Privacy Policy website Privacy Policy

For information about your personal data collected, the purposes and the subjects wherewith the data are shared, please contact us.

Data Controller

Associazione Vivaio, via Copernico, 38 – 20125 Milan

Owner contact email:

Types of data collected

Data Controller does not provide a list of the types of Personal Data collected.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.

Personal Data may be openly provided by the User or, in the case of Usage Data, collected automatically when using website

Unless otherwise specified, all data requested by website are mandatory. If the User refuses to communicate them, it may be impossible for to provide the Service. In all cases in which indicates some Data as optional, Users are free to abstain from communicating such Data, without that interfering with the availability of the Service, or its operation. Users who need further information about which data are mandatory are encouraged to contact the owner.

The possible use of cookies – or other tracking tools – by or owners of third-party services used by, unless otherwise specified, has the sole purpose of providing the Service required by the User, in addition to the additional purposes described in this document and in the Cookie Policy, if available.

The User is to be regarded as responsible for Personal Data of third parties obtained, published or shared through and guarantees to have the right to communicate or spread them, freeing the Owner from any liability to third parties.

Method and place of processing of the collected data

Processing methods

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

The processing is carried out using IT and / or telematic tools, with methods and logistics strictly functional to the purposes indicated. In addition to Data Controller, in some cases, other subjects involved in the organization of may have access to Data (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also designated, if necessary, as Data Processors by Data Controller. The updated list of Managers can always be requested to Data Controller.

Legal foundations of the processing

Data Controller elaborates User’s Personal Data if one of the following conditions exists:

  • User has given consent for one or more specific purposes. Note: in some jurisdiction Data Controller may be authorized to process Personal Data without the User’s consent or another of the legal foundations specified below, as long as User does not object (“opt-out”) to such treatment. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
  • processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures;
  • processing is necessary to fulfill a legal obligation to which Data Controller is subject;
  • processing is necessary for the performance of a task of public interest or for the exercise of public authority vested in the Owner;
  • processing is necessary for the pursuit of the legitimate interest of Data Controller or third parties.

It is always possible to ask Data Controller to clarify the effective legal conditions of each treatment, and specifically to indicate whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.


Data are processed at Data Controller’s operating offices and in any other place where the parties involved in the processing are located. For more information, contact the Owner. User’s Personal Data may be transferred in a country other than that in which User is located. To obtain further information on the place of processing, User can refer to the section relating to Personal Data’s processing details.

User has the right to obtain any information about the legal conditions for the transfer of Data outside the European Union, or to an international organization governed by public international law, or consisting of two or more countries, such as the UN, as well as all information regarding the security measures adopted by Data Controller to protect Data during transfer.

User can check if one of the transfers described above is under way by examining the section of this document about the Personal Data processing or contacting Data Controller.

Retention period

Data are processed and stored for the time required by the purposes for which they were collected.


  • Personal Data collected for purposes related to the execution of a contract between Owner and User will be retained until the execution of this contract is completed.
  • Personal Data collected for purposes related to the legitimate interest of Data Controller will be retained until this interest is accomplished. User can obtain further information regarding the legitimate interest pursued by Owner in the specific sections of this document, or by contacting us.

When the processing is based on User’s consent, Data Controller may keep Personal Data longer, until such consent is withdrawn. Furthermore, Data Controller may be requested to keep Personal Data for a longer period, when in compliance with a legal obligation or on the order of authorities.

At the end of the retention period, all Personal Data will be deleted; therefore, after this term the right of access, cancellation, rectification and data portability can no longer be exercised.

