تخطي للذهاب إلى المحتوى

Privacy Policy

Last updated: May 2026

Welcome to the site ofAPS ioien (ἰοίην) – in memory of Claudia Weiss Tamimi(hereinafter, "the Association", "ioien" or "we"). The protection of your personal data is our top priority. On this page, we explain how, why, and what personal data we collect when you browse our website (www.ioien.org), subscribe to our newsletter, or make a donation, and how we ensure its security in full compliance with the General Data Protection Regulation of the European Union (GDPR n. 679/2016).

1. Data Controller

The data controller of the personal data collected through this site is:

  • Association:APS ioien (ἰοίην), may I go beyond! in memory of Claudia Weiss Tamimi – Social Promotion Association.

  • Registered Office:Via Duccio di Boninsegna n. 3, 20145 Milan (MI), Italy.

  • Tax Code: 97996150153 

  • Contact email for privacy: ioien@pec.ioien.eu

2. Types of Data Collected

Depending on how you interact with our site, we may collect the following categories of data:

  • Data voluntarily provided by the user:

    • Newsletter subscription:Email address.

    • Online donations:First name, last name, email address, residential/billing address, tax code (necessary for issuing a valid receipt for tax deductions).Note: Bank or credit card details are not collected or stored by us, but are managed directly by secure payment circuits.

    • Contact forms or spontaneous emails:Name, email address, and any other personal information you choose to include in the message text.

  • Browsing data (collected automatically):

    • IP addresses, type of browser used, device parameters, name of the internet service provider (ISP), date and time of visit, referring and exit web pages. This data is used exclusively for anonymous statistical purposes and to ensure the proper functioning of the site.

3. Purpose of Processing and Legal Basis

We process your personal data only when there is a valid legal basis provided by the GDPR:

Purpose of processingData usedLegal basis (GDPR)
Management of donationsand related tax/accounting obligations.First name, last name, email, tax code, address.Execution of a contract / Fulfillment of a legal obligation.
Sending the newsletterand communications about the activities and projects of the APS.Email address.Explicit consentof the user (revocable at any time).
Response to requestssent via contact forms.Name, email, message text.Legitimate interest of the Data Controller to respond to users.
Website securityand prevention of fraud or cyber attacks.Browsing data (IP).Legitimate interest of the Data Controller to protect its infrastructure.

4. Processing Methods and Security

Data processing is carried out using IT and/or telematic tools, with organizational logics strictly related to the indicated purposes. We adopt appropriate technical and organizational security measures (such as the HTTPS protocol and encryption) to prevent data loss, unlawful or incorrect use, and unauthorized access.

5. Data Retention Period

We retain your data only for the time strictly necessary to achieve the purposes for which they were collected:

  • Data for the newsletter:Until you decide to unsubscribe (via the link in every email).

  • Data for donations:For the period required by Italian tax and civil law (generally 10 years).

  • Contact data:For the time necessary to fulfill your specific request and for the subsequent 12 months for historical management purposes.

6. Communication and Recipients of the Data

Your personal data will never be sold, rented, or transferred to third parties for commercial purposes. They may only be communicated to:

  • Appointed data processors:Professionals or companies that provide technological services, web hosting, newsletter management (e.g., Mailchimp/Brevo), or tax/business consulting to the Association.

  • Banking institutions and payment platforms:For managing transactions related to donations (e.g., PayPal, Stripe).

  • Competent authorities:Where required by legal obligations.

7. Transfer of Data Outside the EU

Some of the third-party services we use (for example, for website hosting or newsletter management) may involve the transfer of data outside the European Economic Area (EEA), particularly to the United States. In such cases, we ensure that the transfer is carried out in compliance with the standard contractual clauses approved by the European Commission or in accordance with theData Privacy Framework, ensuring an adequate level of protection.

8. Your Rights (Articles 15-22 of the GDPR)

The GDPR grants you full control over your personal data. At any time, you can exercise the following rights by sending an email to [Insert privacy email]:

  1. Right of Access:To know what data we are processing and to receive a copy.

  2. Right to Rectification:To correct inaccurate or incomplete data.

  3. Right to Erasure ("Right to be Forgotten"):To request the deletion of your data (if it does not conflict with tax retention obligations).

  4. Right to Restriction:To request that processing be restricted in certain circumstances.

  5. Right to Data Portability:Receive your data in a structured format and transfer it to another controller.

  6. Right to Object and Withdraw Consent:You can object to the processing or withdraw your consent to the newsletter at any time.

You also have the right to lodge a complaint with the Data Protection Authority (Piazza Venezia n. 11, 00187 Rome - www.garanteprivacy.it) if you believe that the processing violates current regulations.

9. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect legislative changes or technical developments of the website. Any changes will be published on this page with the updated date at the top.