Privacy Statement and Cookie Policy for visitors to the Website

Last update and effective date of this page: March 2024
Last update and effective date of information about cookies: March 2024

In accordance with art. 13 of EU Regulation 2016/679 (hereafter the "Regulation"), this page describes the methods used to process the personal data of users (the “Data Subjects” or “Users”) visiting the website of (the “Website”).

This information does not concern other websites, pages or online services accessible via any hyperlinks published on the Website, but refer to resources outside the domain or sub-domains of the Website.

Specific information is also published on the pages of the Website to provide given services


The Data Controller (the “Controller”) is FAIR – ETS with registered offices in Milan at Via Volterra no. 9., and may be contacted via email address


Browsing data

The information systems and software procedures used to operate the Website acquire personal data during their ordinary operation. This data must be transmitted in order for the Internet communication protocols to be used. By way of example, this category of data includes the IP addresses or domain names of the computers and terminals used to log into the website, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, request time, method used to submit the request to the server, size of the response file, numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.

The above data are needed to use web services, and are also processed for:

  1. obtaining statistical information on how the services are used (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);

  2. ensuring the services offered function properly.

The legal basis for processing data is the pursuit of the legitimate interest of the Data Controller (Article 6(1)(f) of the Regulation), which is on a par with the legitimate interest of the Data Subjects, as the activity of processing personal data is limited to what is strictly necessary to fulfil the operations and other processing operations specified in this paragraph. The data will be processed until the legitimate interest of the Data Controller has been fulfilled, except where it should be necessary to ascertain offences committed against the Website, or to comply with requests from public authorities and/or supervisory bodies.

Data communicated by the User

The optional, explicit, and voluntary sending of messages to the contact addresses published on the Website, use of telephone/fax numbers, private messages sent by Users to the Data Controller’s institutional profiles/pages on social media (where available), and filling in and sending forms on the website result in the sender's contact details being acquired. These details are needed to respond to their requests, as are all personal data communicated by the Data Subject or requested in any forms which are filled out. The acquired data will be processed for the time necessary to respond to the Data Subject's request and will be deleted after a maximum of 36 months.

If the Data Subject requests it, the Data Controller may process their personal data to send newsletters and communications about the activities of Fondazione FAIR. The legal basis for such processing is the fulfilment of the information service requested by the Data Subject (Article 6(1)(b) of the Regulation), with the option for the Data Subject to withdraw at any time from the service by sending a communication to the contacts specified in the “Rights of the Data Subject” section.

Cookies and other tracking systems

Cookies we use on this website
A cookie is a small piece of data (text file) that a website, when visited by a user, may store on the device used for browsing to remember certain information, such as preferred language or login information. If cookies are set directly by the website you are visiting, they are called first-party cookies. Third-party cookies may also be used, i.e., cookies sent from a domain other than the website you are visiting, for example, for targeting and profiling purposes. Below is a detailed list of the cookies we use on our website.

Remember that you can always choose which categories of cookies can be installed on your device (except for strictly necessary cookies, which are installed by default) via the appropriate function of the browser you are using, as specified under "Enabling/disabling cookies via browser".

Strictly necessary
These cookies are necessary to allow the website to operate, because they enable functions that facilitate the user's browsing. By way of example, the user will be able to access his or her profile without having to log in each time, or he or she will be able to select the language with which he or she wishes to browse the site without having to set it each time.

DomainCookiesFirst/third partDuration
www.fondazionefair.orgNEXT_LOCALEFirst part12 months
www.fondazionefair.org_gaFirst part24 months
www.fondazionefair.org_ga_<container-id>First part24 months

Enabling/disabling cookies via browser
You can prevent the use of cookies by adjusting the settings on your browser accordingly. However, if you choose to delete technical cookies from your device or prevent them from being stored, you may not be able to use all the features of this website. Even with all cookies disabled, your browser will still store a small amount of information required for basic site features.

Enabling or disabling cookies via your browser couldn't be easier.
Choose your browser from the list below and follow the provider's instructions.


The processing of personal data is carried out using computerised and electronic instruments and, occasionally, using manual means. The methods used are strictly related to the above-mentioned purposes. The data shall in any case be processed in compliance with the necessary precautions, guarantees and measures prescribed by the relevant legislation aimed at ensuring the confidentiality, integrity and availability of personal data, as well as at avoiding damage, whether material or immaterial (e.g. loss of control of personal data or limitation of rights, discrimination, identity theft or usurpation, financial loss, unauthorised decryption of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social damage).


