Introduction

Fondazione Milano per Expo (“Foundation”) take in serious consideration the website users’ personal data protection and commit to comply with the terms of the applicable laws (With particular regard to the Regulation EU 2016/679 General Data Protection Regulation – following : “Regulation” or “GDPR”) requires.

This document (“Privacy Policy”) provide information regarding to personal data collected on this website, www.fondazionemilanoperexpo2015.it (“Site”), by the Foundation and so we have to consider it as a policy provided to the interested in accordance with the Article 13 of GDPR.

Into the Site’s section where the user’s personal data is collected, as regard to the determined purposes, a specific privacy statement is normally published which, in any way, this privacy policy integrates.

The policy only apply on the Foundation’s site, and not for other websites eventually consulted by the user through links on the Site itself.

Data Controller

Fondazione Milano per Expo is the data controller. His headquarter is in Milan (Italy), Via Cino del Duca, 8, 20121.

Data Processed Type and Processing Purposes

Navigation Data
The personal data processing involving users that visit the Site without sending communications or using no one of the available services/functions is limited to the navigation data, that data that we must send to the site in order to make the Site manage computer systems and the internet communication protocols work. Falling in this category we have, for example, the IP addresses or computer’s domain used in order to visit the Site and other parameters related to the operating system that the user perform in order to connect to the Site. The Foundation only collects this and other technical data (e.g. the Site’s visits number) for statistical purposes and in anonymous form. This in order to detect the Site’s behavior and to improve its functionalities.

The aim of the information collection is not to associate it with other user’s information and to identify him; however, such information can allow, for his own nature, the users’ identification given by third parties’ data elaborations and associations. Without prejudice to this eventuality and the Cookie Policy’s section specification, the over described navigation data are only temporarily preserved in accordance with the applicable legislation.

Cookie
In order to ensure the operation of the Site and improve the offered service, we use cookies on this Site. Cookies are small text files that the websites the user visit send to his terminal (usually to the browser), where they get stored. Then they sent to the same sites when the same user visit it again. The Foundation uses temporary session cookies; they automatically erase once the user leave the navigation of the Site. We also use persistent cookies; they remain into the user’s hard disk until they erase.

We only use cookies in order to ensure the Site’s operation and improve the user’s navigation, this, collecting information on the Site’s usage modalities, all in anonymous form. This information allow us to make constant updates in order to improve the use of the Site by the users. We never allow backups of passwords, credit card’s data or other identifiable information on the cookies. In particular, the Site use the following kind of cookies:

• Session and navigation cookies, which ensure the normal Site’s navigation and operation. Such cookies do not contain personal data and they work for the current session only, until the browser is closing;
• Functionality cookies, which allow the user to navigate according to a set of selected criteria (e.g. language);
• Performance cookies, which collect information on how the users use the Site, for example: the time spent on every page, the internet search engine allowing the redirection on the Site, the user’s country destination, the time spent on the various pages etc. We process such information in aggregate anonymous form and we use it in order to perform statistical surveys due to make Site’s operation improvements. For these reasons, the Site uses Google analytics, a statistical websites’ and blogs’ service offered by Google Inc. (www.google.com/analytics/).

The Sites do not contain cookies profiling. The most part of the browsers are initially set in order to accept cookies. You will be anytime able to disable the cookies’ operation resetting your browser in order to reject all the cookies or to be alerted when a cookie is sent. The rejection of the cookies could however freeze some of the Sites’ functionalities.

Data that the user intentionally provides
The free and intentional user’s/sender’s electronic mail (email) sent on this Site’s addresses involves the later user’s/sender’s email address acquisition, this is necessary in order to respond to requests. The same apply to other personal data eventually found on the email.

The foundation may process the user's personal data for the following purposes:

1. Managing requests and notifications received form the Site (dedicated forms) or from email intentionally sent by the user to the Foundation’s email addresses published on the Site, regarding to projects linked to the Foundation applications too;
2. Managing the registration to initiatives like contests, events, programs, scholarships ad assimilated;
3. Making institutional communications and/or sending, via email or traditional mail, promotional material related to the Foundation or his Partners;
4. Complying with obligations coming from lows, regulations, community legislation.

As regard to the purposes set out in a) and b), the data processing can be done without Your consent, as the article 6.1 letter b) of GDPR expects, this because the processing is necessary in order to perform pre-contractual measures (information request, notifications) on Your explicitly given request. If mandatory requested personal data, remarked with an asterisk (*), will not be provided, we will not be able to satisfy Your request/notification.

As regard to the purpose set out in c), the data processing can only be done having Your explicitly given consent, as the Article 6.1 letter. a) of GDPR expects.

As regard to the purpose set out in d), the Article 6.1 letter c) of the Regulation give the legal basis.

