Privacy Policy - ActionAid

Introduction

Associazione ActionAid Switzerland (hereinafter, also referred to as “the Organization” or “AA” or “ActionAid”) recognizes the importance of safeguarding personal data and respects the rights of individuals. Given that the Internet is a potentially risky tool for the circulation of your personal data, we are strongly committed to complying with rules of conduct – in line with the Federal Act on Data Protection (FADP) – that guarantee secure, controlled, and confidential browsing on the web.

This privacy policy may be subject to change over time, also due to legislative and regulatory additions and amendments, or due to our institutional decisions. Therefore, we invite you to periodically consult this section of our website.

Basic Principles of ActionAid’s Privacy Policy

To process (any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction) personal data (any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person) exclusively for the purposes and in accordance with the information provided to the user each time they access a section of the site where the provision of personal data, directly or indirectly, is required;
To use the data that has been voluntarily provided by the user;
To use technical cookies to facilitate navigation on the site and analytic cookies for statistical purposes;
To transmit data to third parties exclusively for purposes instrumental to what is expressly requested and carefully selected by us;
To communicate data to third parties for activities related to what is of interest or if required by law, regulation, or community legislation;
To respond to requests for access to personal data, rectification or erasure same, or to reply to the right to object to their processing. In particular, you have the right to object to the processing of data for the purpose of informational communications about our projects and requests for financial contributions to support our institutional activities;
To ensure correct and lawful processing of your data, safeguarding your privacy, as well as applying appropriate security measures to protect the confidentiality, integrity, and availability of the data.

Purpose of Processing

As better explained in the sections that allow you to join – by providing your personal data – the services reserved for users of our site, the data requested are used to respond to requests expressly made by the user.

In particular, all data collection and processing activities are aimed at pursuing the institutional purposes of ActionAid, and in particular for:

Regular and one-off donations, made in various ways (credit card, direct debit, or other);
Adherence to our project or request for information on them;
“social advertising” and direct marketing purposes, through various means of contact. To better clarify, the data will also be processed for promotional, information, and institutional contacts on our projects, activities, and fundraising initiatives, surveys, and research reserved for members of our actions. This right and interest in information are acquired upon joining the individual ActionAid awareness project.
“social advertising” and direct marketing purposes with the creation of a “personalised profile” of the person (elaboration of data that allows to assess essential characteristics of the personality of a physical person), i.e., based on the interests and preferences shown through the requests made by contacting us and the characteristics of the donation. In particular, the data will be processed for these purposes in a personalized way based on the behavioral characteristics (e.g.: actions to which you have joined, area of residence, age), interests, and preferences regarding our actions. The creation of a personalised profile will involve the selection of information stored about the person so that they receive communications of interest to them and in line with their preferences, avoiding receiving unsolicited or uninteresting contacts.
Directing users to our social media channels.
Statistical processing on the consistency of supporters, donors, and users of the site.

Methods of Data Processing and Criteria for Data Collection

The data collected are collected through the forms filled in or the requests made to AA and are both data that are strictly necessary to join what is of interest and whose failure to indicate does not allow to implement the request, and data of optional provision. Therefore, the user is free to provide the personal data reported in the donation forms or otherwise indicated in contacts with the Organization to request information or for the other purposes listed above. In these cases of mandatory provision of data, their lack may make it impossible to obtain what is requested.
All processing will be carried out with both paper and electronic or telematic tools, with logics related to the purposes for which the data were collected and in compliance with current security regulations, for the purposes specified from time to time in the information provided to the data subject.
ActionAid will not use the data provided for purposes other than those related to the service to which the user has joined, and, in any case, only within the limits indicated from time to time in the information that they have received.

Location of Data Processing

The processing connected to the web services of this site takes place at the headquarters of the Organization and is in charge of technical staff authorized to process it. If necessary, the related data may be processed by the staff of third-party companies that carry out the maintenance of the technological part of the site, at their respective locations.

Data Controller

Associazione ActionAid Switzerland – Via Nassa 21 – 6900 Lugano (CH) – is the Data Controller (the private person or the federal body that determines the purposes and the means of processing), pursuant to and for the purposes of the FADP, as it decides how and for what reasons, communicated in the information to be provided to the interested parties, to collect and use the personal data conferred by the user, as well as with which tools to process them and which security procedures to activate to guarantee their integrity, confidentiality, and availability, in compliance with the obligations and responsibilities established by the FADP.

Rights of Data Subjects

The rights to cancel, modify, or supplement the data already voluntarily provided are guaranteed, as well as to request its restriction, transformation into anonymous form, or object to their processing on legitimate grounds or if you do not wish to receive “social advertising” even with “profiling”, as well as to limit the processing and exercise the right to data portability. Furthermore, it is possible to contact the supervisory authority. Thanks to the exercise of these rights, you will be able to control the use of your data even after it has been provided.

They can be exercised, at any time, at the address sostenitori.ch@actionaid.org (alternatively, by writing to Associazione ActionAid Switzerland – Via Nassa 21 – 6900 Lugano (CH)) the rights listed below:

Right of access
Right of rectification
Right to cancellation
Right of opposition, especially regarding the opposition to the processing of your personal data for direct marketing purposes, including the creation of personality profiles related to direct marketing

Complaint to the Federal Supervisory Authority

The data subject has the right to contact the Federal Supervisory Authority (IFPDT; Feldeggweg 1, CH-3003 Bern, <www.edoeb.admin.ch>) to assert their rights regarding the protection of personal data.

Criteria Used to determine the period of storage of personal data

The data will be stored in our filing system (any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis) according to different criteria depending on the category of data, the nature of the processing, and the purposes of their processing. The criteria or the precise period of storage are described in the information provided when personal data are provided.

In principle, here is the criteria to determine the period of data storage:

All data relating to the donation are stored as long as the relationship remains active and for a number of years equal to that which laws, regulations, including community laws, impose for administrative and accounting purposes.
All data of supporters or those interested in our mission used for marketing purposes are stored for the period necessary to provide the information services reserved for these people. This right and interest to be informed are acquired upon joining the project that involves the donation. This period is also justified by the legitimate interest of AA to maintain constant the relationship established with the person to keep them informed about which projects could be financed with the contribution of the donors or on the awareness-raising actions that AA considers useful to make known to demonstrate its constant commitment to the realization of its mission. This storage period is extended as long as the person’s interest in remaining in contact with AA lasts: if they no longer have an interest, just communicate it through the means referred to in the paragraph “Rights of data subjects” and AA will adopt the appropriate technical and organizational measures to no longer disturb the person.
All data used for marketing activities with the creation of personality profiles, whose processing is supported by the explicit consent of the person, are stored as long as the person’s profile is in line with the personalized communications created through the elaboration of information available to us and, therefore, as long as AA pursues its mission with projects, initiatives, actions, and activities that require financial contributions or that raise awareness (e.g.: emergency appeals, requests for opinion and surveys) that are of interest to the person who has expressed consent to receive information of this kind and that reflect the characteristics and behaviors of the person and are, therefore, of specific interest to them.

Even in this case, this storage will cease if objection to the processing of personal data is expressed at any time carried out for these purposes, including the creation of personalised profiles, to the extent that it is connected to direct marketing.

After the periods mentioned above have elapsed, the identification data are transformed into anonymous form and used only for statistical reports that do not allow to trace the identity of the person but that are useful to adapt the projects, the initiatives, and the actions for the realization and the achievement of the statutory and institutional objectives of AA. Personal data will, therefore, be destroyed.

Other Subjects Who Process Personal Data

Your personal data may be processed, with and without electronic and telematic means, both directly by AA and by third parties who, with experience, technical skills, expertise, and reliability, perform processing operations on behalf of our association, in compliance with the security and confidentiality of information and constantly controlled by us in their work. The complete and updated list of third parties can be requested by e-mail to sostenitori.ch@actionaid.org (or by writing to Associazione ActionAid Switzerland – Via Nassa 21 – 6900 Lugano (CH)).
The persons authorized to process data, identified in the information provided where data are collected, are in charge of the specific services of the site, institutional activities and fundraising, organization of awareness events, communication, information technology, and data security.

Third Parties to Whom Your Data Is Communicated and Dissemination of Data

Your data may be made available to third parties, independent data controllers, for purposes related to the provision of services of interest or in compliance with laws and regulations that prescribe communication, as well as to supervisory authorities. For example, they will be made available to credit institutions or credit card issuers to allow the transactions necessary for the donation.
The communication of data to third parties for their marketing and/or profiling purposes, as well as any dissemination, may occur with the prior consent of the person.
Personal data may be subject to dissemination: this may occur if the service to which the user has adhered contemplates such processing. For example, they may be disseminated through our social channels, even in image format, if the data subject intends to testify to their experience with AA or wishes to relate to AA through the social channels. All these cases of data dissemination will occur with the prior consent of the data subject.

