Privacy Policy

Privacy Notice on the Processing of Personal Data Collected via the Site pursuant to Article 13 of Regulation (EU) 2016/679

Dear User,

Pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), this section provides information on the processing of personal data of Users who visit the website (hereinafter “Site”) or who use the services made available through the said Site.

This privacy notice is limited to the Fondazione Toscana Life Sciences Site and the information provided herein does not pertain to any other sites, online pages, or services accessible via hypertext links published on the Site but referring to resources outside the domain of the Fondazione Toscana Life Sciences.


Following consultation of the Site, data relating to identified or identifiable natural persons may be subject to processing.

The Controller is the Fondazione Toscana Life Sciences (hereinafter TLS), with registered office in Via Fiorentina no .1 – 53100 Siena, email:

Contact details of Personal Data Protection Officer

The Data Controller has appointed the Personal Data Protection Officer (in short RPD or DPO – Data Protection Officer) pursuant to articles 37 and following of the GDPR n. 679/2016. The person responsible for the protection of personal data can be contacted at the following e-mail address:

Types of Data Processed and Purposes of the Processing

Consultation of the Site may involve the processing of data suitable for direct or indirect identification of a natural person (e.g., name, surname, email address, IP address).

Browsing Data

Browsing data are data acquired automatically by the systems and programs used to operate the Site and are necessary to provide the web services (e.g., IP addresses or domain names of the terminals used).

These data can also be used to process anonymous statistical information on the use of the Site and to check that it is functioning properly. In these cases, browsing data do not enable the identification of the Users and are deleted immediately after anonymous processing.

Browsing data can also be used to ascertain liability in the event of crimes against the Site or committed through the Site.

Data Provided by the User

These data refer to optional and voluntary information sent by the Users to the addresses provided on the Site. These data (e.g., email address, subject of the email) are processed by the recipient to follow up on the requests received.

Specific notice is posted on a case-by-case basis in the sections of the Site where data are collected, giving information on data processing pertaining to each given activity. Whenever necessary, TLS requests the User’s consent before personal data processing.


Cookies are information (small text files) sent by websites to the User’s device (PC, smartphone, tablet). This information allows browsing, computer authentications, and collection of information on the number of visitors and the patterns of visits to the website.

Further information on the cookies used by the Site is available in the cookie policy.

Nature of Data Provision

The provision of personal data by the User is not mandatory, except for the browsing data, which are collected by the system using automated tools. However, any refusal to provide personal data shall prevent the use of the services provided through the Site, making it impossible to comply with the User’s requests.


The User’s data are collected to allow the Controller to provide the service, comply with legal obligations, respond to enforcement requests, protect its rights and interests (or the rights and interests of Users or third parties), detect any malicious or fraudulent activities, as well as the following: statistics, interaction with external social networks and platforms, displaying content from external platforms, managing contacts, and sending messages.

Data Processing Means and Data Retention Time

The personal data collected through the Site are processed in accordance with Regulation (EU) 2016/679, Italian Legislative Decree no. 196/2003, and Italian Legislative Decree no. 101/2018. The Controller implements appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.

The server hosting the Site is located in the European Union.

All TLS employees and/or collaborators who access, or shall access, personal data, act/shall act under the direct authority of the Controller, are/shall be appointed and duly authorized to process personal data and have/shall have received appropriate operating instructions in this regard.

The processing is carried out using IT and/or telematic tools, with organizational means and logic strictly related to the stated purposes. In some cases, in addition to the Controller, other parties involved in the organization of this Site (administrative staff, legal counsel, system administrators) or external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies) also appointed, if required, as Processors by the Controller may have access to the data. The updated list of Processors may be requested at any time from the Controller.

Personal data are processed for the time strictly necessary to achieve the purposes for which they were collected. The Controller may be required to retain personal data for a longer period to fulfill a legal obligation or upon order of an authority. At the end of the retention period, the personal data shall be erased. Therefore, at the end of this period, the right of access, and the right to erasure, rectification, and data portability can no longer be exercised.

Rights of the Data Subjects

The subjects to whom the personal data collected through the Site refer have the right to access their personal data, to request their rectification, updating, and erasure. It is also possible to request the restriction of processing and data portability. These requests may be addressed to the Fondazione Toscana Life Sciences, with registered office at Via Fiorentina no. 1 – 53100 Siena, email: Requests are filed free of charge and processed by the Controller as soon as possible and in any event within 30 days of receipt (

Data subjects who consider that processing of their personal data through the Site violates the regulations on personal data protection are entitled to lodge a complaint with the Italian Data Protection Authority (Italian Data Protection Authority – Data Protection Officer, Piazza Venezia 11, IT-00187 Rome, email:

Additional Information on Data Collection and Processing


The User’s personal data may be used by the Controller for legal purposes in court or in the preliminary stages of any proceedings to defend against improper use of this Site or its services.

