top of page

Privacy Policy

EU Regulation 2016/679
Impacto Centro Studi ETS

Last update: 08/08/2025

This privacy policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) and describes how Impacto Centro Studi e Ricerca ETS, headquartered at Via Quintino Sella 16 – 10036 Settimo Torinese (TO), Fiscal Code 97915110015, processes the personal data of users who interact with its online and offline services.

 

Data Controller:

Impacto Centro Studi e Ricerca ETS (“Data Controller”) is responsible for collecting and managing your personal data.

Email: info@impactocentrostudi.com

Phone: +39 344 2600410 / +39 349 1306774

PEC (Certified Email): impactocentrostudi@namirialpec.it

Personal Data We Collect

Pursuant to Article 4 of Regulation (EU) 2016/679, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

 

“Processing of personal data” means any operation or set of operations performed, with or without the aid of automated means, on personal data or sets of personal data. Such operations include, by way of example: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or dissemination, or any other form of making available; alignment or combination; restriction; erasure or destruction.

We collect and process only the data necessary for the purposes listed below:

 

a) Data provided voluntarily:

  • First and last name

  • Address and contact details (phone, email)

  • Tax and billing details (Tax Code, VAT number, fiscal address)

  • Information provided through contact forms, newsletter subscriptions, event or project registrations

b) Data collected automatically:

  • IP address

  • Browser and device type

  • Operating system and language

  • Technical and profiling cookies

c) Special categories of personal data (Art. 9 GDPR):

Only when strictly necessary for project or training activities, and only with explicit consent (e.g., data relating to health conditions, disabilities, ethnic origin).

Legal Bases for Processing

Data will be processed for the following purposes:

 

  1. Management of contractual and pre-contractual relationships – Art. 6.1.b GDPR

  2. Fulfilment of legal and tax obligations – Art. 6.1.c GDPR

  3. Organizational management of events, projects and memberships – Art. 6.1.b GDPR

  4. Institutional and informational communications (newsletters, invitations, updates) – Art. 6.1.a GDPR

  5. Research, monitoring, and reporting of European projects – Art. 6.1.e GDPR

  6. Promotional and fundraising activities – Art. 6.1.a GDPR

  7. Protection of contractual rights – Art. 6.1.f GDPR

How We Process Data

In accordance with current legislation, it is prohibited to process personal data revealing particularly sensitive information such as a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The same prohibition applies to the processing of genetic data, biometric data intended to uniquely identify a natural person, and data concerning a person’s health, sex life or sexual orientation.

 

This prohibition, however, does not apply in certain circumstances provided by the Regulation, such as when the processing is carried out by a foundation, association, or other non-profit organization pursuing political, philosophical, religious or trade union purposes. In such cases, the processing must take place exclusively within the framework of the organization’s legitimate activities, with appropriate safeguards for data protection, and must concern only members, former members, or persons who, for reasons connected to the organization’s purposes, have regular contact with it. Such data must not be disclosed outside the organization without the explicit consent of the data subject.

 

In all cases, where it becomes necessary to process these special categories of personal data, the organization will always request specific and informed consent from the data subject, ensuring that such processing is carried out in full compliance with the safeguards required by law.

 

Processing is carried out in electronic and/or paper format, adopting adequate security measures to ensure the integrity, confidentiality and availability of the data.

Data Period

Personal data processed for the purposes described above will be retained for as long as necessary to provide the services offered by the Data Controller and for no longer than ten (10) years. After this period, the data will be destroyed.

 

Data processed for administrative and accounting purposes will also be retained, in compliance with legal obligations, for a period not exceeding ten (10) years.

Consent to such processing may be withdrawn at any time.

Provision of Data

Providing consent for the processing of personal data is necessary for all purposes listed under points 1 to 6, as these are closely linked to fulfilling legal obligations arising from a relationship with the data subject and, more generally, to compliance with laws, regulations, and EU provisions. Refusal to provide such data would make it impossible for the Data Controller to meet these obligations and, consequently, to provide the requested services or activities.

 

For the purpose indicated under point 7, relating to the sending of informational communications, this may take place via email or postal mail. The data subject may at any time, pursuant to Article 7(3) and Articles 15 et seq. of Regulation (EU) 2016/679, object to such communications, request their cessation, or indicate a preference for other available means of contact.

 

Providing data and consenting to its processing for the purpose referred to under point 7 is entirely optional. Refusal will result solely in the inability to carry out activities such as sending newsletters, by email or post, relating to the promotion of the Data Controller’s institutional activities.

Methods of Processing Personal Data

Personal data will be processed and stored exclusively for the purposes stated in this notice, using both paper and electronic media, and entered into relevant databases. Processing will be carried out in ways that ensure the integrity, security, and confidentiality of the information, in full compliance with the provisions of Regulation (EU) 2016/679.

