Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri n. 3, Milan, VAT no. 97866790153, VAT no. 11199200962, in its capacity as data controller (hereinafter, "Data Controller" or "Milano Cortina 2026"), informs you, pursuant to EU Regulation 2016/679 ("GDPR") and current national legislation on the protection of personal data, that by subscribing to the newsletter, you transmit or share with the Data Controller certain information concerning you.
- Object of processing
The Data Controller processes the following personal data that you have communicated in connection with the Initiative (hereinafter, "Data" or "Personal Data"), i.e. identifying and non-particular data (such as, for example, your e-mail address).
- Purpose and legal basis of processing
Your personal data are processed for the following purposes and legal bases.
- Without your prior consent, your data will be processed for the execution of the contract and thus to manage your subscription to the newsletter. In particular, you will receive a confirmation e-mail at the e-mail address you have provided to enable you to unsubscribe.
- Processing methods
The processing of your Data is carried out by means of the operations of collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data is processed electronically and, where appropriate, automatically. Your personal data are protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the original purpose of collection. This is achieved by the technical and organisational security measures implemented by the Data Controller.
- Data Retention
The Controller shall process the Personal Data for the time necessary to fulfil the above mentioned purposes and, in any case, unless you unsubscribe from the newsletter, for no longer than 6 years from the moment of the submission of the subscription request in order to send you the newsletter. If you unsubscribe from the newsletter, your data will be kept on a black list for the sole purpose of not sending you newsletters anymore and will be deleted 6 months after your unsubscription.
In case of consent to the disclosure of data to the IOC, the data will be disclosed on a one-off basis and then stored by the IOC for the time indicated in the notice published on https://www.olympic.org/privacy-policy .
- Provision of data
The provision of Personal Data for the purposes referred to in letter A of paragraph 2 is indispensable and therefore the failure to provide such data would prejudice the subscription to the newsletter.
The provision of Personal Data for the purposes referred to in B paragraph 2 is optional and therefore failure to provide such data would still allow you to subscribe to the newsletter, but would not allow you to receive marketing information relating to the Olympic movement and the Paralympic movement.
- Access to Data
Your data may be made accessible for the above purposes to:
- employees and/or collaborators of the Controller, in their capacity as data processors and/or internal data controllers and/or system administrators;
- third party companies or other entities that perform outsourcing activities on behalf of the Controller and that will process the Data in their capacity as external data controllers.
- Data communication
Your data may be communicated, without your express consent, to supervisory bodies, law enforcement agencies or the judiciary, at their express request, who will process it as independent data controllers for institutional purposes and/or in accordance with the law during investigations and controls. Furthermore, subject to your express consent, your data may be communicated to the International Olympic Committee (IOC) for the purposes indicated in letter B of paragraph 2 of the information notice.
- Data transfer
The Data Controller may transfer Data outside the European Union. To this end, in accordance with privacy legislation, the Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (e.g. adequacy decisions or standard contractual clauses).
- Rights of the data subject
The Data Controller informs you that, as a data subject, if the limitations provided for by law do not apply, you have the right to:
- obtain confirmation of the existence or otherwise of your personal data, even if not yet recorded, and that such data be made available to you in an intelligible form;
- obtain an indication and, if necessary, a copy: (a) the origin and category of the personal data; (b) the logic applied in the event of processing carried out with the aid of electronic instruments; (c) the purposes and methods of processing; (d) the identification details of the data controller and data processors; e) the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data, in particular if they are recipients in non-EU countries or international organisations; e) when possible, the data retention period or the criteria used to determine said period; f) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organisation;
- obtain, without undue delay, the updating and rectification of inaccurate data or, where interested, the integration of incomplete data;
- obtain the cancellation, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if you have objected to the processing and there is no overriding legitimate reason to continue processing; d) in the event of compliance with a legal obligation; e) in the case of data relating to minors. The Data Controller may refuse erasure only in the event of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
- obtain the limitation of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their deletion; c) exercise of one of your rights in court; d) verification of whether the Data Controller's legitimate reasons prevail over those of the data subject;
- to receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the personal data concerning him/her in order to transmit them to another data controller or - if technically feasible - to obtain the direct transmission by the data controller to another data controller;
- to object, in whole or in part, on legitimate grounds relating to your particular situation, to the processing of personal data concerning you;
- not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This does not apply when the decision:
- is necessary for the conclusion or execution of a contract between you and the Controller, i.e. the Foundation;
- is authorised by a legal obligation to which the Data Controller, i.e. the Foundation, is subject and which specifies the appropriate measures to protect your rights, freedoms and legitimate interests;
- is based on your explicit consent.
- to lodge a complaint with the Italian Data Protection Authority.
In the above cases, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of your rights, except in specific cases (e.g. when this proves impossible or involves the use of means that are manifestly disproportionate to the right protected).
- Methods of exercising rights
You may exercise these rights at any time:
- Owner and controller
The Data Controller is Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri 3, Milan - 20145, Tax Code 97866790153, VAT number 11199200962.
The updated list of data processors, persons in charge of processing and system administrators is kept at the Data Controller's head office.
Milan, 7 March 2021
Fondazione Milano Cortina 2026