;
C. dissemination of knowledge and raising awareness of the organisation's institutional activities and specific purposes;
D. information on initiatives, activities and fundraising projects carried out by Pro Ecclesia in Asia;
E. dispatch of communications and information material reserved for supporters and donors, including potential ones, in paper and digital format;
F. requesting adhesion to fundraising campaigns;
G. raising awareness of issues relating to the specific activities of Pro Ecclesia in Asia;
H. possible inclusion of the donor's name on the web page of the Pro Ecclesia in Asia website (proecclesiainasia.com) and in other materials related to fundraising activities.

Exercise of the holder's rights in court and management of any disputes: Types of data processed: The types of data processed by the Association are personal and contact information issued at the time the donation is made; sum donated; unique computer network connection identifier (IP address) for telematic donations; data deriving from cookies.

Provision of data: Refusal to provide such data means that the donation cannot be made to the extent that the data is required by the Association for tax purposes.

Method of data collection: The data collected and processed by the Association are spontaneously provided by the interested parties (donors) themselves through the inclusion of their data on the Association's website, social pages, through bank transfers and all other donation methods (e.g. postal bulletin). Donations can also be made through the Association's staff delegated at offices open to the public and/or participation in fundraising charity events organised by the Association itself and/or the Association's partners.

Recipients of the data: The personal data relating to the processing in question will be communicated, if necessary or in any case functional to the management of the contractual relationship and the pursuit of the legitimate interests of the data controller, to the following subjects: - subjects designated for data processing by the data controller duly appointed pursuant to articles 29 and 32 of the GDPR (e.g. administration); - credit institutes or credit card issuers to manage the payment of donations; our CRM manager, printers and the managers of the e-mail and sms sending platforms in charge of the processing of matters inherent to the working relationship duly appointed pursuant to art. 28 of the GDPR; any beneficiary entities of the donation/donation indicated by the donors; the data may be eventually made available and knowable to third parties for the defence of rights, as well as in fulfilment of the obligations provided for by law or regulations and upon request by the competent Authorities.

Data retention periods: The data shall be processed for the time necessary for the pursuit of the purposes set out in this policy and thereafter retained/stored on an encrypted server deemed suitable by GDPR regulations, for a period of ten (10) years as they are included in the historical archive from the date of the last donation made, and then permanently deleted from any archive unless the data must be retained for legal obligations or to enforce a right in court. The Association has a specific Data Retention Policy.

Modalities of data processing: Data processing is carried out by the data controller and the designated persons expressly trained to manage data processing; all processing of personal data is carried out in accordance with the principles set out in Article 5 of Regulation (EU) 2016/679. The data processing is carried out with the following methods and security precautions: - the security of the data processed on computer media is managed through a password system; - the Association guarantees the confidentiality of the paper documentation and the safekeeping of the documents in special archives with controlled and authorised access only to the designated subjects; the accuracy of the recorded data is checked annually.

The Association does not transfer data to third countries; it does not have an automated decision-making process concerning individuals and does not carry out profiling. Data may be transferred to countries within the E.U. and outside the E.U.; such transfers may be made by entities and/or companies that are recipients of the data as specified above under "recipients of data".

RIGHTS OF THE INTERESTED PARTIES: In order to fulfil the obligations provided for by the Regulation in question, the Association recalls the rights of the interested parties that apply. The data subject has the right to request confirmation of the existence or otherwise of the processing of his/her personal data. The data subject has the right to obtain: - information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period; - rectification and erasure of the data. Pursuant to Article 77, the data subject has the right to lodge a complaint with a supervisory authority.

How to exercise one's rights: The Association has set up a special e-mail address to enable data subjects to easily exercise their rights: proecclesia.asia@pec.it. Upon receipt of a request to exercise rights, the privacy contact person will send an email to the interested party asking him/her to fill in the attached format. If it is not possible for the interested party to send this request by e-mail, it may be sent by ordinary mail by registered letter with advice of receipt to the registered office of the Association: Via degli Orti di Trastevere 34, 00153 - Rome. The exercise of rights by the user is free of charge pursuant to Article 12 GDPR. However, in the case of requests that are manifestly unfounded or excessive, also due to their repetitiveness, the owner may charge the user a reasonable expense contribution, in light of the administrative costs incurred to manage his request, or deny satisfaction of his request.

Rome, 19 March 2024