Privacy Policy

Privacy Policy for Users

Fondazione Nicola Trussardi headquartered in Piazza E. Duse 4 – 20122 Milan, CF 12124800157 (hereinafter, the “Controller”), proprietor of the website (hereinafter, the “Site”), in its capacity as the controller of the personal data of the users browsing the Site (hereinafter, the “Users”) below provides the privacy policy pursuant to Article 13 of EU Regulation 2016/679 of April 27, 2016 (hereinafter, the “Regulations” or “Applicable Norms”).

 The Controller takes into the utmost consideration the right to privacy and protection of personal data of its Users. For any information in relation to this Privacy Policy, Users may contact the Controller at any time, in the following ways:

  • by registered mail with receipt of return to the Holder’s registered office (Piazza E. Duse 4 – 20122 Milan);
  • by email to the following address:

1. Purposes of data processing

Users’ personal data will be lawfully processed by the Controller in accordance with Article 6 of the Regulations for the following purposes:

  1. provision of service, e. to enable the User’s navigation of the Site. The User’s data collected by the Data Controller for this purpose include all personal data of which transmission is implicit in the use of internet communication protocols, which the computer systems and software procedures used to operate the Site acquire in the normal course of their operation: the IP addresses or domain names of the computers used by Users, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.. ) and other parameters related to the User’s operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to allow it to function properly. Notwithstanding provisions laid out elsewhere in this privacy policy, under no circumstances will the Data Controller make Users’ personal data accessible to other Users and/or third parties;
  2. administrative-accounting purposes, i.e. to carry out activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;
  3. legal obligations, i.e. to fulfill obligations required by law, authorities, regulation or legislation, and to ascertain liability in case of hypothetical IT crime to the detriment of the Site.

2. Method of processing and data storage period

The Data Controller will process Users’ personal data by means of computer tools, with logics strictly related to the purposes stated and in such a way as to guarantee data security and confidentiality.

The personal data of the Users of the Site will be kept for the time strictly necessary to fulfill the primary purposes laid out in paragraph 1 above, or in any case as necessary for the protection in civil law of the interests of both the Users and the Data Controller.

3. Scope of data communication and dissemination

Users’ personal data may come to the knowledge of the employees and/or collaborators of the Controller in charge of the Site. These subjects, who are instructed by the Controller in accordance with Article 29 of the Regulations, will process the User’s data exclusively for the purposes indicated in this policy notice and in compliance with the provisions of the Applicable Norms.

Third parties who may process personal data on behalf of the Data Controller as “External Data Processors”—such as and by way of example providers of IT and logistical services functional to the operation of the Site, providers of outsourced or cloud computing services, professionals and consultants—may also become aware of Users’ personal data.

Users have the right to obtain a list of any Data Processors appointed by the Data Controller by making a request to the Data Controller in the manner stated in paragraph 4 below.

4. Rights of Concerned Parties

Users may exercise the rights guaranteed to them by the Applicable Norms by contacting the Controller in the following ways:

  • by registered mail with receipt of return to the Holder’s registered office (Piazza E. Duse 4 – 20122 Milan);
  • by email to the following address:

Pursuant to the Applicable Norms, the Data Controller informs Users that they have the right to obtain information on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic devices; (iv) the identification details of the Data Controller and those of data managers; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as managers or appointees.

In addition, Users have the right to obtain:

(a) access to, updating of, rectification or, when necessary, the integration of data;

(b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed;

(c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or to which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right to be protected.

Furthermore, Users have:

(a) (where applicable) the right to withdraw consent at any time if processing is based on their consent;

(b) (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used, machine-readable format), the right to restriction of processing of personal data, and the right to erasure (“right to be forgotten”);

(c) the right to object: in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purposes of data collection;

(d) should they believe the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they habitually reside, in the Member State in which they work, or in the Member State in which the alleged violation occurred). The Italian Supervisory Authority is the “Garante per la protezione dei dati personali,” based at Piazza di Monte Citorio No. 121, 00186 – Rome (

The Data Controller is not responsible for updating all links viewable in this Policy, so whenever a link is not working and/or has been updated, Users acknowledge and agree that they should always refer to the document and/or section of the websites referenced by that link.



Share on