The User confirms to be aware that the Controller may be required to disclose personal data by order of public authorities.

Additional Information on the User’s Personal Data

In addition to the information contained in this privacy policy, this Site may provide the User with additional information regarding specific services or the collection and processing of personal data upon request.

Information Not Included in This Policy

More details on the collection or processing of personal data may be requested from the Controller at any time via email at

Handling of “Do Not Track” Requests

This Site does not support “Do Not Track” requests.

To determine whether any of the third-party services used honor “Do Not Track” requests, the User should refer to their privacy notices.

Changes to This Privacy Policy

The Controller reserves the right to introduce changes in this privacy policy at any time, giving notice to Users on this page and possibly within this Site, and/or by communication to Users via any contact details available to the Controller, insofar as technically and legally practicable. It is strongly advised to consult this page regularly and check the date of revision at the bottom.

Should the changes refer to processing activities based on the User’s consent, the Controller shall collect new consent from the User, where required.


Details on the Processing of Personal Data


The services included in this section enable the Controller to monitor and analyze traffic data and are used to track User behavior.

WordPress Stats (Automattic Inc.)
WordPress Stats is a statistics service provided by Automattic Inc.
Personal data processed: Cookies; Usage data.
Place of processing: United States – Privacy Policy.

Font Awesome (Fonticons, Inc. )
Font Awesome is a typeface display service provided by Fonticons, Inc. that allows this Site to embed such content in its pages.
Personal data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy.

Google Fonts (Google Ireland Limited)
Google Fonts is a typeface display service provided by Google Ireland Limited that allows this Site to embed such content in its pages.
Personal data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy. 

SPAM Protection

This type of service analyzes the traffic of this Site, potentially containing Users’ personal data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

Google reCAPTCHA (Google Inc.)

Google reCAPTCHA is a SPAM protection service provided by Google Inc.
Use of the reCAPTCHA system is subject to Google’s privacy policy and terms of use.

Personal data processed: Cookies; Usage data.

Place of processing: United States – Privacy Policy.

Contacting the User

Contact Form (this Site)

By completing the contact form with their data, Users consent to their use to comply with their requests for information, contacts, or any other request indicated in the header of the form.

Personal data processed: email; name, surname.


Mailing List Form (this Site)

By completing the mailing list form with their data, Users consent to their use to receive email about Fondazione’s mission and news.

Personal data processed: email; name, surname.

Definitions and Legal References

Personal Data (or Data)

Any information through which, directly or indirectly, and also by reference to any other information, such as a personal identification number, a natural person may be identified or is identifiable.

Usage Data

Information collected automatically through this Site (or third-party services used on this Site), which may include: IP addresses or domain names of the computers of Users visiting this Site, URI (Uniform Resource Identifier) addresses, the time of the request, the means used to forward the request to the server, the size of the file received in response, the numerical code indicating the status of the response from the server (success, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the User, the different time details per visit (e.g., time spent on each page of the Site) and the details on the path followed within the Application, with particular reference to the sequence of pages visited and other parameters about the operating system of the device and/or the User’s computer environment.

Data Subject

The natural person to whom the personal data refer.


A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller, as stated in this privacy policy.


The natural or legal person, public authority, agency or other body which, solely or jointly with others, determines the purposes and means of the processing of personal data, including security measures relating to the operation and use of this Site. Unless otherwise specified, the Controller is the data controller of this Site.


The individual who uses this Site who, unless otherwise specified, is the same individual as the Data Subject.


The service provided by this Site as stated in the relative terms (if any) on this Site/application.

European Union (or EU)

Unless otherwise specified, all references to the European Union made herein include all current Member States of the European Union and the European Economic Area.


Cookies are Trackers consisting of small sets of data stored in the User’s browser.


Tracker means any technology, such as Cookies, unique identifiers, web beacons, embedded scripts, ETags, and fingerprinting, which enables the tracking of Users, for example by accessing or storing information on the User’s device.

Legal information

This privacy statement has been prepared based on provisions of multiple legislations, including Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

Unless otherwise specified, this privacy policy applies solely to this Site.

Siena, 05/04/2022