PRIVACY POLICY ARTICLE 13 REGULATION EU 2016/679

IDENTITY AND CONTACTS OF DATA OWNER

Name: Wishraiser Ltd

Address: via Stefanardo da Vimercate 28, 20128 Milano, Italia

E-mail address: admin@wishraiser.com

PURPOSES OF THE PROCESSING

a. Contractual purpose

We will treat your data for contractual purposes only. The data treatment will be necessary in order to provide you with the requested services. The personal data will be gathered through contact and registration modules available on the website. Furthermore, the personal data will be treated for:

  • Allow you to use the website and the services;
  • Donate in support of the Nonprofit Organizations showed on the website and receive the rewards;
  • Allow you to participate to the charity initiatives prompted by the data owner, in accordance with the regulation for participation;
  • Answer to your questions regarding the services used.

b. Sending Informative newsletters

After your request, you could subscribe to our Newsletter and receive a preview of the updates regarding the charity initiatives and the fundraising campaigns. You will be free to unsubscribe at any time revoking your informed consent for this specific purpose. The unsubscribe action will not have any consequences about the website registration or use of services.

c. Direct marketing purposes by profiling activities

If it is not possible to avail ourselves of the legitimate interest as the legal basis of the treatment, we will ask for your consent to the treatment of your data for direct marketing purposes (market analysis, sending of commercial communications), by post, e-mail, telephone and / or SMS and / or MMS, through profiling systems in order to create personalized groups of public to which show relevant advertisements in line with the preferences shown while browsing the site. By doing so we will know that you are more interested in receiving commercial communications of a certain type relating to a particular product or service. We can view the ads that users click, the pages with which they interact, the activities they perform inside and outside of Facebook related to elements such as the use of the device, the behaviors or purchase intentions and travel preferences , demographic data such as age, gender and location, the mobile device they use and the speed of the network connection. The profiling activity is activated with the consent of the user when accessing the site. You can use the banner that will appear on the site to refuse consent to profiling by denying the installation of profiling cookies. You can ask not to receive further promotional communications by e-mail by clicking on the appropriate link for revocation of consent, which is present in each promotional e-mail, and more generally you can oppose the processing for commercial purposes by contacting us at admin@wishraiser.com

d. Direct marketing purpose

With your consent, the personal data will be communicated to Non-profit Organizations for their commercial and direct marketing purposes (market analysis, sending of commercial communications) in particular to inform you about their fundraising initiatives and campaigns, as well as statutory purposes. Your contact details may also be communicated to commercial partners indicated in the table below, both to send you commercial e-mails and to detect the type and your consumption habits through market analysis and surveys. The table will be updated from time to time with the details of the commercial partners to whom the data may be communicated. Data processing for indirect marketing purposes is optional. You can revoke your consent at any time by contacting the owner at the following address admin@wishraiser.com. You can also revoke your consent at any time by making the opt-out via the link in each e-mail or by directly contacting the natural or legal person from whom you receive the communication.

e. Purposes of traffic analysis and user behavior when browsing the site

Through Google Analytics, we reserve the right to monitor the use of the site by visitors, to record information such as mouse movements and clicks, page scrolling activities, browser information (type, version, screen size, etc.). ), basic information about the user (country, language, time zone), to improve the quality of the site and services.

f. Compliance with regulatory obligations.

In particular, we may be required to keep certain personal data for a longer period in compliance with a legal obligation (for example for data entered in the accounting records for which the ten-year conservation obligation applies) or for reasons of protection of our rights, up to the end of the ten-year ordinary prescription referred to in Article 2946 of the Civil Code.

LEGAL BASIS OF THE TREATMENT

a. Personal data treatment compliant to contractual obligations

According to the EU Regulation 2016/679, the processing performed by us must always have a legal basis. The processing of your data is necessary for the provision of the service within a contractual relationship. Your personal data will therefore be kept for the time strictly necessary for the provision of the services and subsequently deleted, as better explained in the "Data storage criteria" chapter. A failure in providing this data will make it impossible for us to provide the services requested.

b. Consent

If it is not possible to avail ourselves of legitimate interests, we will ask you for your consent to process your personal data for sending newsletters and for direct marketing purposes (market analysis, sending commercial e-mails), including through automated profiling systems / analytics aimed at sending you communications in line with your preferences. Furthermore, subject to prior consent, the personal data will be communicated to the non-profit associations for their marketing purposes, including to carry out market analysis or to send commercial communications with manual or automated systems. Your contact details may also be communicated to commercial partners indicated in the table below, both to send you commercial e-mails and to detect the type and your consumption habits through market analysis and surveys. Contacts can be made via e-mail, telephone, traditional mail, SMS / MMS. We will also ask for your consent to perform the profiling indicated in the chapter dedicated to the purposes.
You will always have the opportunity to object to this treatment by revoking your consent to the processing indicated above either by sending a communication to admin@wishraiser.com, or by accessing the control panels made available by the automated marketing service providers indicated in the relevant section " RECIPIENTS OR CATEGORIES OF RECIPIENTS ". You can ask not to receive further commercial e-mails by clicking directly on the cancellation link ("cancel the registration") that you will find at the bottom of every e-mail received. In the event of withdrawal of consent, the processing of data for this purpose will cease immediately.

c. Legitimate interest

In accordance with article 13, paragraph 2 of Directive 2009/136 / EC, and with reference to Recital (27) of REGULATION 2016/679, we will be able to use your e-mail address acquired in the context of a customer relationship between you and Wishraiser (for example because you used our services and concluded a transaction through the site) to send you electronic communications concerning products or services similar to those offered previously. You are entitled, from now on, to refuse such communications free of charge by sending us a notice to admin@wishraiser.com, and to oppose such processing in the future by requesting the cancellation of your e-mail.

RECIPIENTS OR CATEGORIES OF RECIPIENTS

In order to deliver the services, allow you to browse the site and for marketing purposes, we could deliver your data to the following recipients.

I. Non-profit Organization

Non-profit organizations can learn about your personal data as beneficiaries of donations in the context of fundraising. This is a communication required for contractual purposes and necessary to allow you to make the donation. The data disclosed may include your name, e-mail address and contact details. The associations that receive this information should use it only for purposes related to the donation. They should not contact you for other incompatible purposes, unless you have given your free, specific, informed and unambiguous consent. The associations are autonomous data controllers in relation to these data.

II. Commercial partners

With your consent, we will be able to communicate your data to the following commercial partners for their marketing purposes. The table will be updated from time to time with the details of the commercial partners to whom the data may be communicated.

PARTNER INDIRIZZO E DATI DI CONTATTO SETTORE DI APPARTENENZA

III. Hosting service providers

The site hosting service is operated by Amazon Web Services, Inc. Seattle, WA 98108-1226, United States ("Data Processor"). In accordance to EU Regulation 2016/679 General Data Protection Regulation ("the GDPR") (Article 28, paragraph 3), the Data Controller is required to enter into an agreement with any organization that processes personal data on its behalf. We have therefore electronically signed an addendum on data processing or DPA (Data Processing Addendum) to ensure compliance with the obligations set in the regulation. To find out how the data is processed by the controller, please visit the privacy policy accessible at the following link: https://aws.amazon.com/it/compliance/gdpr-center/

IV. Automated marketing systems providers

MailerLite is a mail marketing platform managed by UAB "MailerLite", J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania ("Data Processor"). In accordance to EU Regulation 2016/679 General Data Protection Regulation ("the GDPR") (Article 28, paragraph 3), the Data Controller is required to enter into a written agreement with any organization that processes personal data on its behalf. We have therefore electronically signed an addendum on data processing or DPA (Data Processing Agreement) to ensure compliance with the obligations set in the regulation.

V. Payment processing system providers

Stripe Payments Europe Limited, is an entity established in Ireland and subject to European legislation. Stripe Payments Europe Limited may transfer personal data to Stripe, Inc., located in the United States. To ensure adequate protection of personal data, Stripe, Inc., has been certified by the EU-U.S. and Swiss-U.S. Privacy Shield Framework. To check how Stripe processes your personal information, please refer to the following link: https://stripe.com/privacy-shield-policy
In accordance to EU Regulation 2016/679 General Data Protection Regulation ("the GDPR") (Article 28, paragraph 3), the Data Controller is required to enter into a written agreement with any organization that processes personal data on its behalf. Therefore, the Data Controller has entered into a data processing agreement with Stripe Inc ("Data Processing Manager") to ensure compliance with the aforementioned provisions of the GDPR in relation to all the processing of personal data by the Manager of data processing.

TRANSFER OF DATA IN THIRD COUNTRIES

The personal data of the interested parties may be transferred to the following country: United States of America. All data recipients established in the United States who will receive personal data have confirmed compliance with the EU-U.S. regulatory framework. Privacy Shield.
The transfer is authorized by the following adequacy decision approved by the European Commission: "Privacy Shield".

CRITERIA FOR DATA STORAGE

The account information will be kept until you decide to delete your account or until the contract expires or the service ends. Personal data will be stored only for the time strictly necessary to provide the service and subsequently deleted. The information and data used for marketing and profiling purposes will be deleted as soon as you ask us to do so by revoking your consent, either through the opt-out links present in commercial communications or in the control panels, or by sending us a communication. We may be obliged to keep certain personal data for a longer period in accordance with a legal obligation (for example for data entered in the accounting records for which the ten-year conservation obligation applies) or for reasons of protection of the rights of the Owner himself , until the end of the ten-year ordinary prescription referred to in Article 2946 of the Italian Civil Code.

RIGHTS OF THE INTERESTED PARTY

As a data subject, you have the right to:

a. be informed about the existence or not of personal data concerning you;

b. access the personal data that is being processed;

c. request the correction in the event that the data we have collected are inaccurate or request the integration of the data if they are incomplete;

d. ask the Data Controller to delete the data in the cases provided for in Article 17 of the 2016/679 Regulation, including in the event of revocation of the consent or if the personal data processed are no longer necessary with respect to the purposes for which they were collected or otherwise processed;

e. obtain the limitation of the processing pursuant to Article 18 of Regulation 2016/679;

f. ask the Data Controller for the portability of your personal data and receive them in a structured, commonly used and legible format or obtain the direct transmission of your personal data to another holder;

g. to oppose the processing of your data at any time;

h. not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that affect you or that significantly affects your person;

i. to make a complaint to the Guarantor for the protection of personal data.

HOW DO YOU ENFORCE YOUR RIGHTS?

You can exercise your rights at any time by sending me an e-mail message to the following address: admin@wishraiser.com. I have a duty to respond to your requests within one month from the day I receive them. This deadline may be extended by two months, if necessary, taking into account the complexity and the number of requests received. In the event of an extension you will be informed of the delay and the reasons.
In the event that I believe I cannot respond to your requests, we will notify you with the reasons for the refusal. In this case you will still have the possibility to lodge a complaint with the Guarantor for the protection of personal data.