The Association operates in compliance with privacy laws and through this document wishes to inform the various categories on the processing of their personal and possibly sensitive data provided to it.
The data controller is the Un Tesoro di Cane Association, via Carlo Poma 4, 00195 Rome CF 97849920588 mail ambraegiulia@gmail.com untesorodicane@pec.it
The Data Controller is the Data Controller because he has the necessary skills.
In general:
In compliance with the obligations arising from national legislation (Legislative Decree 30.6.2003 n. 196) and European legislation (GDPR- regulation 679/2016) l
The processing of personal data sent is processed exclusively for the purposes of the association. These include the association’s activity, the adoption procedure, pre- and post-adoption support
THE OPTIONAL, EXPLICIT AND VOLUNTARY SENDING OF EMAILS, MESSAGES VIA SITES OR SOCIAL MEDIA, LETTERS OR WHATSAPP INVOLVE THE ACQUISITION OF DATA PROVIDED FOR ASSOCIATIVE PURPOSES ONLY
Consent to data processing is optional, however its denial may make it impossible to provide some services
The association is not liable for untruthful information provided.
Below are the treatments that the association has planned
1. WEBSITE AND ONLINE COMMUNICATION CHANNELS, SOCIAL MEDIA, CLOUDS TREATMENT – page 1
2) DONATION TREATMENT – INFORMATION FOR THE INTERESTED PARTY – UN TESORO DI CANE page 5
3) PROFESSIONAL AND CONSULTANT TREATMENT – INFORMATION page 7
4) EMAIL ADDRESS TREATMENT – UN TESORO DI CANE – page 9
5) MEMBERS TREATMENT – SUPPORTING FRIENDS AND ADOPTING FRIENDS – INFORMATION page 13
6) ADOPTION APPLICANTS AND ADOPTERS TREATMENT page 15
7) IMAGE TREATMENT page 18
1. WEBSITE AND ONLINE COMMUNICATION CHANNELS TREATMENT ONLINE COMMUNICATION, SOCIAL, CLOUDS
WEB: When browsing our website (www.untesorodicane.org) no personal data is collected nor are cookies used. The site is based on WordPress but does not allow user registration and access is reserved only for volunteers of the Un Tesoro di Cane association.
The site is hosted on the servers of https://www.tophost.it which is defined as Sub-Data Processor.
From the “Contact Us” page you can send an email to request more information on the association’s activity or on a specific dog. The email generated by the form is addressed to ambraegiulia@gmail.com and will therefore reside on the gmail servers. The telephone and any other data entered in the form will be included in the generated email, by selecting the checkbox under the form you therefore accept that your email and any other optional data the user chooses to include will be archived, if necessary, for up to a maximum of 10 years from the last contact.
The emails that are sent by our association are gmail and therefore follow the gmail privacy protection information that can be consulted at the following link https://policies.google.com/privacy?hl=it
Blogs, emails and social sites such as Facebook, Twitter, etc
Our blog, untesorodicane.blogspot.com is created on the server www.blogspot.com here is the link to their privacy information https://policies.google.com/privacy?hl=it
Our Facebook page, Ambra and Giulia Un Tesoro di Cane , and our Instagram page, UNtesorodicane, follow Facebook’s privacy policy which can be found at this link https://www.facebook.com/policy.php
The emails that are sent by our association are gmail and therefore follow the gmail privacy protection regulations which can be consulted at the following link https://policies.google.com/privacy?hl=it
The pec address, on the other hand, is an Aruba account: untesorodicane@pec.it the same follows the Aruba privacy protection information which can be consulted at the following link https://www.aruba.it/informativa_arubaspa.pdf
The cloud system used referring to the various accounts opened by the association follow the policy https://www.google.com/intl/it/chrome/privacy/
The association has a telephone number that is used for Whatsapp and all volunteers use this system for communications. For the policy, please refer to https://www.whatsapp.com/legal/?eea=1#privacy-policy
In some cases, the newsletter is sent via mailchimp, the terms of which can be found at the following link https://mailchimp.com/legal/privacy/
Contact Page
With your explicit consent, the data you enter on this page will be recorded both on the server and in a database. Name, surname and email address are required. You can choose to add your telephone number. This data, including messages, will be stored and processed by the Owner and the Manager and will not be made public.
Paypal Button
By choosing to make a donation via the Paypal button, the communication channels will immediately connect you to the aforementioned site. Please refer to the information regarding their Privacy (https://www.paypal.com/it/webapps/mpp/ua/privacy-full)
The association will store the shared data such as the amount of donors’ emails and other data that may be shared.
