Privacy Notice Contact Form

Dear User,
Pursuant to Art. 13 of the General Data Protection Regulation (GDPR), the following intends to inform the User (hereinafter the “Data Subject”) about the characteristics and means of processing of any personal data provided to Fondazione “Biotecnologico di Siena” by filling out the contact form available on the website (hereinafter the “Site”).


The Controller is Fondazione “Biotecnologico di Siena”(hereinafter FONDAZIONE ), with registered office at Via Fiorentina no .1 – 53100 Siena, email:

Types of personal data processed

The categories of personal data subject to processing include personal details and contact data. These data are required to handle and follow up on the data subject’s request.

Purposes and legal grounds of the processing

The personal data that the data subject is required to provide in the electronic contact form are processed for the purpose of enabling receipt and handling of requests sent to the Controller through the Site. The legal ground is the express consent to the processing of personal data.

Scope of communication and dissemination of the personal data for the pursuit of the purposes of the processing

The Controller shall not communicate the personal data to external recipients, unless the communication is requested by mandatory orders of public and/or judicial authorities or is needed to provide the services pertaining to the Site. In the latter case, both external recipients, if any, and recipients within the Controller’s organization shall receive special written appointments with full instructions for proper handling of the personal data processed by the Controller. The personal data shall not be shared. All employees and/or collaborators of Fondazione in their capacity as authorized external processors, who access, or shall access, personal data, act/shall act under the direct authority of the Controller, are/shall be appointed and duly authorized to process personal data and have/shall have received appropriate operating instructions in this regard.

Mandatory or optional provision of personal data

The provision of personal data is generally optional. However, failure by the data subject to provide the personal data needed as stated in the foregoing shall result in the impossibility to handle the request.

Data retention time

Pursuant to Art. 13, par. 2, letter (a) of the GDPR, please be informed that the data provided through the contact form shall be stored for 12 (twelve) months, where no legal relationships ensue from the contacts received, after which the data shall be erased. Should legal or commercial relationships be established with the contacts, the data shall be stored for the duration of the contractual, legal or commercial relationship, if any, and for 10 (ten) years after termination thereof. This is without prejudice to the right of the data subject to request immediate erasure of his or her personal data after having received feedback and responses to his or her requests. In this case, the request for erasure should be submitted by email to

Place of data processing and transfer of data outside the european union

Data processing connected to the services provided by the Site are carried out at the offices of the Controller. The data collected and processed through the Site shall not be transferred to countries outside the European Union unless the data subject gives his or her express consent therefor or unless the provisions of the GDPR for data transfer to non-European countries are met, including prior notification thereof.

Rights of the data subject

The data subject is entitled at any time to exercise the rights under Articles 15 to 22 of the GDPR by sending an email to namely:

  • request from the Controller access to and rectification or erasure of his or her personal data, or restriction of the processing thereof, or object to processing, where envisaged;
  • obtain data portability allowing the data subject to receive the personal data provided to the Controller in a structured, commonly used and machine-readable format and – under given conditions – transmit those data to another controller without hindrance. Data portability applies only to personal data that (a) concern the data subject, (b) were provided to the Controller by the Data Subject, and (c) are processed electronically when entering into a contract;
  • lodge a complaint with the Italian Data Protection Authority, following the procedures and indications published on the official website of the Authority

The exercise of the rights is not subject to any formal requirements and is free of charge, in the time and manner stated on:

Download privacy notice