(pursuant to EU Regulation 679/2016 and current national legislation on the protection of personal data)
(ver. 00-05 / 2019)

Dear User,

Pursuant to EU Regulation 679/2016 (hereinafter: “GDPR”) and the current national legislation on the protection of personal data, the Milan Onlus Foundation (hereinafter the “Foundation”), with headquarters in Via Aldo Rossi n. 8, 20149 Milan, provides you with a series of information relating to the methods of “use” of your personal data acquired through our site or communicated by other Third Parties including companies of the Milan group, organizations and associations in relation to auctions, fundraising and other charitable or solidarity initiatives.

1. Types of data collected
Common data: personal data processed by the Companies as part of browsing the Site following registration, such as name, surname, gender, place / country and date of birth, contact language, e-mail address and password, images photographic, audio video, provided directly by the user or through third parties, if authorized by him, through their authentication service (Social log in, etc.), or additional data (such as tax code, regular and one-off donations, they mode and amount donated);
Navigazione Navigation data: information that, acquired by computer systems and software procedures used to operate the Site during their normal operation, is not collected to be associated with identified interested parties, but which could, through processing and association with data held by third parties, allow users to be identified; this category of data includes IP addresses or domain names of computers used by users connecting to the Site, URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

2. Purposes and legal bases of the processing
The data collected are processed by the Foundation as data controller, without your necessary consent, for the following legal purposes and bases:
a) execution of contractual obligations such as: obligations arising from initiatives, including fundraising, projects, charity or solidarity auctions organized by organizations or associations that cooperate with the Foundation, participation in social solidarity campaigns also during crowdfounding activities, donation management, sending the information you requested.
b) the fulfillment of legal obligations such as: the management of the obligations deriving from the legal and regulatory obligations to which the Foundation is subject.
c) the pursuit of legitimate Foundation interests such as, for example, the need to identify the donor and the defense in court.
The data collected is processed by the Foundation, subject to your consent for:
d) institutional communication: ie sending, with automated methods of contact (such as text messages, e-mails, social networks, instant messaging apps, push notifications) and traditional (such as telephone calls with operator and traditional mail), communication and information material relating to the activities of the Milan Onlus Foundation (for example fundraising initiatives, projects, surveys and statistical analyzes);
e) profiled communications: analysis of your behavior and habits also in order to offer customized services and information on fundraising initiatives and projects of our Foundation.

3. Processing methods
The data may be processed in paper, computerized and telematic form and inserted in the relevant databases, by means of the operations of collection, recording, organization, storage, consultation, use, processing, comparison and any other appropriate operation, including automated, in compliance with the provisions of the law necessary to guarantee, among other things, the confidentiality and security of the data as well as the accuracy, updating and relevance of the data in compliance with the declared purposes.

4. Data retention
The data is kept for the time necessary to fulfill the purposes indicated above and, in particular:
 for the purposes of sub 2, lett. a), b) and c), for not more than 10 years from the end of the specific activity. For any handling of contact requests, until the request is closed. In the case of litigation, for the entire duration of the same, until the deadlines for appeals can be exhausted;
 for the purposes of sub 2, lett. d) and e) of institutional communications and profiled communications until the revocation of consent. The data relating to your behavior and habits are kept for 24 months from collection.

5. Provision of data
The provision of data for the purposes of sub 2, lett. a), b) and c) is necessary to guarantee the activities and the requested service; any refusal to provide the data or their incompleteness may make it impossible to issue a receipt for the donation made and to carry out the services in their entirety and legal obligations.
The provision of data for the purposes of sub 2, lett. d) and e) is optional and failure to provide the data will have no consequence except the impossibility for the Foundation to carry out the activities described above.

6. Data recipients
The data can be communicated to subjects operating as data controllers, including, in particular, authorities and supervisory and control bodies, lawyers, accountants, auditors and in general, individuals, public or private, entitled to request the data.

7. Persons authorized to process data
The data may be processed by the employees of the company departments appointed to pursue the aforementioned purposes that have been expressly authorized for processing and that have received adequate operating instructions.
The data may be processed, on behalf of the Foundation to allow the activities described above, by individuals (including companies of the Milan group), designated as data processors, who provide services to the Foundation.

