Privacy policy

PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA

of users who visit the website https://www.busajo.org

pursuant to Article 13 of Regulation (EU) 2016/679.

Dear user,

Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), we wish to inform you regarding the processing of your personal data, which is processed by consulting the website accessible online at the following address:

https://www.busajo.org

By visiting the above-mentioned website, data relating to identified or identifiable natural persons may be processed.

This information does not apply to other websites, pages, or online services accessible via hyperlinks published on the websites, but referring to resources outside the Busajo Association’s domain.

DATA CONTROLLER

The data controller is the BUSAJO NGO Ets Association, Via delle Caldaie, 14, 50125 Florence (FI), Tel. 055264293, Fiscal Code 94168700485. Data Controller email address: associazione@busajo.org, in order to exercise your rights.

LEGAL BASIS OF PROCESSING

We inform you that your personal data will be processed by the Data Controller for the purposes to which you have given your consent.

TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING

1. Data provided voluntarily by the data subject

The optional and voluntary submission of any personal data, such as name, surname, email address, and telephone number by the user, by completing the registration forms or to the contact addresses indicated on the Site, entails the inevitable acquisition of such data by the Data Controller and its subsequent processing to respond to requests received. Therefore, users who prefer not to have their data collected by Busajo are invited not to send any requests to the latter or, at least, to provide, during contact, the minimum possible amount of personal data (among those indicated as optional).

Busajo does not require the data subject to provide so-called “personal” data. “Special categories of data” means, as provided for by the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If the service requested by Busajo requires the processing of such data, the interested party will receive specific prior notice and will be asked to provide their consent.

The website and online services are not intended for minors under the age of 18. Data relating to minors may be transmitted to the Association through access to the website and services only by those with parental responsibility.

Credit Card Information

In the event of payments (for membership or donations) made by credit card, Busajo guarantees maximum confidentiality and security. Credit card financial information (number, expiration date, cardholder’s details) will be accessed exclusively by the issuing institution. Busajo cannot trace the identity of the cardholder or the card details, except in exceptional cases.

Similarly, the same confidentiality standards will be maintained for donations made via bank transfer.

If the donation is made via PayPal, you will be redirected to the PayPal website. Therefore, confidentiality and security standards are the sole responsibility of PayPal, excluding any liability on the part of Busajo.

1. Browsing data

The computer systems and software procedures used to operate the website https://www.busajo.org acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the

numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.

This data, necessary for the use of web services, is also processed to obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.) and to monitor the proper functioning of the services offered.

User-Provided Data

The optional, explicit, and voluntary sending of messages to contact addresses, private messages sent by users to institutional profiles/pages on social media (where this option is available), and the completion and submission of forms entail the acquisition of the sender’s contact information, which is necessary to respond, as well as all personal data included in the communications.

Cookies

The site uses cookies to ensure normal navigation and use of the site and to improve the user experience.

Specifically, the following types of cookies are used:

–      Essential technical cookies, necessary for the proper functioning of the website. These cookies allow, for example, page navigation and the storage of a user’s login credentials to maintain the session active during subsequent visits.

–      Technical analytics cookies for website optimization, directly from the Data Controller, who may collect information, including aggregated information, about users’ use of the website in order to improve its operation. These cookies, for example, show which pages are most frequently visited by the user, the most recurring usage patterns, and any difficulties users have encountered using the website.

–      Profiling cookies to allow for data customization in the Members’ Area.

–      Third-party cookies for sharing on some of the major social networks (e.g., Facebook, LinkedIn, Instagram). Whenever a user decides to interact with the buttons of these social networks (also known as “plugins”), or access their website after logging in with their social network account, some personal information may be acquired by the operators of the social network platforms. The owner does not have access to the data collected and processed independently by the operators of the social network platforms. The collection and use of information obtained through the plugins are governed by the respective privacy policies of the social networks, to which we ask you to refer.

Facebook: https://www.facebook.com/privacy/policy/?locale=it_IT

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=it_IT

Instagram: https://help.instagram.com/811572406418223/?helpref=breadcrumb

Users who wish to refuse to accept cookies on their device must change their browser settings for Internet browsing.

NEWSLETTER

The Newsletter is published on the portal and distributed via email—automatically and free of charge—to registered users who authorize its receipt. This tool has the sole purpose of disseminating knowledge and raising awareness of the Data Controller’s activities, projects, and specific purposes.

The data is processed exclusively by personnel and collaborators of the Authority or companies expressly appointed as data controllers (e.g., for technological maintenance of the website).

Registered users who have authorized receipt may revoke it at any time by logging into their reserved area and unchecking the box.

MailChimp is an address management and email sending service provided by The Rocket Science Group, LLC. Personal Data collected: Last name, Usage data, email address, and first name. MailChimp is certified under the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. Place of processing: United States – Privacy Policy

PLACE OF PROCESSING. The processing of data acquired through the site and/or connected to the site’s services takes place at the Association’s offices and possibly at other designated entities or computer systems/servers.

METHODS AND STORAGE PERIOD

Personal data will be processed in a manner that ensures adequate security and confidentiality and prevents unauthorized access or use of both the personal data and the tools used for their processing. Processing will be carried out using computer and/or electronic means, following organizational methods and procedures strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the operation of this Website (administrative, sales, marketing, legal, and system administration personnel) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, and communications agencies) may have access to the Data, and may also be appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors may be requested from the Data Controller at any time.

Personal data will be processed and stored in full compliance with the principles of necessity, data minimization, and retention period limitation, through the adoption of technical and organizational measures appropriate to the level of risk of the processing and for a period of time no longer than is necessary to achieve the purposes for which they are processed. They may be retained for a longer period due to any legal obligations or based on the Users’ consent.

DATA RECIPIENTS

The personal data collected is processed by authorized personnel, acting on the basis of specific instructions provided regarding the purposes and methods of processing. External parties who provide services or perform activities instrumental to this Site (webmasters, internet service providers, online newsletter and statistics platforms, etc.) have access to the data.

DATA TRANSFERS OUTSIDE THE EU

We guarantee that any data transfers outside the EU are carried out in compliance with applicable legal provisions. If you would like further details on the security measures implemented to protect the personal data provided, please contact the Data Controller at the contact details above.

DATA SUBJECT RIGHTS

The Data Controller guarantees each data subject the right to exercise their rights under Chapter III of the General Data Protection Regulation:

– to access personal data, including to understand the logic and purposes underlying the processing using electronic means;

– to obtain the updating, rectification, or erasure of the data, or to limit its processing;

– to obtain the anonymization of the data or its blocking;

– to object to the processing;

– to object to data portability;

– to withdraw consent, where applicable: the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;

– to lodge a complaint with the supervisory authority (Italian Data Protection Authority).

Requests are submitted free of charge and will be processed by the Data Controller as quickly as possible, in any case within one month.

This document constitutes the privacy policy of this site.

It may be subject to changes or updates. If there are significant changes or updates, users will be notified via appropriate notifications.

The document was updated on November 10, 2025