Privacy Policy
Privacy policy pursuant to Article 13 of the General Data Protection Regulation (EU) 679/2016 (“GDPR”) and Article 19 of the Swiss Federal Act on Data Protection of 25 September 2020 (Data Protection Act, “FADP”).
- DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is Rosa Riganti Foundation (“Foundation” or “Data Controller“), a non-profit foundation governed by Swiss law, with registered office at BS&MC Tax & Legal SA, Via Giovan Battista Pioda 9, 6900 Lugano, Switzerland, E-mail privacy@rosarigantifoundation.ch.
- CONTENT OF THE POLICY
This privacy policy (“Privacy Policy“) describes how the Data Controller collects, uses and processes your personal data when you access or visit the https://rosarigantifoundation.ch/ website (the “Site“) to request contact and/or information about the activities of the Foundation, or you request to be kept informed on any activities of the Foundation via the newsletter of the Foundation or when you register for a donation. The Data Controller may collect, use and process also personal data of minors, except personal data concerning the donations for which is required to be legal age donors. For purposes of this Privacy Policy, “User” means the user of the Site, whether a visitor to the Site, or a person whose information we have collected pursuant to this Privacy Policy.
- CHANGES
This privacy policy is valid from the date of its publication on the Site (last update: June 24, 2025). We may update the Privacy Policy from time to time, including as a result of changes to our practices, procedures, or for operational, legal or regulatory reasons. We will post the updated privacy policy on the Site, update the “Last Updated” date, and take all measures required by law.
- HOW WE COLLECT AND USE YOUR DATA
The personal data described in the following sections (the “Personal Data” or the “Data“) are provided by Users through the navigation and use of the Site, including while applying for a donation. The processing of Data will take place in compliance with the principles of correctness, lawfulness and transparency, using manual and automated methods and through the aid of paper and electronic tools, in any case within the limits of the processing purposes provided for in this privacy policy and, in any case, in such a way as to guarantee the security and confidentiality of the Data.
- DESCRIPTION AND PURPOSE OF DATA PROCESSING
- Handling enquiries on our contact page
Data categories | Name, surname, e-mail address, data communicated in the appropriate “message” field on the Site or to the Data Controller’s e-mail address. The Data Controller may also collect Data of minors, including those under the age of 14, if they voluntarily submit enquiries. In such cases, the Data Controller requires the consent of the holder of parental responsibility, in accordance with applicable laws. |
Purpose of the processing | To manage requests for contact or information on the Data Controller’s activity made through the appropriate page of the “Contacts” Site or by e-mail to the Data Controller. |
Mandatory nature of the provision of data | Mandatory – If you do not provide such Data, it will not be possible for the Data Controller to process the requests sent. |
Legal basis of the processing | The need to perform a contract or to take pre-contractual measures to which you are a party, as well as the need to comply with legal obligations. |
Data retention period | The Data Controller undertakes to delete the Data from its systems provided in relation to requests submitted through the Site or by e-mail after 1 (one) year from the date of provision. |
- b) Promotional purposes
Data categories | Name, surname, e-mail address. The Data Controller may also collect Data of minors, including those under the age of 14, who wish to stay informed about the Foundation’s activities. In such cases, the provision of Data and the receipt of promotional communications are subject to the consent of the holder of parental responsibility, in accordance with applicable laws. |
Purpose of the processing | For promotional purposes and to keep you informed on any activities of the Foundation. |
Mandatory nature of the provision of data | Optional – If you do not provide such Data, it will not be possible for the Data Controller to inform you on its activities. |
Legal basis of the processing | The legal basis of the processing is the consent that you give to the Data Controller. |
Data retention period | The Data Controller undertakes to delete the Data from its systems provided in relation to requests submitted through the Site or by e-mail after 5 (five) years from the date of your consent. The consent can be revoked any time by sending an email to privacy@rosarigantifoundation.ch or by clicking on the “unsubscribe button” in one of our promotional e-mails.
