PRIVACY AND DATA PROTECTION POLICY

[ REVISED 07/28/2025 ]

(Pursuant to the General Data Protection Regulation (GDPR) (EU Regulation 2016/679)

and Legislative Decree 196/2003)

 

Dear Newsletter Subscriber,

You are receiving this email because you requested to be subscribed, or you have subscribed to the BUSAJO NGO ETS Association newsletter by submitting a request on our portal, at events, or by sending an email request. We hereby inform you about how we process your data pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”).

Data Controller

The Data Controller is Busajo NGO Ets, with registered office at Via delle Caldaie, 14 – 50125 Florence and operational headquarters at Via della Fornace, 11 – 50125 Florence. The Data Controller can be contacted at associazione@busajo.org or by phone at +39 055 264293 for information and communications regarding data processing.

The Data Controller has not deemed it appropriate, at this time, to designate a Data Protection Officer.

Processed data and requirement to provide it

The Processing concerns natural persons who

  1. send emails to accounts with the @busajo.org domain;
  2. receive individual emails from accounts with the @busajo.org domain;
  3. are included in a mailing list and receive periodic email communications from associazione-ne@busajo.org or its branches;
  4. are included in a mailing list and receive written communications or paper materials.

The data included in the Processing are or may be:

X name, surname

X email address

X postal and telephone address

X IP addresses and devices used by recipients

X opening (and date) or failure to open the message by the recipient

You are invited to provide your data after consulting this Privacy Policy.

Purpose of Processing and Legal Basis

The Association processes personal data exclusively for the sending (via post, email, newsletter, mobile phone number, or other electronic means) of communications related to the Association’s activities and initiatives.

The legal basis for processing is the request to subscribe to the newsletter service (Article 6, paragraph 1, letter b, GDPR).

Processing Methods and Principles

The processing will be carried out in compliance with the GDPR and Legislative Decree No. 196/03 (“Personal Data Protection Code”), as well as the principles of lawfulness, fairness, transparency, adequacy, and relevance. Processing will be carried out using paper and electronic means, by persons authorized by the Association, and with the adoption of adequate protection measures to ensure the security and confidentiality of the data. No automated decision-making will be carried out. 

Data communication and data transfer

The data will be stored on the host and SMTP servers that guarantee the adoption of security and data protection parameters compliant with the GDPR [or] for the sole purpose of the newsletter service, the data will be transmitted to recipients located outside the EU (e.g., Google LLC or Mailchimp/Rocket Science Group LLC) whose countries have signed agreements aimed at ensuring an adequate level of data protection. Aside from the processing described above, the data will not be disclosed to third parties (or to third countries) or disseminated.

16dee di Edoardo Scarpellini has been appointed as an external data processor for the IT management of the newsletter service, pursuant to Article 28 of the GDPR.

Data retention period

The data will be used until you request to unsubscribe from the newsletter, after which it will be deleted (unsubscription is automatic if you contact us directly on the Site). 

Rights of the data subject

At any time, you may exercise, pursuant to Articles 15 to 22 of EU Regulation No. 2016/679, the right to:

  1. a) request confirmation as to whether or not personal data concerning you exists;
  2. b) obtain information regarding the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and, where possible, the retention period;
  3. c) obtain rectification and erasure of data;
  4. d) obtain restriction of processing;
  5. e) obtain data portability, i.e., receive the data from a data controller in a structured, commonly used, and machine-readable format and transmit it to another data controller without hindrance;
  6. f) object to processing at any time, including for direct marketing purposes;
  7. g) object to automated individual decision-making;
  8. h) request from the data controller access to, rectification or erasure of, or restriction of processing concerning you, or to object to processing, in addition to the right to data portability;
  9. i) withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You may lodge a complaint with the Italian Data Protection Authority if you believe that the processing of your personal data violates the GDPR or Italian law. The aforementioned rights may be exercised by written communication sent by email, certified email, or registered mail to the Association’s headquarters.

Updates and Amendments

The “Data Controller” reserves the right to periodically modify, supplement, or update this Privacy Policy, including to adapt its content to comply with new laws and/or provisions of applicable legislation or measures adopted by the Italian Data Protection Authority (Garante della Privacy) for the Protection of Personal Data.

The most significant changes or additions will be brought to the attention of data subjects. To verify the updated Privacy Policy, data subjects are invited to regularly review the Privacy Policy at the Data Controller’s offices, by asking staff, and paying attention to the date of issue.

Data Management

You can manage your data and newsletter subscription at any time using the links at the bottom of each newsletter.