💙 Première Association ReNU en Italie — Découvrez notre mission
Sindrome ReNU Italia APS
Privacy & GDPR

Privacy Policy

Last updated: June 2026 · Version 2.1

1. Data Controller

Sindrome ReNU Italia APS
Social Promotion Association
Email: info@sindromerenu.it
PEC: sindromerenuitalia@legalmail.it
Tel (Segreteria): +39 327 763 4894
Tel (Presidenza): +39 335 730 1206
Website: www.sindromerenu.it

Data Protection Officer (DPO)

Avv. Francesco Conti
Appointed by the Board of Directors on 9 June 2026 pursuant to Art. 37 GDPR (EU Reg. 2016/679).

To exercise your rights or for any matter relating to the processing of personal data, contact the DPO directly:
dpo@sindromerenu.it

2. Personal Data Collected

PurposeDataLegal basis
Information requestsNome, email, messaggioConsent (Art. 6.1.a GDPR)
Association membershipNome, cognome, email, città, dati bambinoContract (Art. 6.1.b GDPR)
DonationsNome, email, importoLegal obligation (Art. 6.1.c GDPR)
Family stories (health data)Child name, story, photosExplicit consent (Art. 9.2.a GDPR)
Site navigation (logs)IP, browser, pagine visitateLegitimate interest (Art. 6.1.f GDPR)

3. Health Data (Special Category)

The site processes health data relating to children with ReNU Syndrome. This data falls under the special categories of Art. 9 GDPR and is processed exclusively with:

  • Explicit and informed consent of the data subject or parent/guardian
  • Health protection and family support purposes
  • Enhanced security measures (encryption, limited access)
  • Limited retention and deletion on request

4. Your Rights (Arts. 15-22 GDPR)

Right of Access
You can request a copy of your data (Art. 15)
Right of Rectification
You can correct inaccurate data (Art. 16)
Right of Erasure
Right to be forgotten (Art. 17)
Right of Restriction
You can restrict processing (Art. 18)
Right of Portability
You can receive your data in structured format (Art. 20)
Right of Objection
You can object to processing (Art. 21)
How to exercise your rights: Write to info@sindromerenu.it. We will respond within 30 days. You may also lodge a complaint with the Italian Data Protection Authority (Garante).

5. Cookies and Tracking Technologies

This site uses only technical cookies necessary for its operation. No profiling or marketing cookies are used. No Google Analytics or other behavioural analysis tool is integrated.

CookieTypeDurationPurpose
sessionTechnicalSessionNavigation
cf_clearanceTechnical (Cloudflare)30 daysCDN Security
cookie_consentTechnical (preferences)365 daysStores cookie banner choice

External CDN CSS/JS resources

The site loads CSS stylesheets (Tailwind, FontAwesome) from the jsDelivr.net CDN service, operated by ProspectOne (Poland/EU). This may involve transmission of your IP address to the CDN server on first page load. No profiling cookies are set by these services. Typography fonts are served by the operating system (no Google Fonts request).

You can manage cookies in your browser settings.

6. Retention Periods

  • • Contact data/information requests: 2 years from receipt
  • • Association membership data: for the duration of membership + 5 years
  • • Donation data: 10 years (tax obligation)
  • • Family stories: until consent is withdrawn
  • • Navigation logs: 12 months

7. Data Security

Data is processed with appropriate technical and organizational security measures: HTTPS/TLS transmission, hosting on Cloudflare Pages (ISO 27001 certified infrastructure), access limited to authorized personnel. Transfers to non-EU providers are carried out in compliance with Art. 46 GDPR through Standard Contractual Clauses (SCC) and adherence to the EU-US Data Privacy Framework (European Commission adequacy decision 2023/1795 of 10 July 2023).

8. Third-Party Data Processors (Art. 28 GDPR)

For certain technical and operational activities, Sindrome ReNU Italia APS uses third-party providers appointed as Data Processors pursuant to Art. 28 GDPR. These parties process data exclusively on behalf of and under the instruction of the Data Controller:

Provider Service Data processed Location Safeguards
Cloudflare, Inc. Hosting, CDN, security IP, navigation logs 🇺🇸 USA DPA + SCC + DPF
Brevo SAS (ex Sendinblue) Email notifications Name, email, message 🇫🇷 Francia — UE DPA (Art. 28 GDPR)

SCC = Standard Contractual Clauses of the European Commission (Dec. 2021/914/EU) · DPF = EU-US Data Privacy Framework (European Commission adequacy decision 2023/1795, 10 Jul. 2023) — adequate safeguards for extra-EU transfers pursuant to Arts. 45-46 GDPR. Brevo SAS (France) processes all data within the EU, with no need for SCC or DPF.

Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority:

www.garanteprivacy.it