Information for the processing of personal data

the association Save The Planet Onlus., with registered office 50129 Firenze (Fi), Italy, Viale Spartaco Lavagnini n. 20, C.F. 94281460488 (hereinafter the "Owner"), as owner of the processing of personal data, informs you pursuant to art. 13 EU Regulation n. 2016/679 (hereinafter "GDPR") that your data will be processed in the manner and for the purposes indicated below:

1. Object of data processing

The Owner will process personal, identifying data (for example, name, surname, address, telephone, e-mail, navigation data, IP addresses, domain names of computers used by users who connect to the site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), bank and payment references - hereinafter referred to as "Personal Data" or also "Data") communicated by you when you join and/or access the Website, when you submit a request electronically and also in the context of and in execution of the Transaction (payment of membership fees) with the Owner, for the purposes indicated in article 2 below and in compliance with current regulations.

2. Purposes of the processing

Your personal data are processed:
  • without your express consent (art. 6 letter b), e) of the GDPR), in the case of users who submit requests or intend to join the association through the site or through paper forms, as well as to receive further specific content are used for the sole purpose of responding to questions and requests for association, and are communicated to third parties only if this is necessary for this purpose.
    The legal basis for these treatments is the need to respond to the requests of the interested parties or to carry out activities provided for in the statute (in the case of a request for association).
  • Only after your specific and separate consent (art. 7 GDPR), for the following Marketing Purposes:
    – to send you by e-mail, mail and/or sms and/or telephone contacts, newsletters, communications, advertising material on the activities of the association by the Owner and survey the degree of satisfaction;
    Legal basis for this treatment is the freely expressed consent of the interested party.

3. Type of data processed

    This type of data includes the data communicated during the adhesion phase - both through the paper form and through the website - as well as the data communicated by sending e-mails to the addresses of the association present on the website.
    The communication of data through the paper form/website and the optional, explicit and voluntary sending of e-mails to the addresses indicated on the site involves the subsequent acquisition of the sender's data (such as name, surname, residence address, e-mail address of the sender, telephone number, date of birth), necessary to respond to requests, as well as any other personal data included in the message.
    The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
    A cookie is a text element that is inserted into the hard disk of a computer only after authorization. Cookies have the function to streamline the analysis of web traffic or to indicate when a specific site is visited and allow web applications to send information to individual users. No personal user data is acquired by the site. Cookies are not used to transmit information of a personal nature, nor are so-called persistent cookies of any kind used, i.e. systems for tracing users. The use of so-called session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. The so-called session cookies used on the site avoid the use of other computer techniques potentially prejudicial to the confidentiality of user navigation and do not allow the acquisition of personal identification data of the user.

4. Methods of treatment

The processing of your personal data will be carried out through the operations indicated in art. 4 n. 2) GDPR and precisely for the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your Personal Data will be subject to both paper and electronic and/or automated processing. The Owner will process Personal Data for the time strictly necessary to fulfill the above purposes and in any case for no longer than 10 years from the termination of the membership of the association/user of the site.

5. Access to data

Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B) to:
  • employees and/or collaborators of the Data Controller or of companies controlled by the Data Controller or connected to it, in Italy and abroad, in their capacity as internal data processors and/or system administrators;
  • third party companies and/or other subjects (by way of indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

6. Communication of data

Without the need for express consent (art. 6 letter b) and c) of GDPR), the Data Controller may communicate your Data for the purposes set forth in art. 2.A) to judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects - such as, for example, data processors external to the data processing - to whom communication is required by law or is necessary for the fulfillment of such purposes. These subjects will process the data in their capacity as autonomous data controllers. In any case, your data will not be disclosed to other subjects.

7. Data transfer

Personal Data is stored on servers located in Vinci (FI), within the European Union.
In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller assures from now on that the transfer of the Extra-EU Data will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

8. Nature of data transfer and consequences of refusal to respond

The conferment of the Data for the purposes set forth in art. 2.A) is mandatory. In their absence, we cannot guarantee an adequate response to your request.
The conferment of Data for the purposes referred to in art. 2.B) is instead optional. You may therefore decide not to provide any data or subsequently deny the possibility of processing data already provided: in this case, you may not receive newsletters, communications and material relating to the activities carried out by the Owner. In any case, you will continue to be entitled to the activities referred to in art. 2.A).

9. Rights of the interested party

As a data subject, you have the rights set out in Articles 15-21 of the GDPR (right of access, right to rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority. In particular, the right to:
  • obtain confirmation of the existence or not of Personal Data concerning you, even if not yet recorded, and their communication in an intelligible form;
  • obtain the indication:
    • the origin of the Personal Data;
    • the purposes and methods of processing;
    • the logic applied in case of processing carried out with the aid of electronic instruments;
    • the identification details of the data controller, data processors and the representative designated pursuant to art. 3, paragraph 1, of the GDPR;
    • the subjects or categories of subjects to whom the Personal Data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or agents.
  • obtain:
    • updating, rectification or, when interested therein, integration of the Data;
    • the cancellation, transformation into anonymous form or blocking of Data processed in violation of the law, including those that do not need to be kept for the purposes for which the Data was collected or subsequently processed;
    • certification that the operations referred to in letters a) and b) have been notified, also as regards their content, to those to whom the Data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate to the protected right;
  • oppose, in whole or in part:
    • for legitimate reasons to the processing of Personal Data concerning you, even if pertinent to the purpose of collection;
    • to the processing of Personal Data concerning you for the purpose of sending advertising material on the activities and projects of the association, by e-mail and/or paper mail.

10. Methods of exercising rights

You may exercise your rights at any time by sending:
  • a registered letter with return receipt Save The Planet Onlus - registered office Viale Spartaco Lavagnini n. 20, 50129 Firenze (Fi), Italy;
  • an e-mail to;

11. Owner, manager and persons in charge

The Data Controller is Save The Planet Onlus, with registered office 50129 Firenze (Fi), Italy, Viale Spartaco Lavagnini n. 20, C.F. 94281460488.
The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller

12. Information update

This version of the Privacy Policy was updated on 12 August 2019.