Information on the processing of personal data

This page describes the management methods of this site in relation to the processing of personal data of users who consult it. This information is provided in compliance with current legislation on personal data for users who interact with the services of this site in the framework of EU Regulation 2016/679. The information is provided to define the processing of data resulting from the use of the site attributable to the activities of the Libera Schola ETS Foundation.


The "owner" of the processing

Following consultation of the site, data relating to identified or identifiable persons may be processed. The "Data Controller" of their processing is Fondazione Libera Schola ETS with headquarters in Piazza Gramsci 2, 20154 Milan.


Place of data processing

The processing connected to the web services is handled only by technical personnel of the Office in charge of processing, or by any persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated.


Purpose of the processing and legal basis of the processing

The Data Controller collects users' personal data to execute the requests of interested parties and to allow access to the information it makes available through the site.

The personal data provided by users who forward requests or intend to use services offered through the site as well as receive further specific contents are used for the sole purpose of responding to requests or carrying out the service or provision requested and are communicated to third parties only in the case in which this is necessary for this purpose. The legal basis of these treatments is the need to respond to the requests of the interested parties or carry out activities foreseen by the agreements defined with the interested parties.

Furthermore, as part of initiatives that involve the collection of data to participate in specific activities, the lists of data participants may be processed on the basis of the legitimate interest of the Data Controller, subject to carrying out a specific and documented impact assessment in relation to the use of this legal basis.

With the express consent of the user, the data may be used for communication activities relating to the presentation of offers for further products or services of the owner. The legal basis of this processing is the consent freely expressed by the interested party.

Outside of these hypotheses, users' browsing data are kept for the time strictly necessary to manage the processing activities within the limits established by law.


Types of data processed

In general terms, the types of data processed are:

a) those generated by navigation and use of the site; b) those that the user provides voluntarily by filling out specific forms as specified below; c) those collected through cookies.


a) Navigation data

The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.


b) Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.


c) Cookies

Cookies mean a textual element that is inserted into the hard disk of a computer only following authorization. Cookies have the function of streamlining the analysis of web traffic or reporting when a specific site is visited and allow web applications to send information to individual users. No personal data of users is acquired by the site for this purpose. Cookies are not used to transmit information of a personal nature, nor are so-called persistent cookies of any kind used, or systems for tracking users. The use of so-called session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. The so-called session cookies used on the site avoid the use of other IT techniques potentially prejudicial to the privacy of users' browsing and do not allow the acquisition of personal identification data of the user.

For more information on this type of data, you can consult the cookie policy.

In more detail, the main types of personal data collected are listed below, by way of example, with an indication of the Data Controllers who collect and use them.


1. Technical data collected

Technical navigation data relating to the IP address, the pages viewed or the services accessed/invoked, the identification codes of the devices used by the user to use the site or services, the type of browser and access times.

2. Data provided directly and voluntarily

Common identification data provided by the user (e.g. name, surname, e-mail, telephone number, etc.) for the use of the services, data on service configuration preferences, data on preferences relating to the content to be displayed.

3. Data technically necessary to provide the services

Data relating to access credentials, the validity status of subscriptions and regularity of payments, raw geographical position data where there are territorial access constraints on the contents.

4. Browsing data

Data relating to web browsing or the use of products, such as the pages viewed, the time spent using them, the nature of the contents displayed, the depth of the visit (e.g. how many links were followed to learn more about a topic on the site).

5. Data used by the owners for IT security purposes

Data relating to web browsing or the use of products and technical data relating to the communication tools and protocols used as well as the access methods aimed at detecting the emergence of sequences of actions or technical forcing that may compromise the functionality of the services and/or or pose a risk to the Owner's properties and the freedoms of its users.

6. Data calculated, derived, predicted with statistical techniques

Data such as reading interests for the purpose of profiling interested parties who have given the appropriate consent for the purpose of improving the site.


Optional provision of data

Apart from what is specified for navigation data, the user is free to provide data according to his evaluations and free choices.


How the data is processed

The processing of personal data is carried out electronically through the operations of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

The Owner does not adopt any automated decision-making process. In the event that the processing involves an automated decision-making process, including profiling, the Data Controller will inform about the logic used and the consequences of the processing for the interested party with specific information.

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

The data are kept for the time strictly necessary to pursue the purposes indicated in this information and will be deleted at the end of this period, unless the data itself must be kept for legal obligations or to assert a right in court.


