onlocation exp privacy policy

Privacy Policy Milano Cortina 2026


Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri n. 3, Milan, VAT no. 97866790153, VAT no. 11199200962, in its capacity as data controller (hereinafter, "Data Controller" or "Milano Cortina 2026"), informs you, pursuant to EU Regulation 2016/679 ("GDPR") and current national legislation on the protection of personal data, that by subscribing on the web form of On Location Events LCC at the following link, you agree to share with the Data Controller certain information concerning you.

  1. Object of processing


The Data Controller processes the following personal data that you have communicated in connection with the Initiative (hereinafter, "Data" or "Personal Data"), i.e. identifying and non-particular data (such as, for example, your name, surname and e-mail address).

  1. Purpose and legal basis of processing

Your personal data are processed for the following purposes and legal bases.

  1. With your prior consent, your data will be processed for receiving newsletter on information, news and projects of Milano Cortina 2026. In particular, you will receive a confirmation e-mail at the e-mail address you have provided.



  1. Modalities of Data Processing

The processing of your Data is carried out by means of the operations of collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Your personal data is processed electronically and, where appropriate, automatically. Your personal data are protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the original purpose of collection. This is achieved by the technical and organisational security measures implemented by the Data Controller.

  1. Data Retention


The Controller shall process the Personal Data for the time necessary to fulfil the above mentioned purposes and, in any case, unless you unsubscribe from the newsletter, for no longer than 6 years from the moment of the submission of the subscription request in order to send you the newsletter. If you unsubscribe from the newsletter, your data will be kept on a black list for the sole purpose of not sending you newsletters anymore and will be deleted 6 months after your unsubscription.

  1. Access to data


The provision of Personal Data for the purposes referred in paragraph 2 is optional and but the failure to provide your data would not allow you to receive newsletter relating to Milano Cortina 2026.

  1. Access to Data


Your data may be made accessible for the above purposes to:

  • employees and/or collaborators of the Controller, in their capacity as data processors and/or internal data controllers and/or system administrators;
  • third party companies or other entities that perform outsourcing activities on behalf of the Controller and that will process the Data in their capacity as external data controllers.


  1. Data communication


Your data may be communicated, without your express consent, to supervisory bodies, law enforcement agencies or the judiciary, at their express request, who will process it as independent data controllers for institutional purposes and/or in accordance with the law during investigations and controls.

  1. Data transfer


The Data Controller may transfer Data outside the European Union. To this end, in accordance with privacy legislation, the Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (e.g. adequacy decisions or standard contractual clauses).

  1. Data subjects Rights

The Data Controller informs you that, as a data subject, you have the right to:

  • obtain confirmation of the existence or otherwise of your personal data, even if not yet recorded, and that such data be made available to you in an intelligible form;
  • obtain an indication and, if necessary, a copy: (a) the origin and category of the personal data; (b) the logic applied in the event of processing carried out with the aid of electronic instruments; (c) the purposes and methods of processing; (d) the identification details of the data controller and data processors; e) the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data, in particular if they are recipients in non-EU countries or international organisations; e) when possible, the data retention period or the criteria used to determine said period; f) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organisation;
  • obtain, without undue delay, the updating and rectification of inaccurate data or, where interested, the integration of incomplete data;
  • obtain the cancellation, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if you have objected to the processing and there is no overriding legitimate reason to continue processing; d) in the event of compliance with a legal obligation; e) in the case of data relating to minors. The Data Controller may refuse erasure only in the event of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
  • obtain the limitation of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their deletion; c) exercise of one of your rights in court; d) verification of whether the Data Controller's legitimate reasons prevail over those of the data subject;
  • to receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the personal data concerning him/her in order to transmit them to another data controller or - if technically feasible - to obtain the direct transmission by the data controller to another data controller;
  • to object, in whole or in part, on legitimate grounds relating to your particular situation, to the processing of personal data concerning you;
  • not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This does not apply when the decision:
    • is necessary for the conclusion or execution of a contract between you and the Controller, i.e. the Foundation;
    • is authorised by a legal obligation to which the Data Controller, i.e. the Foundation, is subject and which specifies the appropriate measures to protect your rights, freedoms and legitimate interests;
    • is based on your explicit consent.
  • to lodge a complaint with the Italian Data Protection Authority.


In the above cases, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of your rights, except in specific cases (e.g. when this proves impossible or involves the use of means that are manifestly disproportionate to the right protected).


  1. Modalities of exercise of rights

You may exercise these rights at any time:


  1. Data controller and Data Processor


The Data Controller is Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri 3, Milan - 20145, Tax Code 97866790153, VAT number 11199200962.


The updated list of data processors, persons in charge of processing and system administrators is kept at the Data Controller's head office.


Milan, 31 maggio 2021


Fondazione Milano Cortina 2026