For the purposes set out above, the Data Controller reserves the right to communicate personal data to recipients in the following categories:

  • public authorities and/or supervisory bodies (e.g. judicial authorities, public safety authorities, Financial Investigation Office, etc.);

  • parties that perform data acquisition, processing and storage services;

  • parties that provide services for managing the Controller's information system and telecommunications networks (including chat and mailing services);

  • parties that provide assistance to the Data Subject;

  • firms or companies that provide consultancy or assistance services;

  • parties that perform communication assistance and consulting activities;

  • parties that control, audit and certify the activities carried out by the Controller;

  • parties that, in various capacities, succeed the Company in the ownership of legal relationships (e.g. assignees or potential assignees of assets, receivables and/or contracts).

Parties belonging to the categories listed above operate independently as separate data controllers, or as Data Processors appointed for this purpose by the Data Controller. The updated list of third parties to whom the data are transmitted is available by forwarding a request to The data may also be disclosed, in connection with the performance of assigned tasks, by the Data Controller's own staff, specifically authorised by the Data Controller to process the data.

Personal data shall, in any case, not be disclosed and, therefore, shall not be brought to the attention of unspecified persons, in any form whatsoever. This includes making the data available or enabling its consultation without the express consent of the Data Subject, where required. However, Users utilising the forums, or other channels made available by the Data Controller, to publish their contents, including their personal data, on the Website, acknowledge that the information made public may be read, collected and used by third parties who have no relationship with the Data Controller, including for sending unsolicited messages. The Owner declares it is exempt from liability for any undue use that third parties make of the personal data that Users choose to publish through the aforementioned channels.


The Data Controller acknowledges that the personal data of the Data Subjects may be disclosed to organisations located in countries outside the European Union for the purposes mentioned above. This transfer will only occur on the basis of existing international agreements or adequacy rulings passed by the Commission (as per art. 45 of the Regulation), or on the basis of the instruments referred to in art. 46 of the Regulation, including Standard Contractual Clauses or the stipulation of Binding Corporate Rules ("BCRs" pursuant to art. 47 of the Regulation) and the adoption of the other measures required by the applicable processing laws. A copy of any personal data transferred abroad, as well as the list of third countries/international organisations to which personal data have been transferred, may be requested from the Controller at the following email address


In accordance with Articles 15 to 22, the Regulation gives Data Subjects the possibility to exercise specific rights. In particular, the Data Subject may obtain a) confirmation of the existence of processing of personal data concerning him/her and, in this case, access to such data; b) rectification of inaccurate personal data and integration of incomplete personal data; c) deletion of personal data concerning him/her, in cases where this is permitted by the Regulation; d) restriction of processing, in the cases provided for by the Regulation e) communication, to the recipients to whom the personal data have been transmitted, of requests for rectification/deletion of personal data and restriction of processing received from the Data Subject, unless this proves impossible or involves a disproportionate effort; f) receipt, in a structured, commonly used and machine-readable format, of the personal data provided to the Data Controller, as well as the transmission of the same to another data controller (known as data portability). The Data Subject also has the right to object at any time, on legitimate grounds, to the processing of personal data concerning him/her, even if pertinent to the purpose of collection, except where the Data Controller proves the existence of compelling legitimate grounds or the exercise or defence of a right in accordance with Article 21 of the Regulation. The Data Subject shall also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way, unless such a decision: a) is necessary for the conclusion or performance of a contract between the Data Subject and the Data Controller; b) is authorised by the law of the Union or of the Member State to which the Data Controller is subject; c) is based on the explicit consent of the Data Subject. In the cases referred to in a) and c) above, the Data Subject has the right to obtain human intervention by the Controller, to express his/her opinion and to contest the decision. The Data subject can submit requests to the email address indicating in the subject “Privacy – exercising Privacy rights”, outlining which right they intend to exercise, and giving the Data Controller the information needed to identify the Data subject as per articles 11 and 12 of the Regulation. The Data Subject also has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place where the alleged infringement occurred (e.g., the Italian Data Protection Authority, which can be contacted via the details available on the website, as stipulated by Article 77 of the Regulation. Furthermore, they have the right to bring proceedings in court under Articles 78 and 79 of the Regulation.


Except as specified for browsing data, and excluding data collected through technical cookies - non-provision of which will prevent the Data Controller from facilitating interaction with the website for the Data Subject, and prevent the Data Subject from using the Website and all its features - Users are free to provide their personal data to enjoy the features and services made available on the Website. The only consequence of failure to provide such data will be the inability of the data subject to use the relevant services, without any detrimental consequences.


The Data Controller reserves the right to periodically update the content of this page. The Data Subject is therefore invited to periodically check any information contained herein in order to keep up to date with any changes that may have occurred since the last consultation.

Sign up for our newsletter and keep up to date with Fondazione FAIR