Rev. 1 dated 08/04/2024

Privacy Policy of the website

This information is issued pursuant to Articles 12, 13 and 14 of the EU Regulation 2016/679 GDPR and is addressed to users of the company website.

The following applies only to websites, Apps, social profiles, and services whose domains or properties are registered or traceable to the publisher ORSOLINA28 ART FOUNDATION ETS, specifically the domain and all third-level domains linked to it.

The processing of personal data will be based on the principles of fairness, lawfulness and transparency, protecting the confidentiality and rights of the peopleconcerned.


Notes to the reader

2. To whom is this document addressed?
3. How can you contact us?
4. Data Protection Officer - DPO
7. For what purposes do we process your personal data and on what lawful basis?
8. To allow you to browse our website
9. Manage communications
10. Manage data collection forms
12. Cookies and other technologies
13. Processing personal data COLLECTED through our social profiles
14. Newsletters and other direct marketing communications
15. Legal obligations to communicate
16. Links to external websites
18. International transfers
19. Who may process your personal data
20. What are your Rights?
20.1 Forms for exercising your rights
21. Changes to the Policy
22. Questions regarding this Policy


  1. Notes for the reader

In order to make this document more understandable and transparent to our users, we have found it necessary to use simple and colloquial language. Therefore, the use of a less formal tone should not be interpreted as a lack of respect or courtesy to the user but simply a way to facilitate communication.

If you are a minor, you should know that this websiteis not intended to be accessed by minor users and the information contained, including this policy, may be difficult for you to understand.

  1. To whom is this document addressed?

This Information Notice (hereinafter "Policy"), provided pursuant to Articles 13 and 14 of Regulation (EU) April 27, 2016 No. 679 (so-called "GDPR"), is intended to illustrate how ORSOLINA28 ART FOUNDATION ETS (hereinafter also "Foundation") processes personal data collected as you use the website, its applications and services.

  1. how can you contact us?

ORSOLINA 28 ART FOUNDATION ETS, as Publisher and Data Controller, is responsible to the user for any questions, concerns or complaints regarding this policy or the processing of personal data. In case you, as a user of the website and a "data subject", need any clarification regarding the processing of your personal data, please contact us at the following contact details:


Registered office: Corso Giovanni Lanza n- 101 - Turin

VAT NUMBER 12995780017 TAX CODE: 12269250010


Phone 0141-917277


  1. Data Protection Officer - DPO

ORSOLINA 28 ART FOUNDATION does not have the obligation to appoint a Data Protection Officer.

  1. For what purposes do we process your personal data and on what basis of lawfulness?

We process your personal information to give you the best possible experience when you access our website, use our services, and interact with us. This includes the following purposes:

  1. Allow consultation of our website

When you visit our website, we automatically collect certain information, including your IP address, login information, browser type and version, browser plug-ins, operating system, and platform.

As you browse our website, we may also collect other data such as the Clickstream URL, articles viewed or searched, any viewing and download errors, the times and duration of visits to particular pages, and interaction with the page itself. To collect this data, we use various technologies, including cookies. More information about cookies is available in a specific notice available in the footer of the website. If you need more information regarding the processing of your personal data, please contact us through the information we provided above.

Acquisition mode: Data are automatically conferred by your browsing devices using Internet network communication protocols (e.g., TCP/IP, UDP)

Basis of lawfulness: We process this data by virtue of our Legitimate Interest - art. 6.1 lett. f) of the GDPR - to provide and improve the navigation on our website, propose efficient and secure web services trying to ensure the continuous improvement of your browsing experience over time.

How long we keep your data: We keep your personal data only as long as necessary to enable you to browse the website. In particular, some data is kept the length of time you are on the website itself and some until you decide to delete it by deleting technical and functional cookies (e.g. language setting). For more information regarding cookie management, see our Cookie Policy in the website Footer.

  1. Managing communications

We collect your personal information when you communicate with us in person, through our website, e-mail, by phone, or through any other means using the contact information we have issued to you through this website. For example, we collect your contact information and details of our messages to you and from you including details of when you sent them, when we received them, and in some cases even where you sent them from.

Mode of acquisition: The data are partly automatically conferred in the communication protocol used by your chosen tool and partly conferred by you in the content of the communication.

Basis of lawfulness: We mainly process this data because of our Legitimate Interest - art. 6.1 lett. f) of the GDPR - to respond to your requests and handle necessary communications. However, in some cases we may be called upon to respond by virtue of specific contractual or legal obligations-Articles 6.1(b) and (c) of the GDPR.

How long we keep your data: By following up on contact or support requests you decide to send us, your personal data is only processed for as long as it is needed to provide you with the information and/or assistance you need.

  1. Managing data collection forms

Description of processing: As a user, you may provide us with your personal data, including data that allows your identification when you fill out specific forms (so-called" Forms"). These forms are designed in order to facilitate your inquiries and ensure quick and accurate responses and are supplemented by appropriate privacy policy if necessary.

