(as of April 20, 2020)
Fondazione Milano Cortina 2026, with registered office in Milano, at via Fabio Filzi n. 22, tax code 97866790153 and VAT # 11199200962, as data controller (hereinafter, “Data Controller”), pursuant to EU Regulation 2016/679 (“GDPR“) and the current national legislation on personal data protection, informs you that your personal data will be processed in the manner and for the following purposes:
- Categories of personal data under processing
The Data Controller processes identification and non-sensitive personal data (in particular e-mail address, IP address, etc. – hereinafter “Data” or “Personal Data”) communicated by you when browsing the website (hereinafter, ” Site “), of this on the Site or of messages sent by you by e-mail to the e-mail addresses with the milanocortina2026.org domain. Precisely:
- e-mail address, identification data (eg name, surname, address, telephone number, professional training) and particular data (eg belonging to a protected category) which may be contained in the e-mails sent to the Data Controller through the e-mail contacts indicated within the website or, in any case, through e-mail contacts with the org domain.
Please be advised that information provided on this page does not extend and apply to the pages of other web domains that may be consulted via hyperlink.
- Purposes and legal basis for processing your personal data
Your data are processed for the following purposes and legal basis:
- without your prior consent for service purposes and, precisely, for:
- the execution of the contract and / or the fulfilment of pre-contractual commitments, specifically to:
- allow you to browse across the Site;
- manage and maintain the Site;
- respond to requests for spontaneous applications or applications for open job positions;
- respond to requests for information received following e-mail contact.
- the fulfilment by the Data Controller of legal obligations, such as:
- compliance with the obligations established by national or European laws, regulations and legislation or imposed by the competent Authorities
- the pursuit of a legitimate interest of the Data Controller, specifically to:
- prevent or discover fraudulent activities or abuses harmful to the Site, as well as exercise the rights of the Data Controller in court and the management of litigation: the interest of the Data Controller corresponds to the general legitimate, real and current interest in not being damaged as a result of conduct unlawful acts of others, as well as the constitutionally guaranteed right of action (art. 24 of the Constitution) and, as such, is socially recognized as prevalent with respect to the interests of the individual subject concerned; manage and maintain the Site: the interest of the Data Controller is based on the general interest of a company to ensure business operations, including through the operation of the Site, and possible efficiency improvements of the offered service.
- only with your consent, provided by managing your preferences in the banner on the site’s home page, for:
- Profiling purposes, specifically to automatically analyse your browsing data to create “clusters” (homogeneous groups consisting of profiles that present a degree of correlation) according to your interests in order to develop targeted digital campaigns and according to individual user preferences.
- Processing means
The processing of your personal data is performed by means of the operations of collection, recording, organization, storage, consultation, processing, alteration, selection, retrieval, use, alignment, combination,, blocking, communication, erasure and destruction of data.
Your personal data are subject to electronic and possibly automated processing. Your personal data are protected in such a way as to minimize the risk of destruction, loss (including accidental loss), unauthorized access / use or use incompatible with the initial purpose of the collection. This is achieved with the technical and organizational security measures implemented by the Data Controller.
- Data Retention
The Data Controller processes the Data for the necessary time to respond to your request and fulfil the aforementioned purposes and in any case for:
- no longer than 2 years from the receipt of the application or other requests received by e-mail
- Data Provision
The provision of data is mandatory for the purposes stated in point A of paragraph 2, i.e. to allow you to browse the Site, to apply spontaneously for a generic job position or to forward a contact request to the Data Controller.Should you not consent to provide your Data, we will not be able to guarantee you browsing through the Site nor managing your requests.
- Data Access
Your data may be made accessible for the above purposes to:
- employees and / or contractors of the Data Controller in their capacity as data processors and / or internal data processors and / or system administrators.
- third-party companies or other subjects (for example, suppliers, hardware and software assistance technicians, professional firms, etc.) who perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
- Data Disclosure
Your data may be communicated, even without your consent, for the aforementioned purposes to supervisory bodies, law enforcement agencies or the judiciary who will process them, at their express request, as independent data controllers for institutional purposes and / or by law during investigations and checks. Your data may also be communicated to third parties (for example, partners, freelancers, agents, etc.), as independent data controllers, for the performance of activities instrumental to the aforementioned purposes.
- Data Transfer
Your data will not be disseminated but may be transferred for the above purposes to non-EU countries. To ensure an adequate level of protection of Personal Data, the transfer will take place by virtue of the adequacy decisions approved by the European Commission or the adoption by the Data Controller of the Standard Contractual Clauses prepared by the European Commission. The list of non-European countries, where the data might be transferred to, is available at the headquarters of the Data Controller.
- Your Rights
The Data Controller informs you that, as data subject, if the limitations provided for by the law do not exist, you have the right to:
- obtain confirmation of the existence or not of your personal data, even if not yet registered, and that these data are made available to you in an intelligible form;
- be informed and, if necessary, obtain copy of: a) the origin and category of existing personal data; b) the logic applied in case of processing performed with the aid of electronic instruments; c) the purposes and methods of treatment; d) the identity of the Data Controller and Data Processors; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them, in particular if they are recipients of third countries or international organizations; e) whenever possible, the data retention period or the criteria used to determine this period;
- obtain, without undue delay, the updating and correction of inaccurate data or, when interested, the integration of incomplete data;
- obtain the cancellation, transformation into anonymous form or blocking of data access, when: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of withdrawal of the consent on which processing is based and if there is no other legal basis, d) if you have objected to the processing and there are no overriding legitimate grounds to continue the processing; e) in case of fulfilment of a legal obligation; f) in the case of data referring to minors. The Data Controller may refuse cancellation only in the case of: a) exercise of the right of freedom of expression and information; b) fulfilment of a legal obligation, execution of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in court;
- obtain the restriction of processing if : a) the accuracy of personal data is contested; b) the processing by the Data Controller is unlawful so as to prevent cancellation; c) exercise of your right in court; d) pending the verification whether the legitimate grounds of the Data Controller override those of the data subject
- receive, if processing is performed by automatic means, without hindrance and in a structured, commonly used and legible format, the personal data concerning you so as to transmit them to another data controller or – if technically feasible – to obtain direct transmission by the Data Controller to another data controller;
- object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose for which they were collected;
- propose a complaint to the Italian Supervisory Authority for the Protection of Personal Data, i.e. to the “Garante per la Protezione dei Dati Personali”.
In the above cases, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of rights by you, with the exception of specific cases (e.g. when such fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right).
- How to exercise your rights
You can exercise these rights at any time:
- by sending a registered letter with return receipt at the Data Controller’s address;
- by sending an email to firstname.lastname@example.org;
- Data Controller and processors information
Fondazione Milano Cortina 2026, with registered office in Milano, at via Fabio Filzi 22, tax code 97866790153 and VAT # 11199200962, is the Data Controller.
The updated list of data processors and system administrators is kept at the headquarters of the Data Controller.
Milano, 20 April 2020
Fondazione Milano Cortina 2026