All the user’s data are also processed with paper-base and automated tools that are however eligible to ensure security and confidentiality.

We only process the users’ intentionally provided data in order to fulfill the above-mentioned purposes of their providing. We will report or make you visualize specific synthetic policies into the Site’s pages that are predisposed for particular services and/or initiatives.

Others website link

The Site may contain others websites link (e.g. third parties’ websites). The Foundation perform no access nor control on cookies, web beacon and other users tracking technologies that third parties’ website the user can reach from the Site use. The Foundation perform no control on contents and materials that third parties’ websites publish and the user can get nor on the related user’s personal data processing modalities. For these reasons the Foundation, explicitly decline every responsibility related to such eventualities. The user should verify the Privacy policy of the websites that he reaches from the Site and he should notify us with regard to his personal data processing applicable conditions. This Privacy policy only apply to the Site as above defined.

Providing data nature

Providing personal data is optional. However, if you want to subscribe the Site and/or to take part to the Foundation’s initiatives and/or to receive information on the Foundation’s activities, you need to fill all the forms’ mandatory fields and, where it is requested, to express your data processing consent. If you will not provide us to the consent, we will not be able to perform your subscription to the Site as well as the Foundation’s initiatives. We will not be able to get you informed about programs/initiative that may be of your interest nor to send you any other information related to the Foundation and his Partner. Anytime you will be able to modify or to revoke your consent as well as to object the data processing, writing to the Controller’s address.

Processing modalities

The Foundation will process the Data by means of electronic or, however, telematic and computerized devices, or by manual and paper-based elaborations. The logics of the elaboration will have a strict relation to the above-mentioned purposes of their providing and, however, we will operate in a way that ensure security and confidentiality. Internal Foundation’s staffs will process the Data and, eventually, to the extent that is necessary and/or instrumental for the above-mentioned purposes. They will have the authorization for this purpose in connection with the performance of their assigned tasks. Third parties acting on behalf of the Foundation will process the data too, they, given by the case, will act as autonomous Controllers, Co-Controllers or Processors that have a nomination in accordance with the Article 28 of GDPR (e.g. Foundation’s initiatives partners, service provider, shippers, dispatchers, computer services maintainers, other suppliers the Foundation could involve to execute the above-mentioned purposes, Bracco’s Group societies).

All the data’s recipients will only receive data that is useful to dispatch the related functions and they will commit to use it for the above-mentioned purposes only and to process it in accordance with the applicable law. With the exception of the above mentioned, we will not share data with third parties, natural and legal persons which are performing no commercial, professional and/or technical functions on behalf of the Controller, nevertheless we will not spread the data.

As regard to the possible data’s transfer towards Third Countries, including countries that may not ensure the same level of protection as the data protection legislation require (i.e. extra EU countries); the Controller makes you known that the processing will still occur. This, given by the cases, in accordance with one or more of the modalities allowed by the Regulation. For example, the user’s explicitly given consent, the adoption of Standard Contractual Clauses that have been approved by the European Commission, the selection of subjects involved in international programs for the free movement of data, (e.g. EU-USA Privacy Shield) or that are active in countries considered as safe by the European Commission.

The data’s recipient list is available asking to the Controller using the contacts indicated in the current policy.

Period for which the personal data will be stored

In compliance with what the Article 5.1. (c) of the Regulation prescribe, the informative systems and computer programs used by the Foundation, are configured in a way that minimize the need for personal and identification data; such data shall only be processed to the extent that is necessary in order to attain the purposes set forth in this Policy. The data will be stored for the period that is strictly necessary in order to achieve the concrete objectives pursued. Anyway, the criteria used to determine the period of storage has his base in the compliance with the applicable laws and to the processing minimization principle as well as the storage limitation and the rational management of archives.

Rights of data subjects

The user may anytime exercise the rights in accordance with the Articles 15-22 of the Regulation, including the right to have a confirmation on the existence of his personal data. He can verify the data’s content, origin, accuracy, location (as also regard to Third Countries). He may ask for a copy of the data as well as its rectification and, in accordance with the applicable law, the restriction of the processing as well as the erasure of the data and he can also object to the direct contact activities (even specifically for certain means of communication). Similarly, the user may always withdraw the consent and/or make observations on specified data’s usages as regard to particular personal situations who he believes are not fair or that are not justified by the relationship placed in place. He may also lodge a complaint with the Supervisory Authority.

For any of the requests as regard to the Fondazione Milano per Expo data processing process the user may contact the Controller sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it. or by means of ordinary mail to the following address: Fondazione Milano per Expo, via Cino del Duca 8, 20121 Milano, Italia. This in order to exercise the applicable law’s recognized rights, as well as knowing the updated list of subjects to which the data is accessible for.