Art. 13 EU Regulation 2016/679

Notice on the treatment of personal data  (art. 13 EU Regulation 2016/679) for the website, property of FONDAZIONE MALAGUTTI ONLUS.

This report, concerning the policies of privacy for personal data by:
VAT NUMBER: 02122810209
TAX CODE: 93040230208
business which owns the property and the management of the domain intends to describe in an accurate way the management of personal data treatment for the users of the portal.
This notice is conveyed according to the art. 13 of EU Regulation 679/2016 for the users of the services in the web portal. The pieces of information provided hereafter concern in particular personal data collection on the Internet, targeting the minimum measures that will be taken regarding the people who are concerned in order to guarantee the transparency and the legitimacy of such practises.


From Article. 4, 37-39 of EU Regulation 679/2016 (hereafter known as “Regulation”)
Personal data: any piece of information concerning an identified or identifiable individual (concerned person); it is considered an identifiable individual a person who can be identified, directly or indirectly, with a particular focus on identification references such as name, identification number, location data, online identification or one or more elements distinguishing his or her physical, physiological, genetic, psychic, economical, cultural or social identity.
Employment data: these pieces of information are collected authomatically by this Application (and by the applications of third parties integrated in this application), such as: IP adresses or the names of the domains of the computers used by the visitor who connects with this application,  the addresses in URI (Uniform Resource Identifier) numbering, the time of the request, the employed method of submission to the server, the size of the response file, the numeric code obtained in response, the numeric code indicating the state of the server response (success, error, etc.), the country of origin, the features of the browser and of the operating system used by the visitor, the temporal connotations of the visit (for example the time of staying on a website page) and the details regarding the path followed within the application, with particular reference to the sequence of the consulted pages, the operating system parametres and the cyber environment of the user.
Profiling: any form of automated management of personal data consisting in the employment of those pieces of information to evaluate specific personal characteristics concerning an individual, in particular to analyse or foresee certain aspects such as professional performance, economical situation, health, personal preferences, interests, reliability, attitude, location or the changes of position of that individual.
User: the individual who uses this application, that must correspond with the concerned person or must possess the authorisation by this one and whose data could be object of possible treatment.
Treatment: any operation or group of operations made with or without the help of authomatised processes and applied to personal data o group of personal data, such as collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, usage, communication by transmission, diffusion or any other form of sharing, comparison or interconnection, limitation, deletion or distruction.
Data Controller (or Controller): the individual or legal personality, public body, service or other entity which, alone or together with others, defines the purposes and the means of the personal data treament; when the purposes and the means of that treatment are determined by the law of the Union or of Member States, the Data Controller or the specific criteria appliable to its designation are defined by law of the Union or of Member States.
Data Processor: the individual or legal personality, public body, service or other entity which manages personal data on the behalf of the Data Controller;
This Application or Platform: the hardware or software instrument through which personal data of users are collected.
Data Protection Officer – DPO: mandatory figure in some cases expected as of art. 37 of the Regulation. This figure carries out activities of consulting, monitoring, coordination and management of contacts with the Controlling Authority in relation to personal data treatment. 


The “Data Controller” of your personal data which can be object of potential treatment after the usage of this website, according to the EU Regulation 679/2016, is FONDAZIONE MALAGUTTI ONLUS – VIA DEI TOSCANI 8 – 46010 CURTATONE (MN).


Personal data provided by the users who connect with this website, and possibly benefit from the “CONTACT” service, will provide voluntarily the following information:

  • “CONTACTS”: service provided to the Users who are interested in receiving information regarding the services provided by the Controller related to personal data treatment. The personal data which will be requested are exclusively: Name, Surname, E-mail of the User.

Data deriving from the provided service will be exclusively employed to execute the service or the possibly requsted perfomance and will not be shared with third parties. The Controller has determined the purposes of the treatment defined in the unfolding of the proper activities of the Controller.


The concerned person, benefiting from the CONTACT service, gives his or her consent to personal data treatment for the purposes described above according to art. 6, paragraph 1, letter a) of EU Regulation 679/2016.


Meanwhile, the Data Controller, for direct marketing purposes, pursues his legitimate interests according to art. 6, paragraph 1, letter f) of of EU Regulation 679/2016.


The communication will only take place with the employees and the direct partners of the Controller only in order to carry out the service potentially requested by the User, unless the communication is mandatory under legal obligation.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on the website implicates that, for its own nature, the subsequent collection of the address of the adresser, which is needed to answer to requests, as well as other potential personal data included in the message.
We advise our users not to send names and other personal data of third subjects which are not essential or other data defined as “sensitive and/or particular” according to articles 9 and 10 of EU Regulation 679/2016, within the limits and for the purposes defined in this notice.


