PRIVACY POLICY

Updated to the EU Reg. 2016/679
(General Data Protection Regulation, so-called GDPR)

This privacy policy refers to the website www.fondazionecologni.it (hereinafter, the "Site") and describes the way the Site is managed in relation to the processing of personal data of users/visitors consulting it.

The Fondazione Cologni dei Mestieri d’Arte (hereinafter the "Foundation"), in the person of its Chairman and legal representative Mr. Franco Cologni, with registered office at Via Lovanio n. 5, 20121 Milan, Italy, VAT number 12788720154, in its quality as Data Controller (as indicated below) recognizes the importance of the user's privacy and undertakes to respect it. The Foundation processes the user’s personal information (so-called "Personal Data") when he/she visits the Site and uses the services and features of the Site. This privacy policy was drafted pursuant to art. 13 of the GDPR and the applicable local law and is made exclusively for the Site and for the activities and services provided by the Foundation. It does not concern other websites that may be consulted by the user through links and/or activities carried out by third parties. In case of consultation of other websites, please refer to the respective privacy policies.

Data Controller and data processor

The Data Controller is the Foundation, in the person of its President and legal representative Mr. Franco Cologni, with registered office at Via Lovanio n. 5, 20121 Milan, Italy, VAT number 12788720154.

The internal data processor is Mr. Alberto Cavalli.

Both can be reached at the email address info@fondazionecologni.it.

Types of data processed

Navigation data

The visit and consultation of the Site do not generally involve the collection and processing of the user’s personal data. The processing of personal data of the user who visits and consults the Site is limited to the so-called “navigation data”, the transmission of which is necessary for the functioning of computer systems and programs essential for the operation of the Site despite the fact that, by their nature and jointly with other data, they may allow the identification of the user. This category includes, for example, the IP (Internet Protocol) addresses or the domain names of the computer used to visit the Site, as well as other parameters relating to the operating system used by the user to connect to the Site. The collection of browsing data takes place automatically and unavoidably and can only be used to obtain statistical information on the use of the Site and to verify its correct functioning. If expressly requested, such data may be used by the Public Authority to ascertain responsibility in case of computer crimes committed against the Site and/or third parties, according to the procedures in force with the competent Authorities. Except for this possibility, the above described navigation data are only temporarily maintained in compliance with the applicable regulations.

The Site uses cookies and other technologies to read and/or store information about the user's device. For a detailed description of these technologies, please refer to the Cookie Policy.

Data provided voluntarily by individual users.

In addition, the Foundation processes personal data provided voluntarily by the individual user if, by connecting to the Website, the user provides his/her personal data to subscribe to the Foundation's newsletter. The user, completing in full with his/her own Data the registration form for the newsletter service, gives his/her consent to the acquisition by the Foundation of e-mail address, name and surname. The Foundation does not knowingly process "sensitive" personal data capable of revealing racial and/or ethnic origins, religious beliefs, philosophical convictions, political opinions, membership of political parties, trade unions, religious or philosophical, political or trade union organizations, the health status or sexual orientations of the person concerned. Therefore, please do not provide these types of data.

Purpose and legal basis of data processing

The Foundation processes the user's personal data for the following purposes:

• to forward the user with the monthly newsletter of the Foundation. The provision of personal data for this purpose is done by filling out the form on the Site, which requires the inclusion of mandatory data, i.e. email address, name and surname. The incomplete and/or incorrect compilation of the form prevents the delivery of the requested newsletter service. The consent to the processing of data for this purpose is necessary for the delivery of the newsletter service itself. The lack of consent implies in fact the impossibility for the Foundation to send the newsletter;

• to send communications, information and invitations related to the initiatives and events organized by the Foundation or its partners. The consent to the processing of data for this purpose is free and optional, however the lack of consent will make it impossible for the Foundation to send information and promotional communications relating to the initiatives and events of the Foundation itself or its partners;

• to make anonymous statistics on the use of the site. The consent to the processing of data for this purpose is free and optional, however the lack of consent will make it impossible for the Foundation to proceed with the gathering of anonymous statistics in order to monitor the use of the Site;

• to send envelopes and parcels, in which case the processing of data for such purpose is conditioned upon the fulfillment of contractual obligations;

• to communicate and promote activities also through social media channels. In this case the processing of data for this purpose is conditioned on both the optional consent of the interested party and the fulfillment of contractual obligations;

• to forward communications regarding the participation to Foundation projects and awards promoted by this latter. In this case the processing of data for this purpose is conditional on the optional consent of the interested party;

• to transfer data to third parties (for example, transfer of contact lists to entities responsible for managing the mailing of guests to an event or transfer data to a firm in charge of drawing up the coupons of the various projects promoted by the Foundation). In this case the processing of data for this purpose is conditioned on both the optional consent of the interested party, and to the fulfillment of contractual obligations, and finally, to statutory obligations to which the Data Controller is subject.

