Fondazione Milano Cortina 2026, with registered office in Piazza Tre Torri 3, Milan, VAT no. 97866790153, VAT no. 11199200962, acting as data controller (“Data Controller” or “Milano Cortina 2026”), informs you, pursuant to EU Regulation 2016/679 (“GDPR”) and the applicable national data protection legislation, that your data will be processed in the following matters and for the following purposes.

Milano Cortina 2026 has appointed its own DPO who can be contacted by e-mail at

  1. Object of the processing

The Controller processes the personal data listed below (hereinafter, “Data” or “Personal Data”).

  • Identification Data: for example, e-mail address, IP address, etc. communicated by you when browsing the website of Milano Cortina 2026 (“Site”) or through messages sent by you via e-mail to the e-mail addresses with domain Further Personal Data, such as your name, surname, place and date of birth, may be communicated to Milano Cortina 2026 through your registration, for example, to the Fan Team, but these are managed by separate privacy notices (available in other sections of the Site), given to you prior to the relevant registrations. Furthermore, e-mail address, identification data (e.g. first name, last name, address, telephone number, professional training) that may be contained in e-mails sent to the Data Controller via the e-mail contacts indicated on the Site or, in any case, via e-mail contacts with the domain, may be processed.
  • Special categories of personal Data: through the specific “Work with Us” section on the Site some information may be disclosed that, pursuant to the GDPR, represent “special categories of personal data” (e.g. belonging to a protected category). For such type of information, please refer to the privacy notices specifically prepared.
  • Navigation data: The computer systems and software used to operate the Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit with the use of network communication protocols; this information is not collected in order to be associated with users but, by its very nature, if associated with other data it may allow the user to be identified; in particular, this category of data includes the IP addresses or domain names of the computers used by the users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. This information is collected by means of the cookies described in the Cookie Policy of the website to which reference should be made.

The validity of the information provided on this page does not extend to the pages of other web domains that may be consulted through hypertext links.

  1. Purposes and legal bases of the processing

Your Personal Data is processed for the following purposes and legal bases:

  1. in fulfilment of a legal obligation to which the data controller is subject [Art. 6, para. 1, letter c) of the GDPR] or in pursuance of a legitimate interest of the data controller [Art. 6, para. 1, letter f) of the GDPR], in order to:
  • allow you to navigate within the Site;
  • manage and maintain the Site;
  • comply with legal obligations, regulations, EU legislation, orders and prescriptions of the competent authorities;
  • prevent fraud and unlawful activities and exercise the rights and protect the interests of the Data Controller (e.g. the right of defence in court).
  1. with the consent of the data subject [Art. 6(1)(a) GDPR], in order to:
  • respond to requests for information received following e-mail contact;
  • marketing purposes, e. to send communications - by e-mail - relating to the initiatives of Milano Cortina 2026 (such as, but not limited to, discounts, promotions, events and initiatives);
  • profiling purposes, e. to analyse, also by automated means, preferences and interests (such as, for example, sports practices, events and initiatives of interest, adherence to promotions, etc.), online behaviour (and, therefore, using tracking tools) and to propose - by e-mail - personalised services, initiatives and promotions.
  1. Modalities of processing and profiling

Processing may take place with or without the use of electronic tools. With regard to profiling, information is processed in order to create a classification based on the preferences expressed and a profile that is as complete and exhaustive as possible. The user is then asked to express certain preferences by means of a click. The value corresponding to the selected item is then automatically collected and the information is added to the member's profile.

Personal data are protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the initial purpose of collection. This is achieved by the technical and organisational security measures implemented by the Data Controller.

  1. Data storage period

The information collected through the Site will be stored:

  • according to the provisions of the specific information for the FanTeam, the “Work with Us” section and the cookie policy for the processing of navigation data and for that carried out by means of such tracking tools;
  • until the revocation of consent where given for marketing and profiling purposes.
  1. Provision of data

Apart from what is set out in point 2.1, the provision of data is optional and, therefore, refusal to provide information will result in the impossibility of receiving marketing communications or taking advantage of targeted digital campaigns in line with your interests.

  1. Access to Data

The Data may be made accessible for the above purposes to (i) employees and/or collaborators of the Data Controller, in their capacity as subjects authorised to process the Data and (ii) third parties appointed as data processors.

  1. Recipient categories

The Data may be communicated to supervisory bodies, law enforcement agencies or the judiciary, at their express request, who will process it as independent data controllers. Furthermore, upon express consent, they may be communicated to the International Olympic Committee (IOC) for statistical analysis, profiling and marketing activities carried out through the use of cookies. For further information on the processing of data, please refer to the Cookie Policy [] on our Site and privacy policy of the International Olympic Committee (

  1. Transfer of Data

The Data Controller may transfer the Data outside the European Union by adopting the most appropriate means and safeguards identified by law and by the Supervisory Authorities.

  1. Rights of the data subject

The data subject has the right to obtain, in the cases provided for, access, rectification, deletion and portability of his or her personal data, as well as the limitation of the processing concerning him or her (Art. 15 et seq. of the GDPR). Furthermore, where the processing is based on consent, you will be able to revoke it at any time without affecting the lawfulness of the processing based on the consent given before revocation. You may exercise these rights by sending a registered letter with advice of receipt to the Controller's address or an e-mail to Finally, if you believe that the processing carried out is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Italian Supervisory Authority for the Protection of Personal Data, as provided for in Article 77 of the GDPR itself, or to take appropriate legal action (Article 79 of the GDPR).

Last updated: November 2022