Privacy Policy

REACH project website

Regulation (UE) 679/2016 General Data Protection Regulations

Regulation (UE) 679/2016 General Data Protection Regulations.In this page you will find a description of the policy implemented by Fondazione Penta – for the treatment and care of children with HIV (and related diseases) – Onlus (hereinafter: “Fondazione Penta”) to manage the processing of personal data of the visitors of the REACH project website: (hereinafter the “Website”).

Please read our Privacy Policy carefully, which applies both if you access the Website and simply decide to browse it, and if you intend to use our services.

Navigation within the Website is free and does not require any registration, with the exception of certain areas in which you can freely and expressly provide your data to access services specifically identified (i.e. by entering your data in the “Contact form”). If, therefore, you provide your personal data in order to access these additional services, you will be expressly informed in accordance with Regulation (EU) 679/2016 – “General Data Protection Regulation” (hereinafter the “GDPR”), with an indication (by way of example) of the purposes and methods of use of the data by Fondazione Penta of the right to request the cancellation of the data or its updating at any time. 

This privacy notice is provided by Fondazione Penta to the visitors of the Website, pursuant to Article 13 of GDPR.


a) The Controller 

By using the Website, you might provide us personal data. The controller of such personal data is Fondazione Penta – for the treatment and care of children with HIV (and related diseases) – Onlus with registered office at Corso Stati Uniti, 4, 35127 Padova, Italy, e-mail address: (hereinafter also referred to as the “Controller”).


b) The Data Protection Officer

The Data Protection Officer, appointed by Fondazione Penta according to Article 37 of the GDPR, can be contacted at the following address: 


c) Place of Data Processing

The data related to the services provided by the Website are processed by the Controller at its registered office – at Corso Stati Uniti, 4, 35127 Padova, Italy – and the data processing will be carried out only by subjects expressly authorised by the Controller. 


d) Types of personal data processed

i) Data related to the web browsing

The computer systems and software procedures used to operate this Website during the normal operation acquire some personal data whose transmission is implicit in the use of Internet communication protocols. Such data are not collected in order to be associated with identified data subjects, nevertheless the data, by their very nature, could, through processing and association with data held by third parties, allow the identification of the users. This category of data includes IP addresses or domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the user’s operating system and computer environment.

This data will be used only to obtain statistical anonymous information on the use of the Website and to monitor the Website operations.

With reference to the data related to the web browsing on the Website, please also read the following paragraph on the Cookies used by the Website.

ii) Data provided by the user 

The voluntary and optional sending of an e-mail by using the “Contact form” provided by the Website entails the subsequent acquisition of the users’ e-mail address for the purpose of answering its requests, as well as the acquisition of any other personal data provided by the user in the e-mail. 

In the event of acquisition, by the Controller, of information and personal data, the Controller will provide the user with a privacy notice, pursuant to Article 13 of the GDPR, to describe the purposes for which such data is requested and the manner in which it will be processed. 

For further information, please read the privacy notice available in the “Contact” section of the website.

e) Purposes and legal basis for processing

The data is collected and processed for purposes strictly related to the usage of the Website and its services. The specific purposes for processing are described in detail in the further privacy notices provided by the Website in all cases of data collection. Please read carefully the privacy notices which, from time to time, illustrate the characteristics of the processing that will be carried out by the Controller.

Your data will be processed according to Article 6, paragraph 1, letter b) of the GDPR to run the services provided by the Website (for example, to answer requests made through the Website). 


f) Optional nature of the user’s decision to provide personal data

Except for what already specified regarding data related to the web browsing, the user is free to provide personal data to the Controller by filling in the “Contact form”. Failure to provide such data may result in the impossibility for the Controller to answer the user’s requests.

The data required from time to time is indicated in the data collection form on the Website and the consequences of the failure to provide such data are described in the specific privacy notices present on the data collection pages.


g) Data processing procedures and communication of data

The data can be processed both electronically and in paper form. The personal data you provide us with will be processed lawfully and correctly, in full compliance with the legislation in force, in order to guarantee the strictest confidentiality of such personal data. Specific security measures are implemented to prevent data loss, illicit use and unauthorised access. 