|
- c) Handling of the donations
Data categories | Name, surname, e-mail address, bank account, billing information. |
Purpose of the processing | To manage your request for donations and related tax obligations. |
Mandatory nature of the provision of data | Mandatory – If you do not provide such Data, it will not be possible for the Data Controller accept your donations. |
Legal basis of the processing | The need to perform a contract or to take pre-contractual measures to which you are a party, as well as the need to comply with legal obligations. |
Data retention period | The Data Controller undertakes to delete the Data from its systems provided in relation to donation through the Site after 10 (ten) years from the date of provision. |
- d) Site navigation and cookies
Data categories | We automatically collect certain information about your interaction with the Site, which may include information about how you access and use our Site, including device information, browser information, network connection information, IP address, and other information related to your interaction with the Site. We may use cookies, pixels and similar technologies for this purpose. For more information about these tools, please review the cookie policy that is displayed when you access the Site. In addition, if you choose to donate through the form on our website, you will be redirected to the RaiseNow platform (https://donate.raisenow.io/rdhfg?lng=en). RaiseNow, as autonomous Data Controller, may collect additional information required to process the donation, including your name, surname, e-mail address, bank details, and your postal address if you request a tax receipt, which may be shared with the Data Controller. |
Purpose of the processing | To collect anonymous statistical data to analyze the use of the Site by Users, to monitor its operation, to improve and optimize it. In particular, we may infer information about your interactions with our Site, the content you view, information about you based on your interaction; information about the type of device you are using, how you access our Site, your browser or operating system, and your Internet Protocol (IP) address. We use cookies to remember your actions and preferences. We may also allow third parties and service providers to use cookies on our Site to better personalize services and advertising on our Site and other websites. |
Mandatory nature of the provision of data | Optional – Failure to provide Data, carried out by disabling cookies/local storage in the browser, does not have any detrimental consequence but could prevent access to some functions of the Site. |
Legal basis of the processing | The legitimate interest of the Data Controller to analyse and ensure the operation of the Site, or, depending on the cookie, the consent that may be given through the banner that will appear when accessing the Site (Article 6, paragraph 1, lt. f and a) GDPR). Consent can be revoked at any time. |
Data retention period | Depending on the purpose of the individual cookies and in any case no later than 2 (two) years from the date of access to the Site. |
The Data Controller does not carry out any automated individual decision-making, including profiling, as defined by Article 21 of the FADP.
- MINORS
When we refer to a ‘minor’ in this Privacy Notice, we mean any person under 18 years of age. The Foundation may collect and process personal data of minors, including those under the age of 14, in connection with enquiries submitted through the contact page or for the purpose of receiving the Foundation’s newsletter. In such cases, the processing of Data is subject to the prior consent of the holder of parental responsibility, in accordance with applicable data protection laws (such as the FADP Act and the GDPR).
If we become aware that personal Data of minors has been provided through the Site for purposes other than those mentioned above, or in the absence of the required parental consent, we will promptly delete such Data.
- PERSONS AUTHORISED TO PROCESS DATA
The Data will be processed by authorized members of the Foundation. If necessary, data may be processed by external providers (acting as processors or controllers) who assist us with website and IT platform management, mailing activities, legal advice, who have been expressly authorized to process the Data according to our instructions and adopting suitable measures to protect the Data in relation to all the purposes set out above. All external parties operate under strict confidentiality agreements and apply appropriate data protection measures.
- POSSIBLE RECIPIENTS OF THE DATA
The following subjects may become aware of the Data in relation to the processing purposes referred to in this information and will be authorized to process the Data, both as independent data controllers and as data processors duly appointed by the Data Controller: RaiseNow AG, Sendinblue SAS, Google LLC, LinkedIn, Elementor Ltd., Defiant Inc., and other companies providing IT infrastructures and IT assistance and consulting services, companies providing Data analysis services, as well as legal, accounting and auditing firms.
- TRANSFER OF PERSONAL DATA ABROAD
All Data processing is carried out in Switzerland or in the European Union. Should it be necessary to transfer, store and process Data outside the European Union or Switzerland, the Data Controller undertakes to ensure that the country to which the Data will be sent guarantees an adequate level of protection or comply with standard data protection contractual clauses approved by the Federal Council or the European Commission for the transfer of personal data outside the EEA and Switzerland.
- RIGHTS AS A DATA SUBJECT
In relation to the processing of the above Data, the User may exercise the following rights at any time, by sending an email to privacy@rosarigantifoundation.ch:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data under certain conditions.
- Right to Restriction: Request limitation on data processing in specific circumstances.
- Right to Data Portability: Request a structured, commonly used, and machine-readable format of your data.
- Right to Object: Object to the processing of your personal data based on legitimate interests. The User also has the right to lodge a complaint with the Supervisory Authority, i.e. the Federal Data Protection and Information Commissioner, edoeb.admin.ch.
- CONTACT INFORMATION
If you have any questions or concerns regarding this Privacy Policy or how we handle your data, please contact us at:
Rosa Riganti Foundation
c/o BS&MC Tax & Legal SA, Via Giovan Battista Pioda 9
6900 Lugano, Switzerland
Email: info@rosarigantifoundation.ch