Privacy Policy

This page describes how the site is managed with regard to the processing of the personal data of the users who consult it.

Following consultation of this site, data relating to identified or identifiable persons may be processed.

The information is also based on Recommendation no. 2/2001 that the European Authorities for the protection of personal data, brought together in the Group established by art. 29 of Directive no. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

This information is also provided in compliance with the legislation on the protection of individuals with regard to the processing of personal data set out in EU Regulation 679/2016 (hereinafter referred to as the ‘Regulation’).

1. Data Controller

The Data Controller is Fondazione ISMU ETS – Iniziative e Studi sulla Multietnicità (from now on ISMU ETS), Via Copernico 1, 20125 Milano (Italy)

2. Processing methods and security measures

Personal Data are processed by automated and non-automated means, only for the time strictly necessary to achieve the purposes for which they were collected.

Within ISMU ETS, employees or external collaborators assigned to services, as well as structures, internal and external, that carry out technical, support (in particular: legal services, IT services, shipping) and corporate control tasks on behalf of the Company may become aware of your Personal Data, as persons in charge or responsible for their processing.

Data processing is carried out by personnel directly employed by the Data Controller and/or by natural or legal persons specifically designated by the latter as data processors or persons in charge of processing. The data provided will in no case be disclosed or communicated to third parties, with the exception of communication to parties whose right to access the data is recognised by law or by orders of the authorities, as well as to parties, including external and/or foreign parties, which the Data Controller uses to carry out activities that are instrumental and/or ancillary to the management of the data collected and to the provision of related services and benefits, including suppliers of software solutions, web applications and storage services also provided through Cloud Computing systems and used for this purpose.

3. Place of data processing and categories of subjects to whom the data may be communicated

The processing of data related to the web services of this site takes place at the registered office of ISMU ETS, or of the party responsible for collecting the data, and is handled only by the staff of the company, authorised to process them, or by authorised third parties of the company.

No personal data deriving from the web service is disclosed.

In order to carry out some of the activities related to the processing of your personal data in relation to the services made available through the site, ISMU ETS may make communications to trusted external companies or entities. These companies collaborate directly with ISMU ETS and operate completely independently as separate ‘data controllers’ or as external data processors.

4. Types of data processed and purpose of processing

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify the navigating users. This category of data includes the IP addresses or domain names of the computers and/or networks used by users connecting to this site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, and is deleted immediately after processing. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Company’s website.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated in the appropriate sections of this website entails the subsequent acquisition of certain personal data of the requesting party, necessary for responding to requests. Specific summary information will be progressively reported or displayed on the pages of the site where it is possible to interact with the Company. The personal data provided by users forwarding requests for information on products and services are used for the sole purpose of performing the service or provision requested and the methods of their processing are governed by the specific section of the site entitled ‘Privacy Policy’.

5. Purpose of processing

Personal data provided by users will be used:

  • to allow access to the services offered within the site;
  • to allow navigation on the site;

Registration may be allowed to those who explicitly request it, by filling in the forms present in the pages of the site specifically dedicated to this service, after reading the specific information and authorising ISMU ETS to process their personal data.
Refusal to provide data will result in the impossibility of obtaining the services offered by the site.

6. Nature of data conferment

In the event that the user intends to interact with the Company through the site, the provision of data is optional, but it is a necessary and indispensable condition for providing the user with the requested information: failure to provide such data therefore makes it impossible for the Data Controller to guarantee a reply.

7. Rights of the Data Subject

In addition to the right of access concerning the possibility to obtain from the Controller confirmation that his/her Data is being processed, the Data Subject enjoys the rights granted to him/her under Articles 16-21 of the Regulation, namely:

  1. to obtain from the Controller the rectification of inaccurate Data concerning him/her without undue delay, or the integration of incomplete Personal Data, also by providing a supplementary declaration;
  2. to obtain from the Controller without undue delay the deletion of Personal Data concerning him/her, when:
      • the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      • the Data Subject withdraws consent to the Processing of Personal Data and there is no other legal basis for the Processing of Personal Data;
      • the Data Subject has objected to the Processing and there is no overriding legitimate reason to proceed with the Processing;
      • the Personal Data has been unlawfully processed;
      • the Personal Data must be deleted to comply with a legal obligation to which the Data Controller is subject.
  3. to obtain from the Controller the restriction of the processing of Personal Data when:
      • the Data Subject disputes the accuracy of the Personal Data, for the period necessary for the Data Controller to verify that fact;
      • the Processing is unlawful and the Data Subject, objecting to the erasure of the data, merely requests that its use be limited;
      • although the Data Controller no longer needs the data for the purposes of the Processing, the Personal Data is necessary for the establishment, exercise or defence of a right in court;
      • the Data Subject has objected to the Processing for the period necessary to assess whether the Data Controller’s legitimate reasons prevail over his/her own.
  4. to receive from the Controller in a structured, commonly used and machine-readable format the Personal Data concerning him/her if:
      • the Processing is based on consent or on a contract;
      • the Processing is carried out by automated means. In this case, the Data Subject has the right to obtain the direct transmission of Personal Data from one Controller to another, if technically feasible;
      • object at any time, for reasons related to his or her particular situation, to the Processing of Personal Data concerning him or her

8. Possible transfer abroad of personal data

The management and storage of the Data takes place on servers belonging to the Data Controller and/or third party companies appointed as external Data Processors. The servers on which the Data are stored are located in Italy and within the European Union. Personal Data are not transferred outside the European Union.

It is in any case understood that the Data Controller, should it become necessary, shall be entitled to move the location of the archives and servers to Italy and/or to the European Union and/or to countries outside the EU. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.

9. Methods of exercising rights

To exercise his/her rights, the Data Subject may contact the Data Controller by writing:

  • by e-mail, to the mailbox ismu@ismu.org
  • by ordinary mail, to Fondazione ISMU ETS – Iniziative e Studi sulla Multietnicità , Via Copernico 1, 20125 Milano (Italy).

The deadline for replying to the Data Subject is thirty days, extendable up to three months in particularly complex cases; in such cases, the Data Controller shall provide at least one interlocutory communication to the Data Subject within the thirty-day period.

The exercise of rights is, in principle, free of charge; the Data Controller reserves the right to ask for a contribution in the event of manifestly unfounded or excessive requests (including repetitive ones), also in the light of any indications that may be provided by the Privacy Guarantor.

10. Complaint to the “Garante della Privacy” (Privacy guarantor)

The Data Subject may lodge a complaint with the “Garante della Privacy”, which can be contacted at www.garanteprivacy.it.