Privacy & GDPR

Privacy Policy

Last updated: April 2026 · Version 1.0

1. Data Controller

Sindrome ReNU Italia APS
Social Promotion Association
Email: info@sindromerenu.it
PEC: sindromerenuitalia@legalmail.it
Tel: +39 335 730 1206
Website: www.sindromerenu.it

The Data Protection Officer (DPO) is being appointed. For any request regarding your personal data, write to: info@sindromerenu.it

2. Personal Data Collected

Purpose	Data	Legal basis
Information requests	Nome, email, messaggio	Consent (Art. 6.1.a GDPR)
Association membership	Nome, cognome, email, città, dati bambino	Contract (Art. 6.1.b GDPR)
Donations	Nome, email, importo	Legal obligation (Art. 6.1.c GDPR)
Family stories (health data)	Child name, story, photos	Explicit consent (Art. 9.2.a GDPR)
Site navigation (logs)	IP, browser, pagine visitate	Legitimate interest (Art. 6.1.f GDPR)

3. Health Data (Special Category)

The site processes health data relating to children with ReNU Syndrome. This data falls under the special categories of Art. 9 GDPR and is processed exclusively with:

Explicit and informed consent of the data subject or parent/guardian
Health protection and family support purposes
Enhanced security measures (encryption, limited access)
Limited retention and deletion on request

4. Your Rights (Arts. 15-22 GDPR)

Right of Access

You can request a copy of your data (Art. 15)

Right of Rectification

You can correct inaccurate data (Art. 16)

Right of Erasure

Right to be forgotten (Art. 17)

Right of Restriction

You can restrict processing (Art. 18)

Right of Portability

You can receive your data in structured format (Art. 20)

Right of Objection

You can object to processing (Art. 21)

How to exercise your rights: Write to info@sindromerenu.it. We will respond within 30 days. You may also lodge a complaint with the Italian Data Protection Authority (Garante).

5. Cookies and Tracking Technologies

This site uses only technical cookies necessary for its operation. It does not use third-party profiling or marketing cookies.

Cookie	Type	Duration	Purpose
session	Technical	Sessione	Navigation
cf_clearance	Technical (Cloudflare)	30 giorni	CDN Security

You can manage cookies in your browser settings.

6. Retention Periods

• Contact data/information requests: 2 years from receipt
• Association membership data: for the duration of membership + 5 years
• Donation data: 10 years (tax obligation)
• Family stories: until consent is withdrawn
• Navigation logs: 12 months

7. Data Security

Data is processed with appropriate technical and organizational security measures: HTTPS/TLS transmission, hosting on Cloudflare Pages (ISO 27001 certified infrastructure), access limited to authorized personnel, no transfers to non-EU third countries without adequate guarantees.

Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority: