ZanzibarHelp is aware of the importance of safeguarding the privacy and rights of individuals and since the Internet is a potentially strong tool for the circulation of your personal data, it has seriously committed itself to respecting the rules of conduct – in in line with the European Regulation 679/2016 of the European Parliament and of the Council, of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter “GDPR”) – which guarantee safe, controlled and confidential web surfing.
We therefore invite you to read the rules that our association has imposed on itself in collecting and processing personal data and in always providing a satisfactory service to users of its site.
perform the processing (Article 4, paragraph 2, GDPR: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction “) of personal data (Article 4, paragraph 1, GDPR:” any information concerning an identified or identifiable natural person (“interested “); The natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an identification number, is considered identifiable active online or to one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity “) exclusively for the purposes and in the manner illustrated in the information to be provided which is presented to the user from time to time that accesses a section of the site in which the provision, direct or indirect, of personal data is provided;
use the data that have been released spontaneously by the user;
use technical cookies to facilitate navigation on the site and analytical cookies for statistical purposes;
use profiling cookies only if the user has given consent to such use;
transmit data to third parties (data processors – art. 4, paragraph 8, GDPR: “art. 4, paragraph 8, GDPR: “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller”) exclusively for purposes that are instrumental to what is expressly requested and carefully selected by us;
communicate data to third parties for activities related to what is of interest or if this is required by law, community regulation or legislation;
with explicit consent (Article 4, paragraph 11, GDPR: “any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses his / her consent, by means of a declaration or unequivocal positive action, that the personal data concerning him are being processed “), communicate the data to third parties for their autonomous processing;
respond to requests for access to personal data, rectification or cancellation of the same, of exercise of the right to be forgotten, the limitation of treatment or the right to oppose their treatment. Ensure the exercise of the right to data portability as well as, oppose the processing of data for the purpose of information communications on our projects and requests for financial contributions in support of our institutional activities;
ensure correct and lawful processing of your data , safeguarding your privacy, as well as applying suitable security measures to protect the confidentiality, integrity and availability of the data.
INFORMATION TO BE PROVIDED PURSUANT TO ART. 13, GDPR AND NOTES TO THE CRITERIA USED TO DELIMIT THE LIMITS OF DATA STORAGE
As better explained in the sections that allow you to join – by releasing your personal data – to the services reserved for users of our site, the requested data are used to respond to requests expressly made by the user. In particular, all data collection – and subsequent processing – activities are aimed at pursuing the institutional purposes of ZanzibarHelp and, in particular for: regular and one-off donations, carried out in various ways (credit card, bank direct debit, PayPal or other); membership or request for information on the remote membership project; subscription to our newsletter; request for collaboration with our organization; signing of petitions, initiatives or specific projects; request for information; all the various forms of support for ZanzibarHelp initiatives.
The forms to be filled in – online or to be downloaded – include both data that are strictly necessary to adhere to what is of interest and whose failure to indicate does not allow the request to be processed, and optional conferment data. Therefore, the user is free to provide personal data contained in the application forms or otherwise indicated in contacts with ZanzibarHelp to request information or for the other purposes listed above. In these cases of compulsory provision of data, their absence may make it impossible to obtain what is requested. The need to request data as mandatory for adherence to individual projects or individual initiatives or to make requests has been considered in compliance with the provisions of art. 25, GDPR (“Data protection by design and protection by default” – “Data Protection by design and by default”), which require the prior evaluation of the appropriate technical and organizational measures, such as “pseudonymization” (art. 4 , paragraph 5, GDPR: “the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical measures and organizational measures aimed at ensuring that such personal data are not attributed to an identified or identifiable natural person “), aimed at effectively implementing the principles of data protection, such as minimization, and integrating the necessary guarantees into the processing in order to satisfy the requirements of the GDPR and protect the rights of the interested parties. Furthermore, ZanzibarHelp has put in place appropriate technical and organizational measures to ensure that, by default, only the personal data necessary for the specific purpose of the processing resulting from the project to which the data subject has voluntarily joined are processed.
Personal data will be processed, mainly electronically and with analysis tools, including statistical ones, by ZanzibarHelp – data controller – for the completion of all the phases related to the management of the donation, the adhesion to our projects and appeals specific humanitarian and in general actions to support the initiatives of ZanzibarHelp, as well as the related instrumental activities (eg: communications on payments, donation summaries), as well as to comply with administrative and other mandatory regulations under the law in force in the our country or by virtue of EU decisions.
For the aforementioned purposes, the data will be kept until the conclusion of all the relative phases of the established relationship and within the terms and limits set out in the applicable laws, in particular administrative, civil and fiscal.
Furthermore, if desired, the data acquired by ZanzibarHelp and those that it will acquire during the relationship with the interested party will be processed for the purpose of promotional, informative and institutional contacts on our projects, activities and fundraising initiatives, surveys and research reserved for donors, through actions designed in a personalized way based on the characteristics of behavior (eg: amount donated, donation frequency, area of residence), interests and preferences regarding our actions, with the consequence of identifying the interested party as potential subject interested in our initiatives with certain characteristics (eg projects, distance support, bequests, adherence to petitions, etc. ..) and to send him only content in line with his needs (“profiling”). It is emphasized that the contact actions conducted by ZanzibarHelp are only of a personalized type as described (“profiled marketing”), in order to avoid unwanted or uninteresting contacts of the interested party: consequently, profiling being instrumentally connected in a structural way for each action for promotional purposes by ZanzibarHelp, a single manifestation of consent is required for these contacts.
The aforementioned activities may take place through both traditional contact methods (paper mail and telephone calls via operator on fixed and mobile numbers) and automated and similar ones (specifically, via e-mail and SMS).
For this purpose, the data (including profiling data) will be kept until the interested party’s consent is revoked or the right to object is exercised; failing that, they will be kept as long as ZanzibarHelp continues its mission with projects, initiatives, actions and activities that require financial contributions or that encourage awareness (eg: petitions, accessions to emergency projects) consistent with the profile of the person concerned. Thereafter, they will be anonymised for statistical purposes. The data will also be processed by external managers responsible for services related to the above.
The data of donors who adhere to the distance support project will necessarily be transferred abroad, to non-EU countries, to the ZanzibarHelp centers, responsible for the treatment, where the supported child lives, to allow interpersonal correspondence between the child and donor. The data processor for purposes related to the match between the supporter and the supported child and to receive updated reports on distance support is: ZanzibarHelp US 501 Kings Highway East, Suite 400 Fairfield, CT 06825. The transfer of personal data to the aforementioned managers it will take place by adopting the contractual clauses prescribed by the decision 05/02/2010 of the European Commission.
The persons authorized to process for the aforementioned purposes are the persons in charge of managing relations with actual and potential donors, the administration, alZanzibarHelp of awareness campaigns and institutional and statutory activities, the call center, Web services, information and data security systems.
Pursuant to articles 15-22, GDPR, by writing to the holder at the relative postal address, you can exercise the rights of access, consultation, rectification, cancellation and oblivion, limitation of data processing and – if necessary – obtain transmission to another holder (portability of the data), as well as oppose their processing for legitimate reasons or withdraw your consent.
With particular reference to treatments for profiled marketing purposes, it is specified that the interested party has the right to object at any time, and without giving any reason, to the processing of his data for these purposes, and that he may exercise the right of opposition even separately for traditional contact activities and for automated ones: if it is not specified which contact methods it refers to, the opposition to the processing of data profiled marketing will be extended to all contact tools.
It is also noted that the interested party has the right to lodge a complaint with the supervisory authority to assert his rights. Still by writing to the postal address indicated above or by sending an e-mail, you can request the complete and updated list of data processors.
RIGHTS OF THE INTERESTED PARTIES WITH REGARD TO THE DATA CONCERNING THEM
The following GDPR can be exercised at any time:
Right of access (Article 15, GDPR)
The person has the right to request whether his personal data is being processed and, therefore, has the right to access information concerning him and to have news on:
purpose of the processing (eg management of a donation);
categories of personal data; (e.g. personal data, behavioral data)
recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
when possible, the period retention of personal data provided or, if not possible, the criteria used to determine this period;
existence of the right to request the rectification or cancellation of personal data or the limitation of the processing of personal data or to oppose the their processing;
right to lodge a complaint with a supervisory authority;
if the data are not collected directly from the person, all available information on their origin;
existence of an automated decision-making process , including profiling and significant information on the logic used, as well as the importance and expected consequences of such processing for the person. (eg: if the person has associated a donation habits profile by crossing the donation amount with frequency and campaign).
Right of rectification (Article 16, GDPR)
The person has the right to obtain the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the person has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
Right to cancellation (“right to be forgotten”) (Article 17, GDPR)
The person has the right to obtain the cancellation of personal data concerning him / her, he / she has the obligation to cancel the personal data without undue delay, for one of the following reasons:
the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
the consent on which the processing is based is revoked and if there is no other legal basis for the processing (eg. : own legitimate interest, regulatory or contractual obligations);
we object to the processing for marketing and profiling purposes and there is no legitimate overriding reason to proceed with the processing;
the personal data have been unlawfully processed;
personal data must be deleted to fulfill a legal obligation under the law of the Union or of the Member State to which you are subject.
Right to limitation of processing (Article 18, GDPR)
The person has the right to obtain the limitation of the processing of his personal data when one of the following reasons exists:
the person disputes the accuracy of the personal data, for the period necessary to verify the accuracy of such personal data;
the processing is unlawful and the person opposes the cancellation of personal data and requests instead that their use be limited; (eg: it does not intend that the processing is carried out for marketing purposes but only for management and administrative purposes)
although the data is no longer needed for processing purposes, personal data are necessary for the person to process ascertaining, exercising or defending a right in court;
the person has opposed the processing if the processing is based on their legitimate interests, pending verification of the possible prevalence of their legitimate reasons with respect to those of the person.
Obligation to notify in case of rectification or cancellation of personal data or limitation of processing (Article 19, GDPR)
The person has the right to request that the rectification or cancellation of data or limitation of processing be communicated by ZanzibarHelp to other subjects to whom the data have been communicated. ZanzibarHelp may not comply with the request, if the means to be used are disproportionate to the right to privacy invoked by the person.
Right to data portability (“data portability”) (Article 20, GDPR)
This right allows the person to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a subject who submits his data to processing and has the right to wish to transmit such data to a subject for the use of the latter without hindrance by the subject to whom it supplied them. This right can be exercised in the following cases:
the processing is based on consent or on a contract or on pre-contractual measures requested by the same person and, at the same time
the processing is carried out by automated means.
The person has the right to obtain that the your data are transferred directly from one subject to another (from the one to whom you gave them to the one to whom you want them to be transmitted), if technically possible.
Right to object (Article 21, GDPR)
The person has the right to object to the processing of his data for the pursuit of the legitimate interest of ZanzibarHelp or third parties, provided that the interests or fundamental rights and freedoms of the person requesting the protection of personal data do not prevail, also for profiling purposes.
If personal data are processed for marketing purposes, the person has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent that it is connected to this activity of marketing.
Automated decision-making process relating to natural persons, including profiling (Article 22, GDPR)
The person has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way. In particular, he has the right to oppose the profiling to which he is subjected through automated processes.
This right cannot be exercised if the decision:
is necessary for the conclusion or execution of a contract;
is authorized by the law of the Union or of the Member State to which you are subject, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the person;
is based on explicit consent.
The person has the right to express their opinion and to challenge the decision of ZanzibarHelp.
CRITERIA USED TO DEFINE THE LIMIT OF DATA STORAGE
The data will be kept in our archives (Article 4, paragraph 6, GDPR: “any structured set of personal data accessible according to specific criteria, regardless of whether this set is centralized, decentralized or divided in a functional or geographic way “) according to variable criteria according to the category of the data, the nature of the processing and the purposes of the processing itself. The criteria or the precise storage limit are described in the information to be provided pursuant to art. 13, GDPR at the time of providing personal data.
In principle, the following evaluations by ZanzibarHelp apply to establish the data retention policy:
all data regarding the various forms of support for ZanzibarHelp initiatives are kept as long as the relationship remains active and for a number of years equal to that which laws, regulations, including EU ones, impose for administrative and accounting purposes
all data used for marketing activities with profiling, the processing of which is supported by a positive action of the person to such processing, explicitly declaring that he wishes it, are kept as long as the profile of the interested party is in line with the personalized communications created through the intersection of the information available to us and, therefore, as long as ZanzibarHelp continues its mission with projects, initiatives, actions and activities that require financial contributions or that encourage awareness (eg: petitions, emergency appeals, requests for opinion and surveys) that are of interest to the person who has expressed a desire to receive information from that ten hours and that reflect the characteristics and behaviors of the person and are, therefore, of his specific interest and not of disturbance. Also in this case, this retention will cease if the interested party expresses opposition at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to such direct marketing.
