Information on the processing of personal data

This page describes the processing of personal data of users of this site, in compliance with the current legislation on personal data within the framework of the EU Regulation 2016/679. The information provided is valid for this site only and not for other websites that may be reached through linked pages.

The data controller

Following usage of this site, data may be processed which originating from identified or identifiable persons who are users of this site. The data controller is Fondazione AIRC, Viale Isonzo 25 – 20135 Milan – Tel. 0277971

Place of data processing

The data processing connected to the web services is handled exclusively by the technical staff of the office in charge of the processing, or by others in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated.

Purpose of the processing and legal basis of the processing

The personal data provided by users who request or intend to use services or products offered through the site, as well as receive additional specific content, are used for the sole purpose of responding to requests or performing the service or provision requested and are communicated to third parties only in the case where this is necessary for such purpose. The legal basis of these processing is the need to respond to the requests of the interested parties or to carry out activities foreseen by the agreements defined with the interested parties.

Outside of these hypotheses, users’ data generated by browsing is kept for the time strictly needed to manage processing activities, within the limits set by law.

Types of data processed

Navigation data

The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. Such data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning, and they are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of electronic mail, or other kind of digital messages, to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the site pages set up for particular services on request.


Cookies are a textual element that is inserted into the hard disk of a computer only after authorization. Cookies are used to streamline the analysis of web traffic or to indicate when a specific site is visited and allow web applications to send information to individual users. No personal user data is acquired by the site in this regard. We do not use cookies to transmit information of a personal nature, nor persistent cookies of any kind, or systems for tracking users. The use of Session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow a safe and efficient exploration of the site. The Session cookies used on the site avoid the use of other computer techniques that are potentially detrimental to the confidentiality of users’ browsing and do not allow the acquisition of personal identification data of the user.

Optional supply of data

Apart from what is specified for navigation data, the user is free to provide personal data in order to request the services offered by the Holder. Failure to provide such data may make it impossible to obtain what is requested.

Processing methods and data retention times

Personal data are processed by automated tools for the time strictly needed to achieve the purposes for which they were collected. Specific security measures are in place to prevent the loss of data, illicit or incorrect use and unauthorized access.

The data are kept for the time strictly needed for the pursuit of the purposes indicated in this statement and they will be deleted at the end of such period, unless the data must be kept for legal obligations or to enforce a right in court.

Rights of interested parties

Within the limits and under the conditions established by law, the Holder has the obligation to respond to the requests of the interested party regarding the personal data concerning him. In particular, based on current legislation:

  1. The interested party has the right to obtain from the controller the confirmation that the processing of personal data concerning him or her is being carried out and, in such a case, to obtain access to personal data and to the following information:
  2. The purposes of the processing;
  3. The categories of personal data at issue;
  4. The recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
  5. When possible, the time of storage of personal data provided or, if this is not possible, the criteria used to determine such a time;
  6. The existence of the data subject’s right to request the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their processing;
  7. The right to file a complaint with a supervisory authority;
  8. If the data is not collected from the interested party, all available information on their origin;
  9. The existence of an automated decision-making process, which includes profiling.
  10. The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her, without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
  11. The interested party has the right to obtain from the data controller the deletion of personal data concerning him or her, without unjustified delay and the data controller has the obligation to delete personal data without undue delay, within the limits and in the cases provided for by current legislation. The data controller informs each of the recipients to whom the personal data was sent of any adjustments or deletions or limitations of the processing, within the limits and in the forms provided for by the current legislation.
  12. The interested party has the right to obtain the data processing limitation from the data controller.
  13. The interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him or her, provided to a data controller, and has the right to transmit such data to another data controller without hindrance by part of the data controller to whom it has supplied them.

To exercise the rights listed above, the data subject must submit a request using the following contact point through which the Data Protection Officer can also be contacted:

Requests should be sent to the Holder at the following address Fondazione AIRC, Viale Isonzo 25 – 20135 Milan – Tel. 0277971, to which the data protection officer eventually designated by the Data Controller can be contacted.

This version of the information on the processing of personal data was updated on March 28, 2019.