Privacy Policy

Please read the rules we applied for the management of personal data in accordance with the EU Regulation 679/2016 (GDPR).

Web Privacy Policy

Data Controller

The data controller of personal data is:

Jesuit Refugee Service (JRS)

Borgo Santo Spirito, 4 – 00193 Rome (Italy)
Email: info@jrs.net

Purpose of the processing and legal basis

Personal data collected by JRS are processed for the following purposes:

Purpose Legal Basis Processed Data
Management of requests via  website ‘Execution of pre-contractual measures’ (Art. 6.1.b GDPR) Identification data, contact
Sending newsletters or updates Consent of the data subject (Art. 6.1.a GDPR) Email, name
Online donations and tax management Legal and contractual obligations (Art. 6.1.c, b GDPR) Personal, taxing, and banking data
Personalised marketing and retargeting (e.g. Meta Pixel, LinkedIn Insight Tag) Consent of the data subject (Art. 6.1.a GDPR) Browsing behavioural Data
Statistical activities and improvement of the site Legitimate interest (Art. 6.1.f GDPR) Browsing data, IP, and cookies

Method of processing

Data is processed in a lawful, fair, and transparent manner, mainly by electronic tools and in compliance with appropriate security measures.

Data recipients

Data may be disclosed to:

  • Newsletters ant IT service providers
  • Tax and legal advisors
  • Public entities (in case of legal obligations)
  • JRS international network organisations- if relevant
  • Meta Platforms Ireland Ltd. as sole controller or joint controller, according to the terms defined in the addendum on joint controllership.
  • LinkedIn Corporation

All recipients are bound by confidentiality obligations, and must process the data as independent controllers or holders.

No data is transferred or sold.

Transfer of data to third countries

JRS may transfer data to countries outside the EU. In this case, appropriate safeguards will be adopted in accordance with Articles 44 et seq. of the GDPR (e.g., standard contractual clauses approved by the European Commission).

Storage period

Data will be stored for as long as strictly necessary to pursue the purposes indicated above, and, in any case:

  • For contractual purposes: 10 years
  • For marketing purposes: Until consent is revoked
  • For browsing data: as indicated in the cookie policy
  • For data collected through marketing cookies: according to the times indicated by the provider (e.g. Meta Pixel generally up to 90 days).

Rights of the data subject

At any time, the data subject may exercise the rights provided for in Articles 15-22 of the GDPR, including:

  • Right of access, rectification, and deletion
  • Right to restriction or opposition to processing
  • Right to data portability
  • Right to withdraw consent (without prejudice to processing already carried out)
  • Right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it)

To exercise your rights you may write to: privacy@jrs.net

Mandatory provision of data

The provision of data is optional, but necessary to receive answers, services or newsletters. Otherwise, it may not be possible to provide the requested information.

Automated decision-making

Personal data is not subject to automated decision-making processes or profiling.

Data Protection Officer (DPO)

JRS has not currently appointed a data protection officer.

 

Privacy Policy – Donors

Pursuant to Article 13 of Regulation 679/2016 on the protection of personal data “Personal Data Protection Code”, we would like to provide you with some information regarding the processing of your personal data by Fondazione Pia Autonoma JRS.

The Data Controller is Fondazione Pia Autonoma JRS (hereinafter just “Controller”) with the registered office in Borgo Santo Spirito 4 C.F.97229380585. You may contact the Controller using the following contact details: privacy@jrs.net

The Controller has not currently designated a Data Protection Officer.

Purpose of the Processing and Legal Basis of the Processing

Purposes Legal Basis Data Processed
Management of donation and tax compliance Execution of contract (art. 6.1.b GDPR); Legal obligation (art. 6.1.c GDPR) First name, last name, address, tax code, donation amount, and payment method
Sending Communication and information material Consent (art. 6.1.a GDPR) Email, name (only if explicitly requested)

 

Provision of Data

Only strictly indispensable data will be requested, according to the principle of minimisation and essentiality of the same. The provision of data is optional   The provision of personal data is optional but is strictly necessary for the processing of the requests made by the user and for performance of the services offered.

Withdrawal of Consent

The data subject mayrevoke the consent given by sending an email to the above address at any time. Withdrawal of consent will imply that the Controller will no longer send any communication, but the activities carried out before withdrawal remain legitimate.

Recipients of Personal Data

All your collected and processed data may be shared, exclusively for the purposes specified above, with the following categories of recipients:

  • employees and collaborators of the Controller, in their capacity as persons authorised to process personal data, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
  • persons, companies, professional firms or other third parties with whom the Controller maintains relations necessary for the performance of its activities for the purposes specified above or by legal obligation, to whom specific mandate has been entrusted and for the time necessary to achieve the purposes for which the data were collected, who typically act as Data Processors of the Data Controller;

The controller assures that the processing of your personal data by the above-mentioned recipients is carried out in accordance with current regulations.

