Privacy & Cookie Policy | Villaggio Fondazione Roma

Information pursuant to Articles 13 and 14 of EU Regulation 2016/679 (rev. 25/11/2025)

The General Data Protection Regulation 679/2016, together with Legislative Decree 196/2003 (Personal Data Protection Code), as amended by Legislative Decree 101/2018, regulates the protection of natural persons with regard to the processing of personal data and their free circulation.

PURPOSE OF THIS INFORMATION

Fondazione Roma – Salus (hereinafter “Foundation”) protects users’ privacy with particular care and wishes to ensure secure navigation of its website.

This information (privacy policy) describes how the website processes the personal data of users who visit it or use the available services. It is prepared pursuant to Articles 13 and 14 of EU Regulation 2016/679 and refers exclusively to the site www.villaggiofondazioneroma.it.

This information does not concern external sites or services accessible via links present on the site pages.

In relation to specific processing activities, the Controller may also provide additional information and, where necessary, request the user’s consent through clear and transparent methods.

DATA CONTROLLER

Fondazione Roma – Salus
Registered office: Via Ernesto Calindri 40, 00138 Rome
Email: privacy@villaggiofondazioneroma.it Tel.: 06 8720891

DATA PROTECTION OFFICER (DPO)

The Data Protection Officer (DPO) can be contacted at the following email address: dpo_frve@unilavoro.org

PURPOSE, LEGAL BASIS OF PROCESSING AND TYPES OF PERSONAL DATA

Following consultation of the site, data relating to identified or identifiable persons may be processed. The Foundation processes personal data when users:

navigate or consult the site;
voluntarily use the services and features available.

Purpose of processing

Personal data are processed to:

manage and maintain the website, including security checks to prevent abuse or fraudulent activities;
process contact requests and manage communications or requests sent via form, email or links on the site;
fulfill applicable legal obligations;
assert or defend a right in legal proceedings, if necessary;
carry out administrative activities related and instrumental to the above purposes.

Legal basis for processing

Processing takes place when at least one of the following conditions exists:

consent of the data subject, collected through explicit and transparent methods (Art. 6.1.a);
necessity to respond to user requests or provide services/support (Art. 6.1.b);
fulfillment of legal obligations to which the Controller is subject (Art. 6.1.c);
legitimate interest of the Controller in the management, maintenance and security of the site, to prevent unforeseen events or unlawful acts that may compromise data and functionality (Art. 6.1.f).

Types of data processed

The site processes browsing data and data voluntarily provided by users when they use available services or features.

Browsing data

Computer systems automatically acquire certain data whose transmission is implicit in the use of the Internet. Although not collected to identify users, such data may allow identification through processing or association with other data.

This category includes:

IP addresses and domain names of users’ computers;
URI addresses of requested resources;
time of request;
method used for the request;
size of the file obtained in response;
numerical code of the response status (e.g., success or error);
other parameters relating to the operating system and computing environment.

These data are used only for anonymous statistics, to verify proper site functioning and are deleted after processing, in any case no later than seven days, except for requirements of the Judicial Authority in case of computer crimes. Data are not used for identification, profiling or additional purposes.

Data voluntarily provided by the user

Voluntary sending of emails to addresses or forms on the site entails acquisition of the sender’s address and other personal data entered in the communication, necessary to manage the response. Such data are not used for mailing lists and do not flow into specific databases: they remain in the Foundation’s email systems and are processed only by authorized personnel. Retention lasts the time necessary to manage the request and in any case within legal limits.

Additional processing

The site also presents personal data not related to navigation alone. For such processing, the Controller provides specific information pursuant to Arts. 13 and 14 of the Regulation, requests prior and separate consent and directly manages the entire process with data subjects before starting processing.

COOKIES

What are cookies

Cookies are small text files sent by websites to the user’s device (browser) and stored to be retransmitted during subsequent visits. During navigation, users may also receive third-party cookies, from different sites or servers, used for elements integrated into the site (images, maps, links, etc.).

Cookies may have different purposes: authentication, session monitoring, storage of preferences and configurations, service optimization and improvement of browsing experience. By accessing the site, users accept the use of proprietary cookies and, if present, third-party cookies. Their deactivation may limit or compromise some site features.

Types of cookies

1. Technical cookies

Used exclusively to ensure site functioning or provision of services requested by users. They do not require prior consent.

They are distinguished into:

Navigation or session cookies

Essential for site functionality (e.g., authentication, access to restricted areas). Without these cookies, some sections may not function.

Analytics cookies

Considered technical if used directly by the manager to collect data in anonymous and aggregate form (visitors, pages consulted, dwell time). Their deactivation does not compromise site functionality.

Functionality cookies

Allow storage of user choices and preferences to improve service. They may contain personal data; their absence may reduce some features.

2. Profiling cookies

Create user profiles to send advertising in line with their preferences. Due to their invasive nature, they require explicit consent.

They can:

display personalized advertising content;
collaborate with third-party sites and track navigation across different domains;
collect information such as IP address.

This category also includes social widget cookies (Facebook, Twitter, YouTube, Google Maps, etc.). Their deactivation does not compromise the site, except for sections containing such widgets.

Other cookie classifications

By duration:

session cookies: deleted when the browser is closed;
persistent cookies: remain until the scheduled expiration.

