Through this privacy notice, the Paolo Chiesi Foundation (the “Foundation”), in accordance with Regulation (EU) No. 679/2016 (the “GDPR”), informs you that your Personal Data, or in any case the Personal Data you provide, will be processed by the Foundation as Data Controller, in full compliance with the applicable legislation.

Personal Data” means any information of any kind, including electronic data, that allows a person to be identified, either directly or indirectly, alone or in combination with other information.

Processing of Personal Data” means, pursuant to Article 4(2) of the GDPR, any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination.

Data Subject” means the identified or identifiable natural person to whom the Personal Data relate.

1. How we collect and use your Personal Data

Purpose

Personal Data are processed in order to allow the successful completion of your donation to the Paolo Chiesi Foundation.

Personal Data processed

The Foundation will process only the data necessary for the purposes indicated above. In particular, your identification data, contact details, and payment data will be processed.

The processing of special categories of data, as defined under Article 9 of the GDPR (such as, by way of example, health data), and/or data relating to minors is expressly excluded. Should such categories of data be voluntarily provided by the user, they will be immediately deleted.

Legal basis

Performance of contractual obligations: for the execution of the donation agreement to which the donating user is a party.

2. How we share your Personal Data

The Foundation may share your Personal Data with other companies, organizations, and individuals in the following circumstances:

  • We may share your Personal Data with companies belonging to the Chiesi Group, both in Italy and abroad (including countries outside the EEA).
  • Sharing in compliance with laws and regulations: we may share information as required by applicable laws to manage legal disputes or requests from administrative or judicial authorities.
  • Sharing with service providers: we may also disclose your Personal Data to companies that provide services on our behalf. In particular, your data will be shared with Rebel Idealist Inc. (DonorBox), the provider of the platform through which your donation will be processed.

In this latter case, the Foundation will ensure the lawfulness of such sharing and will enter into data processing agreements and/or contractual clauses with the companies, organizations, and individuals with whom your Personal Data is shared, requiring them to comply with this privacy notice and to adopt appropriate security measures.

3. How we protect your Personal Data

The Foundation attaches the utmost importance to the security of your Personal Data and has adopted appropriate security measures to protect it against unauthorized access, disclosure, or loss.

To this end, the Foundation adopts the following measures:

  • We take reasonable measures to ensure that the Personal Data collected is limited and relevant to the purposes for which it is processed.
  • We retain your Personal Data only for the time strictly necessary for the purposes indicated in this privacy notice, unless a longer retention period is required or permitted by law.
  • We use a range of technologies to ensure the confidentiality of data during transmission and adopt reliable protection mechanisms to defend data and storage servers against potential attacks.
  • We carefully select business partners and service providers, requiring them to comply with our Personal Data protection requirements through specific contractual clauses. We also carry out audits and other verification activities to ensure compliance.
  • We organize training, testing, and information activities on privacy and data security in order to increase awareness among employees and collaborators regarding the protection of Personal Data.

4. Retention of your Personal Data

Your Personal Data, referred to in section 1) of this notice are stored on the Foundation’s servers in Italy, or on the servers of providers (specifically appointed as Data Processors) within the European Union or outside, with all appropriate security measures adopted in advance to ensure adequate protection of your personal data.

We retain your Personal Data for the time necessary to achieve the purposes set out in this Privacy Notice.

Your Personal Data will be retained for the period indicated above, or for a shorter period if you decide to exercise one of the rights listed in the “Data Subject’s Rights” section below.

5. Data Subject’s Rights

Right of access, rectification, erasure, data portability, restriction of processing, and objection to processing.

The Foundation provides an email address that you may contact in order to exercise any of the rights listed above, to obtain the list of Data Processors and the names of the entities with whom your Personal Data has been shared: info@paolochiesifoundation.org

If you believe that the Foundation is not processing your Personal Data in accordance with this privacy notice or with the applicable law, you have the right to exercise your rights and to lodge a complaint with the Italian Data Protection Authority.

The Data Controller is:

Paolo Chiesi Foundation, with registered office at Via Paradigna 131/A, 43122 – Parma.