Privacy Policy

Dear user,

Following the provisions of Article 13 of the European Regulation on the Protection of Personal Data No. 679/2016 (so-called GDPR), we wish to inform you that:

1. Purposes of the treatment

Data will be processed exclusively for the following purposes:

  • assistance to the user in case of problems related to the site;
  • subscription to the quarterly newsletter of the IPA Floods and Fires program;
  • updating the user about the activities and products related to the IPA Floods and Fires Project, also through the quarterly newsletter;
  • fulfilment of the obligations deriving from European and national legislation or execution of the order of the Judicial Authority;
  • archiving, historical research, and analysis for statistical purposes, in any case, consistent with the typical activity of the platform.

2. Optional provision of data

The user is free to provide their data. However, failure to provide data will make it impossible to receive the newsletter.

3. Data Controller

The Data Controller is the Presidency of the Council of Ministers – Department of Civil Protection with registered office in Via Ulpiano 11, 00193 Rome, The staff of the Department may become aware of the data as part of their institutional activities if such communication is functional to the pursuit of the purposes of treatment.
The Head of the Department, under art. 37 of the EU Regulation 2016/679, has appointed Antonio Scalzo as Data Protection Officer, in Via Ulpiano 11, 00193 Rome, who can be contacted at:

Certified E-mail:


4. Data Processor

The Data Processor is the Fondazione Cima, with headquarters in Via Armando Magliotto, 2 – 17100 Savona, in the person of the President Luca Ferraris. It is possible to use the following contacts:

Certified E-mail:


The President of Cima, in accordance with Article 37 of EU Regulation 2016/679, has appointed a Data Protection Officer, who can be contacted through: 

Certified E-mail:


5. Modalities of treatment

Data are processed in digital format.

The data controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the type of data processed. For this purpose, the data controller uses media or systems owned by him or by third parties suitable to ensure adequate standards of protection of the data conferred (Aruba –

Data will be processed exclusively for the purposes mentioned above by persons specifically identified by the data controller of the treatment adequately trained and made aware of the constraints imposed by law.

6. Type of data processed

The type of data processed belongs to the category of personal data provided voluntarily by the user. 

Data provided are name, surname, E-mail, institution.

The service manager acquires these data when the user subscribes to the Newsletter, requires assistance about the navigation of the site or its contents, or shows interest in topics dealt with by the Program during the Program activities or other meetings.

7. Communication and dissemination of personal data

Data of users who request the dispatch of informative material (mailing list, newsletter subscription, data collected through Google Analytics on the navigation of the site are exclusively used to perform the service or provision requested and are communicated to third parties only in cases where:

  • it is necessary for the fulfilment of requests;
  • the communication is imposed by legal obligations or regulations;
  • during an administrative procedure;
  • all the services referred to in this statement are handled exclusively by staff in charge of data treatment.                                                           

8. Transfer of personal data to countries outside the European Union

Data are processed in the EU territory.

9. Data retention times

Data will be stored for a period necessary to the exclusive purposes of collecting and processing. 

10. Rights of the interested parties

The user may exercise the rights under Art. 15 et seq. GDPR, where applicable. These include the right to request rectification, restriction or deletion of subscription data.

It is always possible to exercise the right to file a complaint with a Control Authority or appeal to the Guarantor for the protection of personal data, when it is believed that the data processing has been carried out in a way that does not comply with the Regulation.