By the party that installs them:

proprietary cookies: installed by the site Controller;
third-party cookies: installed through the site by external services (e.g., social networks or analytics tools).

Cookies used on this site

The Foundation uses only technical cookies (navigation or session), necessary for secure and efficient navigation. No personal data are acquired or stored through such cookies. The site:

does not use profiling cookies;
does not use persistent cookies for personal purposes;
does not use tracking methods;
allows the use of third-party cookies only for analytics assimilated to technical cookies.

Technical and session cookies

Session cookies are temporary and are deleted when the browser is closed. Technical cookies, necessary for site functioning, may also include persistent cookies and are retained for a maximum of seven days.

Analytics cookies

Used to collect anonymous information on how the site is used (statistics, navigation flows, performance).

The service used is Google Analytics, provided by Google Inc., which processes aggregate data for statistical analysis and site improvement. Google may also use such data to personalize advertisements in its own advertising network.

Third-party cookies

Third-party cookies are set by sites other than the Controller’s and serve to collect information on site usage by visitors. The respective controllers process data independently and have their own privacy and cookie policies, separate from those of this site. The Controller is not responsible for processing carried out by such third parties. For more details on third-party cookies involving data transfers, please refer to the respective privacy and cookie policies.

Cookies present on the site

COOKIE	Duration
_ga_42JJT8DNH5	1 year 1 month
_ga	1 year 1 month
pll_language	1 year 1 month
cmplz_banner-status	1 year
cmplz_consented_services	1 year
cmplz_functional	1 year
cmplz_marketing	1 year
cmplz_policy_id	1 year
cmplz_preferences	1 year
cmplz_statistics	1 year

Third-party plugins

To ensure management and site functionality, some pages may include plugins also managed by third parties. As with cookies, such tools may involve processing of personal data, including their transfer to third parties in case of interaction with other websites. In other cases, plugins are necessary for technical functions essential to site operation.

Cookie deactivation

The site functions optimally with cookies enabled. Deactivation of some types does not compromise general site use, but disabling all cookies, including technical ones, may result in some features not being fully available.

Most browsers automatically accept cookies. Users can modify browser settings at any time to limit or block cookies, accept them all, receive a warning upon activation or refuse them completely. Since each browser uses different procedures, it is advisable to consult the “Help” section of the browser used.

For convenience, here are links to official instructions for major browsers:

Recipients of personal data

Data collected through use of the site are processed by the following parties, designated by the Controller as Data Processors pursuant to Article 28 GDPR:

1.618 Srl (www.1-618.it): website management; website development and design.
Foundation personnel, authorized and instructed by the Controller.

Personal data are not intended for dissemination.

PLACE OF DATA PROCESSING

Processing is carried out at the Controller’s registered office and at the offices of the Data Processors, namely the technical service providers responsible for site development and maintenance.

Data transfer to third countries

Personal data are not transferred to third countries, either within or outside the European Union. Should a transfer become necessary in the future, the Controller will promptly inform data subjects and ensure compliance with applicable regulations. Any extra-EU transfers will only occur in the presence of:

adequacy decisions by the European Commission;
adequate safeguards provided for by Article 46 GDPR;
binding corporate rules (BCR).

The Controller will evaluate the lawfulness requirements of the transfer on a case-by-case basis.

Data retention period

Browsing data are retained for seven days, then automatically deleted. Other data are retained in compliance with the timeframes provided by current regulations and according to proportionality criteria, limited to the stated purposes. Users may request additional details from the Controller.

Data provision and failure to provide

With the exception of browsing data and cookies, users are free to provide their data for use of site services (e.g., contact form, email). Failure to provide data may prevent the Foundation from providing feedback or properly managing requests.

Methods of processing

Data are processed in compliance with current regulations, with adequate security measures to ensure their confidentiality, integrity and protection from unauthorized access. Processing is carried out with paper, computer and telematic tools by authorized personnel.

RIGHTS OF DATA SUBJECTS

Data subjects may exercise, at any time, the rights provided by Articles 15-22 of the GDPR, including:

Access: verify whether personal data are processed and obtain a copy;
Information: know the purposes, data categories, recipients and retention periods;
Rectification and erasure of data;
Restriction of processing;
Objection to processing, including for direct marketing purposes;
Objection to automated decision-making processes, including profiling;
Withdrawal of consent at any time, without prejudice to the lawfulness of prior processing;
Lodge a complaint with a supervisory authority.

METHODS OF EXERCISE

To exercise your rights or obtain information, contact:

Fondazione Roma – Salus | Via Ernesto Calindri 40, 00138 Rome
Email: privacy@villaggiofondazioneroma.it

Withdrawal of consent does not invalidate processing carried out prior to the request.

RIGHT TO LODGE A COMPLAINT

Data subjects who believe that data processing is contrary to GDPR or sector regulations may lodge a complaint pursuant to Articles 77 and 79 of the Regulation, via:

Registered letter with acknowledgment of receipt: Fondazione Roma – Salus | Via Ernesto Calindri 40, 00138 Rome
Email: privacy@villaggiofondazioneroma.it

AMENDMENTS TO THE PRIVACY POLICY

This Privacy and Cookie Policy is subject to periodic updates. The Controller reserves the right to modify it at any time, informing users on this page. Users are invited to regularly consult the page and refer to the date of the last update.