Method of acquisition: the data are voluntarily provided by you in the completion of our Application or Registration Forms. Failure to provide them will result in our inability to provide you with the requested service.

Basis of lawfulness: The processing is necessary for the execution of pre-contractual measures taken at your request - art. - 6.1 lett. b) of the GDPR.

How long we keep your data: We only keep your personal data on the website for as long as it takes to fulfill your request.

  1. Newsletters and other direct marketing communications

We may use the information you provide to send you newsletters or other communications that we believe may be of interest to you. Where required by law, the sending of marketing communications will only take place after your consent has been obtained. In any case, we offer you the opportunity to unsubscribe from any communication sent.

Service Description: If you want to keep up to date with our services and choose to subscribe to our newsletter, it is necessary to provide certain data such as your name, e-mail address or other specific data stated from time to time in the Registration Form. If you subscribe to our newsletter service, you give us consent to send to your e-mail address commercial communications (e.g. information notes, promotions, etc.) in an automated way. These communications will never be invasive and will be done solely for the purpose of commercial promotion of our Brand and our products and/or services. You may revoke your consent to the processing for these purposes at any time, free of charge and in an easy manner through the appropriate link found within each of our e-mails or by using the contact information provided in this notice. The effectiveness of communications made through the newsletter service is periodically monitored in order to also understand your interest in the communications made. In particular, proper delivery to your mail server, your interaction with the landing page such as, for example, whether or not our newsletters are opened by, the number of openings over time is monitored. Monitoring is done to understand your interest in our communications and to disable automatic delivery if messages are not received regularly or there is no interaction from you for long periods of time.

Mode of acquisition: The data necessary for the activation of the communication service, such as your name and your e-mail address, are voluntarily given by you in the specific Newsletter Registration Form. Information regarding the delivery of our communication to your mail server is automatically provided by the communication protocol. The data regarding your interaction with the communication service is derived from special markers inserted by the newsletter service we use within the landing page.

Basis of lawfulness: We process the data automatically conferred in the communication protocol and those obtained from the newsletter management system to carry out communications. However, according to art. 130 of Legislative Decree 196/2003, commercial communications carried out in an automated or systematic way (without the intervention of an operator), can only be carried out if the recipient has given his consent. This consent is equated by us with that provided for in art. - 6.1 lett. a) of the GDPR and is handled in the manner established by art. 7 of the GDPR.

How long we keep your data: your data will be processed and kept until you decide to revoke your consent or request deletion.

  1. Cookies and other technologies

When you browse the pages of our website, we automatically collect data through the use of "cookies." A cookie is a text file containing small amounts of data that a website can send to your browser, which can then be stored on your computer as a tag that distinguishes your computer but does not identify you. Some of our website pages use cookies to provide you with better service during subsequent uses of the website. You can set your browser to notify you before you receive a cookie so that you have a chance to decide whether or not to accept it.

We use a plugin to manage your consent to our website's use of cookies. However, you can also set your browser to disable cookies; You should be aware that if you do this, some pages on our Web site may not function properly.

Instructions for disabling cookies can be found at the following web pages: Mozilla Firefox - Microsoft Edge - Google Chrome - Opera - Apple Safari

For information about the specific cookies used on this Web site, please see the Web site's Cookie Policy via the link provided at the bottom of all pages on the site (footer).

  1. Processing of personal data COLLECTED through our social profiles

When you follow our social channels (e.g., Facebook, Instagram, YouTube, etc.) or interact in any way with our social profiles (e.g., by commenting, sharing, following us, or by liking), we will use your information to interact and communicate with you through our social profile in order to offer products and services and develop our "Brand" through the social channel you interacted with. Please note that the information you voluntarily release to us on social profiles and any expressions of interest you may have, will be used exclusively for the analysis and communication purposes stated in this policy. Also for the purpose of protecting our interests or those of third parties, we reserve the right to request the deletion of comments that are offensive or in violation of any applicable law and upon the occurrence of the conditions, to use such comments or posts in order to protect or enforce our rights and/or interests in court.

Mode of acquisition: The data are voluntarily given by you through one of our social profiles.

Basis of lawfulness: We process this data because of our Legitimate Interest to promote our brand through social channels and address any inquiries - art. 6.1(f) of the GDPR.

How long we keep your data: We keep your personal information until your account is deleted or your comment or post in which you tagged us is deleted.

Please remember that for privacy purposes the social network is the autonomous controller of your personal information and, as such, does not operate under our responsibility. The collection and use of information obtained is governed by the social network's privacy policies to which we encourage you to refer.

  1. Legal reporting requirements

We may process your information in order to make necessary disclosures, in response to requests we are legally required to fulfill, to law enforcement or judicial authorities, or in defense of a right.

Mode of acquisition: The data are already in our possession as they are collected for other purposes.

Basis of lawfulness: The processing is necessary to fulfill a legal obligation - art. 6.1 lett. c) of the GDPR to which you are subject or our company is subject.

