top of page

If you need to close this page for privacy reasons, you can press this button at any time.

Privacy Policy

Introduction and Data Controller

This policy is provided pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003 and subsequent amendments. MIA (Movimento Incontro Ascolto - Movement Meeting Listening) is committed to ensuring the maximum confidentiality and absolute security of the personal and sensitive data of the women who turn to the Center.

Data Controller: MIA (Movimento Incontro Ascolto)

Registered/Operational Office: via Achille Grandi nĀ° 28 Casalmaggiore, CR.

Email Contact: gruppomia@gmail.com

Telephone Contact: +39 3779489384

  1. Personal Data Collected

The MIA Center processes various categories of data, including those that the law defines as "special categories of personal data" (sensitive data), given the type of service offered.

Contact and Identifying Data: Name, surname (or only initial/pseudonym, upon user request), telephone number, email address.

Sensitive Data (Special Categories): Data relating to physical and mental health, judicial data (e.g., criminal proceedings), data revealing ethnic origin, data relating to sexual orientation, data relating to sexual life. This data is processed exclusively for the purposes of help and support.

Navigation Data (of the Website): Data collected automatically by the computer system (e.g., IP addresses, browser type), used only to monitor the correct functioning of the site and never cross-referenced with the personal data of users accessing the Center's services.

  1. Purposes and Legal Basis of Processing

Personal data is processed for the following purposes, each supported by a specific legal basis:

Processing PurposeLegal Basis (GDPR)

A. Offer assistance and support services (listening, legal guidance, psychological support, shelter accommodation).Art. 9, par. 2, letter h) - Processing necessary for preventive medicine or diagnosis, the provision of health or social care or the management of health or social care systems and services.

B. Fulfill legal obligations (e.g., reporting to Public Bodies, mandatory legal reports, etc.).Art. 6, par. 1, letter c) - Processing necessary for compliance with a legal obligation to which the Controller is subject.

C. Management of donations and fundraising activities (only with explicit consent for communications).Art. 6, par. 1, letter a) - Consent of the data subject.

D. Respond to requests via generic contacts (email/telephone/website form).Art. 6, par. 1, letter f) - Legitimate interest of the Controller to respond to communications.

  1. Processing Methods and Security

Data processing is carried out lawfully, fairly, and with the utmost confidentiality.

Security Measures: Data is stored with rigorous technical and organizational measures to ensure a level of security appropriate to the risk, especially considering the sensitive nature of the data (e.g., anonymization, pseudonymization, encryption, limited and controlled access).

Authorized Personnel: Only MIA personnel (operators, psychologists, lawyers) who are specially trained, bound by professional secrecy, and authorized, have access to sensitive data.

  1. Data Retention

Data is retained for the time strictly necessary to achieve the purposes for which it was collected and in compliance with legal obligations.

Data relating to direct assistance is retained for the period necessary to ensure the continuity and verification of the support process, and subsequently securely archived or destroyed in compliance with legal obligations.

For the first reception/listening service, data is retained only for the time necessary to manage the single request, unless subsequent case management requires its retention for assistance purposes.

  1. Communication and Disclosure of Data

Personal and sensitive data are NOT subject to diffusion (they are not made known to indeterminate parties).

They may be communicated only to the following parties, where strictly necessary:

Judicial Authority or Law Enforcement, only in cases provided for by law (e.g., reporting obligation or judicial provisions).

Public Bodies (e.g., social services, local health authorities) for the management of the protection and support pathway, only if required by regulations or with the user's consent.

External parties (e.g., accountant for tax compliance), only if appointed as Data Processors and bound by confidentiality requirements.

  1. Rights of the Data Subject

In accordance with the GDPR, the user has the right to:

Access: Obtain confirmation as to whether or not personal data concerning her is being processed, and, where that is the case, access to the data.

Rectification: Obtain the rectification of inaccurate personal data concerning her.

Erasure (Right to be Forgotten): Obtain the erasure of data (subject to legal obligations that require its retention).

Restriction: Obtain the restriction of processing.

Portability: Receive the data in a structured, commonly used, and machine-readable format.

Objection: Object to processing at any time.

Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

These rights can be exercised by sending a request via email to gruppomia@gmail.com. You also have the right to lodge a complaint with the Personal Data Protection Authority.

  1. Changes to this Policy

This Policy may be subject to changes. The latest updated version will always be published on this web page.

Last updated date: 6/12/2025

bottom of page