The same data will be used for legal purposes such as reporting, they will be communicated to the Region or authorities if requested and to the CSV for the performance of the administrative functions to which they are delegated and to professionals appointed for this purpose.
The email address and any telephone number, if provided, will be used for communications regarding the association’s activity and for the results obtained through donations. To unsubscribe from
associative communications, simply send an email to info@untesorodicane.org with the subject “unsubscribe from the mailing list”
The retention of data, unless you request unsubscription, will be for at least 10 years from the last contact.
Information from social networks
You can click “Like” on the social networks connected to our website, e.g. Facebook. When you use this option, we automatically collect selected information about you from the Social Networks. The information we collect depends on the information you have made available on the Social Networks and your privacy settings for sharing such information on the Social Networks. Depending on your settings and selections, we will collect the following information: name and/or username, email address, profile photo and your contacts on social networks.
Purpose of Processing
We will use the information you provide to offer you our services, improve the website and our services, respond to your questions, send you our newsletters, facilitate the social sharing function, show which members of your Social Networks are friends of Un Tesoro di cane and to create a better user experience on our website.
Furthermore, these data are used by the Data Controller and the Data Processor to fulfill various internal purposes, namely data analysis, audits, monitoring and prevention of fraud, development of new products and services, improvements or changes to the website or our services, identification of usage trends, determination of the effectiveness of our promotional campaigns and management and expansion of our activities.
In some cases they are necessary to comply with legal requirements and legal processes, requests from public and government authorities, relevant industry standards and our internal policies.
Rights of access, rectification and erasure
In the limited circumstances where you have expressly given us consent to process your personal data, for example when you sign up to our newsletters, you have the right to know what personal data we have about you, to modify it and to ask for its deletion.
You have the right to object to the way in which we process your personal information, or to ask us to limit the Processing. To do so, you can send an email to the Data Controller.
Links to other websites
Our website may contain links to other websites. Our inclusion of such links does not imply our endorsement of such websites. We do not control the content of such third-party websites and we assume no responsibility for third parties or their policies or practices.
Transfer of personal information outside the EU
The data is physically located within the European Union.
Data retention
The site untesorodicane.org does not retain personal data
For other media, on social media, retention is until removal is requested, on email and on clouds a maximum of 10 years from the last contact
Legal basis of the Processing
The Processing of personal data described allows us to pursue our social purposes by spreading knowledge of our activities, to comply with our legal obligations and to pursue our legitimate interests in relation to the management of the website and the provision of our services to you, provided that your interests and fundamental rights do not prevail over such interests.
Considering that the security measures adopted make damage to privacy very unlikely and would in any case be limited, and that the interested party can at any time exercise the right to access, modify and delete the data, the Data Controller believes that the Data Processing in question is legitimate and compliant with the spirit and letter of the European Regulation for the protection of personal data 679/2016 and believes that it has the legal basis to continue it.
Any reason for dissatisfaction may be reported by you to the Authority for the protection of personal data, Piazza Venezia n. 11 – 00187 Rome, tel. 06.696771, e-mail: garante@gpdp.it.
2) DONATION PROCESSING – INFORMATION TO THE INTERESTED PARTY – UN TESORO DI CANE
Categories and Data subject to Processing
The Processing concerns natural persons (and legal entities) who have decided to contribute to the activities of Un Tesoro di Cane. The contribution can take the form of a bank transfer, a payment to a ccp, a check, a payment through the PayPal system, a cash donation or any other form of bequest recognized by the current statute.
The data included in the Processing are or may be:
donor’s name and surname
amount/good donated and date
reason
email address
tax code and IBAN code
cell phone number, if any
documents
Purposes for which the data are collected and purpose of the Processing
Name and surname and amount donated and date are clearly necessary to finalize the donation. The tax code is necessary to prepare the necessary receipts in order to obtain the tax deduction.
Iban code and Postal address or email are not strictly necessary, they can be processed in order to send the donor a receipt and a thank you letter, to update him/her on the activities of Un Tesoro di Cane to send requests for support and for other communication activities.
For the transparency of our work, upon express request of the donor, the association updates the results obtained through the contribution via WhatsApp. The messages are sent by the President and the suspension of the updates can be requested at any time
The purpose of the Processing is the financing of Un Tesoro di Cane in a convenient and agile form for the donor.
Methods of Processing
Where there is an intermediary, the data relating to donations are certainly processed by the Intermediary indicated as the Data Controller of further Processing. The Intermediary will have prepared its documentation for GDPR purposes.
Un Tesoro di Cane has an account with Unicredit and an account on PayPal
Un Tesoro di Cane could compile a receipt/letter of thanks.
Upon request, UN Tesoro di Cane could draft the requested documentation that is delivered to the donor via email.
The data relating to donations are entered into an electronic database in order to keep the interested party informed about the activities carried out by UN Tesoro di Cane and to request further donations. The data are stored with the best security measures. The data in paper form are kept under lock and key
The Owner, believing that donors are interested in receiving news about what UN Tesoro di Cane does and invitations to its activities, reserves the right to send them a newsletter and information by email.
Consent to data currently processed
The Processing of data is implicit in the very choice to adhere to the donation. The Owners therefore do not believe it is necessary to proceed with the request for a new consent from people who have already made this choice. However, upon adhesion to the GDPR, Un Tesoro di Cane will communicate to the Interested Parties:
that it has certain categories of personal data relating to them;
the methods of processing;
the purposes of this processing and its legitimacy;
the rights of the interested party (access, rectification, cancellation);
the existence of an Information Notice to the interested party.
Exercise of rights
The Data Controller undertakes to comply immediately or at the latest within 30 days, with requests for access, rectification and deletion of personal data or opposition to further processing if these come from the Data Subject and has prepared a form for this purpose available at its headquarters. However, it will also accept requests – provided they are written and signed – that reach it in another way.
Risks for the interested party
In the event of loss or dissemination of data, the damage to the privacy of the interested party would be limited.
Risk minimization measures
Various measures are aimed at limiting the risk.
The data are not subject to further Processing by third parties (obviously excluding the Processing carried out by the Intermediaries used: bank, credit card manager, PaypPal) and are not shared with any natural or legal person external to the Owner except for accounting and tax activities.
Within Un Tesoro di Cane, only specific people, specifically trained and equipped with secure passwords, have access to the file and the documentation containing the data and/or can update them.
Duration of Data Processing
The data will be stored for at least 10 years.
Data Breach
In the event that the Data Controller suffers data theft and has reason to believe that sensitive personal data has been disclosed (data breach), it will activate – if appropriate – a report to the Guarantor Authority and will communicate the incident to all interested parties.
Legitimacy of data processing
The processing in question involves a non-probable but significant risk for the customer’s privacy. However, considering that:
the data is necessary for the best execution of the requested services
the data will never be shared with any other legal or natural person, except for the needs described above
security procedures are implemented that reduce the risk of undue access or disclosure of data
the Data Controller has a legitimate interest in organizing personal data in order to carry out the procedures provided for by the Statute and the regulations on deductions and deductions of liberal donations
a detailed Information Notice has been prepared and made available to the Interested Parties
a communication has been sent to the Interested Parties in accordance with the GDPR
it is possible at any time to exercise the right to access, modify and delete the data
the Data Controller believes that the Data Processing in question is legitimate and compliant with the spirit and letter of the European Regulation for the protection of personal data 679/2016 and believes that it has the legal basis to continue it.
The Data Controller is Un tesoro di cane cf 97849920588 via Carlo Poma 4 00195 untesorodicane@pec.it ambraegiulia@gmail.com
The Data Controller is the same owner who has the means and skills
The The Data Controller, given the nature and scale of the data processed, does not deem it necessary to appoint a Data Protection Officer (DPO).
3) PROFESSIONALS AND CONSULTANTS PROCESSING – INFORMATION
A dog’s treasure
Professionals’ treatment
Information to the interested party
A DOG’S TREASURE records data relating to natural persons who do not have a VAT number and who perform services on behalf of the Association for a fee or voluntarily.
Categories and Data subject to Processing
The Processing involves the registration of name and surname, date and place of birth, email address, telephone number. If there is an economic relationship, the tax code, service performed and date, estimate and note for payment, IBAN, payment details are also processed.
Purpose and methods of processing
The data is necessary for the accounting and administrative management of the Association and is shared only with the Treasurer and the Accountant of the Association, CSV LAZIO via Liberiana 17, Rome
The association is covered by an insurance policy. If necessary, the data could therefore be shared with the chosen company which is Cattolica Assicurazioni – Cavarretta Assicurazioni s.r.l. Borgo Santa Brigida 12, 43121 Parma
Consent to data currently processed
The Processing is the subject of a Communication to the Interested Parties. Specific consent is not considered necessary as the Processing of data is easily deduced from the very act of providing one’s collaboration.
Exercising the rights of access, modification, cancellation
At any time, through a specific form or in the way you prefer, you can ask us if we have your personal data and which ones, to modify them or to delete them in whole or in part. We will immediately carry out what you request. These rights are also accessible to Interested Parties under 18 but over 16 years of age.
