Privacy and cookie policy
This Privacy Policy aims to describe the purposes and methods through which Fondazione Riccardo Catella, as Data Controller (“Controller” or “Foundation”), collects and processes personal data relating to users (“Users”) who interact with the website www.fondazionericcardocatella.org (the “Website”) and with the various services provided through it.
The information contained in this Privacy Policy is provided pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (the “Regulation”) and Italian Legislative Decree 196/2003 (“Privacy Code”), as amended, as well as applicable legal provisions, and the decisions issued by the Italian Data Protection Authority and the guidelines of European supervisory authorities.
The information regarding data processing applies only to the Website and to processing activities carried out by the Foundation and does not extend to processing performed by third parties through other websites that may be accessed by the User via links. With respect to such further processing activities, the Foundation assumes no responsibility, and Users are invited to refer to the respective Privacy Policies of third-party websites.
In conclusion, please note that while browsing the Website, Users may access the websites of individual projects managed or sponsored by the Foundation and, by clicking on the links available on the homepage of those websites, view the relevant Privacy and Cookies Policies, in order to obtain information regarding data processing carried out by the Foundation or by other Controllers in relation to browsing on those websites.
1. Data Controller and Place of Processing
The Data Controller is Fondazione Riccardo Catella, with registered office in Milan (Italy), Via G. de Castillia 28 – 20124.
Personal data are mainly processed at the Controller’s premises, within the territory of the European Union, and, regarding services entrusted to or provided by third parties, also outside Italy and/or outside the European Union. In the event of data transfers to countries that do not provide a level of protection equivalent to that established by European legislation, the Controller undertakes to implement the necessary safeguards for such transfers. Users may obtain information regarding the countries where their data may be transferred by sending a request to the following email address: info@fondazionericcardocatella.org.
2. Methods of Data Processing
The Data Controller processes Users’ personal data by adopting appropriate security measures designed to prevent unauthorized access, as well as unauthorized disclosure, alteration, or destruction of the data. Processing is carried out using both manual and electronic and/or telematic tools, with organizational methods and logics strictly related and limited to the purposes indicated.
3. Purposes of Data Processing and Legal Basis for Processing
The Data Controller, through the Website, may process Users’ personal data for the following purposes:
– Activation and management of the informational services provided by the Foundation, including newsletter subscription, for the purpose of sending information and communications regarding events organized by the Foundation or events sponsored or co-sponsored by the Foundation, invitations to events and/or initiatives, as well as invitations to participate in surveys and market research, etc. Newsletter subscription is carried out by providing the User’s contact details, namely an email address and the User’s first and last name, in order to access the information service.
The legal basis for this processing is the User’s consent, which will be requested at the end of the newsletter registration form and may be withdrawn at any time by clicking on the “unsubscribe” link included at the bottom of each email communication. In this way, the User may opt out of receiving further communications. Consent is optional; failure to provide it will prevent the User from receiving the Foundation’s newsletters, without affecting the possibility of using the Website’s functionalities.
– Purposes related to compliance with legal obligations, regulations, national and EU legislation, as well as provisions issued by authorities empowered by law. For this processing, the legal basis is compliance with a legal obligation under applicable legislation.
4. Categories of Data Processed
The Data Controller receives and collects, through the Website, information relating to Users who visit the Website pages and use the services available therein. In particular, the Foundation collects and processes the following information.
4.1. Data collected through browsing and cookies
The computer systems and software procedures used to operate this Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and devices used by Users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the User’s operating system and IT environment. Such data, which are necessary for the use of web services, are also processed for the purpose of:
– obtaining statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
– monitoring the proper functioning of the services provided.
Browsing data are not retained for more than seven days (without prejudice to any need to investigate criminal offences by judicial authorities).
4.2. Data voluntarily provided by the User
The optional, explicit, and voluntary sending of messages to the Foundation’s contact addresses, private messages sent by Users to institutional social media profiles/pages (where such functionality is available), as well as the completion and submission of forms available on the Foundation’s Website (for newsletter subscription), result in the acquisition of the sender’s contact data, which are necessary to respond, as well as any personal data included in the communications.
Where necessary, specific privacy notices will be published on the pages of the supervisory authority’s website set up for the provision of certain services.
5. Disclosure of Data to Third Parties
The data provided by the User, as well as those collected by the Website in the context of its services (e.g., IP address), will not be disclosed and may be communicated, exclusively for the purposes and according to the methods described above, to the following categories of recipients: (a) collaborators, consultants, or self-employed professionals engaged by the Foundation to perform technical or organizational tasks (such as IT service providers), or with whom the Foundation collaborates, for the provision and operation of its informational and other services; (b) individuals, companies, or professional firms providing assistance and consultancy services to the Foundation, with particular but not exclusive reference to accounting, administrative, legal, tax, and financial matters; (c) third parties and commercial partners of the Foundation, for the purposes indicated in the previous section where required by law, subject to the User’s consent.