Data will not be communicated or disseminated to third parties except within the limits and under the conditions expressly indicated in the information notices provided to the user from time to time on the Website, and only upon receipt of authorization from the same (e.g. to the companies providing services related to the Website operation). 

The data will be processed only by persons expressly authorized to manage the data provided by users through the Website, identified within the Communication and Project Management Areas of Fondazione PENTA designated pursuant to art. 29 of GDPR.

The Controller use external providers to manage the Website and the Website services. For those activities, suppliers or external organisations process personal data of the users for purposes strictly related to the provision of the services, and have therefore been appointed by the Controller as data processors (according to article 28 of the GDPR). A complete list of external processors can be requested by contacting the Controller at the address provided in par. l) below.


h) Transfer of your data abroad

In the case of transfer of subject’s data to a third country which is not an adequate country, the controller and the processor shall comply with the terms of the standard contractual clauses for the transfer of personal data to processors established in third countries approved by EC Commission Decision of 5 February 2010 and any subsequent amendment or re-edition.

i) Storage period

Your data will be processed for the period indicated in the specific privacy notices provided at the moment of collection.

Your data, collected through the “Contact form” of the Website will be processed for the time necessary to properly manage your request and subsequently erased. 

As regards the storage period for the browsing data, please read the following paragraph dedicated to Cookies.


j) Cookies

The Website uses technical cookies (i.e. to facilitate browsing and use of the Website). For a detailed explanation on the cookies and how to disable them, please read our Cookie Policy.


k) Link to other websites 

This privacy notice is only applicable to the Website and is not valid for any other websites that may be consulted by the user via links originating from the same. The Controller cannot be held responsible for the personal data provided by the user to third parties or to any other website that may be linked to the Website.


l) Data subject’s rights

By contacting the following e-mail address:, the user may at any time exercise the rights provided by the GDPR; nonetheless, the user may exercise their rights under the GDPR in respect of and against the Controller (by contacting them at the addresses provided in par. a) above). The rights referred to in Articles 15 to 22 of the GDPR are, briefly: 

obtaining confirmation as to whether or not personal data concerning you is being processed

obtaining access to your personal data and to the information set out in Article 15 of the Regulation;

obtaining the rectification of the inaccurate personal data that concerns you without undue delay or the supplementing of incomplete personal data;

obtaining the erasure of the personal data that concern you without undue delay;

obtaining the restriction of processing the personal data that concern you;

being informed of any rectifications or erasures or restrictions of processing in relation to the personal data that concern you;

receiving in a structured, commonly used and machine-readable format the personal data that concern you;

objecting at any time, on grounds associated with your specific situation, to the processing of the personal data that concern you.

The full text of the rights provided for in articles 15 et seq. of the GDPR is available on 


m) Lodge a complaint before the Data Protection Authority

Should you consider the processing of your data infringes the GDPR, you may in any event lodge a complaint before the Italian Data Protection Authority ( or to the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.


n) Applicable law

This privacy notice is ruled by Regulation EU 2016/679, which guarantees that the processing of personal data is made in full respect of fundamental rights and freedom, as well as of the dignity of the person involved with particular reference to privacy, personal identity and the right to personal data protection.


o) Right to review

Fondazione Penta reserves the right to review, amend or simply update, totally or in part,  the current “privacy notice” at its excusive discretion, in any way and/or at any time, without any need to submit advance notice, even in view of changes in the law or regulations concerning personal data protection. Users shall be notified of any amendment or updating of the Privacy notice in the Home Page of the Website as soon as adopted; the new version of the privacy notice shall be binding upon its publishing on the Website in this section. Please access this section regularly to verify the latest privacy notice. 

The full text of the EU Regulation 679/2016, is available on the website of the Italian Data Protection Authority