Risks for the Data Subject and Risk Minimization Measures
In the event of data loss, the damage to the privacy of the Data Subject would be very limited. In the event of undue access or dissemination of information, the damage would be limited. Consequently, the Data Controller has arranged for some measures aimed at limiting the risk. The data are not subject to further Processing by third parties (in addition to those described) and are not shared with any external natural or legal person. Paper supports are stored with acceptable anti-intrusion security measures.
Duration of Data Processing
The data are destroyed 10 years after the service.
Legitimacy and legal basis of Data Processing
The Processing in question involves a non-probable and not very sensitive risk for the customer’s privacy. However, considering that:
Un Tesoro di Cane has no other purpose than to carry out its voluntary work and fulfill its commitments
the data will never be shared with any other Association or legal or physical person except for the needs listed above
security procedures are put in place that reduce the risk of undue access or disclosure of data
the Owner is obliged to register the people who work on its behalf on a voluntary basis and to keep accounts and administration if the people are paid
it is possible at any time to exercise the right to access, modify and delete the data
the Owner believes that the Data Processing in question is legitimate and compliant with the spirit and letter of the European Regulation for the protection of personal data 679/2016 and believes that it has the legal basis to continue it.
In any case, please refer to information 1: 1. WEBSITE PROCESSING AND ONLINE COMMUNICATION CHANNELS, SOCIAL MEDIA, CLOUDS – page 1
The Data Controller is Un tesoro di cane cf 97849920588 via Carlo Poma 4 00195 untesorodicane@pec.it ambraegiulia@gmail.com
The Data Processor is the same owner who has the means and skills
The Owner, given the nature and scale of the data processed, does not deem it necessary to appoint a Data Processor data protection officer (DPO).
4) PROCESSING OF EMAIL ADDRESSES – UN TESORO DI CANE-
Processing of ‘Mailing list and Newsletter’
Information to Interested Parties
Categories and Data subject to Processing
The Processing concerns natural persons who
- send messages to or receive messages from accounts with the @gmail domain. Com or @pec.it
- are present in a mailing list and receive periodic communications via email from gmail.com, pec.it or mailchimp
- receive communications via whatsapp
The data included in the Processing are or may be:
- name, surname
- email address
- content of the messages themselves
- date of sending/receipt
- in case of communication, the mobile number
Purposes for which the data is collected and purpose of the Processing
The email address is strictly necessary for sending the newsletter and for receiving or sending communications.
The name and surname allow the Data Controller to identify the interlocutor.
The Processing is aimed at allowing the newsletter to be sent to the Interested Parties.
The majority of the data were collected by Un Tesoro di Cane with a specific consent.
The data are not subject to further Processing by third parties.
In case of communication of the mobile number, some messages from the association can be sent via Whatsapp to which reference is made for the privacy legislation
Processing carried out by the Data Controller
Un Tesoro di Cane receives and sends communications via email that remain in its email inbox if printed they are kept under lock and key
Furthermore, UN Tesoro di Cane informs the Members and stakeholders about its activities and maintains dialogue with them through mailing lists. The data processed in these mailing lists are name, surname and email address. These mailing lists allow communications to be sent to specific groups of interlocutors or to all interlocutors.
The same can happen via WhatsApp if the mobile number is provided, in which case the number used by the association could belong to the board of directors or the delegated volunteer. The number on the web is the first WhatsApp communication channel for basic information, then the communications are managed by the reference volunteer for that specific procedure or request
Processing carried out by the Data Controller
The MailChimp Service sends the newsletter created by the Data Controller to the Distribution list updated by the Data Controller himself. MailChimp, being based and operating outside the EU, has certified its compliance with the EU-U.S. Privacy Shield Framework (for information: https://www.privacyshield.gov). Its activities are therefore considered to be subject to quality supervision equal to that expected from a subject operating in the EU.
In its privacy policy accessible at the page https://mailchimp. com/legal/privacy the Data Controller undertakes not to resell the lists of names, ensures that only authorized personnel can have access to this list. MailChimp, however, tracks the email messages received by each subscriber, those opened, the links clicked, the IP address and the type of operating system, browser and terminal used.
MailChimp guarantees the immediate cancellation from the distribution list of people who request it through the link inserted in each sending but has not guaranteed us the cancellation of the information from their databases.
If the sending were to take place from untesorodicane@pec.it
For the management of the emails received and sent, Un Tesoro di Cane uses the services of Aruba Spa which operates as co-responsible for the Processing. The company has communicated in its privacy policy (https://www.aruba.it/gdpr-regolamento-europeo-privacy.aspx) that Aruba has always not accessed or used customer data for purposes such as ‘data mining’, ‘data profiling’ or transfer to third parties, with regard to the data for which it collects consent to process and for those that it hosts on its applications.
Cloud services, in addition to the data centers in Italy, are also hosted in additional non-Italian data centers, but always in EU countries. Furthermore, customers who use cloud services choose autonomously and in total transparency in which country to place their data, choosing between Germany, France, England, Poland, the Czech Republic and Italy.
If the emails are sent from the gmail account, please refer to the Google privacy policy https://policies.google.com/privacy?hl=it
If the communication is sent via WhatsApp, please refer to the WhatsApp regulation
https://www.whatsapp.com/legal/?eea=1#privacy-policy
Consent to the data currently processed
Considering that
- personal data was collected at the time of registration and upon signature of a consent in accordance with the laws in force at the time
- receiving/sending/storing messages is a premise or foreseeable consequence of every email communication
- in any sending of the newsletter Mailchimp has a simple opt-out mechanism and in any case it will be sufficient to send an email specifying in the subject the cancellation from the mailing list and the contact will be removed
The Data Controller does not consider it strictly necessary to request a new consent from the Interested Parties or to subordinate the Processing to the presence of an explicit consent. It will take an active part in notifying all Interested Parties:
- that it has some categories of personal data relating to them
- the purposes of this Processing and its legitimacy
- the possibility for the Interested Parties to know this data, modify it or request its cancellation
Consent to the data that will be processed
The Data Controller has drawn up a consent form in accordance with GDPR that will be submitted to all people who contact Un Tesoro di cane via email.
Exercise of rights
The Data Controller undertakes to comply within 30 days at the latest with requests for access, rectification and deletion of personal data if these come from the Interested Party and has prepared a form available at its headquarters for this purpose. It will however accept requests – provided they are written and signed – that reach it in another way.
Risks for the Interested Party
In the event of destruction of the mailing list, the damage to the privacy of the Interested Party would be very limited. In the event of undue access or dissemination of information, the damage would in any case be limited.
Risk minimization measures
The mailing list and email messages are accessible only through a secure and frequently changed password known only to three people in the Association. The Data Controllers have ensured:
- that they have implemented procedures consistent with the GDPR regulation
- that adequate hardware and software security measures have been taken to protect the data contained in the servers, in particular against the risk of unauthorized access to the data
- the Data Controller undertakes to delete the vast majority of messages sent or received older than 10 years
Data breach
In the event that the Data Controller suffers theft of data and has reason to believe that these have been disclosed (data breach), it will activate – if necessary – a report to the Guarantor Authority and will communicate the incident to all Interested Parties.
Legitimacy of Data Processing
The Processing in question involves an unlikely and very small risk to the customer’s privacy. However, considering that:
- most of the personal data were collected at the time of registration and after signing a consent form in accordance with the laws in force at the time
- receiving/sending/storing messages is a premise or foreseeable consequence of each email communication
- receiving periodic communications from the Association is a foreseeable consequence of the actions that led the interested parties to receive it (donation, expression of interest)
- in each newsletter mailing there was and is an easy and quick procedure to unsubscribe
- it is possible at any time to exercise the right to access, modify and delete the data
the Data Controller believes that the Data Processing in question is legitimate and compliant with the spirit and letter of the European Regulation for the protection of personal data 679/2016 and believes it has the legal basis to continue it.
In any case, please refer to information 1: 1. WEBSITE PROCESSING AND ONLINE COMMUNICATION CHANNELS, SOCIAL MEDIA, CLOUDS – page 1
Owner, Dpo Manager
The Data Controller is Un tesoro di cane cf 97849920588 via Carlo Poma 4 00195 untesorodicane@pec.it ambraegiulia@gmail.com
The Data Controller is the same owner who has the means and skills
.
The Data Controller, given the nature and scale of the data processed, does not deem it necessary to appoint a Data Protection Officer (DPO).
In the case of using Mailchimp, the responsible party is Mailchimp
The Data Controller, given the nature and scale of the data processed, does not deem it necessary to appoint a Data Protection Officer (DPO).
5) TREATMENT OF MEMBERS – SUPPORTING FRIENDS AND ADOPTING FRIENDS – INFORMATION
Categories and Data subject to Processing
The Processing concerns people who are currently or have been, in the recent past, members of Un Tesoro di Cane. Or who have signed the membership form as an adoptive or supporting Friend
The data included in the Processing are or may be:
for minors
name, surname
- date and place of birth
- email address or mobile phone (if any)
for parents and/or adult members
- name, surname
- date and place of birth
- email address
- telephone number
- membership fees requested/paid
Purposes for which the data are collected and purpose of the Processing
The ‘Members’ Processing is aimed at managing the Association’s Members’ Books, convening and managing the Members’ Meetings and statutory bodies; the correct accounting management of the Association and communication with the Members. Supporting Friends have a special register of supporters and adopting supporting friends are registered in the special register to complete the adoption procedure
Processing Methods
The Owner or the members of the Board of Directors enter the members’ data and the payments of membership fees into the software. The software acts as a member book, as a register of supporting Friends and adopting supporting Friends. There is also a paper copy for members and adopting supporting friends. The Owner also keeps the received Registration Forms and Consent Forms indefinitely. The paper documents are kept under lock and key
Further Processing
The data provided by voluntary members are transmitted for insurance purposes to the Insurance company with which the Association has stipulated the policy required by law.
Consent to Processing
The Processing concerns only people who have actively participated in requesting to be accepted as members. Supporting Friends and Adopting Supporting Friends are also required to request a part
The Data Controller has a Consent issued by the Interested Parties and has sent them a Communication indicating the possession of the data and reporting the right to access, rectification and cancellation. Starting from 2019, the Data Controller will ask all new members to sign a Consent in accordance with European Regulation 679/2016 GDPR.
Exercise of rights of access, modification, cancellation
The Data Controller undertakes to comply immediately or at the latest within 30 days, with requests for access, rectification and cancellation of personal data or opposition to further Processing if these come from the Data Subject. These rights are also accessible to Data Subjects under 18 but over 16 years of age.
Risks for the Data Subject and reduction measures
In the event of data loss, the damage to the privacy of the Data Subject would be very limited. In the event of undue access or dissemination of information, the damage could be significant: consequently UN Tesoro di Cane had already arranged and undertaken some measures aimed at limiting the risk.
The data are not subject to further Processing by third parties. [verify: if this is not the case, it is necessary to explain to whom the data is sent in the section ‘Further Processing]
Within the Association, only the President and the board of directors know the User ID and password needed to access the Members’ Book database and/or can update it.
The filing cabinet containing the paper copies of the applications for admission and the Consents is kept in a locked cabinet at the Association’s operational headquarters. The adopting supporter friend cards are kept together with the documentation relating to the adoption
After 10 years from the last contact with the interested party, the data is destroyed.
Legitimacy and legal basis of the data processing
Considering that:
Un Tesoro di Cane has no other purpose than to carry out its volunteer activity
the data is necessary for the best execution of the requested services
the data will never be shared with any other Association or legal or physical person except for needs strictly connected with the provisions of the law, for example the obligation to insure the volunteer members
the Data Controller has implemented security procedures that reduce the risk of undue access or disclosure of data
the Data Controller has a legitimate interest in organizing personal data in order to carry out the procedures provided for by the Statute and to communicate with the members
the Interested Parties may at any time exercise the right to access, modify and delete the data
In any case, please refer to information 1: 1. WEBSITE PROCESSING AND ONLINE COMMUNICATION CHANNELS, SOCIAL, CLOUDS – page 1
the Data Controller considers the Data Processing in question legitimate and compliant with the European Regulation for the protection of personal data 679/2016 and believes it has the legal basis to continue it.
The Data Controller is Un tesoro di cane cf 97849920588 via Carlo Poma 4 00195 untesorodicane@pec.it ambraegiulia@gmail.com
The Data Processor is the same owner who has the means and skills
The Owner, given the nature and scale of the data processed, does not deem it necessary to appoint a Data Protection Officer (DPO).
6) TREATMENT OF ADOPTION APPLICANTS AND ADOPTANTS
Categories and Data Subject to Processing
All those who intend to undertake an adoption procedure are subject to this processing.
The data provided are provided spontaneously by the applicant who delivers them to the Association by electronic or paper means
The personal data and information necessary for the adoption of the chosen animal, personal data are name, surname, date of birth, tax code, telephone number, profession, address, nation, city, province, postcode, email address, and other data that the association needs to proceed with the adoption process. In any case, they are all provided spontaneously and with prior consent to their processing.
Everything that is spontaneously sent by the adopter or by the person requesting information is archived by the association using paper, computer, and telematic media.