The entities belonging to the above categories will process the data either as independent Data Controllers under applicable law or as Data Processors duly appointed by the Foundation. The list of entities to whom the data are or may be disclosed can be requested from the Foundation using the contact details indicated in the “User Rights and Contacts” section.
6. Data Retention
Data are processed for the time necessary to carry out the activities indicated in the previous section and are deleted once the purposes for which they were collected and processed cease to exist. Data related to newsletter subscription will be retained until unsubscribed, while data voluntarily provided by the User in the context of requests submitted to the Foundation via the “Contacts” channel will be retained until a response has been provided to the User.
7. User Rights and Contacts
Users may exercise, where expressly provided by law and where applicable, the rights set out in the Regulation. Users have the right to request:
confirmation as to whether their personal data are being processed and, if so, to request access to information regarding such processing (e.g., purposes, categories of data processed, recipients or categories of recipients, retention period, etc.);
rectification of inaccurate or incomplete data;
erasure of their data from the Data Controller (e.g., where personal data are no longer necessary in relation to the purposes for which they were collected, or where consent is withdrawn, etc.);
restriction of processing (e.g., in case of a dispute regarding the accuracy of the data; if processing is unlawful and the User opposes erasure; if the data are required for the establishment, exercise, or defence of legal claims even where the Controller no longer needs them; or in case of an objection, pending verification of legitimate grounds);
receipt of their personal data in a structured, commonly used, and machine-readable format (e.g., PDF) and transmission of such data to another controller, or direct transmission from one controller to another, where technically feasible (so-called data portability).
Users also have the right to object, in whole or in part, to the processing of their personal data on legitimate grounds.
These rights may be exercised directly by sending a communication to: info@fondazionericcardocatella.org.
Finally, if Users believe that the processing of their personal data via the Website violates the Regulation or applicable data protection laws, they have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), as provided for by Article 77 of the Regulation, or to take legal action in the appropriate courts (Article 79 of the Regulation).
8. Data Collection through Cookies
8.1. What a Cookie Is
A cookie is a small text string that a website sends to the browser and stores on the User’s computer when they visit a website. Cookies are used by the Foundation to ensure the proper functioning of the Website or to improve its performance, as well as to provide information about the Website or the User’s browsing activity. In general, the Website uses cookies both for technical purposes and for additional purposes: while technical cookies are used as they are strictly necessary for the technical operation of the Website and to provide the service expressly requested by the User (e.g., authentication, language settings, etc.), as further described below, cookies used for additional purposes (e.g., profiling cookies, analytical cookies) are used to perform behavioural analysis of Users on the Website in order to improve its content and send advertising messages aligned with the preferences expressed by the User while browsing, as indicated below.
8.2. Technical / Session Cookies
Technical cookies are essential to allow Users to navigate within the Website and use its features. These cookies are strictly necessary and are used to store a unique identifier in order to manage and identify the User as distinct from other Users currently visiting the Website, so as to provide a consistent and accurate service. In addition, these cookies allow the Website to remember Users’ choices (e.g., username, language, country of origin, etc.), to distribute requests across multiple servers, to store when Users have given consent to certain options (e.g., accepting the use of specific cookies via the information banner), and to enable Users to view content and videos via Adobe Flash Player.
8.3. Disabling Cookies via the Browser
In addition to the possibility of accepting or rejecting all or some of the cookies used by the Website for additional purposes through the mechanisms described in this Privacy Policy, Users may also delete cookies placed by the Website at any time through their browser settings.
Most web browsers are set to accept cookies by default. However, Users may configure their browser to restrict the number of cookies accepted or to block all cookies by changing their browser settings as follows:
Microsoft Internet Explorer
Click the “Tools” icon in the top right corner and select “Internet Options”. In the pop-up window, select “Privacy”. Here Users can modify cookie settings.
http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11-win-7
Google Chrome
Click the “wrench” icon in the top right corner and select “Settings”. Then select “Show advanced settings” and change the “Privacy” settings. https://support.google.com/accounts/topic/2373959?hl=it&ref_topic=2373957
Mozilla Firefox
From the drop-down menu in the top left corner, select “Options”. In the pop-up window, select “Privacy”. Here Users can adjust cookie settings. https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie#firefox:win7:fx38
Safari
From the settings drop-down menu in the top right corner, select “Preferences”. Select “Security”, where Users can adjust cookie settings. https://support.apple.com/it-it/HT201265
Please note, however, that disabling all cookies on the Website (including technical cookies) may affect some of its functionalities.
8.4. Further Information on Cookies
The website www.allaboutcookies.org provides instructions for managing cookies on the most common browsers; alternatively, Users may consult the documentation provided with the software installed on their device.
9. Changes to the Privacy and Cookie Policy
The Data Controller reserves the right to amend this Privacy Policy at any time, by providing notice through publication on the Website. Users are encouraged to check the Website for updates.
If changes are particularly significant and/or have a substantial impact on Users’ rights, the Company may also notify Users through alternative means (for example, via email).
Privacy and Cookie Policy updated on: October 15, 2025