Privacy Policy

Privacy Policy and Cookie Policy

Fondazione Luigi Rovati ETS

Last updated: March 17, 2026

 

Table of Contents

 

PART I – GENERAL PRIVACY POLICY

  • Data Controller

  • Data Protection Officer (DPO)

  • Categories of Data Processed

  • Purposes, Legal Bases and Retention Periods

  • Nature of Data Provision

  • Recipients of Personal Data

  • Transfer of Data Outside the European Economic Area

  • Processing Methods and Security Measures

  • Data Subject Rights

  • How to Exercise Rights and Response Times

  • Updates to the Policy

PART II – COOKIE POLICY

  • What cookies and other tracking tools are

  • Types of cookies used by this website

  • Managing consent via the cookie banner

  • Details of cookies installed by the site

  • How to manage and disable cookies via browser settings

  • References to the general privacy policy

PART I – GENERAL PRIVACY POLICY

 

1. Data Controller

The Data Controller is Fondazione Luigi Rovati ETS, with registered office at Corso Venezia 52, 20121 Milan (MI), Italy.

Privacy contacts:

  • Email: rpd-fondazioneluigirovati@fidimholding.com

  • Address: Corso Venezia 52, 20121 Milan (MI), Italy

2. Data Protection Officer (DPO)

The Foundation has appointed a Data Protection Officer (DPO), whose contact details are:

Rocca Maria, Via Domenico Fiasella 1/18, Genoa

  • Email (PEO): studiolegale@avvrocca.it

  • Certified email (PEC): maria.rocca@ordineavvgenova.it

Users may contact the DPO for all matters relating to the processing of their personal data and the exercise of their rights.

3. Categories of Data Processed

The Foundation processes the following categories of personal data:

  • Browsing data: IP addresses, domain names of users’ computers, URI addresses, request time, and other parameters relating to the user’s operating system and IT environment, also collected via cookies (see Part II).

  • Identification and contact data: First name, last name, email address, phone number, and other data voluntarily provided by the user via contact forms, registration, or purchases.

  • Payment data: Information necessary to manage transactions (e.g., ticket purchases), processed in compliance with security regulations.

  • Voluntarily provided data: Any information the user chooses to share, for example through interactions on the Foundation’s social media channels.

4. Purposes, Legal Bases and Retention Periods

Data are processed for specific purposes, based on defined legal grounds and for limited periods.

A) Website browsing

  • Purpose: Enable the technical operation of the website and access to its content

  • Legal basis: Performance of pre-contractual and contractual measures

  • Retention: For the duration of the browsing session (for cookies, see Part II)

B) Contact requests

  • Purpose: Respond to user inquiries

  • Legal basis: Legitimate interest of the Controller

  • Retention: Time necessary to handle the request and up to 12 months, unless a contractual relationship is established

C) Ticketing management

  • Purpose: Manage registration, purchases, delivery of services/products, and refunds

  • Legal basis: Performance of a contract

  • Retention: Duration of the contractual relationship and thereafter as needed for claims or disputes

D) Tax obligations

  • Purpose: Manage accounting and tax documentation

  • Legal basis: Legal obligation

  • Retention: 10 years, as required by law

E) Statistics and improvement

  • Purpose: Analyze website usage to improve functionality

  • Legal basis: Consent (for non-anonymized analytics cookies) or legitimate interest (for aggregated anonymous data)

  • Retention: As specified in the Cookie Policy (Part II)

F) Newsletter (email marketing)

  • Purpose: Send informational and promotional communications

  • Legal basis: User consent

  • Retention: Until consent is withdrawn

G) Profiling

  • Purpose: Analyze preferences and habits to send personalized communications

  • Legal basis: User consent

  • Retention: Until consent withdrawal and in any case no longer than 12 months

5. Nature of Data Provision

Providing data for purposes A, C, and D is necessary for browsing, purchasing, and compliance with legal obligations. Refusal prevents service provision.

Providing data for purposes E, F, and G is optional. Refusal does not affect core website services. Consent can be withdrawn at any time.

6. Recipients of Personal Data

Data may be disclosed to entities acting on behalf of the Foundation, appointed as Data Processors under Article 28 GDPR, including:

  • Authorized staff and collaborators

  • IT, technical, and hosting service providers (including Fidim S.p.A.)

  • Payment and ticketing service providers

  • Newsletter and marketing platforms

  • Legal, tax, and administrative consultants

  • Public authorities, where required by law

7. Transfer of Data Outside the European Economic Area

As stated, personal data processing does not involve transfers outside the European Economic Area (EEA).

8. Processing Methods and Security Measures

Data are processed using IT and telematic tools, adopting appropriate technical and organizational measures to ensure integrity, confidentiality, and availability, in line with privacy by design and by default principles.

Measures include:

  • Access limitation based on “need to know”

  • Network segregation

  • Access monitoring

9. Data Subject Rights

Users may exercise rights under Articles 15–22 GDPR, including:

  • Access

  • Rectification

  • Erasure (right to be forgotten)

  • Restriction of processing

  • Data portability

  • Objection (especially for marketing)

  • Withdrawal of consent

  • Complaint to the Data Protection Authority

10. How to Exercise Rights and Response Times

Requests can be sent to the Controller or DPO.

The Controller will respond within one month, extendable by two months in complex cases.

In case of refusal, a reasoned response will be provided.

11. Updates to the Policy

This policy may be updated. Updates will be published on this page with the revision date.

 

PART II – COOKIE POLICY

 

1. What cookies and tracking tools are

Cookies are small text files sent by websites to the user’s device and stored to be retransmitted on subsequent visits.

The site may also use other tracking tools (e.g., pixels, web beacons). In this policy, “cookies” refers to all such technologies.

2. Types of cookies used by this website

Technical Cookies

Essential for website operation and service delivery.

Include:

  • navigation/session cookies

  • functionality cookies

No consent required.

Also include “equivalent” analytics cookies used in aggregated anonymous form.

Profiling and Marketing Cookies

Used to create user profiles and deliver targeted advertising.

May be:

  • first-party

  • third-party

Require prior and explicit user consent.

3. Managing consent via the cookie banner

At first access, users can choose:

  • “Accept all” → all cookies enabled

  • “Reject all” (or closing banner) → only technical cookies

  • “Customize” / “Manage preferences” → granular selection

Choices are stored and can be updated anytime via a dedicated footer link.

4. Details of cookies installed by the site

 

 

Cookie Settings

 

5. How to manage and disable cookies via browser settings

Users can disable cookies via browser settings, though this may affect site functionality.

 

  • Chrome: https://support.google.com/chrome/answer/95647

  • Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

  • Edge: https://support.microsoft.com/it-it/windows/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d

  • Safari: https://support.apple.com/it-it/guide/safari/sfri11471/mac

6. References to the general privacy policy

For information not covered here (Controller details, DPO, rights, security measures), refer to Part I – General Privacy Policy.

Subscribe to our newsletter!

Stay up to date on exhibitions, events and special initiatives.

 

Sign up