Privacy Policy




The EU regulation 2016/679, fully effective from May 25, 2018, in regulating the right of confidentiality has provided that the collection and processing of any personal data are preceded by the required information and by the free consent expressed by the person concerned to whom the data is related.

We, therefore, inform you, pursuant to art. 7 of the aforementioned regulation, that personal data and particular data (previously known as "sensitive") provided by you also verbally, or otherwise acquired as part of our business may be processed, in compliance with the aforementioned legislation and the principles summarized below.

Definition of Treatment

By personal data processing is meant, pursuant to art. 4, paragraph 2, among other things and in particular, their collection, registration, organization, conservation, consultation, processing, modification, communication or dissemination until their cancellation and destruction.


Principles relating to processing of personal data (art. 5) 

The data will be processed in a lawful, correct and transparent way, collected for specific, explicit and legitimate purposes. The data will be adequate, exact, relevant and limited to what is necessary. Data will be kept up to date, erased or rectified if inaccurate having regard to the purposes for which they are processed; stored for a limited period of time and provided for the purpose, processed in such a way as to guarantee adequate security.



This section contains information on the processing of users' personal data (hereinafter referred to as "Data").

The information is provided only for the FRRB site and not for other websites that may be consulted by the user through links contained therein.

This policy is provided pursuant to art. 13 of the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, for subjects who interact with FRRB.

The purpose of this document is to provide indications about the purposes, storage times, methods of treatment, recipients and the nature of the information that the Data Controllers must provide to users when connecting to the FRRB web pages, regardless of the purposes of the connection itself, according to Italian and European legislation.



The Data Controller

The Data Controller is the natural or legal person that, alone or jointly with others, determines the purposes and means of the processing of personal data. The Data Controller for this website is FRRB. For any clarification and for the exercise of the rights related to the data processing, the user can contact The Data Controller at the following e-mail address:


Type of data collected

Among the Data collected, independently or through third parties, there are usage data, cookies, e-mail, name, surname, telephone numbers and other types of Data. Full details on each type of data are provided in dedicated sections of this privacy policy or through specific information displayed before the data are collected.

The FRRB website uses cookies. To find out more, the User can consult our Cookies Policy.

The purpose of personal data processing

The data collected while browsing is used to allow the Data Controller to provide its services and for purposes such as, and not limited to, contact management and message sending, user database management, display of content from external platforms, spam protection and statistics.


Methods of data processing

The Controller adopts adequate security measures to prevent unauthorized access, disclosure, modification or destruction data.

The treatment is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

Data such as IP (Internet Protocol address), type of browser used to connect to the site, name of the internet service provider, date and time of visit, source web page, and exit page, possibly the number of clicks, are processed automatically and collected in aggregate form in order to check the correct functioning of the site, and for security reasons. This information will be processed based on the legitimate interests of the Controller.

The automatically recorded data, for security purposes, may also include the IP address. These data are not used for the identification or profiling of the user but may be used in accordance with the applicable regulations in order to block attempts to damage the site, harmful activities or constituting a crime.



In addition to The Data Controller, in some cases, other subjects involved in the FRRB organization  (administrative, commercial, marketing, legal, system administrators) or external subjects (such as service providers third-party technicians, postal couriers, hosting providers, IT companies, communication agencies, etc.)  may have access to the Data, for the same purposes, and be appointed, if necessary, Data Processors by The Data Controller.

The updated list of Data processor can always be requested to the Data Controller.


Place of processing

The processing of data generated by using  FRRB website takes place at the operational headquarters located in via Taramelli 12, 20124 Milan and in any other place, within the European Union, where the parties authorized to process are located.


Scope of disclosure and data protection

The data provided and collected will not be disclosed or used for purposes other than those foreseen and indicated. Data will be stored and processed with adequate security measures against the risks of loss or damage, uncontrolled access, illegal use or for purposes other than those envisaged.

The User Data may be transferred to a country other than the one in which the User is located.


Retention period

The data are processed and stored for the time required by the purposes for which they were collected. At the end of the retention period, the data will be deleted or destroyed.


Data subject's rights

Articles from 15 to 21 of the regulation establish the rights of the interested party such as access, rectification, cancellation, limitation, notification, portability, opposition, revocation of consent and proposal for a complaint to the supervisory authority.


Exercising rights

The Data subject can exercise his rights by sending his requests to Fondazione Regionale per la Ricerca Biomedica, to the email address:

Changes to this Privacy Policy document

This document constitutes the FRRB website privacy policy and it is written in accordance with the relevant regulatory provisions.

FRRB as The Data Controller reserves the right to make changes at any time in accordance with the relevant legislation.

Users are therefore invited to periodically consult this page.

If the changes concern treatments whose legal basis is consent, The Data Controller will collect the necessary consent again.



The document was updated on 2020.01.28