Privacy Notice – Donations
Personal Data Processing Notice
Notice pursuant to Article 13 of the European General Data Protection Regulation No. 679/2016
This page describes how the Embassy of the Sovereign Order of Malta near the Principality of Monaco, with its office located at 5, Impasse de la Fontaine, 98000 – Monaco, Principauté de Monaco, and contactable at the following email address: monacoembassy@orderofmalta.int, as the Data Controller (hereinafter referred to as the “Controller”), collects and processes personal data for donations made through the following link:
Make a WISH – Monaco Embassy – Embassy of the Sovereign Military Order of Malta to the Principality of Monaco (donations).
The personal data of the individuals (hereinafter referred to as “Users”) who interact with the functionalities of this Site will be processed to manage all phases related to the donation and/or participation in specific projects and appeals promoted by the Controller, as well as for the management of all phases related to the purchase of charitable products, including related activities (e.g., donation summary reports, communication about payments).
Our commitment to confidentiality and the protection of Users’ personal data is of utmost importance; thus, the processing of personal data is carried out with the greatest care and in compliance with applicable data protection and security laws (General Data Protection Regulation EU 679/2016, hereinafter “GDPR,” and/or “Regulation and subsequent amendments).
________________________________________
1. Data Protection Officer
The Controller has appointed a Data Protection Officer (“DPO”) to ensure compliance with proper processing activities. The DPO of the Order of Malta can be contacted via email at: dpo@orderofmalta.int .
________________________________________
2. Categories of Data Processed
The following data may be subject to processing:
Common personal data (name, surname, email, phone number, postal address) that Users may voluntarily provide when interacting with the Site’s functionalities.
Financial information required to proceed with the donation.
Common personal data collected through cookies as specified in the Cookie Policy.
Navigation data.
________________________________________
3. Purpose and Legal Basis for Processing
3.1 Donations
Personal data is processed for the administrative and managerial purposes related to donations, including:
Managing all phases related to the donation, including related activities (e.g., communication about payments, donation summary reports);
Compliance with internal administrative procedures and legal obligations.
This processing is based on the performance of a contract to which the User is a party (Article 6(1)(b) of the GDPR) and the fulfillment of legal obligations (Article 6(1)(c) of the GDPR) to which the Controller is subject.
The provision of data is optional; however, refusal to provide personal data for these purposes will make it impossible for us to manage the donation and/or the purchase of charitable products.
In any case, the Controller will not use the data provided for purposes other than those related to the service the User has subscribed to and only within the limits indicated in the information provided pursuant to Article 13 of the GDPR.
4. Processing Methods – Communication and Diffusion
The collection and processing of your personal data by the Controller are carried out in compliance with the principles of lawfulness, fairness, and transparency, ensuring adequate security, including protection through appropriate technical and organizational measures against unauthorized or unlawful processing, accidental loss, destruction, or damage. The collected data will be processed using electronic or automated tools, computer, and telematic systems, with logic strictly related to the purposes for which the personal data was collected, ensuring the security of the same.
________________________________________
5. Data Subject Rights
At any time, you may exercise, in accordance with Articles 15 to 22 of Regulation EU 2016/679, the right to: a) Request confirmation of the existence or non-existence of your personal data; b) Obtain information regarding the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom personal data has been or will be disclosed, and, where possible, the retention period; c) Obtain the correction, deletion, or transformation into anonymous form of data that is unnecessary concerning the purposes for which it was collected; d) Obtain the restriction of processing; e) Obtain data portability, i.e., receive the data from a data controller in a structured, commonly used, and machine-readable format, and transmit it to another data controller without hindrance; f) Object to processing at any time, including for direct marketing purposes; g) Object to automated decision-making, including profiling; h) Request access to personal data and its rectification or deletion, or the restriction of processing, or to object to processing, as well as the right to data portability; i) Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; j) Lodge a complaint with a supervisory authority.
________________________________________
6. Data Retention
Personal data will be retained for the entire duration of the donation management process and for the additional administrative activities related to the management of the same. More information can be requested from the Data Controller.