Privacy Policy

/Privacy Policy
Privacy Policy 2018-07-30T10:50:23+00:00

Legal basis for processing

This policy statement is provided pursuant to Article 13 of European Regulation (EU) 2016/679. This site processes data mainly based on user consent.

Consent is conferred by use or consultation of the site, deemed conduct implying an intent. By using or consulting the site, visitors and users approve this privacy statement and consent to the processing of their personal data in the manner and for the purposes described below, including disclosure to third parties where necessary for the provision of a service. Communication or service request forms are used to obtain additional consent regarding the specific purpose of the service.

The provision of data and granting consent for the collection and processing of data is optional and the User can deny consent or revoke previously granted consent at any time. However, denying consent may make it impossible to provide certain services and the browsing experience on the site is compromised.

Purpose of the processing

In addition to the related purposes, which are instrumental and necessary for the provision of services, processing of the data collected by the website belonging to La Fondazione 1563 of the Compagnia di San Paolo is for the following purposes:
– Statistics (analysis)
Collection of data and information in an exclusively aggregate and anonymous form in order to verify the correct functioning of the site. None of this information is related to the physical person-user of the site and does not allow them to be identified. Consent is not necessary.
– Security
Collection of data and information in order to protect the security of the site (spam filters, firewall, virus detection) and users and to prevent or unmask fraud or abuse to the detriment of the website. The data is recorded automatically and may also include personal data (IP address) that may be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to harm other users, or activities that are otherwise harmful or constitute a criminal offence. The data is never used to identify or profile the User and is periodically deleted. Consent is not necessary.

Data collected

The site collects user data in two ways.

Data collected automatically
During browsing, the following user information may be collected and stored in the site server’s (hosting) log files:

  • internet protocol (IP) address;
  • browser type;
  • parameters of the device used to connect to the site;
  • name of the Internet service provider (ISP);
  • date and time of visit;
  • visitor referral and exit web pages;
  • number of clicks.

This data is used for statistical and analysis purposes only in aggregate form. The IP address is used exclusively for security purposes and is not cross-checked with any other data.

Data provided voluntarily
The site may collect other data in the event of voluntary use of services by users, such as commenting and communication services (subscription to Bandi, etc.), and will be used exclusively for the provision of the service requested

Processing location

The data collected by the site is processed at the Data Controller’s headquarters and is stored and maintained by technical staff or by persons assigned to perform occasional maintenance operations.
No data deriving from the web service is communicated or disseminated outside the company. Personal data provided by users who request information is only used to perform the service requested and is only communicated to third parties if doing so is necessary for this purpose.

Data retention period

The data collected by the site during its operation is stored for the time strictly necessary to carry out the activities specified. At the expiry date, the data will be deleted or anonymised, unless additional purposes exist for their retention.
The data (IP address) used for site security purposes (block attempts to damage the site) are kept for 7 days.

Collected data transfer to third parties

The data collected by the site is generally not provided to third parties, except in specific cases: legitimate requests by the judicial authorities and only in the cases provided by law; where necessary for the provision of a specific service requested by the user; for the execution of security checks or site optimisation.

Data transfer to non-EU countries

The site may share some of the data collected with services located outside the European Union. In particular, with Google, Facebook and Microsoft (LinkedIn) via social plug-ins and the Google Analytics service. Said transfer is authorised according to specific decisions by the European Union and the Italian Data Protection Authority for the protection of personal data, in particular Decision 1250/2016 (Privacy Shield – see the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their compliance with the Privacy Shield.