Personal and non-sensitive data are processed in the ordinary activity of the association exclusively for purposes connected and instrumental to the adoption of a pet followed by Un Tesoro di Cane and the continued assistance provided to the adopting family
The data requested for the adoption procedure are mandatory to achieve the purposes of the adoption itself. Failure to provide consent to the processing of the same could prevent the adoption from progressing
Processing methods
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of the Data
The processing is carried out via computer and/or enabled IT tools, following organizational procedures and methods strictly related to the purposes indicated. The data will also be stored in paper archives as established by the Board of Directors, in locked cabinets.
The data processed during the Pre-adoption phase are managed by the Data Controller, by his internal delegates to the association and by a volunteer appointed to carry out the pre-adoption interview.
In the event of continuation of the adoption process with the compilation of the adoption documents, the consent for the processing of data is also extended to the owner of the dog, who could be a third-party volunteer to the association, the authorities, the local health authority, and possibly to the veterinary service in charge of the microchip procedure, as well as to the volunteer in charge in the post-adoption phase
Please also refer to the Processing of Personal Data:
1. PROCESSING OF WEBSITE AND ONLINE COMMUNICATION CHANNELS, SOCIAL MEDIA, CLOUDS – page 1
2) PROCESSING OF DONATIONS – INFORMATION TO THE INTERESTED PARTY – UN TESORO DI CANE
4) PROCESSING OF EMAIL ADDRESSES – UN TESORO DI CANE-
5) PROCESSING OF MEMBERS – FRIENDS SUPPORTERS AND FRIENDS ADOPTING – INFORMATION
7) PROCESSING OF IMAGES
Legal basis for processing
The Data Controller may process the Personal Data relating to users if they have given their consent for one or more specific purposes
The provision of data is necessary for the execution of the adoption by the User/adopter of the pet and for the completion of pre-adoption formalities such as telephone contact and pre-adoption visit at the home of the user/adopter with a representative/volunteer of UN Tesoro Di Cane, as well as for the communication to the competent authorities of the adoption of the pet and the consequent registration with the competent offices. The processing of data is therefore necessary for the fulfillment of a legal obligation to which the Owner is subject.
The data are also necessary for the technical support provided in the post-adoption
Place of processing
The data is all processed within the European Union, including through the cloud system, mail, and whatsapp
The cloud system used in relation to the various accounts opened by the association follows the policy https://www.google.com/intl/it/chrome/privacy/
The association has a telephone number that is used for Whatsapp and all volunteers use this system for communications. The number used could be that of a volunteer delegated and appointed to the individual service for the policy please refer to https://www.whatsapp.com/legal/?eea=1#privacy-policy
Retention Time
Personal data must be processed and stored for the time necessary for the purpose for which they were collected
Therefore:
the Pre-adoption phase alone provides for maximum archiving for 5 years
should the process continue:
The relationship between the Owner and the User/Adopter is a relationship of duration that coincides with the adoption process and the life of the adopted animal. Therefore, the data provided for the adoption of an animal will be retained for the entire life of the animal itself or in any case for no less than ten years
The Data Controller may be authorized to retain the data for a longer period whenever the user has extended such consent or in any case by extension of a legal obligation or by order of an authority. Once the deadline has expired, the data will be deleted
Exercise of the rights of access, modification, deletion
The Data Controller undertakes to comply immediately or at the latest within 30 days, with requests for access, rectification and deletion of personal data or opposition to further Processing if these come from the Data Subject. These rights are also accessible to Data Subjects under 18 but over 16 years of age. The request for deletion by the adopter may be made only in the event of the return of the pet and in any case once any ongoing procedures have been completed, including post-adoption
Risks for the Data Subject and reduction measures
In the event of data loss, the damage to the Data Subject’s privacy would be very limited. In the event of unauthorized access or dissemination of information, the damage could be significant: consequently UN Tesoro di Cane had already arranged and undertaken some measures aimed at limiting the risk.
The data are not subject to further Processing by third parties. [verify: if this is not the case, it is necessary to explain to whom the data is sent in the paragraph ‘Further Processing]
Within the Association, only the President and the board of directors know the User ID and password needed to access the Members Book database and/or can update it.
The filing cabinet containing the paper copies of the applications for admission and the Consents is kept in a locked cabinet at the Association’s operational headquarters. The adopting supporter friend cards are kept together with the documentation relating to the adoption
After 10 years from the last contact with the Interested Party, the data is destroyed.
Consent to Processing
In the specific field of adoption, the relationship between Un Tesoro di Cane and the Adopting User is fundamental and with it the consent is fundamental which, to allow the performance of the association’s services, must last for the life of the dog. If this is revoked, it could make it impossible to continue the adoption process and the provision of protection and assistance services.