Courses the periods set out above, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but which are useful for adapting projects, initiatives and actions for the realization and achievement of statutory and institutional objectives of ZanzibarHelp. Personal data will therefore be destroyed.
Your personal data can be processed, either manually, electronically or electronically, either directly by ZanzibarHelp or by third parties who, with experience, technical skills, professionalism and reliability, carry out processing operations on behalf of our association, in compliance with the security and confidentiality of information and constantly monitored by us in their work. The data processor is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller” (Article 4, paragraph 8, GDPR) and is contractually bound by ZanzibarHelp, with definition of the operational limits on the data, of the data that can be processed and of the categories of interested parties to which they refer, and with the prohibition of using them differently from the assigned task. It can, if formally authorized by ZanzibarHelp, make use of other managers, who are contractually bound by the manager directly appointed by ZanzibarHelp: the violations committed by such other managers fall under the responsibility of the first responsible and not of ZanzibarHelp.
THIRD PARTIES TO WHOM YOUR DATA HAVE BEEN COMMUNICATED
Your data may be made available to third parties, independent data controllers, for purposes related to the provision of services of interest or in compliance with laws and regulations that require communication, as well as with supervisory bodies. For example, they will be made available to credit or credit card issuers to allow the transactions necessary for the donation, as well as PayPal.
WHAT COOKIES ARE AND HOW THEY ARE USED BY ZanzibarHelp
Cookies are information saved on the hard drive of your PC and which are sent by your browser to a Web server and which refer to your use of the network. Consequently, they allow you to know the services, the sites visited and the options that, while surfing the net, have been shown.
This information is therefore not provided spontaneously and directly, but leaves a trace The data collected through cookies will be used for technical needs, in order to ensure easier, immediate and quick access to the site and its services and easy navigation for the individual user.
Profiling cookies may also be used, with the user’s consent, to create user profiles based on the sections of the site or the actions performed by the user himself on this site or surfing the net.
The use of so-called session cookies (which are not stored permanently on the user’s computer and are automatically deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. The so-called Session cookies that are used on this site avoid the use of other IT techniques that are potentially prejudicial to the confidentiality of users’ browsing and do not allow the acquisition of the user’s personal identification data. In any case, you can configure your browser so that you are notified when a cookie is received and then decide whether to accept it.
To find out about our cookies policy and third-party cookies policies, please read the relevant extended information by clicking here.
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by their very nature could, through processing and association with data held by third parties, allow the users themselves to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
THE SECURITY OF YOUR PERSONAL DATA
ZanzibarHelp adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational measures are developed which aim to prevent damage, even accidental loss, alterations, improper and unauthorized use of the data concerning you.
In particular, ZanzibarHelp has implemented adequate technical and organizational measures to guarantee a level of security appropriate to the risk that could affect the rights and freedoms, including confidentiality and confidentiality, of individuals. Adopt security policies that include, among others:
“pseudonymisation” (Article 4, paragraph 5, GDPR: “the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures designed to ensure that such personal data are not attributed to an identified or identifiable natural person “) and data encryption
systems that permanently safeguard confidentiality, the integrity, availability and resilience of processing systems and services
systems designed to promptly restore the availability and access of personal data in the event of a physical or technical incident
procedures for testing, verifying and evaluating regularly the effectiveness of technical and organizational measures in order to guarantee the security of the processing.
Similar preventive security measures are adopted by third parties (data processors) to whom ZanzibarHelp has entrusted processing operations of your data on their own behalf.
On the other hand, ZanzibarHelp is not responsible for untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as for information concerning him and that have been provided by a third party, even fraudulently.
CREDIT CARD AND FINANCIAL INFORMATION
In the case of a donation made by credit card, ZanzibarHelp guarantees maximum confidentiality and security. The financial information of the credit card (number, expiry date, details of the holder) may only be known by the issuing institution. ZanzibarHelp will only be aware of a code (“token”) that cannot be traced back to the credit card details.
If the donation is made through PayPal, you will be redirected to the PayPal site and, therefore, the confidentiality and security criteria are the sole responsibility of PayPal, excluding any liability on the part of ZanzibarHelp.
In general, finally, ZanzibarHelp assumes no responsibility with reference to unauthorized or fraudulent use by third parties of the information relating to the tools used for the transaction related to the donation.
Every effort will be made to make the features of this site as interoperable as possible with the automatic privacy control mechanisms available in some products used by users.