BACK

Terms & Conditions

Last update: 2026-04-01

GDPR Information Notice (Art. 13 Reg. EU 2016/679)

This notice explains how personal data provided through the sign-up form is processed for the "Break the Cycle" campaign.

1. Data Controller

The Data Controller is the organization managing this website and campaign. For requests related to personal data processing, contact the controller through the official campaign contact channels published on this site.

2. Categories of Personal Data Processed

  • Identification and contact data (e.g. full name, email, contact preferences, optional Signal number).
  • Organization data (e.g. organization name, region, represented people, category, authority declaration).
  • Content voluntarily submitted (e.g. optional follow-up message and logo file).
  • Technical and security-related data strictly necessary for service protection and abuse prevention.

3. Purpose of Processing

  • Manage and validate campaign sign-up requests.
  • Publish approved organization information in supporters-related campaign areas.
  • Communicate with submitters regarding campaign operations and follow-up requests.
  • Comply with legal obligations and ensure platform security and integrity.

4. Legal Basis (Art. 6 GDPR)

  • Art. 6(1)(a): explicit consent provided by checking the dedicated consent checkbox.
  • Art. 6(1)(b): performance of pre-contractual/organizational measures requested by the submitter.
  • Art. 6(1)(c): compliance with legal obligations applicable to the controller.
  • Art. 6(1)(f): legitimate interest in service security, fraud prevention, and campaign continuity.

5. Data Provision

Providing mandatory fields is necessary to process a submission. If mandatory data is not provided, the request cannot be accepted. Optional data may be omitted without affecting submission validity.

6. Processing Methods

Data is processed with electronic tools and organizational safeguards designed to ensure confidentiality, integrity, availability, and resilience of systems and services.

7. Recipients and Authorized Parties

Data may be accessed by authorized personnel and service providers acting as processors under Art. 28 GDPR (e.g. hosting, infrastructure, and maintenance providers), strictly within their assigned purposes and duties.

8. International Transfers

If data is transferred outside the EEA, transfers are performed only in compliance with GDPR Chapter V, including adequacy decisions or appropriate safeguards such as Standard Contractual Clauses.

9. Retention Period

  • Data is retained only for the time necessary to achieve the stated purposes.
  • Campaign and supporter data may be retained for the campaign lifecycle and related accountability obligations.
  • Data may be retained longer when required by law, legitimate claims, or competent authority requests.

10. Data Subject Rights

Under Arts. 15-22 GDPR, data subjects may request:

  • Access to personal data.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten"), where applicable.
  • Restriction of processing.
  • Data portability.
  • Objection to processing based on legitimate interest.
  • Withdrawal of consent at any time, without affecting prior lawful processing.

11. Complaint to Supervisory Authority

Data subjects have the right to lodge a complaint with their competent supervisory authority (in Italy: Garante per la Protezione dei Dati Personali), without prejudice to any other administrative or judicial remedy.

12. Automated Decision-Making

No solely automated decision-making, including profiling, is carried out that produces legal effects or similarly significant effects on data subjects.

13. Terms Acceptance

By checking "I consent to my information being used for this campaign, accepting Terms & Conditions", the submitter confirms they have read this notice and agree to the described processing for campaign purposes.

For additional details on data handling, please also refer to the Privacy Policy.