This obviously concerns only the data necessary for the adoption process and only the processing related to it. The interruption of the adoption process is not affected if consent to the processing of data for purposes other than the adoption itself is denied, see inclusion in the mailing list for example. The user can therefore limit the processing of their data which in some cases can only be archived.
In any case, the user can withdraw consent to the processing at any time. They can also modify their data or access them with a request to the Owner which will be processed within 30 days of the request itself.
Changes to this privacy policy
The owner reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and sending notice by email
The Data Controller is Un tesoro di cane cf 97849920588 via Carlo Poma 4 00195 untesorodicane@pec.it ambraegiulia@gmail.com
The Data Processor is the same owner who has the means and skills
The Owner, given the nature and scale of the data processed, does not deem it necessary to appoint a Data Protection Officer (DPO).
7) IMAGE PROCESSING
Information to the Interested Party
Un Tesoro di Cane may take photos and videos during the events it organizes. Some of these images may portray the participants in a recognizable way. These images may be distributed by the Owner on its websites and/or social media. Although never associated with the surname, these images may be ‘tagged’ by third parties.
During the adoption, the delivery of the dog will be photographed, upon request the face can be made unrecognizable, for the entire duration of the adoption the adopting family may provide images relating to the happy ending created. In this case the images and videos may be used for the dissemination of the association’s activity in electronic or paper version. Even if never associated with the surname and name, these images could be tagged by third parties
Upon request, the faces can be made unrecognizable
Categories and Data subject to Processing
The Processing concerns images (photos or videos) of adults associated with an event and therefore with a place or date.
The processing also concerns images (photos and videos) of adults who have adopted a pet at the Association
Purpose and methods of Processing
The images are taken by people expressly authorized by the Owner and are shared with Un Tesoro di Cane. Those who take them are asked to delete all the images after sharing.
Un Tesoro di Cane will select the images, deleting all those that they do not intend to use.
The images are distributed through the website and/or the Facebook page and/or Instagram and/or Youtube of the Association.
They can also be used in the form of paper or similar distribution.
The consent forms are kept in paper form under lock and key
Consent to the data currently processed
The Data Controller has a specific consent issued by the adopting Interested Parties.
The Data Controller has sent a communication to all the people portrayed in the images reminding them of the Processing of their data and the rights they have.
Starting from 2019, it requires a specific consent in accordance with the GDPR.
Exercise of the rights of access, modification, cancellation
At any time, through a specific form or in the preferred way, the Interested Party can request whether we have your personal data and which ones, to modify them or to delete them in whole or in part. We will carry out the request within 10 days. These images could be shared through social media or websites even without the authorization of the Data Controller and it could be impossible to delete them.
Risks for the Data Subject and risk minimization measures
It is possible that these images are shared by third parties through social media or third-party websites even without the authorization of the Data Controller and also that these images are ‘tagged’, that is, associated by third parties with the name and surname of the subject and as such indexed by search engines.
It is possible to request at the time of sharing with the Data Controller or at the time of participation in the event that the images used can be modified in such a way as to make the faces unrecognizable
Duration of Data Processing
The images on social media and on the site remain online until their deletion is requested, those not shared remain in the archives for a maximum of 10 years
Legitimacy and legal basis of Data Processing
The Processing in question involves a significant risk for the privacy of the data subject. However, considering that:
the Data Controller has communicated to the Interested Parties the existence of this processing and the risks it entails
the Data Controller will request consent in accordance with GDPR from 2019
the subjects are recognizable but it is not likely that they are linked to a name and surname
the images will never be shared with any other Association or legal or natural person
it is possible at any time to exercise the right to access, modify and delete the data
the Data Controller has a legitimate interest in making its initiatives known in order to best pursue its social objectives
in general, it is the participants in the events themselves who request the shooting of images and videos. If the Data Controller does not take care of their shooting, this activity could be carried out independently by private individuals with even greater risks and lower guarantees for the privacy of the interested parties.
The images shared by the adopters are spontaneously sent by them.
The Data Controller believes that the Data Processing in question is legitimate and compliant with the spirit and letter of the European Regulation for the protection of personal data 679/2016 and believes it has the legal basis to continue it.
In any case, please refer to information 1: 1. WEBSITE PROCESSING AND ONLINE COMMUNICATION CHANNELS, SOCIAL MEDIA, CLOUDS – page 1
The Data Controller is Un tesoro di cane cf 97849920588 via Carlo Poma 4 00195 untesorodicane@pec.it ambraegiulia@gmail.com
The Data Processor is the same owner who has the means and skills
The Owner, given the scale of the data processed, does not deem it necessary to appoint a Data Protection Officer (DPO).
This information is updated to May 2019 and consists of 20 pages
