In accordance with the European Regulation on personal data protection EU 2016/679 (“GDPR”), the following information is provided regarding the processing of personal data carried out on this site.
The Venice Sustainability Foundation (VSF) manages users’ privacy both during website navigation and when users choose to provide their personal data to access available services.
This page contains the main information about the processing of personal data of users (“Data Subjects”) who use this website. Pages accessible through external links such as Facebook, Instagram, Twitter, YouTube, or other sites are not covered by this privacy notice; therefore, it is recommended to consult their respective policies before interacting with such spaces.
1. Data Controller
The Data Controller is the Venice Sustainability Foundation (VSF), with registered office at San Marco 4136, 30124 Venice, Tax Code 94102820274. For contacts: info@vsf.foundation (hereinafter “Controller”).
2. Source of personal data
Navigation Data
The site’s computer systems automatically collect certain technical data (e.g., IP addresses, domain names, operating system data) necessary for the site’s operation and security.
This information does not directly identify users but could do so through cross-referencing with other data. The data is used for anonymous statistics, verification of proper functioning, and investigations in case of cyber crimes, and is deleted after 50 months.
The site also collects cookies to improve user experience; details about cookie usage are available in the Cookie Policy.
3. Purposes of processing, legal basis, and data retention periods
| N | Purpose | Legal Basis | Retention |
|---|---|---|---|
| A | RESPONSE TO REQUESTS: responding to User requests sent through the contacts indicated in the “Contacts” section of the site. | Fulfillment of pre-contractual and contractual obligations (art. 6, par. 1, letter (b) of GDPR). | 10 years from the request or from the end of the contractual relationship. |
| D | ADMINISTRATIVE AND ACCOUNTING ACTIVITIES: carrying out administrative and accounting activities related to site usage and compliance with regulations and Authority obligations. | Compliance with a legal obligation (art. 6, par. 1, letter (c) GDPR). | For the entire duration of services and for 10 years after the end of the contractual relationship. |
The provision of data is necessary and, therefore, failure to provide personal data will result in the Controller’s inability to provide the requested services.
4. Processing methods, logic, and security measures
Data processing also occurs through electronic or automated tools, according to criteria aimed at minimizing risks to data confidentiality, integrity, and availability, in compliance with personal data protection regulations. Users must report any suspicions of improper use or unauthorized disclosure of credentials to the Controller by writing to info@vsf.foundation, to allow immediate assessment of the violation and adopt measures provided for in art. 33 of GDPR.
5. Scope of communication and data transfer
Personal data may be communicated to employees and collaborators of the Controller or partner companies involved in the project, for administrative, accounting, IT support, and logistical activities; these individuals have been formally authorized to process data. The Controller may also share and allow the processing of Users’ personal data, including separately, with third parties providing services upon request, including commercial service providers designated as external data processors, as well as third parties appointed to provide IT and telematic services (for example, hosting, website management and development) instrumental to the site’s operation. Only information strictly necessary for the execution of requested services will be transmitted to such third parties, adopting all appropriate measures to protect personal data. If, for technical or operational needs, it becomes necessary to use subjects located outside the European Economic Area, they will be subject to protection and security obligations equivalent to those guaranteed by the Joint Controllers, and the transfer will be carried out according to the provisions of Chapter V of GDPR. Additionally, personal data may be communicated to competent public authorities to comply with legal obligations or to establish liability in case of computer crimes against the site. The updated list of Data Processors is available at the Controller’s registered office.
6. Rights of data subjects
You can always exercise your data protection rights, including:
a) accessing personal data and knowing purposes, categories, recipients, retention periods, and any automated processes;
b) obtaining updates, corrections, or integration of inaccurate data;
c) requesting data deletion in cases provided for;
d) requesting limitation or opposing processing where possible;
e) requesting data portability of provided data, including to other controllers according to art. 20 of GDPR.
You can also file a complaint with the Privacy Authority according to art. 77 of GDPR if you believe there is a regulatory violation.
7. Contacts
To exercise your rights or request further information about the processing of your data, you may contact the Controller by writing to:
- info@vsf.foundation via email;
- Venice Sustainability Foundation (VSF) San Marco 176, Calle del Cappello Nero 30124, Venice by registered mail.
Using the site implies having read and accepted the Privacy Notice. The Controller advises that this page may be updated without notice; therefore, it is recommended to consult it periodically.
Version updated on September 19, 2025