8. Data transfer
The data may be transferred to subjects in countries outside the EU that ensure an adequate level of data protection. The transfer will be made only on the basis of the adequacy decisions approved by the European Commission or the adoption by the Foundation of the Standard Contractual Clauses prepared by the European Commission.

9. Rights of the interested party – Complaint to the Control Authority
By contacting Fondazionbe via email at the address, you can:
 ask the owner to confirm the existence or not of a treatment of the data concerning them and, in this case, obtain access to the data concerning them and to the information relating to the processing, such as: the purposes, the categories of data personal, recipients or categories of recipients to whom the data is communicated, the retention period, the existence of an automated decision-making process and the logic used, as well as the existence of adequate guarantees in case of data transfer in a country outside the EU ;
 to obtain the updating of the data, their rectification, integration or cancellation, as well as the limitation of the processing;
Orsi object in whole or in part: a) for reasons connected to their particular situation, to the processing of data for legitimate interest of the Foundation; b) to the processing of personal data concerning them for the purpose of communication and personalized communication carried out using automated contact methods (such as text messages, e-mails, social networks, instant messaging apps, push notifications) and traditional ones (such as phone calls with an operator and traditional mail);
 receive the data in a structured format, commonly used and readable by an automatic device, and, if technically feasible, to transmit them to another holder without impediment (“right to data portability”);
 revoke the consent given at any time.
You also have the right to lodge a complaint with the competent supervisory authority.

10. Data Controller, Data Processors and Personal Data Protection Manager
The Data Controllers, for all the processing purposes indicated in this statement, the Data Controller is Fondazione Milan Onlus based in Milan, Via Aldo Rossi n. 8 – 20149, which can be contacted for the complete list of data processors.
Furthermore, the Foundation has appointed the Head of Personal Data Protection (DPO), a specialized figure, who will oversee the methods adopted by the Foundation to protect your data. To contact the DPO, write to

Cookie Policy

1. As owner of the personal data treatment, Fondazione Milan Onlus adopted the present disclosure in order to inform the users about the use of cookies on this website.

Cookies are small text strips of code sent by the website to its terminal, where they are collected to be sent back to the website when the user comes for a second time.

Those information may indicate the user or the device used to connect to the Internet (computer, tablet or mobile phone) and are used to adequate the website to the user’s expectations, offering an improved navigation experience registering the previous choices.

2. Cookies are intended for different purposes: online authentications, sessions monitoring, memorization of specific software configurations regarding server accessing users, etc.

Below, you can know more about the different ways we use cookies. If you want, you can prevent all or part cookie saving. However, in that case the website navigation and services provided may be compromised.

The website uses technical cookies only.

Technical cookies are used only to communicate on electronic networks and/or to provide a service explicitly requested by the user (according to “art. 122, comma 1, del Codice della Privacy”).

Those cookies are needed for a correct website functioning; without those cookies we could not provide the services requested by the user.

Technical cookies are not used for further reasons and are not installed by the owner or the website administrator, nor third party operators (infra sub § 5).

Technical cookies may be:

– navigation and session cookies, that guarantee the standard navigation of the website (allowing, for example, to make a purchase or to authenticate to access reserved areas);

– cookies analytics, assimilated to technical cookies when used exclusively to gather information, in aggregated form, about the number of users and about their visit the website. Those cookies allow to know the way the users navigate the website, in order to improve its functioning. For example, they allow to know which pages are less frequently visited. They also take into account, among others, the number of visitors and the time they spent on the website. In that way, we gather information about the quality of the navigation provided. All the information collected by cookies are anonymous and not linked to the user’s personal data;

– functionality cookies, that allow the user a navigation according to selected parameters (for example: language, selected products for purchase) in order to provide a better service.

The website does not use profiling cookies.

3. The website uses third party cookies

During the navigation, the user may receive on its terminal cookies sent by websites and web servers other than our own (the so called third party cookies), those ones various elements (such  as, for example, images, maps, sounds, specific links to other domains pages) may reside on the website the user is visiting in that moment. Specially, on the website there are Google Analytics cookies (

Third party cookies residing on the website are exclusively technical cookies.

4. It is possible to modify cookie transmission and block the installation, for example modifying browser settings to block some of them.