European General Data Protection Regulation 679/2016 (GDPR)

Processings, Data Controller, Processor

When you browse our website, write comments, or get in touch with us via the online forms of our website, we necessarily collect and process your personal data. This document will help you understand what personal information we collect on you (the so-called “processing of personal data”), how we collect it, what purposes we use it for, and what rights you have with regard to your personal data.
When we speak of the “Data Controller” (or simply “Controller”), we are not referring to a specific person, but to the Fondazione Valter Baldaccini, Via V. Baldaccini, 1 – 06034 Foligno (Perugia, Italy), Tel. +39 0742 348 428, e-mail:

The website is run per our instructions and on our behalf by s.r.l. u.s., Via Bachlet 12, 46051 San Giorgio Bigarello (MN), which is called the “Processor” of the personal data.
For the Newsletter processing the Processor is Kudu Srl Società Benefit Via Cavour, 2 22074 Lomazzo(CO) Tel. +39 0236714480, mail:
For several processings regarding the data provided by cookies, the Processor is s.r.l. u.s., Via Bachlet 12, 46051 San Giorgio Bigarello (MN), Tel. +39 0376 392891, e-mail:

When we speak of the “website”, we are referring to site and its apps.

The personal data we collect

In the “Receive the Newsletter” pop-up
First name, last name, e-mail address, and message text are necessary in order to know who is the recipient of the newsletter and be able to send it. The other data are useful for finding out more about the persons interested in our communications, but are not necessary. With your explicit consent, these data, including the comments, will be kept and processed by the Controller and the Processor (Kudu Srl), and will not be rendered public. The Privacy Policy Statement on the processing of the Newsletter is available through this link.

“Donations” page
The data requested are necessary in order to know who sent the donation and for what purpose they intended it. These data remain on the site’s server for one year and in the Foundation’s database for 10 years. In the event you wish to receive a statement for tax purposes, we are required by law to record and keep the data for another 10 years. You may ask us to access, modify, or delete these data at any time. For online donations, the Processor is iRaiser Italia srl via Felice Casati 20, 20124 Milano, mail The complete Privacy Policy Statement concerning the Donation processing is available via this link.

Information coming from social networks
You can click on “Like” on the social network accounts connected with our website, for example FacebookInstagram or Youtube. When you use this option, we automatically collect selected information on you from the social networks. The information we collect depends on the information you have made available on the social network and on your privacy settings for sharing the information on the social networks. Depending on your settings and choices, we will collect the following information: Name and/or username, e-mail address, profile photo, and your contacts on the social networks.

Our website uses cookies. Cookies identify your computer or device instead of you as a specific single user, and are used for various purposes. The complete Cookie Policy Statement is available via this link.

Purposes of the processings

We will use the information provided us to offer you our services, improve our website and services, answer your questions, send you our newsletters, facilitate the social sharing function, show which members of your social networks are friends of the Foundation, and create a better user experience on our website.
Furthermore, these data are used by the Controller and Processor for various internal purposes, such as data analysis, checks, monitoring and prevention of fraud, development of new products and services, improvements or changes to the website or our services, identification of use trends, determination of the effectiveness of our promotional campaigns, and management and expansion of our activities.
In some cases they are necessary to comply with legal requirements and procedures, requests from public and governmental authorities, pertinent standards, and our internal policies.

Right to access, rectification and deletion

Within the limited circumstances in which you expressly gave your consent for the processing of your personal data, for example when you sign up for our newsletter, you have the right to know what personal data we have on you, to modify them, and to request their deletion. You have the right to object to the way we process your personal information, or to ask us to limit its processing. For this purpose, you can send an e-mail to the Processor:

Links to other websites

Our website may contain links to other sites. Our inclusion of such links does not imply our approval or endorsement of such sites. We have no control over the content of these third-party websites, and do not assume any responsibility or liability for third parties and their policies or practices.

