Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri 3, Milan, VAT no. 97866790153, VAT no. 11199200962, acting as data controller (“Data Controller” or “Milano Cortina 2026”), informs you, pursuant to EU Regulation 2016/679 (“GDPR”) and the applicable national data protection legislation, that your data will be processed in the following matters and for the following purposes.
Milano Cortina 2026 has appointed its own DPO who can be contacted by e-mail at DPO@milanocortina2026.org.
- Object of the processing
The Controller processes the personal data listed below (hereinafter, “Data” or “Personal Data”).
- Identification Data: for example, e-mail address, IP address, etc. communicated by you when browsing the website of Milano Cortina 2026 (“Site”) or through messages sent by you via e-mail to the e-mail addresses with domain milanocortina2026.org. Further Personal Data, such as your name, surname, place and date of birth, may be communicated to Milano Cortina 2026 through your registration, for example, to the Fan Team, but these are managed by separate privacy notices (available in other sections of the Site), given to you prior to the relevant registrations. Furthermore, e-mail address, identification data (e.g. first name, last name, address, telephone number, professional training) that may be contained in e-mails sent to the Data Controller via the e-mail contacts indicated on the Site or, in any case, via e-mail contacts with the milanocortina2026.org domain, may be processed.
- Special categories of personal Data: through the specific “Work with Us” section on the Site some information may be disclosed that, pursuant to the GDPR, represent “special categories of personal data” (e.g. belonging to a protected category). For such type of information, please refer to the privacy notices specifically prepared.
The validity of the information provided on this page does not extend to the pages of other web domains that may be consulted through hypertext links.
- Purposes and legal bases of the processing
Your Personal Data is processed for the following purposes and legal bases:
- in fulfilment of a legal obligation to which the data controller is subject [Art. 6, para. 1, letter c) of the GDPR] or in pursuance of a legitimate interest of the data controller [Art. 6, para. 1, letter f) of the GDPR], in order to:
- allow you to navigate within the Site;
- manage and maintain the Site;
- comply with legal obligations, regulations, EU legislation, orders and prescriptions of the competent authorities;
- prevent fraud and unlawful activities and exercise the rights and protect the interests of the Data Controller (e.g. the right of defence in court).
- with the consent of the data subject [Art. 6(1)(a) GDPR], in order to:
- respond to requests for information received following e-mail contact;
- marketing purposes, e. to send communications - by e-mail - relating to the initiatives of Milano Cortina 2026 (such as, but not limited to, discounts, promotions, events and initiatives);
- profiling purposes, e. to analyse, also by automated means, preferences and interests (such as, for example, sports practices, events and initiatives of interest, adherence to promotions, etc.), online behaviour (and, therefore, using tracking tools) and to propose - by e-mail - personalised services, initiatives and promotions.
- Modalities of processing and profiling
Processing may take place with or without the use of electronic tools. With regard to profiling, information is processed in order to create a classification based on the preferences expressed and a profile that is as complete and exhaustive as possible. The user is then asked to express certain preferences by means of a click. The value corresponding to the selected item is then automatically collected and the information is added to the member's profile.
Personal data are protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the initial purpose of collection. This is achieved by the technical and organisational security measures implemented by the Data Controller.
- Data storage period
The information collected through the Site will be stored:
- until the revocation of consent where given for marketing and profiling purposes.
- Provision of data
Apart from what is set out in point 2.1, the provision of data is optional and, therefore, refusal to provide information will result in the impossibility of receiving marketing communications or taking advantage of targeted digital campaigns in line with your interests.
- Access to Data
The Data may be made accessible for the above purposes to (i) employees and/or collaborators of the Data Controller, in their capacity as subjects authorised to process the Data and (ii) third parties appointed as data processors.
- Recipient categories
- Transfer of Data
The Data Controller may transfer the Data outside the European Union by adopting the most appropriate means and safeguards identified by law and by the Supervisory Authorities.
- Rights of the data subject
The data subject has the right to obtain, in the cases provided for, access, rectification, deletion and portability of his or her personal data, as well as the limitation of the processing concerning him or her (Art. 15 et seq. of the GDPR). Furthermore, where the processing is based on consent, you will be able to revoke it at any time without affecting the lawfulness of the processing based on the consent given before revocation. You may exercise these rights by sending a registered letter with advice of receipt to the Controller's address or an e-mail to email@example.com. Finally, if you believe that the processing carried out is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Italian Supervisory Authority for the Protection of Personal Data, as provided for in Article 77 of the GDPR itself, or to take appropriate legal action (Article 79 of the GDPR).
Last updated: November 2022