1. Receivers of this policy

This policy addresses everyone that uses the e-learning platform of the Volunteering organization Donk Humanitarian Medicine, defined hereafter as “users”.

The platform offers its services only to the subjects that have already turned 18. By accepting the privacy policy, the user declares that they have the minimum required age.

2. Definition of the offered service object of the policy

This notice applies to the donkhm.network website and the related DonkHM mobile application

3. Titolare del trattamento

The controller of the treatment is the Volunteering organization Donk Humanitarian Medicine, head office in Trieste, via Besenghi 16, Email: donkisciotte@pec.csvfvg.it.

4. Compliance of the e-learning platform service with the EU Regulation 2016/679

The controller of the policy, pursuant to and for the purpose of the EU Regulation 2016/679, hereinafter referred to as “GDPR”, and of the Legislative Decree no. 196/2003 as modified by the Legislative Decree no. 101/2018 and its subsequent amendments and additions, hereby informs that the aforementioned regulation requires that the processing of the interested parties’ personal data – “users”of the platform – has to be based on the principles of fairness, lawfulness, transparency and of protection of privacy and of the rights of the users.

Personal data of the users will be processed in compliance with the European and national legislative dispositions, as well as with the obligations of privacy provided therein.

5. Personal data object of the treatment

“Personal data” refers to any information regarding an identified or identifiable natural person (<>); one considers identifiable the natural person that can be identified, directly or indirectly, with particular reference to an identifier like a name, an identification number, location data, an online identifier to one or more distinctive elements of their physical, physiological, genetical, psychological, economical, cultural or social identity.

Following the browsing of the website, the controller will process personal data that could be constituted by an identifier like a name, an identification number, an online identifier to one or more distinctive elements of the interested parties’ physical, economical, cultural or social identity, suitable to make the interested party identified or identifiable.

Other personal data, openly provided by you by filling in the forms of enquiry ( for example to obtain information on the courses or for registration requests to training courses), could be processed. Any sensitive data that falls under Article 9(1) of the Regulation (EU) 2016/679 shall not be processed if there is no prior expressed consent from the interested party.

Data usage

The software systems appointed to the functioning of the e-learning platform service acquire, during the course of their normal operation, certain personal data of which transmission is implied in the use of the Internet communication protocols or is used to improve the quality of the offered service. This is not information that is collected to be associated with the user’s identity, but that by its very nature could, through elaborations and associations, allow to identify the users. This data category includes:

• ● IP address or the domain name of the device used by the users that connect to the service,
• ● URI (Uniform Resource Identifier) addresses of the requested assets,
• ● the time of request to the server,
• ● the method used to make the request to the server,
• ● the file size obtained as an answer,
• ● the numeric code indicating the status of the answer given by the server,
• ● information on the utilized browser,
• ● other parameters related to the operative system and to the user’s computing environment,
• ● preferences on the contents requested to the e-learning platform service.

These data are used for the following purposes:

● process correctly the requests of the user,
● obtain anonymous statistics on the use of the service,
● allow software systems to adapt interfaces to the device in use,
● assessment of responsibility in case of hypothetical cybercrimes against the Volunteering organization Donk Humanitarian Medicine or other users.

Data provided voluntarily by the user

Below is listed, in detail, data that the user can provide voluntarily in order to use the functionalities made available by the service object of this policy:

Collected data for the creation of the user’s account

• name and surname,
• date of birth,
• career,
• city of origin,
• email,
• cell phone number,
• video footage (only for faculty),
• link to the user’s profiles on other Internet profiles (exemple: link to one’s Facebook profile),
• username and password to access the personal area.

Collected data in support requests

• name and surname,
• email,
• other personal data provided voluntarily by the user in the message body which describes the support request.

6. General finalities of the processing of personal data of users

Personal data of users will be processed for the following finalities connected to the service offered by the platform and of which the user asks to take advantage of:

1. registration to the e-learning platform, subscribing to the training courses, participation to the courses and download of the participation certificate;
2. sharing contents present on the website;
3. general request of information;
4. manage the contractual agreement between students and the teachers of the training courses organized by the holder, also by publishing teaching material, pictures, video and voice recordings of teachers on the platform and run by third parties, specially designated managers of the processing of personal data;
5. advanced browsing purposes or personalized content management;
6. purposes relating to the execution of a contract to which the user is a party or the execution of pre-contractual measures taken on request by the user;
7. statistical research/analysis purposes on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the operation of the service, measuring traffic and evaluating usability and interest;
8. to fulfill any legal obligations, including fiscal and accounting obligations when necessary, or administrative and accounting reporting activities in connection with funding obtained by public bodies and institutions (e.g. Region);
9. purposes necessary to establish, exercise or defend a right in court or out of court whenever the courts exercise their judicial functions, and
   the assessment of liability in case of hypothetical cyber crimes against the Volunteering organization Donk Humanitarian Medicine or other users, in case of abuse in the use of the platform.

7. Basis of legitimacy

The legal basis of the processings, as stated in point 6 from 1 to 7, can be found under point b) Article 6(1) of the GDPR, since they are the necessary processings to provide the requested services or to match the requests of the interested party.

The finality stated in point 6 number 8 can be found under point c) Article 6(1) of the GDPR, to fulfill legal obligations.

The finality stated in point 6 number 9 can be found under point f) Article 6(1) of the GDPR.

8. Binding or optional nature of the provision

The provision of personal data is to be considered optional, but the possible failure to provide those data that are indicated as indispensable will result in the impossibility to activate or use the provided services. The platform, in application of the principle of data minimisation, indicates the indispensable data for the activation of the service.

Personal data are archived and retained within the EEA and don’t get transferred neither to its exterior, nor to international Organizations. In particular, the holder’s data, within the terms as displayed in this policy, will be archived and retained at the Aruba S.p.A data center with its registered office in Località Palazzetto, 4 – 52011 Bibbiena AR, VAT number: 01573850516.

In case of utilizing a platform like Zoom, for the use of training services, for the streaming of the lessons and/or the sharing of informational materials, please note that this use of the services could necessarily lead to the exportation of the interested party’s data (identifying data, contact information, data and meta-data related to the days, timetables and the contents of the training sessions) outside of the European Union’s territory. This transfer happens on the basis of an exception stated under point b) Article 49 paragraph 1 of the Regulation, since the transfer occasionally reveals itself necessary for the execution of the training service contracted by the interested party with the controller of the treatment.

10. Communication of the users’ personal data to subjects that operate in the contest related to the e-learning Platform service

The users’ personal data will be communicated exclusively to competent subjects who are suitably nominated for the finalities as stated under section 6 and for the completion of the necessary services to a correct management of the relationship, with guaranteed protection of the interested party’s rights.

In particular, your personal data could be shared with:

• people, companies or professional firms who provide assistance and consultation in accounting, administration, legal matters, tax matters, finance and in debt collection relatively to the provision of the Services, if designated responsible of the treatment, as stated under Article 28 of the GDPR;
• subjects with whom is necessary to interact for the provision of the Services (e.g the hosting providers or the developer that manages the platform); that is subjects delegated to carry out activities of technical maintenance (maintenance of the network equipment and of the electronic communication networks is included), designated as responsible of the treatment, as stated under Article 28 of the GDPR;
• subjects, entities, public or institutions, autonomous controllers of the treatment, to whom is mandatory to communicate one’s personal data in light of statutory provisions or of orders of the authorities, also in occasion of inspections or tests;
• people authorized by the controller to process personal data under Article 29 of the GDPR, necessary to carry out tightly correlated to the provision of the Services, who have committed to confidentiality or that have an adequate legal duty of confidentiality (e.g employees, collaborators, teachers and tutors of the controller themself).

11. Transmission of the users’ personal data to third parties who operate outside of the context related to Donk HM’s E-learning platform service

Below are indicated, in detail, the data that the e-learning platform service provides to third parties:

Data provided to Google Analytics (https://analytics.google.com):

• Usage data,
• Technical and profiling cookies (see point 13)

Data provided to Google Pagespeed insights (https://developers.google.com/speed/pagespeed/insights/):

• Usage data,
• Technical and profiling cookies (see point 13).

Data provided to Facebook (https://facebook.com):

• Name and Surname,
• Usage data,
• Technical and profiling cookies (see point 13):

12. Social Network

This website can use “social plug-ins”, special tools that allow you to incorporate the functionalities of the social network directly inside the website. All the social plug-ins present on the website are labeled by the respective property logo of the social network platform (e.g: Facebook and Instagram).

When one interacts with the plug-in or directly logs in the association’s profile on the social network or one decides to leave a comment, the corresponding information is transmitted from the browser directly to the platform of the utilized social network and memorized. You are kindly advised to consult the privacy policy adopted by the individual social network to gain information on the finalities, the type and the method of collection, elaboration, usage and retention of personal data of the social network, as well as for the ways to exercise your rights.

13. Period of data retention

In compliance with the principles of lawfulness, purpose limitation and data minimisation, in accordance with Article 5 of the GDPR, the maximum period of retention of the personal data collected is defined as follows: data related to the attendance registration upon expiry of two months after the course ended, in order to evaluate if the requirements to issue the participation certificate were met; the account registration and the participation certificates will be preserved for 10 years. In any case, the controller will process personal data for the necessary time to fulfill legal and contractual obligations and, notwithstanding what highlighted above, the retention period could be longer for defensive purposes against abuse in or out-of-court.

14. Rights of the user, in accordance with the EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22

The user has the right to obtain proof whether personal data that concern them exists or not, even if they still aren’t registered, and their communication in an intelligible form.

The user has the right to obtain the indication of:

• the origin of personal data;
• the purposes and means of processing;
• the logic applied in case of processing conducted with the help of electronic tools;
• the identification details of the controller, those responsible and the appointed representative as stated under Article 5, paragraph 2;
• the subjects or categories of subjects to whom personal data can be communicated or that can be found out by them in the quality of appointed representatives in the State territory, or of responsible or in charge.

The interested party has the right to obtain:

• the upgrade, rectification or, if interest is present, data integration;
• the removal of personal data (when one of the conditions indicated under Article 17.1 of the GDPR occurs and in compliance with the exceptions written down under paragraph 3 of the same Article), the transformation to an anonymous form or blocking of data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
• request and obtain – in the hypothesis that the legal basis of the treatment is the contract or the consensus, and that the same is carried out by automated means – personal data in a structured format that is readable from an automatic device, also with the aim to communicate such data to another controller of the treatment (the so-called Right to personal data portability);
• opposing to the processing of personal data any time upon the occurrence of particular situations that concern them;
• revoke consent at any time, limited to the hypothesis where the treatment is based on consensus for one or more specific finalities and concerns common particular data or particular categories of data. The treatment based on consensus and carried out prior to the revocation of the same conserves, in any case, legitimacy.

Users will be able to modify at every moment the provided personal data through the specific interface management softwares of their account, accessible at the link https://donkhm.network/account, or, they will be able to exercise this and all other rights present in this point by contacting directly the controller of the treatment, via email, by using the same address given for the sign-up of the account.

If the interested party considers that there is a violation in the processing of their personal data, they can file a complaint to the Supervisory authority of the place where they usually reside, work or where the alleged violation has occurred. In Italy, they can file a complaint at the Data Protection Authorities.

15. Extended informative on Cookie Policy

The softwares of the e-learning platform service install technical and profiling cookies on the user’s device in order to make the surfing experience more pleasant and efficient.

What are cookies?

Cookies are small text files sent by the website to the interested party’s terminal (usually to the browser), where they get memorized to be then sent back to the website the next time the same user browses it. A cookie cannot retrieve no other data from the permanent storage of the user’s device, nor transmit computer viruses or acquire email addresses. Every cookie is unique to the web browser of the user. Certain functions of cookies can be delegated to other technologies.

In this informative, the term “cookie” is used to refer to cookies, strictly speaking, as well as to all of the similar technologies.

For further information on cookies we advise the user to check the following link:
https://it.wikipedia.org/wiki/Cookie

Cookies installed by the E-learning platform service, through the website donkhm.network

Technical Cookies

Technical cookies are used for the sole purpose of performing the transmission of a communication on an electronic communication network. They are not being used for other purposes and are normally installed directly by the owner or the operator of the website. They can be divided into:

• Navigation or session cookies, which guarantee a normal browsing and fruition of the website (permitting, for example, to make a purchase or to identify themselves to access to reserved areas); they are necessary for the proper functioning of the website;
• Analytics cookies, assimilated to technical cookies when they are being used directly by the operator of the website to gather information, in a summary form, on the number of users and on how they browse the website, in order to improve the performance of the website;
• Functionality cookies, which allow the user to browse the website on a series of selected criteria (for example, language, the products selected for the purchase) in order to improve the service provided. For the installation of these cookies it is not required previous consent from the users (further information in the paragraph “Cookies management”).

Not authorizing technical cookies could lead to the impossibility of using the platform, view its contents and take advantage of its services. Inhibiting functionality cookies could entail that certain services or determined functions will not be available or will not function properly. Furthermore, the user may be forced to modify or to manually enter certain information or preferences.

Profiling cookies

Profiling cookies are installed in order to create user-related profiles and are used to send advertisements in line with the shown preferences by the user in the context of web browsing.

To use profiling cookies the user’s consent is required.

Currently, profiling cookies are not present on the platform.

In case of third parties cookies, the website does not have direct control over the single cookies and cannot control them (it cannot neither install them directly nor delete them). You can manage these cookies anyway through the settings of the browser.

Cookie duration

Cookies have a duration decided by the expiry date (or by a specific action like the closing of the browser) set at the moment of the installation. Cookies can be:

• temporary or session cookies: they are used to store temporary information, consent to connect the executed actions during a specific session and are removed from the device at the closing of the browser;
• persistent cookies: they are used to store information, for example the username and the password for the log-in, in order to avoid that the user must type them in again every time they browse a specific website. These remain stored in the device even after closing the browser.

Cookies management

In compliance with the GDPR, the user can modify at any time the cookie consent.
The controller of the treatment will keep track of the user’s consent with a designated technical cookie. The user can deny their consent or change at any moment their options related to the use of cookies. If the user has initially given their consent, they can change that by sending an email to the Holder of the treatment.

If the consent has already been given but you want to change cookie consent, you must delete them through the browser, because otherwise those already installed will not be removed.

16. Communication with the user in case of attacks to the system

The controller guarantees, as written already, the protection of the users’ personal data; however, despite the controller adopts all the behavioral measures and all the possible techniques to guarantee this protection, attacks by malicious hackers may occur, with the purpose of the violation of the system and of the acquisition of the users’ personal data.

In case of such violation, the controller will warn the competent authorities and the user will be immediately informed through the contact details provided or through a public communication published on the website’s homepage.

17. Informative update

Any possible updates of this informative and every possible change on the current terms of the processing of the users’ personal data will be notified to the users with a relative request of consent.

Users can consult this informative at the following link
https://donkhm.network/privacy.