Risk reduction measures

The Processor ( s.r.l.) is following a path of adherence to the GDPR standards. Its procedures envisage the fact that only two persons, equipped with a special “key”, can access the data, and they do so only for specific reasons. 
At the Controller’s premises, only three persons can access the database holding the personal data you enter through the site. They use a secure password that is frequently changed. Connection to the website is via SSL encryption.

Transfer of personal data outside the EU

The Processor of the data connected with the website ( s.r.l.) does not have its own servers, but uses Amazon Web Services (sub-processor). The users’ data (with the exception of information on payments and credit cards, which are the responsibility of the Bank and do not go through the website) are stored in a database on an Amazon server which is accessible only from the server itself and remotely only from our company network.

Amazon Web Services uses a cloud architecture, so it is not able to guarantee that the data will be kept within the European Union. However, Amazon Web Services:

  • has certified its compliance with the EU-U.S. Privacy Shield Framework (for information: Its activities are therefore considered subject to a quality supervision equal to that which is expected of an entity operating in the EU;
  • has certified its adherence to CISPE Code of Conduct for Cloud Infrastructure Service Providers. The Code ensures that the cloud provider uses data protection measures that meet the GDPR requirements;
  • has certified its compliance with the Cloud Computing Compliance Controls Catalog (C5), a standard created by the German Authority to verify the consistency between the GDPR requirements and  cloud architectures.

Data storage

We keep the personal details and data you provide us with, including your comments on the website, for one year on the site’s servers and for 10 years on our database, unless you request their deletion.

Legal basis for the processing

The processings of personal data described permit us to pursue the social purposes of the Foundation, disseminating awareness of its activities, and receiving proposals for intervention and funding. They also enable us to meet our legal obligations and pursue our legitimate interests in relation to running the website and providing you with our services, so long as your interests and fundamental rights do not override our interests.
Considering the fact that the security measures adopted render damages to privacy very improbable, and that in any case they would be very limited, and that data subjects may exercise their right to access, modification, and/or deletion of their data at any time, the Controller deems the data processing in question legitimate and in compliance with the spirit and wording of the European General Data Protection Regulation 679/2016, and that the legal basis to continue it exists.
Any complaint you may have of dissatisfaction may be lodged with the Autorità Garante per la protezione dei dati personali (Personal Data Protection Authority), Piazza di Monte Citorio 121 – 00186 Rome, Tel.: +39 06.696771, e-mail:


All graphic material and text is the property of the Fondazione Valter Baldaccini. Any kind of reproduction, even partial, is completely forbidden.

The present version of the Privacy Policy Statement was updated on 1st June 2022.

24 June 2024

Valter Baldaccini wins the “Io sono una persona pe...

Valter Baldaccini received the "Io sono una persona per bene" award (“I am a good person” award), at...

17 June 2024

The Cannara stadium named after Valter Baldaccini

In addition to being a man deeply tied to his hometown, Valter Baldaccini was a great football fan....

06 June 2024

Close to the families of the TMA Prendimi per Mano...

“TMA Prendimi per mano” is an Umbrian association that takes care of children and young people with...

29 May 2024

The video of the theater show “Valter dei desideri...

The publication of the fairy tale "Valter dei desideri" remained hidden until Saturday 25 May 2024,...

27 May 2024

A fairy tale tells Valter Baldaccini’s life.

It is called "Valter dei desideri" (Valter’s Desires) and it is the illustrated fairy tale that tell...

10 May 2024

Social volunteering: the heart of solidarity in Fo...

The importance of volunteering for our community Volunteering represents one of the purest forms...

24 April 2024

The Foundation celebrates its ninth anniversary wi...

“The Valter Baldaccini Foundation invites adults and children to celebrate our 9th birthday! Where?...

22 April 2024

Commemoration of Valter Baldaccini’s tenth anniver...

May 4th marks the tenth anniversary of Valter Baldaccini's passage to eternal life. For the occas...

08 April 2024

Holiday hours that become concrete help

A group of UMBRAGROUP collaborators made a notable gesture of altruism between the end of 2023 and t...



Get all the updates on current projects and initiatives



Stay up to date on current projects and initiatives

Don't show this window again