Processing method and safety measures

The data processing will be carried out either manually or with the aid of IT and telematic means by ordinary or certified electronic mail, with organizational methods and logics strictly related to the purposes indicated by the employees of the Foundation. The Foundation adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.

The data processing will therefore be carried out in compliance with the security measures pursuant to art. 32 of the GDPR regarding, possibly also by the Foundation’s employees specifically appointed and instructed in compliance with the art. 29 of the GDPR.

The data collected are only processed for the achievement of the above purposes. The Foundation uses security technologies and procedures that guarantee the protection of personal data through the request of the insertion of individual credentials held exclusively by the personnel of the Foundation authorized to access confidential data. The Foundation uses constantly updated devices for the security of the processing and storage of personal data.

Disclosure of personal data

The internal Data Controller and the employees of the Foundation specifically authorized and instructed in compliance with the provisions of art. 29 of the GDPR, will have access to personal data.

Personal data collected may be disclosed to third parties to fulfill legal obligations or to the Judicial Authority in cases expressly provided for by the law without the user's consent.

Except for the above, personal data will in no case be disseminated.

Methods and duration of data retention

The personal data collected are stored in the Foundation's electronic databases. The data are physically on a server located inside the offices of the Foundation and the backup is on an external NAS (Network Attached Storage i.e. a device connected to the network whose function is to allow users to access and share a mass memory) connected to the offices of the Foundation. Hard copies of all documents are filed in dossiers kept in the Foundation's internal archives. Access to electronic databases and paper archives is governed by specific access restrictions.

The data will be kept for the time necessary to achieve the purposes for which it was collected and, in any case, in accordance with the current regulations.

User Rights

The interested party shall have the rights set out in Sections 2, 3 and 4 of Chapter III of the GDPR:

a) the right to access the personal data provided;

b) the right to rectify, limit, modify, supplement, delete, anonymise the personal data provided, this by unsubscribing the newsletter of the Foundation, deleting his/her email address from the mailing list through a special link placed at the end of each newsletter; or with a request communicated by telephone or email to the staff of the Foundation, the interested party has the right to request the cancellation or modification of his/her data in the Foundation's databases;

c) the right to transfer data to another data controller;

d) the right to oppose to the processing of personal data provided.

The interested party also has the right to:

a) revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation. In this case, no further data concerning him/her will be collected, without prejudice to the use of those already collected, without altering them, or those that, originally or as a result of treatment, are not referable to an identified or identifiable person;

b) propose a complaint to a supervisory authority.

With regard to the exercise of these rights, the interested party can contact the Foundation by e-mail at: info@fondazionecologni.it<7a>

Changes and updates of privacy policy

These privacy policy is subject to changes and updates and the version currently in force is that published on the site. The modifications to the privacy policy are communicated through the publication on the Site. Please check the privacy policy periodically to be informed of any changes.

Cookie Policy

The Foundation has created this Cookie Policy in order to provide information to the user on the cookies used by the Website www.fondazionecologni.it (hereinafter "Site") and describe the reasons and conditions of their use.

Cookies

Cookies are small text files that are sent to the user's device (usually to the user's browser) from the websites visited. They are stored in the user's device and then re-transmitted to the websites on the subsequent visits of the user to those websites. While browsing a website, a user may receive cookies from other websites or web servers, which are the so-called "third-party" cookies. This is because the visited website can contain elements such as images, maps, audio files, links to individual Web pages on different domains that are on different servers than the one in which the visited page is stored.

Cookies are usually present in substantial numbers in the browser of each user and, sometimes, remain stored for a long time. They are used for different purposes ranging from IT authentication to monitoring browsing sessions to storing specific information about user configurations accessing a particular server and so on. To regulate these devices appropriately, it is necessary to distinguish them taking into account the aims pursued by those who use them, since there are no technical features that allow them to be differentiated. This is actually the approach followed by the Italian Parliament, which imposed the obligation to obtain the informed consent of users for the installation of cookies for purposes other than those of a purely technical nature - according with the EC Directive 2009/136. From this point of view and for the purposes of this decision, cookies can be divided into two main groups: "technical" cookies and "profiling" cookies.

a. Technical cookies

Technical cookies are those used exclusively for the purpose of transmitting a communication over an electronic communication network, or those strictly necessary for a company providing an Information Technology service that has been explicitly requested by the contracting party or by the user to provide the aforementioned service. They are not used for other purposes and are usually installed directly by the data controller or the website operator. They can be grouped into:

browsing or session cookies, which allow users to browse and use a website (for example, to make online purchases or authenticate to get access to certain sections);

analytical cookies, which can be equated to technical cookies to the extent that they are used directly by the website operator to collect aggregate information on the number of visitors and the pattern of the visits to the website;

functional cookies, which allow users to navigate according to certain predetermined criteria, such as language or products to purchase, in order to improve the service quality. Users' prior consent is not required to install these cookies.

b. Profiling cookies

Profiling cookies aim at creating the user profile. They are used to send advertising messages in line with the preferences shown by the user while browsing. In light of the highly invasive nature of these cookies towards the privacy of users, Italian and European legislation require users to be appropriately informed about their use in order to give their valid consent.

