This page describes the methods of managing the site concerning the processing of personal data of users who consult it. This information is also provided under Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree no. 196/2003 – Personal Data Protection Code for those who interact with the SGR’s web services, accessible via telematic means at the address:, corresponding to the initial page of the SGR’s official website.

This document also considers Recommendation No. 2/2001, which the European authorities for the protection of personal data have adopted to identify the minimum requirements for collecting personal data online. The information is provided only for the website and not for other websites that may be consulted by the user via links.

  1. Data Controller.

The Data Controller of personal data is Fondaco SGR S.p.A., located in Turin, Corso Vittorio Emanuele II, No. 71 – 10128; e-mail:

  1. Data processing location and purposes.

Data processing related to the website’s web services takes place at the SGR headquarters. It is handled only by personnel in charge of processing or by occasional maintenance operators. No data derived from the website is communicated or disclosed to third parties except as provided in the previous period. Personal data provided by users who submit requests for sending information material or respond to job advertisements are used solely to perform the service requested correctly and are communicated to third parties only if strictly necessary.

  1. Types of data processed.

Navigation data

The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in Internet communication protocols. This information is not collected to be associated with identified interested parties but, by their very nature, could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment. This data is used only to (i) obtain anonymous statistical information on the use of the site, (ii) check the correct functioning of the site, and (iii) carry out monitoring activities in support of the security of the service. The data may be kept and used to ascertain responsibility in case of hypothetical computer crimes against the site; except for this possibility, web contact data persist for a period not exceeding the achievement of the purposes for which they are processed.

Data voluntarily provided by users

The voluntary, explicit, and voluntary sending of personal data by the user on this site necessarily entails the acquisition of the same, which is necessary for the provision of the requested service.


The website acquires no personal user data in this regard. No cookies are used to transmit personal information, nor are persistent cookies of any kind used, nor are systems for tracking users. The use of session cookies (not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to transmitting session identifiers (consisting of random numbers generated by the server) necessary to allow secure and efficient browsing of the site. The session cookies used on the site avoid using other potentially prejudicial computer techniques for the confidentiality of users’ navigation and do not allow the acquisition of the user’s personal identification data. For more information regarding the processing of cookies, please refer to the SGR’s cookie policy:

Optional provision of personal data

It is noted that, about the processing described above, the provision of personal data is optional but necessary for executing the service requested by the user. Therefore, any refusal to provide personal data prevents the execution of the service requested by the user.

Transfer of Data Outside the EU

If the personal data mentioned above are communicated to third parties located outside the European Union, the personal data will, in this eventuality, be transferred only in the presence of a decision of adequacy by the European Commission or other adequate guarantees pursuant to Articles 44 and ss. of the GDPR.

Processing methods

Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorised access.

Rights of the Data Subjects

Each data subject has the right, at any time, to request from the SGR, at the above contacts, the rights provided for by the GDPR (right of access, rectification, erasure, restriction of processing, data portability, objection). Each data subject also has the right to withdraw any consent given for processing based on consent, without prejudice to the lawfulness of the processing based on the consent given before such withdrawal. The data subject is also entitled to lodge a complaint with the Guarantor for the Protection of Personal Data, following the procedure available on the Authority’s website: