Home
Chi Siamo
Dona
Profilo
All individuals, users visiting the Wishraiser.com site and subdomains such as, for example, business.wishraiser.com (collectively, the Sites"), registered users of the platform, having an account on wishraiser.com, donors, and visitors potentially interested in our services, representatives of non-profit organizations (hereinafter collectively referred to asUsers") may be subject to automated and manual processing by Wishraiser.
Identity: Wishraiser SRL
Address: Via Stefanardo da Vimercate, 28 - 20128 Milano (MI)
Email address: info@wishraiser.com
1. Wishraiser may process personal data provided by Users both at the time of creating an account or using the services provided by the Data Controller, and data acquired through contact forms and any other form or document made available online or during external events or phone conversations with the Wishraiser customer service.
2. Wishraiser may automatically collect personal data during the use of services, especially when Users browse the Sites. Wishraiser may collect personal data about them to process access statistics to the Sites and conduct targeted advertising campaigns.
Purpose of the processing | Personal data processed | Legal basis for processing | Retention period |
|---|---|---|---|
Creation of the User account, registration of non-profit organizations on the platform, User navigation on the Sites. | Personal data provided by Users through contact forms, including, for example: name, surname, email address, phone number, and place of residence, username and password, data communicated by non-profit organizations and their representatives. For example and not exhaustively: articles of association and statutes, identification document of the legal representative or representative, additional documentation indicated in the reserved area. | Necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject. | Duration of the contractual relationship. Until the User deletes the account. For data communicated by representatives or legal representatives of non-profit entities, identity documents will be kept only for the time necessary to verify the identity of the data subject and then deleted. To protect against potential disputes, the Controller may retain some information until the end of the ordinary civil prescription period (10 years). |
Management of the contractual relationship between User and Wishraiser regarding the use of the platform to make donations and issue gift cards. | Personal data provided by users through contact forms and online forms, including but not limited to: name, surname, email address, phone number, place of residence, and tax code, donation amount. | Necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject. | Duration of the contractual relationship. To protect against potential disputes, the Controller may retain some information until the end of the ordinary civil prescription period (10 years). |
Participation in prize initiatives for charitable and social purposes. | Personal data provided by users through the donation form. Name, surname, email address, phone number, place of residence, tax code. | Pre-contractual and contractual obligations, i.e., to manage the charitable and social prize initiative announced by the Data Controller and to ensure its correct and regular execution as provided in the regulating document. | Until the end of the procedures related to the prize initiative, except when legal or administrative accounting obligations require longer times, as necessary for the protection of the rights of participants and the Controller. |
Provide information about the services of the Controller (new platform features, platform usage guide, new services, etc.) | Identifying information: last name, first name. | Consent or legitimate interest of the Controller. | Duration of the contract |
Provision of user support services - processing of User requests strictly related to the use of services. | Identifying information: last name, first name. | Legittimo interesse ed esecuzione del contratto. | Until the request is processed. |
Analysis of service and device usage (monitoring website navigation and usage for improvement purposes) through automated analysis tools and tracking. Creation of customized audience groups to display relevant advertisements based on preferences expressed during website navigation. | Data on website connection and usage: date and time of website visit or service usage, User ID, IP address, referral URL and domain, device type, operating system, and browser type, as well as dimensions and content of the browsing window | Legitimate interest and contract performance. | Until consent is revoked or the legitimate interest is achieved. |
Marketing campaigns via email, SMS, WhatsApp, and social networks. | Identifying data: name, surname, age, phone number, social network profile. | User's consent | Until the revocation of consent |
Purpose of profiling also aimed at displaying personalized behavioral advertising and analyzing and monitoring the behavior of website visitors. | Name, surname, email, interactions on the platform. | Consent | Until the withdrawal of consent |
Sharing donor data with non-profit organizations and third-sector entities | Identifying data: name, surname, place and date of birth, residence, email and phone address, tax code, donation amount. | Necessary for the execution of a contract to which the data subject is a party or for the implementation of pre-contractual measures adopted at the request of the data subject. | Duration of the contractual relationship. Non-profit organizations will process user data as independent data controllers. For more information on the processing of personal data by the recipient organizations, users are encouraged to refer directly to them and their privacy policies. |
Communication of donor personal data to non-profit organizations and third-sector entities registered on the platform for promotional purposes, particularly sending informational material about new fundraising campaigns and initiatives undertaken by the non-profit organization receiving the data. | Identifying information: name, surname, email address, phone number. | Consent | Until the User revokes consent |
Collect donations on behalf of non-profit organizations under a specific collection mandate as part of the fundraising service. | Banking data such as IBAN for recurring donations. | Necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject. | Duration of the contractual relationship. |
Conduct optional surveys on Wishraiser services and their possible developments, collection of testimonials, analysis of satisfaction rates to improve services, etc. | Name, surname, gender, email address, content of the request and response. | Consent or legitimate interest of Wishraiser. The User can object at any time free of charge. | Survey data will be retained for 60 days from the collection date. |
As mentioned in the paragraph regarding the purposes of processing, non-profit organizations may become aware of Users' personal data as beneficiaries of donations within the fundraising campaign. The disclosed data may include the name and surname, email address, donation amount, and contact details. Organizations receiving this information should use it only for the purposes previously indicated. They should not process the data for other incompatible purposes, such as marketing and profiling, unless the User has given their free, specific, informed, and unambiguous consent. Non-profit organizations are independent data controllers in relation to this data.
The hosting service of the site is managed by Amazon Web Services. (“Data Processor”). Under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) (Article 28, paragraph 3), the Data Controller is required to enter into an agreement with any organization that processes personal data on its behalf. We have therefore electronically signed a Data Processing Addendum (DPA) to ensure compliance with the obligations set out in the regulation. To learn about the data processing methods carried out by the data processor, please visit the privacy policy at the following link: https://aws.amazon.com/it/compliance/gdpr-center/
Data may be disclosed to third-party providers of traffic measurement tools on the site and those who analyze User behavior during navigation, specifically appointed as data processors under Article 28 of the GDPR.
Data may be disclosed to third-party providers of CRM and automated marketing services, newsletter delivery, specifically appointed as data processors under Article 28 of the GDPR.
Data may be disclosed to third-party providers of payment processing services. The Data Controller uses Stripe Payments Europe Limited, an entity based in Ireland and subject to European legislation. Stripe Payments Europe Limited may transfer personal data to the holding company Stripe, Inc., located in the United States. Under EU Regulation 2016/679 General Data Protection Regulation ('GDPR') (Article 28, paragraph 3), the Data Controller is required to enter into a written agreement with any organization that processes personal data on its behalf. Therefore, the Data Controller has entered into a data processing agreement with Stripe Inc. (“Data Processor”) to ensure compliance with the aforementioned provisions of the GDPR regarding all processing of personal data by the Data Processor.
Personal data may be disclosed to third parties that the Data Controller uses to perform certain processing operations related to the organization of prize initiatives, including travel agencies, airlines, providers of tourist services, marketing agencies, and stores selling goods and services.
The Data Controller may need to communicate your data to professional firms providing assistance and consultancy to the Data Controller in order to protect its own rights and fulfill the obligations required by the law.
A list of data processors can be requested from Wishraiser by interested parties by writing to admin@wishraiser.com
The Data Controller will transfer personal data to countries located outside the European Union only if the legislation of the recipient country is able to ensure a level of protection essentially equivalent to that ensured within the European Union, and such adequacy has been confirmed by a decision of the European Commission. In the absence of an adequacy decision, the Data Controller will enter into a contract with the data recipient that includes the standard contractual clauses adopted by the European Commission, as well as appropriate security measures to ensure a level of protection equivalent to that guaranteed within the European Union.
We encourage Users to refer to our cookie policy
The User, as the data subject, has the right to:
a. be informed about the existence or not of personal data concerning him;
b. access the personal data being processed;
c. request correction if the data we have collected is inaccurate or request integration if the data is incomplete;
d. request the Data Controller to delete the data in cases provided for in Article 17 of Regulation 2016/679, including in case of withdrawal of consent or if the personal data processed are no longer necessary for the purposes for which they were collected or otherwise processed;
e. obtain the restriction of processing under Article 18 of Regulation 2016/679;
f. request the Data Controller to port personal data and receive it in a structured, commonly used, and machine-readable format or to have the personal data transmitted directly to another data controller;
g. object at any time to the processing of data;
h. not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or significantly affects him in a similar way;
i. lodge a complaint with the Data Protection Authority.
Users can exercise their rights at any time by sending an email to the following address: admin@wishraiser.com. We are obligated to respond to your requests within one month of receiving them. This period may be extended by two months if necessary, taking into account the complexity and number of requests received. In the event of an extension, the User will be informed of the delay and the reasons.
If we believe we cannot comply with your requests, we will communicate the reasons for refusal. In this case, the User still has the opportunity to file a complaint with the Data Protection Authority.
The Data Controller reserves the right to modify, supplement, or update this Policy to account for any legislative, regulatory, jurisprudential, and/or technical developments. In the case of significant changes (related to the purposes of processing, personal data collected, data transfer), the Data Controller undertakes to inform Users via email, communicating such changes with a minimum notice of (15) days before the effective date. The new policy will take effect at the end of this period. The only version that is valid is the one published on the Sites.