Privacy Policy

This document describes the website management procedures (“Site“), with reference to processing users’ personal data (“User/Users“).
This information is provided pursuant to Articles 13 et seq.of Regulation (EU) 679/2016 (“GDPR“), to all those who visit the Site and/or communicate with Good Shepherd International Foundation Onlus.
The information is provided only for the Site and not for other websites that may be consulted by the User through links on the Site.

1.  Data Controller

The data controller is Good Shepherd International Foundation Onlus, with registered office in Rome, at Via Raffaello Sardiello, 20, Tax Code 97512090586, e-mail address (the “Foundation” or the “Data Controller“).

2. Type of data processed

2.1 Browsing data

The computer systems and software procedures provided for Site functioning acquire, during their normal operation, some personal data, transmission of which is implicit in the use of internet communication protocols.

This information is not collected to be associated with identified individuals, but by its very nature could allow users to be identified.

This category of data includes (i) the IP addresses or domain names of computers used by users who connect to the Site, (ii) the URI (Uniform Resource Identifier) notation addresses of the resources requested, (iii) the request time, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response givenby the server (successful, error) and (vii) other parameters relating to the operating system and computer environment of the user.

This data is used only to gather anonymous statistical information about use of the Site and to check the correct functioning of the site. Such data is deleted immediately after processing.

2.2 Cookies

For the processing of data by cookies, please read the relevant policy, available at the following link .

2.3 Data voluntarily provided by the User:

a) The optional, explicit and voluntary sending of e-mail messages to the addresses indicated on this Site involves the acquisition and processing by the Data Controller of the e-mail address provided by the User, as well as any other personal data that may be present in the communication sent;

b) the completion of the form available in the “Contact us” section involves the acquisition and processing by the Data Controller of the following data: name, e-mail address, as well as any other information contained in the communication sent;

c) the sending of a donation through the “Donate now” section involves the acquisition and processing by the Data Controller of the following data: name, surname, credit card details, country of origin and, possibly, e-mail address and telephone number.

3. Purposes and legal basis of processing

The processing of the User’s personal details by the Data Controller is aimed at the data pursuant to

a) Section 2.1 of this privacy policy, to pursue, in accordance with Art. 6.1(f) of the GDPR, a legitimate interest, consisting of ensuring Site security and the information exchanged on the Site, i.e. the ability of the Site to resist, at a given level of security, unforeseen events or unlawful or malicious acts that may compromise the availability, authenticity, integrity and confidentiality of personal data stored or sent and the security of the related services offered or made accessible;

b) Section 2.3(a) & (b), to process requests for information sent to the Data Controller, pursuant to Art. 6.1(b) of the GDPR;

c) Section 2.3(c), to allow the User to make a donation, pursuant to Art. 6.1(b) of the GDPR, as well as, subject to the donor’s consent, to send communications, via automated systems (e-mail, SMS, MMS) and/or postal mail and telephone calls, regarding the initiatives and activities organised by the Foundation to pursue its institutional purpose, pursuant to Art. 6.1(a) of the GDPR. Such communications may be done in a profiled manner, taking into account the areas of interest expressed by you to the Foundation through your donation(s).

4. Consequences of any refusal to respond

The provision of data for the purpose of processing requests for information made by the data subject or to allow the User to make a donation, is compulsory, as failure to do so will make it impossible for the Data Controller, in whole or in part, to perform the User’s request.

The provision of donor data for sending newsletters, however, is optional and subject to the donor’s explicit consent, which may be withdrawn at any time without prejudice to the lawfulness of the processing conducted before such withdrawal.


5. Processing methods and categories of person to whom data may be communicated

Data processing will be conducted by means of computer and telematic instruments, with logic strictly related to the above purposes and, in any case, by persons authorised to perform these tasks, duly informed of the constraints imposed by the GDPR, equipped with security measures to ensure the confidentiality of personal data and to avoid undue access to third parties or unauthorised personnel.

In particular, the data may be communicated, to the extent strictly necessary for the purposes pursued, to employees, collaborators, professionals and companies in charge of specific processing, to accounting firms and consultants responsible for keeping accounts, banks, associated companies, third-party suppliers, such as, for example, the company that manages the payment service for donations. Such suppliers, where they operate in countries outside of the EU, offer their services on the basis of standard contractual clauses or on the basis of European Commission adequacy decisions. Such subjects shall come into possession only of the personal data required for them to perform their functions and may only use them for the purpose of performing such services for the Data Controller or to fulfil legal requirements. The data may also be communicated to police bodies, judicial authorities and to persons who may access data under the provisions of law or secondary or Community legislation.

The Data Controller undertakes to process the data in compliance with the provisions of the GDPR, as well as the national legislation in force on privacy, as well as to process the data lawfully and correctly, collecting and recording data for specific, explicit and legitimate purposes, taking care to check that such data is relevant, complete and not excessive with respect to the purposes for which it was collected or subsequently processed.

6. Data subject’s rights

The User is guaranteed the rights set forth in Articles 15 et seq.of the GDPR, consisting essentially of the right to receive information from the Data Controller regarding the existence or otherwise of processing of their personal data, as well as to access their data, to have it rectified, added to, updated, erased or to object to processing thereof. In addition, each data subject shall also have the right to obtain a copy of their data, to restrict processing and/or, again, to object to processing thereof, as well as the right to data portability and to lodge a complaint to the competent supervisory authorities under the conditions and within the limits indicated in Art. 13 of the GDPR.

In order to exercise these rights, Users may send a written request to the Data Controller at the address, indicating RE: “Privacy – exercising privacy rights”.

7. Duration of processing and storage of personal data

Users’ personal data will be processed by the Data Controller only for the period of time required to achieve the purposes of processing pursuant to Article 3, after which period of time, it will be stored only in fulfilment of the legal obligations in force on the matter, for administrative purposes and/or to assert or defend a right, in the event of a dispute or pre-litigation. With reference to data processed for the purpose of sending communications regarding the initiatives and activities organised by the Foundation to pursue its institutional purpose, they will be processed for a period of two years or until consent is withdrawn.


This Privacy Policy was published on June 2020. Any updates will always be published on this page.

Contact Us

Please send us an email and we'll get back to you.