Fondazione Bracco (“Foundation”) take in serious consideration the website users’ personal data protection and commit to comply with the terms of the applicable laws (With particular regard to the Regulation EU 2016/679 General Data Protection Regulation – following : “Regulation” or “GDPR”) requires.
The policy only apply on the Foundation’s site, and not for other websites eventually consulted by the user through links on the Site itself.
Fondazione Bracco is the data controller. His headquarter is in Milan (Italy), Via Cino del Duca, 8, 20121.
Data Processed Type and Processing Purposes
The personal data processing involving users that visit the Site without sending communications or using no one of the available services/functions is limited to the navigation data, that data that we must send to the site in order to make the Site manage computer systems and the internet communication protocols work. Falling in this category we have, for example, the IP addresses or computer’s domain used in order to visit the Site and other parameters related to the operating system that the user perform in order to connect to the Site. The Foundation only collects this and other technical data (e.g. the Site’s visits number) for statistical purposes and in anonymous form. This in order to detect the Site’s behavior and to improve its functionalities.
- Session and navigation cookies, which ensure the normal Site’s navigation and operation. Such cookies do not contain personal data and they work for the current session only, until the browser is closing
- Functionality cookies, which allow the user to navigate according to a set of selected criteria (e.g. language)
- Performance cookies, which collect information on how the users use the Site, for example: the time spent on every page, the internet search engine allowing the redirection on the Site, the user’s country destination, the time spent on the various pages etc. We process such information in aggregate anonymous form and we use it in order to perform statistical surveys due to make Site’s operation improvements. For these reasons, the Site uses Google analytics, a statistical websites’ and blogs’ service offered by Google Inc. (www.google.com/analytics/).
The Sites do not contain cookies profiling. The most part of the browsers are initially set in order to accept cookies. You will be anytime able to disable the cookies’ operation resetting your browser in order to reject all the cookies or to be alerted when a cookie is sent. The rejection of the cookies could however freeze some of the Sites’ functionalities.
Data that the user intentionally provides
The free and intentional user’s/sender’s electronic mail (email) sent on this Site’s addresses involves the later user’s/sender’s email address acquisition, this is necessary in order to respond to requests. The same apply to other personal data eventually found on the email.
The foundation may process the user's personal data for the following purposes:
- Managing requests and notifications received form the Site (dedicated forms) or from email intentionally sent by the user to the Foundation’s email addresses published on the Site, regarding to projects linked to the Foundation applications too
- Managing the registration to initiatives like contests, events, programs, scholarships ad assimilated
- Making institutional communications and/or sending, via email or traditional mail, promotional material related to the Foundation or his Partners
- Complying with obligations coming from lows, regulations, community legislation.
As regard to the purposes set out in a) and b), the data processing can be done without Your consent, as the article 6.1 letter b) of GDPR expects, this because the processing is necessary in order to perform pre-contractual measures (information request, notifications) on Your explicitly given request. If mandatory requested personal data, remarked with an asterisk (*), will not be provided, we will not be able to satisfy Your request/notification.
As regard to the purpose set out in c), the data processing can only be done having Your explicitly given consent, as the Article 6.1 letter. a) of GDPR expects.
As regard to the purpose set out in d), the Article 6.1 letter c) of the Regulation give the legal basis.
All the user’s data are also processed with paper-base and automated tools that are however eligible to ensure security and confidentiality.
We only process the users’ intentionally provided data in order to fulfill the above-mentioned purposes of their providing. We will report or make you visualize specific synthetic policies into the Site’s pages that are predisposed for particular services and/or initiatives.
Others website link
Providing data nature
Providing personal data is optional. However, if you want to subscribe the Site and/or to take part to the Foundation’s initiatives and/or to receive information on the Foundation’s activities, you need to fill all the forms’ mandatory fields and, where it is requested, to express your data processing consent. If you will not provide us to the consent, we will not be able to perform your subscription to the Site as well as the Foundation’s initiatives. We will not be able to get you informed about programs/initiative that may be of your interest nor to send you any other information related to the Foundation and his Partner. Anytime you will be able to modify or to revoke your consent as well as to object the data processing, writing to the Controller’s address.
The Foundation will process the Data by means of electronic or, however, telematic and computerized devices, or by manual and paper-based elaborations. The logics of the elaboration will have a strict relation to the above-mentioned purposes of their providing and, however, we will operate in a way that ensure security and confidentiality. Internal Foundation’s staffs will process the Data and, eventually, to the extent that is necessary and/or instrumental for the above-mentioned purposes. They will have the authorization for this purpose in connection with the performance of their assigned tasks. Third parties acting on behalf of the Foundation will process the data too, they, given by the case, will act as autonomous Controllers, Co-Controllers or Processors that have a nomination in accordance with the Article 28 of GDPR (e.g. Foundation’s initiatives partners, service provider, shippers, dispatchers, computer services maintainers, other suppliers the Foundation could involve to execute the above-mentioned purposes, Bracco’s Group societies).
execute the above-mentioned purposes, Bracco’s Group societies). All the data’s recipients will only receive data that is useful to dispatch the related functions and they will commit to use it for the above-mentioned purposes only and to process it in accordance with the applicable law. With the exception of the above mentioned, we will not share data with third parties, natural and legal persons which are performing no commercial, professional and/or technical functions on behalf of the Controller, nevertheless we will not spread the data.
As regard to the possible data’s transfer towards Third Countries, including countries that may not ensure the same level of protection as the data protection legislation require (i.e. extra EU countries); the Controller makes you known that the processing will still occur. This, given by the cases, in accordance with one or more of the modalities allowed by the Regulation. For example, the user’s explicitly given consent, the adoption of Standard Contractual Clauses that have been approved by the European Commission, the selection of subjects involved in international programs for the free movement of data, (e.g. EU-USA Privacy Shield) or that are active in countries considered as safe by the European Commission.
The data’s recipient list is available asking to the Controller using the contacts indicated in the current policy.
Period for which the personal data will be stored
In compliance with what the Article 5.1. (c) of the Regulation prescribe, the informative systems and computer programs used by the Foundation, are configured in a way that minimize the need for personal and identification data; such data shall only be processed to the extent that is necessary in order to attain the purposes set forth in this Policy. The data will be stored for the period that is strictly necessary in order to achieve the concrete objectives pursued. Anyway, the criteria used to determine the period of storage has his base in the compliance with the applicable laws and to the processing minimization principle as well as the storage limitation and the rational management of archives.
Rights of data subjects
The user may anytime exercise the rights in accordance with the Articles 15-22 of the Regulation, including the right to have a confirmation on the existence of his personal data. He can verify the data’s content, origin, accuracy, location (as also regard to Third Countries). He may ask for a copy of the data as well as its rectification and, in accordance with the applicable law, the restriction of the processing as well as the erasure of the data and he can also object to the direct contact activities (even specifically for certain means of communication). Similarly, the user may always withdraw the consent and/or make observations on specified data’s usages as regard to particular personal situations who he believes are not fair or that are not justified by the relationship placed in place. He may also lodge a complaint with the Supervisory Authority.