Social media

The data of users who join AA’s social media pages (fans of the page or members of a group of followers of a specific promotional or product sales incentive or new products in AA’s catalog) decide, with this action, to explicitly express their intention to follow news, comments, evolutions of AA. These users, subsequently to their behavior, can legitimately receive promotional messages concerning the topics for which they have manifestly stated, implicitly adhering to the page, to be interested. The sending of promotional communications regarding a specific project or initiative or an institutional activity in a broad sense, carried out by AA to which the relevant page refers, must be considered legitimate if, from the context and methods of operation of the social network, also in function of the information provided voluntarily by the user, it can be inferred that, unequivocally, the user has in some way expressed his will to receive that type of messages, with a behavioral formula that is conclusive of an implicitly declared consent. Therefore, AA may contact the active members of its social pages in order to send information and promotional messages on initiatives, services, events, and fundraising activities to develop its charitable activities.

When the user leaves the group or stops following the events of AA or exercises the right of objection to the processing of data for promotional purposes, then this assumption lapses and, if AA intends to continue to use the data for such promotional and institutional activities, it will require the user’s consent.

Conversely, the data of the primary user contacts will be used by AA upon request to the individual contact of an express consent adequately and previously informed, specific to the promotional messages of AA and released in a free form.

What are cookies and how are they used by ActionAid

Cookies are information saved on the hard disk of your PC that are sent by your browser to a web server and refer to your use of the network. Consequently, they allow you to know the services, the sites frequented, and the options that, browsing the network, have been manifested.

These pieces of information are not, therefore, provided spontaneously and directly, but leave a trace. The data collected through cookies will be used for technical requirements, in order to guarantee easier, immediate, and faster access to the site and its services and facilitated navigation for the single user.

They may be used, with the prior consent of the user, even profiling cookies, to create user profiles based on the sections of the site or the actions performed by the user on this site or browsing the network.

The use of so-called session cookies (which are not stored permanently on the user’s computer and are automatically deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. The so-called session cookies used on this site avoid the use of other IT techniques that could potentially prejudice the confidentiality of user navigation and do not allow the acquisition of personal data identifying the user. In any case, it is possible to configure the browser so that you are warned when a cookie is received and then decide whether to accept it.

To know our policy on cookies and the cookies policies of third parties, we invite you to read them by clicking here.

Browsing Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The Security of Your Personal Data

AA adopts appropriate and preventative security measures to safeguard the confidentiality, integrity, completeness, and availability of your personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical, and organizational measures are put in place that aim to prevent damage, even accidental loss, compromission, improper and unauthorized use of data concerning you.

In particular, AA has implemented adequate technical and organizational measures to guarantee a level of security appropriate to the risk that could undermine your rights and freedoms, including the confidentiality and confidentiality of individuals. AA adopts security criteria that include, among others:

the pseudonymization or encryption of data
systems that permanently safeguard the confidentiality, integrity, availability, and resilience of treatment systems and services
systems designed to promptly restore the availability and access of personal data in the event of a physical or technical incident
procedures to regularly test, verify, and evaluate the effectiveness of the technical and organizational measures in order to guarantee the security of the processing.

Similar preventive security measures are adopted by third parties to whom the Organization has entrusted the processing of your data on its own behalf.

On the other hand, the Organization is not responsible for any untrue information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as information concerning him and which has been provided by a third party, even fraudulently.

Credit Card and Financial Information Necessary for the Donation

In the case of a donation made by credit card, AA guarantees maximum confidentiality and security. The financial information of the credit card (number, expiry date, holder’s details) may only be known by the issuing institution. AA will only be aware of a code (“token”) that does not have the possibility of tracing back to the identity of the cardholder or to the details of the credit card, except in exceptional cases.

Similarly, the same criteria of confidentiality will be maintained in the event of a donation made by bank transfer, for which it is only required to enter a “code” when making the transfer.

In general, finally, the Organization assumes no responsibility with reference to unauthorized or illegal uses by third parties of information relating to the instruments used for the transaction connected to the donation.