Who we are
Italia Hello Onlus
Via Benedetto da Maiano n.26,
50014, FIESOLE (Fi)
ItaliaHello Onlus (“ItaliaHello”) is an Italian Not-for-Profit organization incorporated as a Fondazione under Italian law. We take our obligations under the Data Protection Act very seriously and will always ensure that personal data is collected, handled, stored, and shared in a secure manner.
ItaliaHello’s official contact details are:
Data Protection Officer
Viuzzo dei Bruni 12 e 14
50133 Firenze (FI)
Tel: +39 (0)552346380
Chief Executive Officer
Via Benedetto da Maiano n.26,
50014, FIESOLE (Fi)
Chief Technical Officer
2420 NE Sandy Boulevard, Suite 102
Portland, OR 97232
2420 NE Sandy Boulevard, Suite 102
Portland, OR 97232
Personal Data Usage
what and why
The amount and type of information that we gather depends on the nature of the interaction. For example, we ask visitors who sign up for our newsletters to provide their name and email address. Those who make a donation or register for a paid online course are asked to provide additional information, including the necessary personal and financial information required to process those transactions.
In each case, we collect such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with us. We do not disclose or process personally-identifying information other than as described below. Visitors can always refuse to supply us with their personally-identifying information. However, not supplying necessary information may prevent users from engaging in certain website- related activities
ItaliaHello collects or may collect personal data from website users and donors at various stages. The amount and types of the personal data collected is outlined below:
- Website access: see the relevant section below.
- Registration for the Newsletter:
- Email address
- Specific consent to the newsletter subscription
- Financial Details of the Donors:
- name and surname
- contact details (as required by payment method)
Additional personal data may need to be collected by ItaliaHello when it is relevant in relation to volunteers, appeals/complaints/disciplinary cases, and any further optional service. In cases where additional personal data is needed, we will request authorization through an explicit agreement.
ItaliaHello collects the following information from employees:
- Initial application:
- name and address
- national insurance number or Italian Codice Fiscale
- contact details (telephone number, email address)
- upload of passport/visa/Carta di Identità copy if necessary
- relevant qualifications or indication of highest qualification held
- professional development / training and membership of any professional body
- employment history
- supporting statement
- referee details
- criminal record disclosure
- data captured for equal opportunities monitoring
- declaration about any disability as defined under the Equality Act 2010
- Once a candidate has been made an offer of employment, or as otherwise necessary:
- bank details
- emergency contact details
- data captured for equal opportunities monitoring (as above)
- health information
Further personal data captured about an employee is likely to relate to any performance or appraisal process and any information needed to maintain a sickness/absence record
Purpose and legal basis. ItaliaHello shall use the personal data relating to or given by a Donor only:
- for the execution of your request or the service you require (e.g. a donation)
- for the management of any contract/convention or other relationship and the fulfillment of the relevant Statutory obligations.
The legal basis of this data processing is either found in Article 6 (1) (b) of the GDPR when relating to a contract, or, for any other legal obligation, the legal basis is found in Article 6 (1) (c) of the GDPR
Methods and principles. ItaliaHello’s data processing will always be in compliance with the GDPR and Italian law. It will also always be in compliance with the principles of lawfulness, correctness and transparency, and adequacy and relevance. In addition, ItaliaHello complies and with paper and computer-related procedures for people authorized by ItaliaHello and adopts adequate measures of protection to ensure data security and confidentiality. No automated decision-making process will be performed with respect to these matters.
Data provisioning requirements. Provisioning data (providing users with access to their data) is required by EU and Italian law.
Data sharing and transfer abroad. Data may be shared with the subjects involved in the performance of the services and activities required (e.g. external trainers) and to the activities to which ItaliaHello is held on law requirements (accountant, insurer, system administrator, etc.). The data may be transferred to non-EU recipients who have signed agreements to ensure an adequate level of protection of personal data, or in any case after verification that the addressee guarantees appropriate protective measures. Where necessary or appropriate, the subjects to whom the data are transmitted for the carrying out of activities on behalf of ItaliaHello will be appointed Data Processors according to art. 28 GDP
Purposes and methods: Personal data processing will be carried out according to the EU GDPR and Italian law, as well as to the principles of lawfulness, correctness and transparency, adequacy and relevance, for the exclusive mean of sending the periodic newsletter about the initiatives and activities of ItaliaHello. This may include any awareness raising and/or fundraising campaigns and any extraordinary newsletters for general or urgent information. The data will be processed only by people who have been authorized by ItaliaHello and appropriate protection measures will be taken to guarantee the safety and confidentiality of such data
No automated decision-making process will be performed. The legal basis of this data processing is represented by the request for subscription to the newsletter service (art. 6, 1B GDPR).
Communication and transfer of data abroad. Data is transmitted to recipients with an extra-EU seat whose States have signed direct agreements to ensure an adequate level of protection. Outside of the processing described above, data is not disclosed to third parties or third Countries, nor is it dispersed in any way. The subjects to which data is transmitted for IT Management of the newsletter service will be appointed Data Processors according to art. 28 GDPR.
Data provisioning requirements. The provision and use of an e-mail address is required to receive ItaliaHello’s newsletter. The provision of other data is optional.
Data Retention Period. Personal data will be:
- kept and used to send the periodic newsletter
- cancelled when subscription to the newsletter is cancelled
Purpose of data treatment and legal basis. ItaliaHello will treat the personal data of employees (whether relating to or conferred upon the employee) solely in the context of the employment relationship or professional collaboration (fulfillment of the contractual and statutory obligations, correspondence and traceability, organization of the service, etc.). The legal basis for this data treatment is given by the employment contract (art. 6 (1), paragraph (b) and art. 9, 2 (b) GDPR), from the legal obligations to which ItaliaHello is held (art. 6 para. 1(a) GDPR) and the consent given (art. 6 paragraph 1, and art. 9 comma 2 to GDPR).
Sensitive Data. The data processing of any “details” and health related data will be carried out within the limits set out in art. 9, 2 lit. b) and lit. (h) GDPR. Such processing with therefore occurs only when necessary to fulfill obligations and exercise rights under the rules of law, social security, and social protection.
Methods and principles. Data processing will comply with EU GDPR and Italian law as well as the principles of lawfulness, correctness and transparency, adequacy and relevance, and with paper and computer-related procedures. This compliance will be ensured by ItaliaHello and persons authorized by ItaliaHello, and by the adoption of adequate protection measures to safeguard the security and confidentiality of the data. No automated decision-making process will be performed.
Data provisioning requirements. Communication and transfer of data abroad. Data provisioning is necessary because it is closely linked to the organization of the service and to the management of the employment relationship. The publication of the surname and name, role and e-mail address on ItaliaHello’s website, in social networks (e.g. Facebook/Instagram/Youtube) and on the paper information material of ItaliaHello is optional and can only happen after explicit and specific consent. The data may be communicated to all the parties involved in the carrying out of activities in which ItaliaHello is engaged on the basis of obligations under the law (accountant, work consultant, insurer, system administrator, etc.) and to all those subjects, public and/or private where the communication is necessary or relevant to the performance of the institutional activity and to the management of the employment relationship (INPS, INAIL, trainers, Local Authorities, health Institutions, suppliers, etc.). Where necessary or appropriate, the people/companies to whom the data is transmitted for the carrying out of activities on behalf of ItaliaHello will be appointed as Data Processors, according to art. 28 GDPR. Data may be transferred to recipients with an extra-EU seat who have signed agreements to ensure an adequate level of protection of personal data, or in any case after verification that the addressee guarantees appropriate protection measures.
Data Retention Period. The data will be used by ItaliaHello for the duration of the working relationship. After that date only the information needed for legal or accounting or fiscal obligations, or for other protection needs of ItaliaHello, will be saved.
Rights of the person concerned. With respect to the person concerned, all the rights specified in articles 15-20 GDPR are guaranteed. These include: the right to access, rectification and cancellation of data; the right of limitation and opposition to processing; the right to withdraw consent to processing (without prejudice to the lawfulness of processing based on the consent acquired Before the withdrawal); as well as the right to register a complaint with the Garante per la Protezione dei Dati if you believe that your data processing violates the GDPR or the Italian legislation. These rights may be exercised by writing an email or by calling the Data Protection Officer (see addresses above).
Website access and cookies
In connection with your use of our website, we sometimes collect non-personally identifiable information about you such as your IP address and the web pages you visit. Additionally, we utilize cookies to aid in the functioning of our website. A cookie is a small text file sent to your computer or mobile device when you visit a website. These cookies are then stored on the hard drive of your device. This helps us recognize repeat visitors, facilitate each visitor’s ongoing access to and use of our site (such as what languages you prefer to read and learn in), and track usage behavior.
Cookies are widely used by online service providers in order to make their websites or services work, or work more efficiently, as well as to provide reporting information. ItaliaHello uses navigation data and cookies technology, both internal or from 3rd parties, only to improve the user experience and to give a better service.
ItaliaHello uses a homepage popup panel to give users the freedom to:
- be informed about the data collected by the website and its cookies
- choose whether to enable Google Analytics service or not.
If you choose to reject cookies, you may still use our websites though your access to some functionality and areas of our websites may be restricted.
