Privacy Policy of the website santamaddalena.org

This Application collects some Personal Data of its Users, either independently or through third parties.

Data Controller

Santa Maddalena Foundation, Località Pitiana in Tiglieto, 27 – 50066 Reggello (FI) – Italy. Email: info@santamaddalena.org

Types of Data Collected

Among the Personal Data collected by this Application, either independently or through third parties, are:

  • Name
  • Email
  • Usage data
  • Tracking tools
  • Session statistics

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific information notices displayed before data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Application.

Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, this Application may be unable to offer its Service. In cases where this Application indicates that certain Data is optional, Users are free to refrain from providing such Data without any consequences on the availability or operation of the Service. Users who have doubts about which Data is mandatory are encouraged to contact the Data Controller.

The possible use of Cookies or other tracking tools by this Application or by third-party service providers used by this Application is intended to provide the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy.

The User assumes responsibility for any third-party Personal Data obtained, published, or shared through this Application.

Methods and Location of Data Processing

Processing Methods
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, following organizational methods and logic strictly related to the indicated purposes. In some cases, besides the Data Controller, other parties involved in the operation of this Application (such as administrative, commercial, marketing, legal staff, and system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data. These parties may also be appointed as Data Processors by the Data Controller if necessary. The updated list of Data Processors can always be requested from the Data Controller.

Location
Data is processed at the operational headquarters of the Data Controller and in any other place where the parties involved in processing are located. For further information, Users can contact the Data Controller.
The User’s Personal Data may be transferred to a country different from the one in which the User is located. For more information on the location of data processing, the User can refer to the section regarding the details of Personal Data processing.

Data Retention Period
Unless otherwise specified in this document, Personal Data is processed and stored for the time required for the purpose for which it was collected. It may be retained for a longer period due to legal obligations or based on the User’s consent.

Purposes of Data Processing

User Data is collected to allow the Data Controller to provide the Service, fulfill legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), detect fraudulent or malicious activities, and for the following purposes:

  • Contacting the User
  • Statistics
  • Displaying content from external platforms
  • Interaction with social networks or external platforms
Details on the Processing of Personal Data

Contacting the User
Requests for information voluntarily sent by the User via email or contact form.

  • Contact Form
    By filling in the contact form with their Data, the User consents to its use for responding to information requests.
    Personal Data processed: Usage data, name, email.
    Category of personal information collected under the CCPA: Identifiers, information related to internet or other network activities.
  • Mailing List or Newsletter
    By subscribing to the mailing list or newsletter, the User’s email address is automatically added to a contact list to which email messages containing information related to this Website may be sent.
    Personal Data processed: Email, Usage data, Tracking tools.
    Service provided by: MailChimp by Intuit Inc. (United States) – Privacy Policy
    Category of personal information collected under the CCPA: Identifiers, information related to internet or other network activities.

Statistics
The services in this section allow the Data Controller to monitor and analyze traffic data and track User behavior.

  • Google Analytics
    Google Analytics is a statistics service provided by Google LLC (“Google”). Google uses the collected Personal Data to track and analyze the use of this Application, compile reports, and share them with other Google services. Google may use the collected Personal Data to contextualize and personalize ads in its advertising network. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is recorded in any data center or server. To learn more, you can consult Google’s official documentation. For more information on how Google processes Data, refer to their Partner Policy and Commercial Data page.
    Personal Data processed: Usage data, session statistics, tracking tools.
    Service provided by: Google LLC (United States) – Privacy Policy – Opt Out
    Category of personal information collected under the CCPA: Information related to internet or other network activities.

Displaying Content from External Platforms
This type of service allows the display of content hosted on external platforms directly from the pages of this Application and interaction with them. These services are often referred to as widgets—small elements embedded in a website or application that provide specific information or perform a particular function, often enabling user interaction. This type of service may still collect web traffic data related to the pages where it is installed, even if Users do not actively use it.

  • YouTube Video Widget
    YouTube is a video content display service managed by Google LLC that allows this Application to integrate such content within its pages.Personal Data processed: Usage data, tracking tools.
    Service provided by: Google LLC (United States) – Privacy Policy
    Category of personal information collected under the CCPA: Information related to internet or other network activities.

Interaction with Social Networks or External Platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Website. The interactions and information acquired by this Website are subject to the User’s privacy settings for each social network. This type of service may still collect traffic data for the pages where it is installed, even when Users do not actively use it. It is recommended to log out from these services to ensure that the data processed on this Website is not linked to the User’s profile.