Personal data will be managed with automatic tools for the time which is necessary to accomplish the purposes for which they have been collected.
Specific security measures are observed to prevent loss of data, illegal or incorrect usage and non-authorised access in compliance with the obligations of adjustment to adequate security measures. All data will be collected and stored according to articles 32, 33 and following of EU Regulation 679/2016. The Controller is not responsible for mistakes, contents, cookies, publications of illegal and immoral content, advertisements, banners or files that are non-compliant for the regulations in force from the part of websites which are not managed by the same Controller.


The transfer of data to a third country is not expected.


It is not present any automated decisional process.


The collected personal data, also through the “CONTACTS” service, will be stored for the necessary time to carry out the activities requested by the User and nonetheless for a period not exceeding 2-years of time from the insertion.
The duration of storage could be extended and implicate the collection of further data at a later time, in the case the User requests additional services; in that case the duration of treament could extend up to 10 years from the termination of the collaboration for administrative, accounting, fiscal and contractual purposes, as the current regulations establish (art. 2220 of the Civil Code, art. 22 from the President of Republic’s Decree of 29/09/1973).
The technical cookies for surfing (described below) will be stored only to enable the correct technical functioning of the website and will automatically expire when closing the browser.


Computer systems and software procedures that are appointed for the functioning of this website acquire some personal data during their normal activity, whose transmission is implicit in the usage of Internet communication protocols.
These pieces of information are not collected to be associated to identified individuals, but for their own nature could permit to identify users through elaborations and associations with data possessed by third parties.
IP adresses or domain names used by the users who connect to the website, the addresses in URL numbering (Uniform Resource Locator) of requested resources, the time of request, the method used to submit the request to the server, the size of the obtained file, the numeric code indicating the state of the response by the server (success, error, etc.) and other parametres referred to the operating system and the cyber environment of the user.
This data is used to obtain anonymous statistic information about the website usage and to control the correct functioning and will be deleted immediately after the processing.
This data might be used to assess potential responsabilities in case of cyber crimes at the expense of our website.


The subjects whom this personal data refers to, according to art. 13 of EU Regulation 679/2016, have the right to obtain the confirmation about the existence or non-existence of this data at any time and to know the content and the origin, verify their accuracy or ask to integrate, update, or rectify them. The subjects whom this personal data refers to have also the right to ask for deletion, transmission of data to other controllers, their transformation in an anonymous form or the block of managed data which are in violation of the law, as well as to oppose in any case, for legitimate reasons, to their treatment. The concerned subjects also have the right to notify a claim to the supervising autorithy (The Italian Data Protection Authority).

The requests referred to art. 13 of EU Regulation 679/2016 must be submitted to the Data Controller at the phone number +39 037649951 or through the e-mail address:


Rights of the concerned person

EU Regulation 679/0216
art. 13 “Information to provide in case personal data are collected from the concerned person”:
1. In the case of collection of data from the concerned individual, which refers to him/her, the Data Controller provides the concerned subject these pieces of information, in the moment in which they are obtained:
a) identity and contact data of Data Controller and, if it is possibile, of his representative;
b) contact data of the Data Protection Officer, if possibile;
c) the purposes of the treatment to which the personal data is addressed, as well as the juridical basis of the treatment;
d) whether the treatment is based on art. 6, paragraph 1, letter f), the legitimate interests pursued by the Data Controller or by third parties;
e) potential addressees or potential categories of adressees of personal data;
f) if possible, the intention of the Data Controller to transfer personal data to third countries or to international organisations and the existence or absence of a decision of adequacy of the Commission, or in case of transfers referred to articles 46 or 47, or to article 49, second clause, the referral to the legitimate or proper guarantees and the means to obtain a copy of data or the location in which they have been made available.
2. in addition to the information of paragraph 1, in the moment in which the personal data is obtained, the Data Controller provides the concerned individual with the following information which is needed to guarantee a correct and transparent treatment:
a) the period of storage of the personal data or, if it is not possibile, the criteria to identify that period of time;
b) the existence of the individual’s right to ask the Data Controller to access his or her personal data and its rectification, deletion or limitation of treatment, which concerns the individual or to oppose their treatment, as well as the right to data portability;
c) if the treatment is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the existence of the right to revoke consent at any time without compromising the treatment legitimacy, based on the consent provided before the revocation;
d) the right to claim at the Supervising Authority;
e) if the communication of personal data is a legal or contractual obligation, or a needed requirement to conclude a contract, and if the concerned subject has the obligation to provide personal data as well as the potential consequences of the non-communication of this data;
f) the existence of an automated decisional process, including profiling, according to article 22, paragraphs 1 and 4, and, at least in these cases, substantial information on the used logic, as well as the importance and expected consequences of this treatment for the concerned person;
3. Whether the Data Controller intends to further treat personal data for different purposes with respect to the ones on which basis they have been collected; before a further treatment, it will provide the individual information referring to this different purpose and any other concerning information following paragraph 2;
4. Paragraphs 1, 2, 3 cannot be applied if and in the measure the concerned individual is already aware of such information.

Condividi dove vuoi