Registration in the reserved area by creating an account or social login

Access to the reserved area is permitted via the following methods:

    by creating an account on the Site; through the use of credentials provided by a social network (so-called "social login"), in particular the identities created on Facebook.

In the event that the user decides to access the reserved area via the credentials of a social network, the Data Controller will have to acquire some of his personal data (Name, Surname, Email) in accordance with the authorizations issued by the interested party to the social network of reference. The user is therefore required to check the settings provided by the relevant social network as well as carefully read the relevant privacy policies, as they could authorize the social network to share his personal data with the Data Controller, thus authorizing the Data Controller. to collect information such as the owner's contacts, friends and other personal data. In any case, the Data Controller will not be aware of the registration data used by the user.Nu

The Data Controller will keep the identification code associated with the account with the relevant social network service when it is used to log in to the site or to share content hosted by the site; storage will take place for as long as necessary to provide the requested services.

If the user creates an account on or uses the site's services by connecting through the social login, the Owner may use the information contained in the account of origin to complete the user's profile on the Site. The user may at any time update or modify profile information and contact data via social login.



Rights of interested parties

Each interested party has the right to know the processing of personal data, for this reason he has the right to:

- obtain confirmation of the existence or otherwise of your personal data, even if not yet registered and that such data be made available to you in an intelligible form;

- obtain information and, if necessary, a copy:

    a) the origin and category of the personal data; b) the logic applied in case of processing carried out with the aid of electronic instruments; c) the purposes and methods of the processing; d) the identification details of the Data Controller and the Managers; e) of the subjects or categories of subjects to whom your personal data may be communicated or who may become aware of it, in particular if recipients are from third countries or international organisations; f) when possible, the data retention period or the criteria used to determine this period; g) the existence of an automated decision-making process, including profiling, and in this case the logic used, the importance and consequences envisaged for the interested party; h) the existence of adequate guarantees in case of transfer of your data to a non-EU country or to an international organisation;

- obtain, without unjustified delay, the updating and rectification of inaccurate data or, if interested, the integration of incomplete data;

- revoke the consent given at any time, easily, without impediments, using, if possible, the same channels used to provide them;

- obtain the cancellation, transformation into anonymous form or blocking of data processed illicitly, no longer necessary in relation to the purposes for which they were collected or subsequently processed or in the event that the consent on which the processing is based has been revoked and if there is no other legal basis, if you have objected to the processing and there is no overriding legitimate reason to continue the processing, in case of fulfillment of a legal obligation;

- obtain the limitation of processing in the case of:

    a) contesting the accuracy of personal data; b) unlawful processing by the Data Controller to prevent its cancellation; c) exercising one's right in court;

- verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to his rights;

- receive, without impediments and in a structured, commonly used and readable format, if the processing is carried out by automatic means, personal data concerning him/her in order to transmit them to another Data Controller or, if technically possible, obtain direct transmission to another Data Controller ;

- oppose, in whole or in part:

    a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of the collection; b) to the processing of your personal data, for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator, via email and/or via traditional marketing methods via telephone and/or paper mail;

- lodge a complaint with the Guarantor Authority for the Protection of Personal Data.

Consequently, within the limits and conditions established by law, the Data Controller has the obligation to respond to the interested party's requests regarding the personal data concerning him. In particular, based on current legislation:

1. The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information:

    the purposes of the processing; the categories of personal data in question; the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations; when possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period; the existence of the interested party's right to ask the data controller to rectify or delete personal data or limit the processing of personal data that concern them or to oppose their processing; the right to lodge a complaint with a supervisory authority; if the data are not collected from the interested party, all available information on their origin; the existence of an automated decision-making process, including the profiling.

2. The interested party has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.

3. The interested party has the right to obtain from the data controller the deletion of personal data concerning him without unjustified delay and the data controller has the obligation to delete personal data without unjustified delay within the limits and in the cases provided for by current legislation. legislation. The Data Controller communicates to each of the recipients to whom the personal data have been transmitted any rectifications or cancellations or limitations of processing within the limits and in the forms established by current legislation.

4. The interested party has the right to obtain from the Data Controller the limitation of the processing.

5. The interested party has the right to receive the personal data concerning him or her provided to a data controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments on the part of the data controller to whom he provided them.


To exercise the rights listed above, the interested party must submit a request using the following contact points: Fondazione Libera Schola ETS with headquarters in Piazza Gramsci 2, 20154 Milan.


The Data Protection Officer can also be contacted at the same address, who can also be contacted at the email address nfo@liberaschola.org.


This version of the information on the processing of personal data was updated on 10 July 2024.