Purpose and legal basis. Personal data acquired through the site will be processed by ItaliaHello with the generic consent of the person concerned, pursuant to art. 6 lit. and e) of the GDPR:
- to manage and maintain the website
- to allow its services to be used through effective institutional communication
- to fulfill the obligations provided by the law, by a regulation, by EU legislation or by an order of Authority, or otherwise related to institutional activities and functions
- to prevent or uncover fraudulent activities or abuses to the detriment of ItaliaHello through the site
Personal data acquired through the site will require the specific consent of the user:
- to activate third party cookie management “Google Analytics”
- to activate the newsletter subscription
Sending an e-mail to the institutional addresses indicated on the website allows the subsequent acquisition of the address of the sender, necessary to answer the requests, as well as any other personal data placed in the email. In this case the acquired data will be processed exclusively to meet the requests of the users.
Data processing places and methods. The processing of data acquired through the website and/or connected to its services takes place at the ItaliaHello offices. If data is processed outside ItaliaHello’s offices, the subject involved will be appointed a Data Processor (art. 28 GDPR).
Data is processed:
- with personal computers, IT instruments or paper
- according to the principles of correctness, legality, transparency, relevance
- not exceeding the purposes of collection and subsequent treatment
- adopting the appropriate security measures to prevent data loss, illicit or incorrect uses, unauthorized access
- to ensure compliance with EU GDPR and Italian law
- exclusively by authorized administrative and technical personnel, even for occasional maintenance operations.
Sharing of personal and special category data: how
ItaliaHello is required to share personal and special category data with certain other organizations in order to meet statutory requirements or to provide services to users. Sharing will always be undertaken in line with the requirements of data protection law, either through the consent of the individual or through another relevant legal gateway. The personal and special category data that is actually shared will always be limited precisely to what the other organization needs to meet its requirements or deliver its services.
The information below outlines the key partners with whom ItaliaHello shares personal and special category data with on a periodic basis:
- The Refugee Center Online (soon to be renamed USAHello): 2420 NE Sandy Boulevard, Suite 102 Portland, OR 97232. This is the organization ItaliaHello derives from. Data processing is regulated by a DPA.
- Paypal Inc. as a payment gateway for donors. Data processing is regulated by a DPA.
- Stripe Inc. as a payment gateway for donors. Data processing is regulated by a DPA.
- SendGrid Inc. as a mail service provider for our newsletter. Data processing is regulated by a DPA.
- MailChimp Inc. as a mail service provider for our newsletter. Data processing is regulated by a DPA.
- TechIO Ltd. as the hosting provider for our website, on their kinsta.com platform.
- Google Inc. as the 3rd party provider of Google Analytics service
- Other individuals / organizations:
- Business, accounting, and legal advisors, strictly for the needs of ItaliaHello’s activity and mission
- The Data Protection Officer to review user complaints;
- Employers who request a reference from ItaliaHello;
- our employees, agents and contractors where there is a legitimate reason for their receiving the information, including:
- third parties who are contracted to provide IT services for us;
- internal and external auditors.
How long does ItaliaHello keep personal and special category data?
ItaliaHello does not and will never hold personal data for any longer than is necessary.
In some cases, there are good reasons why ItaliaHello needs to retain data about users, donors, and other individuals for a significant period of time. The most important reasons are outlined below:
- in order to comply with EU and Italian law, taxes, etc.;
- to produce transcripts and references;
- for user services and ongoing relations with ItaliaHello;
- for careers and employability services;
- to deal with complaints, appeals and disciplinary cases;
- for statutory reporting purposes and in order to complete statutory surveys;
- to produce references on request from previous employees;
- in order to meet pension obligations.
An individual has the right to ask ItaliaHello what personal data we hold about them, and to ask for a copy of that information. This is called making a “Data Protection Subject Access Request.”
A Subject Access Request should be submitted in writing via email to the Data Protection Officer or in hard copy to the postal address provided above. ItaliaHello reserves the right to ask you to provide proof of identification and for you to clarify your request if it is unclear in the first instance. You will receive a reply no later than 30 calendar days from the date you make the request in writing.
If you are unhappy with the initial response you can ask ItaliaHello to undertake a further search if there is specific information you have good reason to believe exists but that hasn’t been provided.
You also have the right to complain to the Italian Garante della Privacy if you believe your request has not been dealt with properly or you have a complaint to raise against ItaliaHello for any other data protection related issue. A complaint can be raised via the Garante’s website
You also have the right to withdraw consent from the processing of your personal data by ItaliaHello at any time, if your consent was sought initially to use your personal data.
Right to rectify
If you believe ItaliaHello holds information about you that is factually incorrect please email the Data Protection Officer providing the correct information, and ItaliaHello should update it within one month.
All users, donors, employees, volunteers and any other relevant individual who handles personal information for which ItaliaHello is responsible must follow the requirements of the Data Protection Policy.
This document Ver. 1.0 has been updated on April 4 2019