Privacy Policy
INFORMATION PROVIDED PURSUANT TO ARTICLE 13 OF EU REGULATION No. 679/2016 (GDPR)
In accordance with the Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (EU Regulation 2016/679, hereinafter also “GDPR”), we wish to inform you that the personal data provided by the data subject, either on their own behalf or on behalf of the organization to which they belong, to the “Centro Dino Ferrari” Association will be processed in compliance with the applicable data protection legislation, according to the principles of lawfulness, fairness, transparency, proportionality, necessity, accuracy, completeness, and security, as well as other applicable legal obligations.
DATA CONTROLLER
The data controller is the “Centro Dino Ferrari” Association ETS – Legal Entity D.P.R. no. 1035 of 21-11-1984, based in Milan, Via Francesco Sforza, 35, tel. +39 02 55189006 / 02 55192512 – fax +39 02 54135646 – e-mail info@centrodinoferrari.com, PEC associazione.centrodinoferrari@poste-certificate.eu
CATEGORIES OF DATA SUBJECTS AND DATA PROCESSED
| Data Subjects | Categories of Data Processed |
| Users of the website www.centrodinoferrari.com | • Browsing data. The IT systems and software procedures involved in the operation of the Site automatically acquire some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified individuals but may, by their nature, allow identification through processing and association with data held by third parties. These include IP addresses, URI addresses of requested resources, request time, method used, file size, HTTP server response code, and browser/OS parameters. These data are used solely for statistical analysis and ensuring proper website functioning and are deleted immediately after processing. They may be used to verify responsibilities in the case of hypothetical cybercrimes affecting the website. |
| • Voluntarily provided information through the contact details on the website, including forms (name, surname, email). Newsletter subscribers’ personal and contact data (name, surname, email) will be processed to send periodic informative communications about the Association’s institutional activities and initiatives. | |
| • Cookies (see the site’s cookie policy). | |
| Donors | • Common data: personal identification (name, surname, email address, phone number, address, tax code); payment data (information on timing and method of donation). Donations made via credit card, digital payment systems (e.g., Google Pay) or PayPal are processed directly by the payment provider; the controller receives only the transaction result and administrative/fiscal information necessary for donation management. |
The Controller does not process special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, sexual life, or sexual orientation) or judicial data (relating to criminal convictions, offenses, or security measures).
Minors under 16: The Site is not directed at children under 16. Minors must not provide personal data without parental consent. Users under 16 must obtain parental authorization before submitting any personal data.
PURPOSES OF PROCESSING AND LEGAL BASIS
| Data Subjects | Purpose of Processing | Legal Basis |
| Website users | a. Enable access and navigation on the Site, including responses to inquiries via contact forms. | |
| b. Manage, protect, and improve Site functionality. | ||
| c. Send newsletters and informative communications about the Association’s activities, projects, and initiatives. | a. Pre-contractual measures upon the data subject’s request (Art. 6(1)(b) GDPR) | |
| b. Legitimate interest of the Controller (Art. 6(1)(f) GDPR) | ||
| c. Consent of the data subject (Art. 6(1)(a) GDPR), revocable at any time via unsubscribe link or by contacting the Controller. | ||
| Donors | a. Manage donations in all related activities (e.g., communication about donations, summaries, issuing tax-deductible receipts). | |
| b. Fulfill legal and fiscal obligations, including communication with the Italian Revenue Agency (Agenzia delle Entrate) for tax deduction purposes. | ||
| c. Document donations and create informative/promotional material about the Association’s activities, including donor names, photos, and videos on the website, social media (Facebook, Instagram, YouTube), or printed material. | ||
| d. Send communications strictly related to the donation, including reporting on use of funds and project updates. | a. Execution of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) | |
| b. Compliance with a legal obligation (Art. 6(1)(c) GDPR) | ||
| c. Consent of the data subject (Art. 6(1)(a) GDPR) | ||
| d. Legitimate interest of the Controller (Art. 6(1)(f) GDPR), unless the data subject objects. |
CATEGORIES OF DATA RECIPIENTS
Data may be shared with:
- Employees and collaborators of the Controller authorized to process personal data;
- Third-party service providers (companies, professionals) necessary for the Association’s activities or by law;
- IT service providers, electronic payment providers, and online transaction platforms (credit card platforms, digital wallets, PayPal), acting as separate controllers or, if applicable, data processors under Art. 28 GDPR;
- Banks, financial institutions, or other entities necessary for contract fulfillment;
- Judicial, regulatory, or public authorities.
The list may change; updated lists of recipients can be requested from the Controller.
DATA DISSEMINATION AND PROFILING
Personal data are not disseminated or profiled. Only with explicit consent may data be used to document donations and create informative/promotional materials.
DATA TRANSFER TO THIRD COUNTRIES
Data are stored on servers within the European Union or by third parties appointed as data processors. Some services, such as payment platforms, may involve transfer outside the EU, subject to EU adequacy decisions or standard contractual clauses.
DATA RETENTION
Personal data are kept only as long as necessary for the purposes collected:
- Donation data: retained for the duration of the relationship and 10 years thereafter for legal and fiscal compliance;
- Recurring donations: retained for the duration of the donation period plus 10 years;
- Newsletter and communications: retained until consent is revoked;
- Contact form submissions: up to 12 months after processing;
- Browsing and technical logs: up to 12 months;
- Media content published with consent: until consent is revoked, except for historical archiving purposes.
DATA PROCESSING AND VOLUNTARY NATURE
Providing personal data on registration forms is voluntary. Certain data may be required to provide requested services. For donations, failure to provide data may prevent registration and tax reporting. Consent is optional for communications and promotional purposes.
RIGHTS OF THE DATA SUBJECT
You have the right to:
- Access your personal data;
- Rectify inaccurate or incomplete data;
- Delete your personal data (“right to be forgotten”);
- Restrict processing;
- Data portability;
- Object to processing based on specific situations;
- Withdraw consent where processing is based on consent;
- Lodge a complaint with the supervisory authority (Italian Data Protection Authority: www.garanteprivacy.it).
Requests should be sent to the Controller; responses are provided without undue delay, generally within one month, extendable to three months for complex cases.
CHANGES TO THIS PRIVACY POLICY
If the Controller intends to process data for new purposes, information will be provided in advance. This policy may be updated occasionally; significant changes will be clearly communicated via the website or email notifications.Last update: 24.02.2026