Methods of processing 

The collection and processing of your personal data by the Controller is carried out in accordance with the principles of lawfulness, fairness and transparency and in a manner that ensures adequate security, including protection, through appropriate technical and organisational measures, from unauthorised or unlawful processing and from accidental loss, destruction, or damage.

The data collected will be processed through electronic or otherwise automatedcomputerised and telematic tools, or using paper-based toolss, with logic strictly related to the purposes for which the personal data were collected and, in any case, in such a way as to ensure the security of the same and for the time strictly necessary to achieve the purposes for which they were collected, without prejudice to the need to retain the data to meet the obligations provided for by the regulations in force even after the cessation of processing operations or until the time allowed by Italian law to protect the interests of the Controller.

More information regarding the period of retention of personal data and the criteria used to determine this period may be requested by writing to the Controller.

Data Transfer Outside of the European Union

Your personal data is stored on servers located at the Controller’s premises within the European Union. It is, in any case, understood that the Data Controller, should it become necessary, will be entitled to move the servers outside the EU as well. In this case, the Controller assures as of now that the transfer of data to non-EU countries will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses as provided by the European Commission.

Data Storage Time

Your personal data will be kept for as long as necessary to fulfill the purposes for which it was requested or for the time periods provided by national and EU laws, rules and regulations that the Controller must comply.

Rights of the Data Subject

In accordance with the provisions of the GDPR, you have the right to exercise the following rights:

  1. The right of access- to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, to receive information relating, in particular, to: the purposes of the processing, categories of personal data processed and the period of storage, recipients to whom the data may be disclosed (Article 15, GDPR);
  2. The right to rectification – to obtain, without undue delay, rectification of inaccurate personal data concerning you and supplementation of incomplete personal data (Article 16, GDPR);
  3. The right to erasure – to obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for in the GDPR (Article 17, GDPR);
  4. The right to limitation – to obtain from the Controller the limitation of processing, in the cases provided for by the GDPR (Article 18, GDPR);
  5. The right to portability – to receive in a structured, commonly used and machine-readable format the personal data concerning you provided to the Controller, as well as to obtain that it be transmitted to another data controller without hindrance, in the cases provided for by the GDPR (Article 20, GDPR);
  6. The right to object – object to the processing of personal data concerning you, unless there are legitimate reasons for the Controller to continue the processing (Article 21, GDPR);
  7. The right to revoke consent at any time without affecting the lawfulness of the processing based on the consent given before withdrawal;
  8. The right to file a complaint with the supervisory authority-Propose a complaint to the Guarantor Authority for the Protection of Personal Data, based in Piazza di Montecitorio n. 121, 00186, Rome (RM).

Mode of exercise of rights

You can exercise your rights at any time by sending:

  • a registered mail to: Jesuit Refugee Service, International Office, Borgo Santo Spirito 4, 00193, Rome, Italy
  • an e-mail to: donate@jrs.net

 

Last updated: 25/03/2025

Cookies Policy

This Cookie Policy explains what cookies are, how we use them, the types of cookies we use (i.e., the information we collect using cookies and how that information is used), and how to manage your cookie settings.

This cookies policy applies exclusively to the corporate website http://jrs.net/. 

What are cookies?

Cookies are small text files used to store small pieces of information. They are stored on your device when a website loads in your browser. These cookies help ensure that the website functions properly, enhance security, provide a better user experience, and analyse performance to identify what works and where improvements are needed.

How do we use cookies?

Like most online services, our website uses both first-party and third-party cookies for various purposes. First-party cookies are primarily necessary for the website to function properly and do not collect any personally identifiable data.

The third-party cookies used on our website primarily help us understand how the website performs, track how you interact with it, keep our services secure, deliver relevant advertisements, and enhance your overall user experience while improving the speed of your future interactions with our website.

Types of cookies we use

Necessary – Always Active
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensure basic functionalities and security features of the website. These cookies do not store any personal information.

Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Performance
Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customised ads.

The main tools are Meta Pixel and LinkedIn Insight Tag, which record certain browsing events (such as visiting a page) and allow personalised ads to be displayed on Meta platforms and LinkedIn.

These cookies are only activated after you have given your consent.

Manage cookie preferences

On your first visit, a banner appears allowing you to:
• accept all cookies;
• reject them;
• choose only certain categories.

You can modify your cookie settings anytime by clicking the icon in the bottom right corner. This will allow you to revisit the cookie consent banner and update your preferences or withdraw your consent immediately.

Additionally, different browsers offer various methods to block and delete cookies used by websites. You can adjust your browser settings to block or delete cookies.

Transfer of data to third countries

The use of tools such as Meta Pixel may involve the transfer of data to the United States. We take all measures required by the GDPR to ensure an adequate level of protection.

Retention periods

Each cookie has a different duration, determined by the provider.
Marketing cookies can have varying durations, often up to 90 days for tools such as Meta Pixel and up to 1 year for LinkedIn Insight Tag.

Full details are available in the cookie management banner.