User rights

About Data processing by Data Controller, User could exercise any rights, such as:

  • Withdraw consent
    User can at any time withdrawn his consent to Personal Data processing, also when previously consented.
  • Object to Data processing
    User can oppose to Data processing, when it occurs on a legal condition. Further details on the right to object are indicated in the section below.
  • Access Data
    User has the right to obtain any information about Personal Data processed by Data Controller, as well as on specific aspects of the processing, and to receive a copy/list of processed Data.
  • Verify Data and request correction
    User has the right to verify the accuracy of Personal Data, and to request updates or amendment.
  • Request a limitation of Data treatment
    When specific conditions occur, User may request the limitation of Personal Data processing; in this case, Data Controller will not process Personal Data for any other purpose than their conservation.
  • Request Data cancellation or removal
    When specific conditions occur, User can request to Owner Personal Data cancellation.
  • Obtain processed Personal Data or have them transferred to another owner
    User has the right to receive his / her Data in a structured format, commonly used and readable by an automatic device and, where technically possible, to obtain its open transfer to another owner. This provision is applicable when Data are processed with automated tools and the processing is based on the User’s consent, within a contract in which User is a party, or on contractual measures connected to it.
  • Propose a complaint
    User can at any time file a complaint to Personal Data protection supervisory Authority or take legal action.

Details about the right to object

When Personal Data are processed in the public interest, in the exercise of a public authority vested in the Owner or to pursue an Owner’s legitimate interest, Users have the right to object to the processing for any reasons related to a peculiar situation.

Users are reminded that, if their Data are processed for direct marketing purposes, they can oppose the processing without providing any reasons. To find out if Data Controller processes data for direct marketing purposes, Users can refer to the specific sections in this document.

How to exercise your rights

To exercise their rights, Users can address directly to Owner, through contact details here indicated. Requests are filed free of charge and processed by Data Controller as soon as possible, up to 30 days in specific cases.

Website uses Tracking Tools. To find out more, User can consult the Cookie Policy section.

Further information on the treatment

Defense in court

User’s Personal Data may be used by Owner in court, or in the preparatory stages for the defense against abuse in the use of or related services by User.
User declares to be aware that Owner may be compelled to disclose Personal Data collected if by order of public authorities.

Additional info request

At User’s request, and in addition to the information contained in this Privacy Policy, may provide the User with additional and contextual information regarding specific services, or Personal Data collection and processing.

System log and maintenance

For any need related to operation and maintenance, and its third parties service providers may collect system logs; system log are files recording the interactions and may contain Personal Data, too, such as User IP address.

Info not contained in this policy

Further info about Personal Data processing and collecting may be requested at any time to Data Controller; please see contact details.

Response to “Do Not Track” requests

Website does not support “Do Not Track” requests.
To find out if any third-parties services used support them, User could consult their Privacy Policies.

Changes to this Privacy Policy

Data Controller reserves himself the right to modify this Privacy Policy at any time by notifying Users on this page, on as well as, if technically and legally possible, by sending a notification to Users through contact details collected. Users are invited therefore to consult this page frequently, and refer to date of the last modification, as indicated below.

For any change affecting treatments in which explicit consent is a legal condition, Data Controller will collect User’s consent again, if necessary.

Personal Data (or Data)

Any information that, directly or indirectly or connected with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage Data

Any information collected automatically through website (including from third-parties applications integrated, including: the IP addresses or domain names of the computers used by User connecting with; the addresses in Uniform Resource Identifier (URI) notation, the time of the request, the method used to address it to the server, the size of the file obtained in response, the numeric code indicating the status of response from the server (successful, error, etc.) the country of origin, the characteristics of the browser and operating system used by Users, any temporal connotation of visit (i.e. the time spent on each page) and all details related to the itinerary followed within the Application, with particular reference to the sequence of pages consulted and all parameters related to User’s operating system and IT environment..


The individual using; unless otherwise specified, he/her coincides with the Data Subject.


The individual to whom Personal Data refers.

Data Processor (or Manager)

The individual, or legal person, or public administration and any other organization processing Personal Data on behalf of Data Controller, as set out in this Privacy Policy.

Data Controller (or Owner)

The individual, or legal person, or public authority, or service and any other organization which, individually or together with third parties, determines the purposes and means of Personal Data processing and the tools adopted, including the security measures relating to the operation and use of Data Controller, unless otherwise specified, is the Owner of

Website (or this Application)

All hardware or software tools through which User’s Personal Data are collected and processed.


Services provided by, as defined in the relative terms (if available) and on this site / application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and the European Economic Area.

Legal references

This privacy statement is drawn up on basis of multiple legislative systems, including articles. 13 and 14 of Regulation (EU) 2016/679.

Unless otherwise specified, this privacy statement applies exclusively to