Privacy Policy

 

The purpose of this document (hereinafter “Privacy Policy”) is to inform Users about personal data, understood as any information that allows the identification of a natural person (hereinafter “Personal Data”), collected by the website www.fondazionebarbavarley.org (hereinafter “Application”).

The Data Controller, as subsequently identified, may amend or simply update all or part of this Policy by giving notice to Users. Changes and updates will be binding as soon as they are posted on the Application. The User is therefore invited to read the Privacy Policy each time the Application is accessed.

In case of non-acceptance of the changes made to the Privacy Policy, the User is required to cease using this Application and may request the Data Controller to remove his/her Personal Data.

1. Personal Data Collected by the Application

The Owner collects the following types of Personal Data:

A. Content and information voluntarily provided by the User

● Contact Data and Content: are those Personal Data that the User voluntarily provides to the Application during its use, such as personal data, contact details, credentials to access the services and/or products provided, personal interests and preferences and other personal content, etc.

Failure by the User to provide Personal Data, for which there is a legal or contractual obligation or if they constitute a necessary requirement for the use of the service or for the conclusion of the contract, will result in the inability of the Owner to provide all or part of its services.

The User who communicates to the Owner Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.

B. Data and content automatically acquired while using the Application:

● Technical Data: the computer systems and software procedures used to operate this Application may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified Users, but by its very nature, could, through processing and association with Data held by third parties, allow Users to be identified. This category includes IP addresses, or domain names used by Users connecting to the Application, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained, etc.

● Usage Data: Personal Data related to the User’s use of the Application may also be collected, such as pages visited, actions taken, features and services used.

C. Personal data collected through cookies or similar technologies:

The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect Personal Data about the pages, links you visit and other actions you take when using our services. They are stored in order to be retransmitted on the next visit by the same User.

The User can view the full Cookie Policy at: https://fondazionebarbavarley.org/cookiepolicy/

2. Purpose

The Personal Data collected may be used for the performance of contractual and pre-contractual obligations and for legal obligations as well as for the following purposes:

● User support and contact: to respond to User’s inquiries and help with problems.
● Live chat communication: to allow the User to interact with a live chat on the Application.
● Comment and Feedback: to allow the User to submit reviews or comments.
● External handling of payments by credit card, bank transfer or other means: to handle payments by Users through external platforms that acquire payment data without the Application owner having access.
● Internal handling of payments by credit card, bank transfer or other means: to handle payments by acquiring payment data directly from the User.
● Technical monitoring of the infrastructure for maintenance, troubleshooting and performance improvement: to identify and resolve any technical problems and improve performance.
● Statistics only with anonymous data: to carry out statistical analysis based on aggregate data or data that do not identify the User.
● User behavior monitoring, analysis and tracking: to monitor and analyze how the User behaves on the Application.
● Email or newsletter sending and mailing list management: to contact the User with emails containing commercial and promotional information related to the Application.
● Advertising targeting and remarketing: to show more relevant advertisements to the User based on his/her browsing behavior and preferences.

3. Method of treatment.

The processing of Personal Data is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the stated purposes.

In some cases, subjects involved in the organization of the Data Controller (such as, for example, personnel management personnel, sales staff, system administrators, etc.) or external subjects (such as IT companies, service providers, postal couriers, hosting providers, etc.) may also have access to Personal Data. Such parties, if necessary, may be appointed as Data Processors by the Data Controller, as well as access Users’ Personal Data whenever necessary and will be contractually obliged to keep Personal Data confidential.

The updated list of Responsible Persons can be obtained by emailing [email protected]

4. Legal basis for processing

The processing of Personal Data related to the User is based on the following legal bases:

● the consent given by the User for one or more specific purposes;
● the processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures
● the processing is necessary to comply with a legal obligation to which the Controller is subject
● the processing is necessary for the performance of a task of public interest or the exercise of public authority vested in the Controller
● the processing is necessary for the pursuit of the legitimate interest of the Controller or a third party
● the processing is necessary for the pursuit of a vital interest of the Controller or a third party.

However, it is always possible to ask the Owner to clarify the legal basis of each processing at [email protected]

5. Location

Personal Data is processed at the Holder’s operational offices and at any other location where the parties involved in the processing are located. For further information, please contact the Controller at the following email address [email protected] or at the following postal address Via Pian della Casa snc. Civitella San Paolo 00060 Rome .

6. Security Measures.

The Processing is carried out in a manner and with appropriate tools to ensure the security and confidentiality of Personal Data, the Data Controller having adopted appropriate technical and organizational measures that ensure, and allow to demonstrate, that the Processing is carried out in accordance with the relevant legislation.

7. Data Retention Period.

Personal Data will be kept for the period of time necessary to fulfill the purposes for which it was collected.

In particular, Personal Data will be retained for the duration of the contractual relationship, for the performance of the fulfillments inherent and consequent thereto, for compliance with applicable legal and regulatory obligations, as well as for its own or third parties’ defensive purposes.

Where the processing of Personal Data is based on the User’s consent, the Controller may retain the Personal Data until the consent is revoked.

Personal Data may be kept for a longer period if necessary to fulfill a legal obligation or by order of an authority.

All Personal Data will be deleted or retained in a form that does not allow User identification within 30 days after the end of the retention period. After the expiration of this period, the right of access, deletion, rectification and the right to portability of Personal Data can no longer be exercised.

8. Automated decision-making processes

All Personal Data collected will not be subject to any automated decision-making process, including profiling, that may produce legal effects for or significantly affect the individual.

9. Rights of the User

Users may exercise certain rights with respect to Personal Data processed by the Data Controller. In particular, the User has the right to:

● revoke consent at any time;
● object to the processing of your Personal Data;
● access your Personal Data;
● verify and request rectification;
● obtain restriction of processing;
● obtain deletion of your Personal Data;
● receive your Personal Data or have it transferred to another controller;
● file a complaint with the Personal Data Protection Supervisory Authority and/or take legal action.

In order to exercise their rights, Users may address a request to the contact details of the Owner indicated in this document or by filling out this form:

Name

Name

Email

Submit a request for access to the data we process about you.

Submit a request for deletion of the data if it is no longer relevant.

Submit a request to receive an export file of the data we process about you.

Requests are made free of charge and processed by the Holder as quickly as possible, in any case within 30 days.

10. Data Controller

The Data Controller is Barba Varley Foundation, with registered office in. Via Pian della Casa snc. Civitella San Paolo 00060 Rome , Tax code/VAT number 96471730588, REA RM – 1628836, e-mail address [email protected], PEC address [email protected]

Last Updated: 14/09/2025