  • PayPal Button and Widget
    The PayPal button and widget are services for interacting with the PayPal platform, provided by PayPal Inc.
    Personal Data processed: Tracking tools, various types of Data as specified in the service’s privacy policy.
    Service provided by: PayPal – Privacy Policy
    Category of personal information collected under the CCPA: Identifiers, information related to internet or other network activities.
Cookie Policy

This Application uses Tracking Tools. To learn more, Users can consult the Cookie Policy.

Additional Information for Users in the European Union

Legal Basis for Processing
The Data Controller processes Personal Data relating to the User if one of the following conditions applies:

  • The User has given consent for one or more specific purposes.
  • Processing is necessary for the performance of a contract with the User and/or for pre-contractual measures.
  • Processing is necessary to comply with a legal obligation to which the Data Controller is subject.
  • Processing is necessary for the performance of a task in the public interest or for the exercise of official authority vested in the Data Controller.
  • Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party.

Users may always request clarification from the Data Controller regarding the specific legal basis of each processing activity, particularly whether the processing is required by law, contract, or necessary to conclude a contract.

Additional Information on Data Retention
Unless otherwise specified in this document, Personal Data is processed and retained for the time required to achieve the purposes for which it was collected. It may also be retained for a longer period due to legal obligations or based on User consent.

  • Personal Data collected for contract-related purposes will be retained until the contract is fully executed.
  • Personal Data collected for legitimate interest purposes will be retained until that interest is fulfilled. Users can obtain further details by contacting the Data Controller.
  • When processing is based on User consent, Personal Data may be retained until consent is withdrawn. Additionally, the Data Controller may be required to retain Personal Data longer to comply with legal obligations or official orders.

Once the retention period expires, Personal Data will be deleted. Therefore, the right of access, deletion, rectification, and data portability cannot be exercised after the retention period has ended.

User Rights Under the General Data Protection Regulation (GDPR)
Users may exercise certain rights concerning the Data processed by the Data Controller.

Specifically, within the limits established by law, Users have the right to:

  • Withdraw consent at any time – Users can withdraw previously given consent for processing their Personal Data.
  • Object to processing – Users can object to the processing of their Data when it is based on a legal basis other than consent.
  • Access their Data – Users have the right to obtain information about the Data processed by the Data Controller, including specific aspects of the processing, and receive a copy of the Data.
  • Verify and request rectification – Users can verify the accuracy of their Data and request updates or corrections.
  • Request restriction of processing – Users can request that their Data only be stored and not processed for any other purposes.
  • Request erasure of their Personal Data – Users can request the deletion of their Data by the Data Controller.
  • Receive their Data and have it transferred to another controller – Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, have it transferred to another controller.
  • File a complaint – Users can file a complaint with the relevant data protection authority or take legal action.

Users also have the right to obtain information regarding the legal basis for transferring Data abroad, including to any international organizations governed by international law (such as the UN), and the security measures adopted by the Data Controller to protect their Data.

Details on the Right to Object
When Personal Data is processed in the public interest, for official authority, or for the legitimate interest of the Data Controller, Users have the right to object for reasons related to their particular situation.

Users are also reminded that if their Data is processed for direct marketing purposes, they may object at any time, free of charge and without justification. If a User objects to processing for direct marketing purposes, their Personal Data will no longer be used for such purposes.

To find out whether the Data Controller processes Data for direct marketing, Users can refer to the relevant sections of this document.

How to Exercise These Rights
Any requests to exercise User rights can be addressed to the Data Controller using the contact details provided in this document. Requests are free of charge, and the Data Controller will respond as soon as possible, in any case within one month, providing the User with all legally required information.

Any rectifications, deletions, or processing restrictions will be communicated by the Data Controller to each recipient, if any, to whom the Personal Data was transmitted, unless this proves impossible or requires a disproportionate effort. The Data Controller will inform the User of such recipients upon request.

Additional Information for Users in Switzerland
This section applies to Users in Switzerland and, for these Users, supersedes any conflicting information in the privacy policy.

Further details on the categories of Data processed, processing purposes, categories of recipients (if applicable), retention period, and other information about Personal Data can be found in the section titled “Detailed Information on the Processing of Personal Data” in this document.

Additional Information for Users in Switzerland

This section applies to Users in Switzerland and, for these Users, supersedes any conflicting information in the privacy policy.

Further details on the categories of Data processed, processing purposes, categories of recipients (if applicable), retention period, and other information about Personal Data can be found in the section titled “Detailed Information on the Processing of Personal Data” in this document.

User Rights Under the Swiss Federal Data Protection Act (FADP)
Users may exercise certain rights regarding their Data within the limits established by law, including:

  • Right to access Personal Data.
  • Right to object to processing (which also allows Users to request processing restrictions, Data deletion or destruction, and a ban on sharing their Data with third parties).
  • Right to data portability – Users can request their Data and transfer it to another controller.
  • Right to request correction of inaccurate Personal Data.

How to Exercise These Rights
Any requests to exercise User rights can be addressed to the Data Controller using the contact details provided in this document. Requests are free of charge, and the Data Controller will respond as soon as possible, providing Users with all legally required information.

Further information for Users in the United States

This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running this Application and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).
The information contained in this section applies to all Users (Users are referred to below, simply as “you”, “your”, “yours”), who are residents in the following states: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska and Montana.
For such Users, this information supersedes any other possibly divergent or conflicting provisions contained in the privacy policy.
This part of the document uses the term Personal Information.

Notice at collection
The following Notice at collection provides you with timely notice about the categories of Personal Information collected or disclosed in the past 12 months so that you can exercise meaningful control over our use of that Information.

While such categorization of Personal Information is mainly based on California privacy laws, it can also be helpful for anyone who is not a California resident to get a general idea of what types of Personal Information are collected.

You can read the definitions of these concepts inside the “Definitions and legal references section” of the privacy policy.

To know more about your rights you can refer to the “Your privacy rights under US state laws” section of our privacy policy.

For more details on the collection of Personal Information, please read the section “Detailed information on the processing of Personal Data” of our privacy policy.

We won’t process your Information for unexpected purposes, or for purposes that are not reasonably necessary to and compatible with the purposes originally disclosed, without your consent.

What are the sources of the Personal Information we collect?
We collect the above-mentioned categories of Personal Information, either directly or indirectly, from you when you use this Application.

For example, you directly provide your Personal Information when you submit requests via any forms on this Application. You also provide Personal Information indirectly when you navigate this Application, as Personal Information about you is automatically observed and collected.

Finally, we may collect your Personal Information from third parties that work with us in connection with the Service or with the functioning of this Application and features thereof.

Your privacy rights under US state laws
You may exercise certain rights regarding your Personal Information. In particular, to the extent permitted by applicable law, you have:

  • the right to access Personal Information: the right to know. You have the right to request that we confirm whether or not we are processing your Personal Information. You also have the right to access such Personal Information;
  • the right to correct inaccurate Personal Information. You have the right to request that we correct any inaccurate Personal Information we maintain about you;
  • the right to request the deletion of your Personal Information. You have the right to request that we delete any of your Personal Information;
  • the right to obtain a copy of your Personal Information. We will provide your Personal Information in a portable and usable format that allows you to transfer data easily to another entity – provided that this is technically feasible;
  • the right to opt out from the Sale of your Personal Information; we will not discriminate against you for exercising your privacy rights;
  • the right to non-discrimination.

Additional rights for Users residing in California
In addition to the rights listed above common to all Users in the United States, as a User residing in California, you have:

  • The right to opt out of the Sharing of your Personal Information for cross-context behavioral advertising;
  • The right to request to limit our use or disclosure of your Sensitive Personal Information to only that which is necessary to perform the services or provide the goods, as is reasonably expected by an average consumer. Please note that certain exceptions outlined in the law may apply, such as, when the collection and processing of Sensitive Personal Information is necessary to verify or maintain the quality or safety of our service.

Additional rights for Users residing in Virginia, Colorado, Connecticut, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska and Montana
In addition to the rights listed above common to all Users in the United States, as a User residing in Virginia, Colorado, Connecticut, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska and Montana you have:

  • The right to opt out of the processing of your personal information for Targeted Advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
  • The right to freely give, deny or withdraw your consent for the processing of your Sensitive Personal Information. Please note that certain exceptions outlined in the law may apply, such as, but not limited to, when the collection and processing of Sensitive Personal Information is necessary for the provision of a product or service specifically requested by the consumer.

Additional rights for users residing in Utah and Iowa
In addition to the rights listed above common to all Users in the United States, as a User residing in Utah and Iowa, you have:

  • The right to opt out of the processing of your Personal Information for Targeted Advertising;
  • The right to opt out of the processing of your Sensitive Personal Information. Please note that certain exceptions outlined in the law may apply, such as, but not limited to, when the collection and processing of Sensitive Personal Information is necessary for the provision of a product or service specifically requested by the consumer.

How to exercise your privacy rights under US state laws
To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this document.

For us to respond to your request, we must know who you are. We will not respond to any request if we are unable to verify your identity and therefore confirm the Personal Information in our possession relates to you. You are not required to create an account with us to submit your request. We will use any Personal Information collected from you in connection with the verification of your request solely for verification and shall not further disclose the Personal Information, retain it longer than necessary for purposes of verification, or use it for unrelated purposes.

If you are an adult, you can make a request on behalf of a child under your parental authority.

How to exercise your rights to opt out
In addition to what is stated above, to exercise your right to opt-out of Sale or Sharing and Targeted Advertising you can also use the privacy choices link provided on this Application.

If you want to submit requests to opt out of Sale or Sharing and Targeted Advertising activities via a user-enabled global privacy control, such as for example the Global Privacy Control (“GPC”), you are free to do so and we will abide by such request in a frictionless manner.

How and when we are expected to handle your request
We will respond to your request without undue delay, but in all cases within the timeframe required by applicable law. Should we need more time, we will explain to you the reasons why, and how much more time we need.

Should we deny your request, we will explain to you the reasons behind our denial (where envisaged by applicable law you may then contact the relevant authority to submit a complaint).

We do not charge a fee to process or respond to your request unless such request is manifestly unfounded or excessive and in all other cases where it is permitted by the applicable law. In such cases, we may charge a reasonable fee or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind them.

Additional Information on Processing

Legal Defense
The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages leading to possible legal action for the defense against improper use of this Application or its related Services by the User.

The User acknowledges that the Data Controller may be required to disclose the Data upon request of public authorities.

Specific Notices
Upon User request, in addition to the information provided in this privacy policy, this Application may supply additional and contextual notices regarding specific Services or the collection and processing of Personal Data.

System Logs and Maintenance
For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs—files that record interactions—which may also include the User’s Personal Data, such as their IP address.

Information Not Contained in This Policy
Further details regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

Changes to This Privacy Policy
The Data Controller reserves the right to modify this privacy policy at any time, notifying Users on this page and, if possible, within this Application. Where technically and legally feasible, Users may also be notified via one of the contact methods available to the Data Controller.

Users are encouraged to check this page frequently, referring to the date of the last modification indicated at the bottom.

Definitions and Legal References

Personal Data (or Data) / Personal Information (or Information)
Personal Data refers to any information that, directly or indirectly, including in connection with any other information (such as a personal identification number), makes a natural person identified or identifiable.

Sensitive Personal Information
Sensitive Personal Information refers to all Personal Information that is not publicly available and that reveals details considered sensitive under applicable privacy regulations.

Usage Data
Usage Data refers to information collected automatically through this Application (including third-party applications integrated into this Application), such as: IP addresses or domain names of the computers used by the User connecting to this Application, Addresses in URI (Uniform Resource Identifier) notation, Time of the request, Method used to submit the request to the server, Size of the file received in response, Numeric code indicating the server response status (successful, error, etc.). Country of origin, Browser and operating system characteristics used by the visitor, Various time details of the visit (e.g., time spent on each page), Details about the navigation path followed within the Application, with particular reference to the sequence of pages viewed, Parameters related to the User’s operating system and computing environment.

User
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

Data Subject
The natural person to whom the Personal Data refers.

Data Processor (or Processor)
The natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller, as described in this privacy policy.

Data Controller (or Controller)
The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing Personal Data, including the security measures concerning the operation and use of this Application. Unless otherwise specified, the Data Controller is the owner of this Application.

This Application
The hardware or software tool through which the Users’ Personal Data is collected and processed.

Service
The Service provided by this Application as defined in its terms (if available) on this site/application.

Sale
“Sale” refers to any exchange of Personal Information by the Owner to a third party in exchange for money or other valuable consideration, as defined by applicable U.S. state privacy laws. Please note that sharing Personal Information with a service provider under a written contract that meets the requirements set forth by applicable law does not constitute a Sale of your Personal Information.

Sharing
“Sharing” refers to any sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s Personal Information by the company to a third party for cross-context behavioral advertising, whether for monetary or other valuable consideration. This includes transactions between a company and a third party involving cross-context behavioral advertising in favor of a company where no money is exchanged, as defined by California privacy laws. Please note that sharing Personal Information with a service provider under a written contract that meets the requirements set forth by California privacy laws does not constitute Sharing of the User’s Personal Information.

Targeted Advertising
“Targeted Advertising” refers to the display of advertisements to a consumer where the advertisement is selected based on Personal Information obtained from that consumer’s activities over time and across non-affiliated websites or online applications to predict the consumer’s preferences or interests, as defined by applicable U.S. state privacy law.

European Union (EU)
Unless otherwise specified, any reference to the European Union in this document extends to all current member states of the European Union and the European Economic Area (EEA).

Cookies
Cookies are Tracking Tools consisting of small data fragments stored within the User’s browser.

Tracking Tool
Tracking Tool refers to any technology—such as Cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting—that enables tracking of Users, for example, by collecting or storing information on the User’s device.

Legal References
This privacy policy has been drafted based on multiple legal frameworks.

Unless otherwise specified, this privacy policy exclusively concerns this Application.

Last updated: March 15, 2025

Start typing and press Enter to search