Before processing any Personal Data (the "Data"), the Controller must inform you (the "Data Subject") on the why and how of the Data Processing. For that reason, this notice will give you all the information you need so that you can provide your Data in an informed and conscious manner and, at any time, request and obtain clarifications or corrections, as well as exercise your rights.

The Data Controller is Fondazione Augusto Rancilio, with registered office in Via Fametta - Bollate (MI), Italy, at Villa Arconati, VAT number 97041410156 (the “Controller”). The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address:

The website you are visiting acquires various kinds of Personal Data, such as:

  • a) Data directly inserted by you by filling in the website's forms, such as name (*), surname (*), company, city, address (*), telephone (*), e-mail (*), fax number and description of the request (*). Data marked with this symbol (*) are mandatory;
  • b) Data collected automatically as a result of your navigation on the website, such as IP addresses, time of the request, country of origin, characteristics of your browser and operating system.
The Data Controller will process your Data in compliance with the provisions of the law and the principles applicable to the protection of Personal Data. Processing operations will only take place with regard to the purposes indicated in paragraph 4 below and according to methods and procedures aimed at ensuring the integrity, availability and confidentiality of what you share with us.

Personal Data are directly gathered from users or from third parties (cookie).
In relation to the Data gathered from users, in order to allow the Controller to keep the exact and updated Data, we ask the users to communicate any changes of the Data to the contact’s details gave in this notice § 1.

The Data process is carried out by the Controller for the purposes indicated below:

  • i. handle your requests regarding the organisation of an event with the Fondazione, either if we receive them by telephone, e-mail, personally or through a contact form on the website. The Data processed for the pursuit of such purpose are listed in the previous paragraph 2, lett. (a);
  • ii. manage your browsing and allow the technical functioning of the website, also in order to improve its performance. Data processed for the pursuit of this purpose are those listed in the previous paragraph 2, lett. (b);
  • iii. comply with all legal obligations, regulations or other national or community legal provisions, namely to provisions issued by relevant authorities, and/or according to supervisory a Control Authority’s requests. Data processed for the pursuit of this purpose are those listed in the previous paragraph 2, lett. a) and (b);
  • iv. establish, exercise or defend the Controller’s rights out of Court, in Court or administrative place. Data processed for the pursuit of this purpose are those listed in the previous paragraph 2, lett. a) and b);
  • v. contact you, also via newsletters, to send you, by e-mail, communications related to seasonal closing of the headquarters or reporting of events in Villa Arconati. The Data processed for the pursuit of this purpose are those listed in the previous paragraph 2, lett. (a) (in particular, e-mail address, first and last name). At the time of the collection of his e-mail’s address and when receive every communication, the Data Subject is informed about the possibility of opposing the process at any time, in way easy and free. To unsubscribe from the mailing list, simply use the "unsubscribe" function at the bottom of each e-mail. The Data processed are the ones about in previous § 2, lett. b), limited to the e-mail address.

The Controller processes the Data referred to paragraph 4 point (iii), under the following legal basis:
compliance with a legal obligation pursuant to Art. 6, par. 1, let. c) of Regulation.

The Controller processes the Data referred to paragraph 4 point (iv) under the following legal basis:
purposes of the legitimate interest pursued by the Controller pursuant to Art. 6, par.1., let. f) of Regulation.

The Controller processes the Data referred to paragraph 4 point (v), under the following legal basis:
free, informed, specific, unambiguous and always revocable consent pursuing Art. 6, par.1, let. a) of Regulation.

The provision of personal Data can be:

  • a) obligatory according to law, regulation, Community legislation or a contract;
  • b) strictly necessary for the conclusion of a contract;
  • c) facultative.
In this case, for the purposes indicated in previous points (i), (ii), (iii) and (iv) of the previous paragraph 4, the provision of Data is strictly necessary for the conclusion of the agreement and/or obligatory to comply with legal and contractual obligations. Refusal to provide the Data will not allow to establish and /or to continue the contract with the Controller. For the purposes referred to in point (v) previous paragraph 4, the provision of the Data is facultative, however the partial or total refusal to provide the Data for such purposes will not allow to the Controller to send the aforementioned communications.

The processing of data is carried out under the principles of lawfulness, necessity and relevance with the help of electronic means. The Controller doesn’t adopt any automated decision-making, including profiling.
Processing is carried out directly at Controller by authorised personnel. In some cases, external parties may also process your Data (for example, professionals as such obliged to secrecy, like consultants, Accountants, Lawyers etc; suppliers; agents; services companies, professionals and consultants responsible for agreements’ managing, operations of storage, sorting and postal and/or freight transport; computer companies and system’s safety; managers of the infrastructures software used by the Controller). The list of all the subjects involved in the Processing can be requested to the Data Controller at any time.
Your Personal Data will be processed by the Data Controller for the time necessary to achieve the purpose referred to in paragraph 4 of this notice, as indicated in Recital 39 of the Regulation, without prejudice to a further period of retention that may be imposed or permitted by law as also provided for in Recital 65 of the Regulation.
The processing carried out to achieve the purposes referred to in point (v) of § 4 will take place until you communicate your intention to withdraw your consent. If consent is revoked, the Foundation will cease processing your personal data for such purposes.

Even without your express consent, Controller can disseminate your Data, for the purposes referred to paragraph 4, to the subjects to whom dissemination is mandatory by law. These subjects will process the Data in their capacity of independents controllers.
Data will not be disclosed.

The Regulation grants you the right to:

  • obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and obtain information (right of access - Art. 15 Regulation); 
  • obtain the rectification of inaccurate personal data and to have incomplete personal data completed (right to rectification - Art. 16 Regulation);
  • obtain the erasure of data processed in Regulation’s cases referred, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Right to erasure - ‘right to be forgotten’ - Art. 17 regulation). The request for removal may not be granted for Regulation’s cases referred, even when the processing is necessary to fulfil a legal obligation or exercise a legal right;
  • obtain the restriction of the processing of data if the accuracy of the personal data is contested, and only for the period necessary for the controller to verify the accuracy of these personal data, or in the case of unlawful processing, or when even if the personal data are no more necessary to the purposes of processing, they are anyway necessary for the interested part in the assessment, exercise and right’s defence in judicial, or in the event that the interested part had exercise the opposition right to personal data process only for the period necessary to the verify concerning the Controller’s prevalence good cause over those of the interested part. (right to restriction of processing - Art. 18 Regulation);
  • receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (right to data portability - Art. 20 Regulation);
  • object to the processing for reasons related to the particular situation of the data subject, to personal data processing necessary for the execution of a public interest job or for the pursuing of controller or third parties’ legitimate interest. However, controller may continue to process the data if demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing (right to object - Art. 21 Regulation).
  • request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject except in cases where profiling is necessary for the conclusion of an agreement, is authorized by the Union’s right or member State which the Controller is subject, is based on the explicit consent granted by the data subject (Art. 22 Regulation);
  • withdraw the consent at any time without effecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on let. a) of Art. 6 paragraph or let. a) of Art. 9 paragraph 2 of Regulation;
  • lodge a complaint to supervisory authority (Art. 77 Regulation).
All the data subject’s requests can be addressed to the Controller, in writing and with a copy of the valid identification document, to the contact’s details gave in this notice paragraph 1. The Controller facilitates the Data subject’s requests and is committed to provide a match within a month of receiving the communication.
Furthermore, the Controller, pursuant to Art.19 Regulation, shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 paragraph 1 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

Cookie Policy 

This notice is intended to explain the procedures followed to collect, through cookies and/or other tracking technologies, the information provided by users when they visit

Introduction to cookies and other tracking tools
Generally speaking, cookies are files that store information about your navigation on the website. Cookies will store some details that may help you enjoy your browsing experience (for example, it allows us to ensure that the information on the website in your future visits responds to your preferences). 
At the same time, cookies help us to understand some relevant details about the use of our website - for example, to identify most visited pages and contents, and for how long. Through these tools, we can make the site more responsive to your requests and more comfortable to navigate.

Consent to the installation of cookies
European legislation requires operators of websites that use cookies or other similar technologies to inform the user about the types of cookies. In certain cases, the law requires us to request an express consent from you.
There are mainly three types of cookies.
The website operator usually installs technical cookies to guarantee the usual browsing and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas).
Analytics cookies, similar to technical cookies when used directly by the website operator, are used to collect information in an aggregate form on the number of users and how they visit the website. 
Profiling cookies are used to create user profiles and to send advertising messages in line with the preferences expressed by the user when surfing the web.
Cookies can also be distinguished between first-party and third-party cookies (it depends on the subject who manage the cookie and receive the information). We have a first-party cookie if the tool is controlled by the owner of the site, who is then responsible for providing information and indicating how to block the tracking. We talk about third-party cookie when they are managed by a third party other than the website owner. For these cookies, the obligation to inform and indicate the methods for any blockage lies with the third party, while the owner of the website is obliged to insert on the website the link to the website of the third party where these elements are available.
In our case, the Foundation's website uses certain tools that allow the installation of third-party analytics cookies. In particular, the following services are concerned:
Cookie Name: Google Analytics (Google Inc.). 
Purposes: Google Analytics is a web analysis service provided by Google Inc. "('Google'). Google uses the Personal Data to track and examine the use of the website, compile reports and share them with other services developed by Google. These cookie collect aggregate information that does not trace back to the individual user’s identity. Anonymisation works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries participating in the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google’s servers and shortened within the United States. 
Place of processing: United States 
Privacy Policy
Duration: Some cookies remain active only until you close the browser or when logging out. Other cookies “survive” when you close the browser and are also available on later visits made by the user.
These cookies are called persistent and the server sets their duration when they are created. In some cases, an expiry date is set; in other cases duration is unlimited. However, these are cookies that do not trace the user's profile and do not collect data on the user's behavior:
Cookie name: ga - Duration: 2 years
Cookie name: gid – Duration: session 
Cookie name: gat - Duration: session
Cookie name:__utma, Duration: 2 years;
Cookie name:__utmb, Duration: session;
Cookie name:__utmc, Duration: session;
Cookie name:__utmt, Duration: session;
Cookie name:__utmz, Duration: 6 month
The user can disable Google Analytics in selective mode by installing the Opt-out Add-on provided by Google on their browser. To disable Google Analytics, please refer to the link shown below:

“Social plugin” 
“Social plugin” are present in this website. These refer to parts of the visited page generated directly from the abovementioned websites and integrated into the page of the host website. The most common use of social plugins is to share the contents on social networking websites. The appearance of these plugins involves transmitting cookies to and from all the websites operated by third parties. The handling of information collected by “third parties” is governed by relevant rules, to which we kindly ask you to refer. To ensure greater transparency and ease, web addresses on all types of information and how to manage cookies of the main social networking websites are shown below:
Google e YouTube
The website does not use profiling cookies.

Nature of data provision 
The user authorizes use of the cookies by continuing to navigate the website, after reading the banner. The provision of Data is optional.
The user can manage cookie settings from his browser: You can then modify the settings so that cookies are deleted or not saved on your computer or mobile device without your explicit consent. Since each browserhas different settings, you will have to check the “Help” menu of your browser to understand how to correctly change cookies-related settings.

Check the following link for more information on setting up your browser:
Safari per
Safari per iPhone, iPad o

The user can give his consent to the use cookies of the Website. You can accept all or some cookies, or reject them all. Should you decide to disable cookies, you will not have access to many features that make the Sites more efficient and some of our services will not work properly. However, the usability of public content is also possible by completely disabling cookies.

With regard to third part cookies, you may also exercise your right to object to processing by inquiring through the privacy policy of the third party, through the  opt out  link if explicitly provided in the aforementioned privacy policy or cookie policy, or by contacting the third party directly.

Some final indications
Since the Data Controller cannot technically control the installation of cookies and other tracking systems operated by third parties through the services used within the website, any specific reference to cookies and tracking systems installed by third parties is indicative. To obtain complete information, please review the privacy policy of any third-party services listed in this document.
Given the complexity related to the identification of technologies based on cookies and their very close integration with the operation of the web, the user is invited to contact the Data Controller if he would like to receive any further information on the use of cookies and any use of the same - for example by third parties - made through this website.
Latest Update: November 26th 2019