Milano Cortina 2026 Milano Cortina 2026

Privacy Policy

(version updated 02/03/2021)

Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri 3, Milan, tax code 97866790153, VAT no. 11199200962, in its capacity as data controller (hereinafter, "Controller" or "Milano Cortina 2026"), informs you, pursuant to EU Regulation 2016/679 ("GDPR") and current national legislation on the protection of personal data, that your data will be processed in the following ways and for the following purposes:

  1. Object of processing

The Controller processes the personal data listed below (hereinafter, "Data" or "Personal Data").

  • Identifying and non-particular data: for example, e-mail address, IP address, etc., communicated by you when browsing the website of Milano Cortina 2026 (hereinafter, the "Site") or through messages sent by you by e-mail to the e-mail addresses with the domain org. Further Personal Data, such as your name, surname, place and date of birth, may be communicated to Milano Cortina 2026 when you subscribe, for example, to the Newsletter or to the FanTeam, but these are the subject of separate privacy notices (available in other sections of the Site), which are provided to the data subject prior to the relevant registrations.
  • Particular data: By sending e-mails to the Data Controller via the contacts on the website in order to submit your application, you may provide us with some personal data of a special nature (e.g. belonging to a protected category).
  • Navigation data: The computer systems and software used to operate the Site acquire, in the course of their normal operation, some personal data whose transmission is implicit with the use of network communication protocols; this information is not collected in order to be associated with users but, by their very nature, if associated with other data they may allow the user to be identified; In particular, this category of data includes IP addresses or domain names of the computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system.) and other parameters relating to the user's operating system and computer environment. This information is collected by means of the cookies described in the Site's Cookie Policy [link] to which reference should be made.

The validity of the information provided on this page does not extend to the pages of other web domains that may be consulted by hyperlink.

  1. Purpose and legal basis of processing

Your personal data are processed for the following purposes and legal bases.

  1. Without your prior consent, your data will be processed for service purposes and, in particular, for:
    1. the performance of the contract and/or the fulfilment of pre-contractual commitments, in particular for:
      • allow you to navigate the site;
      • operate and maintain the Site;
      • responding to requests for spontaneous applications or applications for an open job position;
      • responding to requests for information received as a result of e-mail contact.
    2. the fulfilment by the Controller of legal obligations, i.e. to comply with and fulfil the obligations laid down in laws, regulations, Community legislation, orders and prescriptions of the competent authorities.
    3. the pursuit of a legitimate interest of the Controller, namely for:
      • prevent or discover fraudulent activities or abuses harmful to the Site, as well as exercise the rights and protect the legitimate interests of the Data Controller, such as the right to defence in court: the interest of the Data Controller corresponds to the constitutionally guaranteed right of action (art. 24 of the Italian Constitution) and, as such, is socially recognised as prevailing over the interests of the individual concerned.
      • managing and maintaining the Site: the interest of the Data Controller relates to the general interest of a company in guaranteeing business operations, including through the operation of the Site, and possible improvements in the service offered.
  2. only with your consent, provided by managing your preferences within the banner on the home page of the site, for:
    1. Profiling purposes, in particular to automatically analyse your browsing data in order to create "clusters" (homogeneous groups consisting of profiles with a degree of correlation) depending on your interests in order to develop targeted digital campaigns in line with the preferences of individual users.
  1. Processing methods

The processing of your Data is carried out by means of the operations of collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Your personal data is processed electronically and, where appropriate, automatically. Your personal data are protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the original purpose of collection. This is achieved by the technical and organisational security measures implemented by the Data Controller.

  1. Data Retention

The Data Controller processes Personal Data for the time necessary to respond to your request and fulfil the above purposes and, in any case, for:

  • no later than 2 years after receipt of applications;
  • 31 December 2026 after receipt of the other requests received by e-mail;
  • the retention time described in the Site's Cookie Policy, to which we refer, for navigation within the Site, Site management and maintenance, and profiling activity.
  1. Provision of data

The provision of the Data is necessary for the purposes indicated in point 2.A, i.e. to allow you to navigate the Site, to spontaneously apply for a generic job position or to forward a contact request to the Controller. If you decide not to provide the Data, we will not be able to guarantee navigation on the Site or the management of your requests.

The provision of Data is optional for the Purposes indicated in point 2.B and failure to provide such Data does not prevent you from using the services of the Owner. Refusal to provide such Data will make it impossible for you to benefit from targeted digital campaigns in line with your interests. For further information regarding the collection of consent for the conferment of your Data, please refer to the Cookie Policy document.

  1. Access to Data

Your data may be made accessible for the above purposes to:

  • employees and/or collaborators of the Controller, in their capacity as data processors and/or internal data controllers and/or system administrators;
  • third party companies or other subjects (e.g. suppliers, hardware and software support technicians, professional firms, etc.) that perform outsourcing activities on behalf of the Data Controller and that will process the Data in their capacity as external data processors.
  1. Data communication

Your data may be communicated, without your express consent, to:

  • control bodies, law enforcement agencies or the judiciary, at their express request, who will process them as autonomous data controllers for institutional purposes and/or under the law in the course of investigations and controls;
  • third parties (e.g. partners, freelancers, agents, IOC, IPC, etc.), in their capacity as independent data controllers, for the performance of activities instrumental to the above purposes.

We also inform you that your data may be communicated, with your express consent given through the cookie banner on our Site, to the International Olympic Committee, for statistical analysis, profiling and marketing activities carried out through the use of cookies. For more information on data processing please refer to the Cookie Policy [] present on our Site and to the Privacy Policy of the International Olympic Committee [].

  1. Data transfer

The Data Controller may transfer Data outside the European Union. To this end, in accordance with privacy legislation, the Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (e.g. adequacy decisions or standard contractual clauses).

  1. Rights of the data subject

The Data Controller informs you that, as a data subject, if the limitations provided for by law do not apply, you have the right to:

  • obtain confirmation of the existence or otherwise of your personal data, even if not yet recorded, and that such data be made available to you in an intelligible form;
  • obtain an indication and, if necessary, a copy: (a) the origin and category of the personal data; (b) the logic applied in the event of processing carried out with the aid of electronic instruments; (c) the purposes and methods of processing; (d) the identification details of the data controller and data processors; e) the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data, in particular if they are recipients in non-EU countries or international organisations; f) where possible, the period of retention of the data or the criteria used to determine that period; g) the existence of adequate safeguards in case of transfer of the data to a non-EU country or an international organisation;
  • obtain, without undue delay, the updating and rectification of inaccurate data or, where interested, the integration of incomplete data;
  • obtain the cancellation, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if you have objected to the processing and there is no overriding legitimate reason to continue processing; d) in the event of compliance with a legal obligation; e) in the case of data relating to minors. The Data Controller may refuse erasure only in the event of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
  • obtain the limitation of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their deletion; c) exercise of one of your rights in court; d) verification of whether the Data Controller's legitimate reasons prevail over those of the data subject;
  • to receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the personal data concerning him/her in order to transmit them to another data controller or - if technically feasible - to obtain the direct transmission by the data controller to another data controller;
  • to object, in whole or in part, on legitimate grounds relating to your particular situation, to the processing of personal data concerning you;
  • not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This does not apply when the decision:
    • is necessary for the conclusion or performance of a contract between you and the Controller, i.e. the Foundation;
    • is authorised by a legal obligation to which the Data Controller, i.e. the Foundation, is subject and which specifies the appropriate measures to protect your rights, freedoms and legitimate interests;
    • is based on your explicit consent;
  • to lodge a complaint with the Italian Data Protection Authority.

In the above cases, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of your rights, except in specific cases (e.g. when this proves impossible or involves the use of means that are manifestly disproportionate to the right protected).

  1. Methods of exercising rights

You may exercise these rights at any time:

  1. Owner and controller

The Data Controller is Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri n. 3, 20145 - Milan, Tax Code 97866790153, VAT number 11199200962.

The updated list of data processors, persons in charge of processing and system administrators is kept at the Data Controller's head office.

Milan, 2 March 2021
Fondazione Milano Cortina 2026