- In this policy, the Global Network of Rainbow Catholics, also known with the acronym GNRC refers to the Association of Third Sector (Cod. Fiscal 97957850585), legally established in Italy in 2017.
- The term Association will be used interchangeably with GNRC and will refer to the same entity.
- The term Member Group/s refers to any Group that fills in the application form to become a member of GNRC or to renew membership as applicable.
- The term Individual/s refers to any person who participated or participates in activities organised by GNRC, or using services of the GNRC, such as a mailing list or Listserv, and whose personal data is collected for administrative purposes during that activity or for the period of subscription to that service.
II. Coming into effect
III. Data Controllers
- The data of Member Groups and Individuals is managed by the Secretary and the Treasurer within the Board of GNRC.
- This data is handled solely by these officers in accordance to strict confidentiality and is not divulged to third parties.
- The Controllers can be contacted by email on email@example.com.
- Whenever individuals apply to participate in an activity organised by GNRC or apply to join a service administered by GNRC, such as an email list or online forum or group, they will be informed in written form about the identity of the officer/s responsible for collecting and processing that data and will be provided with all the relevant information about the conditions, the term and duration of that information retention.
IV. The Data Protection Officer
- The officer monitoring the process of data handling in GNRC is Christopher Vella who can be contacted on firstname.lastname@example.org.
- This Data Protection Officer has the duty to monitor the data handling by the Data Controllers and may investigate complaints lodged by any Member Group or individual at any given time.
- This Officer has full authority to investigate the data handling procedures of the Association and to see that changes are made for proper data handling.
V. Confidentiality of this data
- GNRC understands that this data belongs to a special data group protected by the General Data Protection Regulations that require even more attention, given the sensitivity of the data and the serious negative repercussions that any data leakage may have on members and their families.
- For this reason, GNRC commits itself to complete confidentiality and undertakes to take all possible precautions to safeguard this data from any privacy breach or from divulging such data beyond the parameters of this policy.
VI. Data required for membership and subscription to GNRC services or activities
- The data the Member Groups give to GNRC, particularly the name of the Member Group, relevant contact information of the Member Group and of the contact persons, and annual budget are required for membership. If an applicant Group for membership is unwilling to provide these details, the Association will not grant membership to the applicant Group.
- GNRC may require some personal data of Individuals subscribing to a service operated by the Association or attending an activity organised by the Association, and this data may include contact and financial details. If an applicant for a service or an activity is unwilling to provide such data, the Association may refuse to complete the subscription or registration for that activity or service.
- If Member Groups or Individuals request the removal of data mandatorily required for Membership, or for subscription to services and/or activities organised by the GNRC, the Association will terminate any such membership or services subscribed to by the Member Group or Individual. The Association will inform the data subjects of any such termination, giving such Member Groups or Individuals the possibility to revise or confirm their original instructions.
VII. The purposes for the retention of data records
- The data pertaining to each Member Group is used exclusively and solely for administrative purposes of membership related to GNRC. The names of the Member Groups may appear on official documents, on the GNRC website and on other media material of GNRC, but no personal details of contact persons of the Member Groups will be placed on official documents, the website and other media material, except with the express written consent of these persons.
- The personal data pertaining to Individuals subscribed to any service operated by GNRC or registered to attend any activity organised by the Association, is used exclusively for administrative purposes related to the subscribed services of the Association or its activities. The names of Individuals, as well as all personal data of such Individuals, will not be published on GNRC’s website, newsletters, emails or reports, in any form, be it electronic or otherwise, unless by the explicit written consent of these Individuals.
- These data records will not be delivered to any third party under any circumstances, except if required by the competent legal Authority under Italian or EU law, in accordance with the General Data Protection Regulations of 2018, with Convention 108 of the Council of Europe, and other relevant EU and Italian legislation.
VIII. Rights of the Data subjects
- Member Groups and individuals may lodge a complaint with GNRC’s Data Protection Officer at any time, if they believe that the Controllers of Data are mismanaging or mishandling this data. Members have a right to a written report by the Data Protection Officer reviewing the action taken by this Officer to address their complaint.
- Members may lodge a complaint with the Data Commissioner or any other competent authority as permitted by the General Data Protection Regulations, should they feel that their complaint with GNRC’s Data Protection Officer has not been addressed appropriately.
IX. Duration of consent
- GNRC will hold the personal data of Contact persons of a Member Group for the duration of that group’s membership with the Association. Other membership data required for auditing and reporting purposes required by law, as well as data related to financial transactions will be kept by the Association for the period required by law.
- The data of Member Groups that have not yet renewed their annual membership but have not clearly indicated their intention to terminate membership, will be retained by the Association for a period of two years from the last renewal date. During this two-year period, these Member Groups will be sent annual reminders to regulate their status. If the Association does not receive any clear instructions from the Member Group in question, the Data Controllers of the Association will, upon expiration of this two-year period, proceed to remove the personal data of contact persons, retaining only the data referred to in Article 9.1.
- GNRC will hold the personal data of Individuals for the duration of the activity and/or subscription to a service provided by the Association, except for data required for auditing and reporting purposes required by law. Personal data related to financial transactions will be kept by the Association for the period required by law. Other identifiable personal data will be removed from the Association’s records beyond the term of the activity and/or subscription.
21 July 2018