How long we keep your data: We keep your personal data for as long as necessary to fulfill our obligations.

  1. Links to external websites

Where we provide links to other websites we do so for informational purposes only. Other websites are beyond our control and this Policy does not apply. If you access other websites using the links we have provided, the operators of those websites may collect your information and use it in accordance with their Privacy Policy, which may differ from this Policy.

  1. Security of YOUR PERSONAL DATA

We have taken a number of physical, technical and organizational measures to ensure adequate levels of security for the personal data processed under our control, so as to prevent all reasonably foreseeable risks, with particular but not limited reference to their destruction, loss, modification or unauthorized disclosure or accidental or unlawful access.

The data provided are stored and archived on secure servers in the European Economic Area

If you have a password that allows you to access our Web services, it is your responsibility to keep it secure and confidential.

  1. International Transfers

Our personal data processing operations generally take place within the European Economic Area ('EEA'). However, should Your personal data be transferred to countries outside the European Economic Area ('EEA'), in the absence of adequacy decisions from the European Union Commission, we will ensure that we provide appropriate safeguards to protect Your personal data in these countries. Some of the safeguards that could be adopted, where appropriate, include the use of "Standard Contractual Clauses" (SCCs) established by the European Commission under Article 46(1) GDPR, pseudonymization and if possible encryption of the data itself.

The transfer abroad of personal data is often related to the use of cloud technologies, digital communication systems, security software and protection of IT services. In such cases, our Company is committed to using services chosen from among operators that guarantee higher standards of security and attention to the protection of personal data.

  1. Who can process your personal data

For the achievement of the above purposes, the following parties may have access to your personal data:

  1. Our employees and contractors are properly trained in measures to protect your rights and the security of your data. They act as authorized and competent persons in this regard.
  2. We work with companies, professional firms, and consultants who specialize in assistance and/or advice regarding privacy, administration, and legal issues. We also engage third parties to ensure the proper functioning of our website and its services. For example, we rely on service providers, cybersecurity experts, and other third parties to improve, extend, and protect our website and information systems. Each outside party is carefully evaluated for competence and reliability, and is contractually bound to provide a level of protection for your personal information that is no less than our own. These parties act as Data Processors within the meaning of Article 28 of the GDPR.
  3. We may disclose your information to administrative, institutional, judicial or other authorities for whom disclosure is required by law or necessary for the purposes described in this policy.

The full list of providers who process your personal data is available from the Controller.

  1. What are your Rights?

In accordance with applicable law and under the circumstances determined by the lawful basis under which your personal information is processed, you may exercise the following rights.

  1. Right of access to personal data. You have the right to obtain confirmation as to whether or not we are processing personal data concerning you and if so, to obtain access to the personal data processed. You have the right to obtain a copy of the data being processed. This right is applicable only if it does not lead to infringement of the rights and freedoms of others. On this point, please note that in the case of repeated requests, you may be charged a fee by us based on our administrative costs.

If you have an account (e.g., catalog restricted area access), you can access your user profile in order to obtain a copy as well as correct, edit or delete inaccurate data. You also have the option to close your Account at any time by writing to

  1. Right to rectify, erase or limit the processing of personal data. If you wish to rectify, erase or restrict the processing of your personal data, please contact us through the information we have provided in the section. It is your responsibility to ensure that you provide true, accurate, complete data and keep it up to date (e.g. account).
  2. Right to revoke consent. If you have given us consent to process your data, you can revoke it at any time (e.g., newsletter)
  3. Right to data portability. If the processing is based on your consent or contract and is carried out by electronic means, you have the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to us and you have the right to transmit such data to another data controller without hindrance from us.
  4. Right to object. As a user, you have the right to object to the processing of your data under certain circumstances. For example, you may benefit from this right if the processing is based on our legitimate interests (or those of third parties). You can challenge the merits of our legitimate interests, however, we may have the right to continue to process such personal data on the basis of our legitimate interests or when this is relevant in connection with legal actions, or the data is necessary for the establishment, exercise or defense of a right in court. You also have the right to object to the processing of your personal data for direct marketing purposes.
  5. Right not to be subjected to automated decision making.
  6. Right to lodge a complaint with the 'supervisory authority. Without prejudice to the possibility of approaching our Company for the exercise of rights related to the processing carried out by us, you may lodge a complaint before the competent independent administrative authority in the Member State of the European Union where you normally reside, where you work, or where an alleged violation of the law on the protection of your personal data has occurred. In the Italian territory you may file a complaint with the following supervisory authority: https://www.garante\
  1. Forms for exercising your rights

To exercise your rights toward the owner, you can use the following form:

Remember that in order for you to exercise your rights, your identification is required on our part.

  1. Policy Changes

This Policy was last updated on 08/04/2024.

  1. Questions regarding this Policy

The publisher of this website ORSOLINA28 ART FOUNDATION ETS acting as the Data Controller of your personal data. If you have any questions, concerns or complaints regarding this Policy or the handling of your data, you may contact us by e-mail at: