The Marco Besso Foundation takes care of the online privacy of its users. This document, drawn up pursuant to art. 13 of EU Regulation 679/2016 (hereinafter also the "Regulation"), of the Italian harmonization legislation and of the measures adopted by the Guarantor Authority for the protection of personal data (hereinafter collectively, "Privacy Law") has the purpose of providing explanations to users regarding the ways in which personal information concerning them is managed when they use this website. In accordance with the Regulations, the treatments carried out by the Foundation will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.

Legal basis of the processing
The legal basis for the processing of personal data for the purposes described is art. 6 (1) (b) of the Regulation (contract between the Parties) as the processing is necessary to allow the user to browse and use the related services. Where particular services are requested by the user, specific information will be provided and consent to treatment will be requested.
Taking into account what is specified above for navigation data, the user has the free right to provide personal data contained in electronic forms and in other sections of this site or indicated in occasions of contact with the Foundation for the use of additional services, requests of information and other communications. In case of failure to provide, the Foundation may be unable to process the user's request.

Personal data processed and purposes
1 Navigation data
Like all websites, this site also makes use of log files in which information collected in an automated manner is stored during user visits. The information collected could be the following:

• internet protocol (IP) address;

• type of browser and device parameters used to connect to the site;

• name of the internet service provider (ISP);

• date and time of visit;

• web page of origin of the visitor (referral) and exit;

• possibly the number of clicks.

The aforementioned information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site, and for security reasons.
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. These data are never used for the identification or profiling of the user, but only for the purpose of protecting the site and its users.

2 Data provided voluntarily by the interested party
If the site allows the insertion of comments, or in the case of specific services requested by the user, the site automatically detects and records some identification data of the user, including the email address. These data are voluntarily provided by the user at the time of the request to provide the service. By entering a comment or other information, the user expressly accepts the privacy policy.
The data received will be used exclusively for the purposes of the Foundation, for the provision of the requested service and only for the time necessary for the provision of the service.
The information that users of the site will deem to make public through the services and tools made available to them, are provided by the user knowingly and voluntarily, exempting this site from any responsibility for any violations of the laws in force. It is up to the user to verify that they have permission to enter personal data of third parties or content protected by national and international regulations.
The data collected by the site during its operation are used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the specified activities. In any case, the data collected by the site will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided for by law.
The data used for security purposes (blocking attempts to damage the site) are kept for 7 days.

Communication and dissemination of data
Personal data processed by browsing the Foundation's website may be shared with:

a) subjects who typically act as data processors, such as the site manager (collectively "recipients"). The updated list of managers is available upon request, by writing to the Data Controller at the addresses indicated;
b) subjects, bodies or authorities to whom it is mandatory to communicate personal data by virtue of legal provisions or orders of the authorities;
c) persons authorized by the Foundation to process personal data necessary to carry out activities strictly related to the provision of services, who are appointed and trained in the field of personal data protection, adequately committed to confidentiality or in any case have an adequate legal obligation of confidentiality ( e.g. Foundation employees).

Place of processing
The data collected from the website are processed at the headquarters of the Data Controller, Marco Besso Foundation, based in Rome, largo di Torre Argentina n. 11.

Security measures
This site processes user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers) may have access to the data. hosting providers, IT companies, communication agencies).
User rights
Pursuant to the European Regulation 679/2016 (GDPR), the user can, according to the methods and within the limits established by current legislation, exercise the following rights:
request confirmation of the existence of personal data concerning him (right of access);
know its origin;
receive intelligible communication;
have information about the logic, methods and purposes of the processing;
request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
in cases of consent-based processing, receive only the cost of any support, its data provided to the owner, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
the right to lodge a complaint with the supervisory authority (Privacy Guarantor);
as well as, more generally, to exercise all the rights that are recognized by the current provisions of the law.
Requests should be addressed to the Data Controller.