The types of cookies used

a) Proprietary statistical cookies
They help the Site owners to understand how visitors interact with the Site by collecting and transmitting information in an anonymous form. In detail:

//

Cookie name: _ga

Supplier: fondazionecologni.it

Type: HTTP

Deadline: 2 years

First URL found: http://www.fondazionecologni.it/en

Description of the cookie’s purpose: it registers a unique ID used to generate statistical data on how the visitor uses the website.

Initializer: Script tag, source line page number: 770.

Source: http://www.google-analytics.com/analytics.js.

Data sent to: United States (adequate)

Previous consent enabled: No

//

Cookie name: _gat

Supplier: fondazionecologni.it

Type: HTTP

Deadline: session

First URL found: http://www.fondazionecologni.it/en

Description of the cookie’s purpose: used by Google Analytics to limit the frequency of requests.

Initializer: Script tag, source line page number: 770.

Source: http://www.google-analytics.com/analytics.js.

Data sent to: United States (adequate)

Previous consent enabled: No

//

Cookie name: _gid

Supplier: fondazionecologni.it

Type: HTTP

Deadline: session

First URL found: http://www.fondazionecologni.it/en

Description of the cookie’s purpose: it records a unique ID used to generate statistical data on how the visitor uses the website.

Initializer: Script tag, source line page number: 770.

Source: http://www.google-analytics.com/analytics.js.

Data sent to: United States (adequate)

Previous consent enabled: No

//

b)third-party statistical cookies:

Cookie name: collect

Supplier: google-analytics.com

Type: Pixel

Deadline: session

First URL found: http://www.fondazionecologni.it/en

Description of the cookie’s purpose: unclassified

Initializer: Script tag, source line page number: 770.

Source: http://www.google-analytics.com/analytics.js.

Data sent to: United States (adequate)

Previous consent enabled: No

Google Analytics

It is a web analysis service provided by Google Inc. ("Google") that uses cookies that are stored on the user's computer to allow statistical analysis in aggregate form relating to the use of the visited website (control of accesses, visits, events, actions and study of the navigation paths of the users within the website). This information is collected by Google Analytics, which processes it in order to prepare reports for site owners, concerning the activities on the websites themselves. This Site does not use (and does not allow third parties to use) Google’s analysis tool to monitor or collect personal identification information.

In fact, the Site applies mechanism set up by Google Analytics to render all users’ IP addresses anonymous.

Such mechanism operates by masking a part of the IP address at the time of its acquisition on the site owner, and disables all settings to share data with Google. Therefore, the information collected is anonymous and used only for the Google Analytics service, for the sole purpose of allowing the Foundation to perform internal statistical analysis, useful for optimizing the site and the services offered. In any case, Google provides visitors, who do not want the information relating to their navigation to be sent to Google Analytics, with the possibility to selectively disable the action of Google Analytics by installing on their browser the opt-out component provided by Google (see http://tools.google.com/dlpage/gaoptout). The data generated by Google Analytics are stored by Google as indicated in the information available at http://www.google.com/intl/en/analytics/privacyoverview.html.

//

Unclassified cookies

Cookies that are in a classification hase, together with the providers of individual cookies.

Cookie name: concretes

Supplier: fondazionecologni.it

Type: HTTP

Deadline: session

First URL found: http://www.fondazionecologni.it/en

Description of the cookie’s purpose: unclassified

Initializer: Webserver

Origin: fondazionecologni.it

Data sent to: Italy (adequate)

Previous consent enabled: No

//

Links to third parties

On the Site it is possible also to find "buttons" that allow the visiting users to reach and interact with a "click" directly with social networks, such as Facebook, Twitter, Flickr, LinkedIn, Tumblr and Instagram that could, in turn, ask users for personal data. These sites follow their own privacy policy and their own conditions of use, therefore we recommend reading the Privacy Policy and the conditions of use of third party sites, as they could be very different from this Policy. The Foundation therefore declines any kind of responsibility regarding the collection and use of personal data by third party websites.

Disabling cookies

To limit, block or delete cookies, it is enough to change the settings of your web browser. The procedure varies slightly according to the type of browser used. For detailed instructions, click on the link related to the browser used.

1. More information on disabling cookies on Firefox

2. Further information on disabling cookies on Chrome

3. Further information on disabling cookies on Internet Explorer

4. Further information on disabling cookies on Safari

5. Further information on disabling cookies on Opera

Some sections of the Site are accessible only by enabling cookies; turning them off it is possible that the user no longer have access to some content and the user cannot fully appreciate the features of the website.

Consent

By using this site, the user gives his/her consent to the processing of his/her data and the use of cookies, as provided for by this Privacy and Cookie Policy. If the user does not intend to give the consent to the processing, he/she must immediately stop browsing the Site. Continuation of navigation on the Site will be equivalent to the provision of consent.