 

All necessary technical and organizational measures will be adopted to ensure an adequate level of protection, in line with the GDPR provisions, and access to the data will be granted only to persons expressly authorized in writing.

 

Data may also be communicated to, or collected from, third parties — such as data processing centers or other companies — which, when involved, will be formally designated as Data Processors and required to comply with the obligations arising from the legal relationship in place, as well as specific obligations established by applicable law.

Transfer of Data at EU level and Communication to Third Parties

Data will mainly be processed in Italy and the EU. Any transfers outside the EU will be carried out in compliance with Articles 44–49 GDPR, with adequate safeguards (Standard Contractual Clauses).

For the purposes indicated in points 1 to 7, Impacto Centro Studi e Ricerca ETS informs that personal data of the data subject may be communicated to external parties, previously designated in writing, where such communication is necessary to comply with a legal obligation, to fulfill obligations arising from a contract to which the data subject is or will be a party, or to meet specific requests made by the data subject before the conclusion of the contract.

 

Recipients of such communications may include, by way of example:

  • supervisory bodies, judicial authorities, public entities, professionals, companies, public administrations, or other structures tasked with performing processing related to fulfilling administrative, accounting, or management obligations provided for by current legislation and linked to the ordinary conduct of the Data Controller’s business (legal obligations);

  • banks, credit and financial institutions, freelancers, professional firms and consultants to whom data must be communicated for the performance of the Data Controller’s activities and, in particular, for the fulfillment of contractual obligations undertaken with the data subject (contractual obligations).

Cookies

In accordance with the Italian Data Protection Authority’s measure of 8 May 2014, No. 229, cookies can be divided into two macro-categories: “technical cookies” and “profiling cookies”.

 

For more details, please refer to our Cookie Policy.

Technical cookies

Technical cookies are used solely to enable the transmission of a communication over an electronic communications network or to fulfill a specific request from the user relating to an information society service. They are essential tools for the proper functioning of the site and are not used for further purposes. They include:

 

  • Navigation or session cookies, which allow normal navigation and use of the website (e.g., making a purchase or logging into restricted areas).

  • Analytics cookies, considered equivalent to technical cookies when used directly by the site operator to collect aggregated and anonymous information on the number of users and how they use the site.

  • Functionality cookies, which allow navigation according to criteria selected by the user (such as language or products chosen for purchase), improving the service provided.

Installation of technical cookies does not require the user’s prior consent, although the obligation remains to provide information pursuant to Article 13 of Regulation (EU) 2016/679.

Profiling cookies

Profiling cookies aim to create user profiles in order to send advertising messages in line with the preferences expressed during web browsing. Due to their particular intrusiveness in users’ private sphere, their use requires that users receive clear and detailed information and give valid, informed consent.

 

Each domain or portion of a domain visited via a browser can set cookies. Since many web pages (for example, online news sites) contain elements from different domains, it is normal for a browser to store numerous cookies. These tools serve to record and, in some cases, track information relating to the browsing experience, keeping the user logged in while navigating from one page to another, storing preferences already set (such as username and password), and analyzing tastes and interests to tailor marketing initiatives. Limiting the use of cookies may affect the proper functioning of the site, while blocking or removing them from the browser cache could prevent full use of the services offered.

Cookies and Social Networks

The website may contain links or functions that allow access to social network services and platforms. The use of such services is governed by the terms of use and privacy policies of each social network, available on their respective official websites. The Data Controller has no control over the use of personal information voluntarily shared in public spaces, forums, comment areas, or notice boards; the user is solely responsible for any disclosure of personal data made through such channels.

Social Media

This website may include links or features that provide access to social media services and platforms.
Use of such tools is governed by the terms of service and privacy policies of each respective social network, available on their official websites.
The Data Controller has no control over the use of personal information that users choose to share in public spaces such as forums, comment sections, or message boards.
Therefore, users are solely responsible for any disclosure of data made through such channels.

Data Subject Rights

The data subject may, at any time, exercise the rights granted under Article 7(3) and Articles 15 et seq. of Regulation (EU) 2016/679, including:

 

  • the right to access their personal data;

  • the right to obtain rectification, erasure, or restriction of processing;

  • the right to object to processing;

  • the right to data portability;

  • the right to withdraw consent, where applicable (it is understood that withdrawal does not affect the lawfulness of processing based on consent given before withdrawal);

  • the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority).

 

To exercise these rights, the data subject may send a written communication to Impacto Centro Studi e Ricerca ETS, Via Quintino Sella 16 – 10036 Settimo Torinese (TO) – Italy, call +39 344 2600410 or +39 349 1306774, or email info@impactocentrostudi.com.

The data subject declares to have been informed of the rights set out in Regulation (EU) 2016/679. Additional information regarding the processing of personal data may also be provided verbally at the time of data collection.

Updates

This privacy notice may be updated. Any changes will be communicated on the website and, where possible, via email.

bottom of page