Privacy Policy

Who we are

Our website address is:

1. The security of your personal data

This information is aimed at those who provide Human Frontier Research Lab with their personal data during participation in events organized by Human Frontier Research Lab, or from social media pages (e.g. Facebook), or by browsing the Human Frontier Research Lab website, to subscribe to our newsletter, or to support us with their donations, joining our projects, or with other initiatives.

The site also presents other specific sections, navigation of which allows you to get in touch with Human Frontier Research Lab because you are interested in a different type of service, or to apply to work with us.

Attention: our data privacy protection policy may undergo changes over time, also depending on legislative and regulatory additions and changes in the matter or due to our institutional decisions. We therefore invite you to periodically consult the information on the site.

Information pursuant to Article 13 of EU Regulation no. 2016/679 (GDPR)

Data Controller and Data Protection Officer
The data controller is Human Frontier Research Lab, with registered office in Via Volta 19 – 46100 Mantova, Italy (the “Data Controller”).

The Data Controller has appointed a Data Protection Officer (DPO), in the person of Dr. Sara Diani, who can be contacted at the headquarters in Via Volta 19 – 46100 Mantova (Italy), or by writing to the e-mail address:

2. Treatment methods

The Data you provide will be processed in compliance with the principles of correctness, lawfulness and transparency dictated by the GDPR, for purposes that are in line with the statutory purposes of the Data Controller, or to provide you with what you have requested.

The Data Controller adopts, in compliance with the art. 32 of the GDPR, technical and organizational measures aimed at guaranteeing an adequate level of security to safeguard the confidentiality, integrity, completeness and availability of your personal data. In light of the regulations on the protection of personal data, technical and organizational measures have been developed which have the aim of preventing damage, even accidental losses, alterations, improper and unauthorized use of the personal data (the “Data”) that you concern.

3. Categories of data processed, Purpose and Legal Basis of the processing

3.1. Contact Data
You can provide us with your contact details, such as: name, surname, address, email address, telephone number:

While browsing our website

Or also

Through social media (e.g. from Facebook pages),


During initiatives or events organized by us or which involve our participation.
Purpose: This data is used to contact you and provide you with information on our activities in which you have expressed interest and in general on our projects and initiatives, including fundraising. The information will also be sent via e-mail, SMS, push notifications and other automated contact tools, including through our newsletter and the magazine reserved for our supporters.

Legal basis: Your consent (art. 6 letter a) GDPR), also expressed by means of flags in a specific form on this site, or on the social media pages, or on paper forms.

Provision of Data: Optional, but failure to provide it precludes us from being able to keep you informed about the activities, projects and initiatives of the Human Frontier Research Lab.
Through forms on this site or social media pages (e.g. Facebook), or paper forms.

3.2. Data relating to the requested Service

3.2.1. Subscription to our NEWSLETTER
From the site, you can sign up to receive our Newsletter.
We collect your name and email address.

Purpose: To provide you with what you request.

Legal basis: The processing is based on express, free and specific consent (art. 6 letter a) GDPR). Your consent can be expressed through a specific flag in the forms for requesting subscription to the newsletter or by signing the specific declaration in the paper forms.

Provision of Data: Optional, but failure to provide it will make it impossible to obtain the requested service.
Online, through specific forms on the site, or through paper forms.

3.2.3. Donations
We process your contact data such as name, surname, e-mail address, tax code, your payment data such as IBAN code/credit/debit card details, and your contact details, such as billing address and shipping address.

Purpose: This data is used for the following purposes:

for the management of your donation (carried out in the various possible ways – credit card, direct debit, bank transfer, or other);
for the management of the service requested by you and for operations instrumental to this;
to inform you about initiatives, activities, results and projects carried out also thanks to the contribution you have provided; the information will also be sent via email, text message, push notifications and other automated contact tools;
to send the newsletter;
to promote the collection of funds to be allocated to the Association’s projects;
for purposes related to obligations established by applicable laws or regulations.

Legal basis: Your Data is used to fulfill your request or fulfill legal obligations, and therefore, pursuant to art. 6 lett. b), c) of the GDPR, your consent is not requested in this regard.
Human Frontier Research Lab may store and process your Data in order to maintain a constant relationship established with you and to keep you informed about projects financed with your contribution, or about awareness-raising actions that Human Frontier Research Lab deems useful to make known to demonstrate the its constant commitment to achieving its mission. This legitimate interest is permitted pursuant to art. 6, paragraph 1, letter f), GDPR as an alternative mechanism to the explicit consent of the interested party.
If you are no longer interested in remaining in contact with Human Frontier Research Lab, you can inform us using the methods described in paragraph 5 “Rights of interested parties”; Human Frontier Research Lab will adopt appropriate technical and organizational measures to satisfy your request.

Provision of Data: The forms to be filled out – also online, or downloaded – include both mandatory provision of data, as they are strictly necessary to provide you with what you requested, and optional provision of data.
Failure to provide the mandatory data will make it impossible to obtain the requested service.
The need to qualify the Data for participation in individual projects or individual initiatives as mandatory has been considered in compliance with the provisions of Art. 25 of the GDPR.

3.3. Navigation Data
While browsing our website we collect some personal data from users, for example the IP address of the PC, or the domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and others parameters relating to the operating system and the user’s computing environment.

Purpose: This is information that is not collected to be associated with identified interested parties, but this data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site, to check its correct functioning, to identify anomalies and/or abuses.

Legal basis: We process this data on the basis of our legitimate interest and that of the user (art. 6 letter f) GDPR).

Provision of Data: This is Data that you do not provide voluntarily, but whose transmission is implicit in the use of Internet communication protocols.

3.4. Browsing Data (cookies)
Cookies are information (contained in small text files) that the sites visited by the user send and record on their computer or mobile device, to then be re-transmitted to the same sites on the next visit. Thanks to cookies, a site remembers the user’s actions and preferences (such as, for example, login data, the chosen language, font size, other display settings, etc.) so that they do not have to be indicated again. when the user returns to visit the same site or navigate from one page to another. While browsing a site, the user may also receive cookies on their computer from sites or web servers other than the one they are visiting (so-called “third party” cookies).
Some operations could not be carried out without the use of cookies, which in certain cases are therefore technically necessary for the functioning of the site.

Purpose: This data is used for the purposes of analysis and processing of information relating to the user, your preferences, consumption choices and/or browsing experiences; they are used to monitor the performance of the site and how visitors use it, as well as to know the total number of visitors, as well as the types of browsers and operating systems used.
By remembering user preferences, this data allows us to improve the functionality of the site, allowing you to navigate between its pages more efficiently.
Cookies may also contain a unique identification code that allows tracking of the user’s navigation within the site itself for statistical or advertising purposes.

Legal basis: Based on applicable legislation, express user consent is not always required for the use of cookies. In particular, “technical cookies” do not usually require such consent, i.e. those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user. In other words, these are cookies that are essential for the functioning of the site or necessary to carry out activities requested by the user.
Conversely, for “profiling cookies”, i.e. those aimed at creating profiles relating to the user and used for the purpose of sending advertising messages in line with the preferences expressed by the user when browsing the internet, prior consent is required from the user. ‘user.
You can express your express consent (art. 6 letter a) GDPR) via the specific banner that you find at the bottom of the site when you connect for the first time. You can acquire more information by reading our cookie policy.

Provision of Data: This information is not provided directly, but the “trace” of the user’s web browsing is carried out through the use of technologies such as cookies (own or third party).

4. Recipients or categories of recipients of the Data

Your Data will be processed by:

Human Frontier Research Lab staff in charge of processing, for managing relationships with supporters, for managing related accounting and administrative services, for creating communications and information messages and for organizing fundraising campaigns;
For purposes related to the provision of the service to which you have subscribed, the Data may be made available to third parties, who will act as independent data controllers, and who provide services instrumental to satisfying your request (such as, for example, credit institutions or credit card issuers to manage donation payments, including providers of remote electronic payment services; companies in charge of logistics and shipping activities), subjects who carry out control, audit and certification obligations or subjects to whom the communication of Data is necessary to comply with laws or regulations that require its communication, as well as to Control Bodies, Supervisory Bodies, Public Administration, jurisdictional or administrative authorities and all other subjects to whom communication is mandatory or necessary by law .
Furthermore, the Data may be processed by external managers designated by us, pursuant to art. 28 of the GDPR, to provide us with services relating to:

technical administration of the site and our IT system, limited to technical access due to maintenance and/or updating needs of the same,
assistance in tax, accounting and legal matters;
provision and management of the platform for sending newsletters
generation of reports, sending e-mail, SMS, periodical magazine.
The Data is not subject to dissemination.

5. Rights of interested parties

Current data protection legislation gives you and the interested parties specific rights, described below: right to revoke consent, without the revocation affecting the lawfulness of the data processing carried out by the Data Controller up to the moment of revocation; right to know which Data relating to you is processed by the Data Controller and to receive a free copy (in case of further copies requested, a contribution based on the costs incurred may be charged); right to obtain the updating or rectification of inaccurate or incomplete Data concerning you; right to obtain the deletion of your Data in the particular cases provided for by the Privacy Law; right to request limitation of processing; right to portability, in the cases provided for by the Privacy Law; right to object at any time, for reasons connected exclusively to your situation, to the processing of data concerning you.

It is always possible to lodge a complaint with the Guarantor for the protection of personal data against decisions of the owner deemed to be in violation of the GDPR, in the ways available on the website

5.1. Exceptions to the exercise of rights
The data protection legislation recognizes specific exceptions to the rights recognized to the interested party. Human Frontier Research Lab must, however, continue to process the personal data of the interested party if one or more of the following applicable conditions occur: I) execution of a legal obligation applicable to the Organization; II) resolution of pre-disputes and/or disputes (own or third party); III) internal and/or external investigations/inspections; IV) requests from Italian and/or foreign public authorities; V) reasons of significant public interest.

5.2. Exercise of rights
To exercise your rights or for any request regarding the processing of your personal data you can write to the e-mail address: or submit the request in writing to Human Frontier Research Lab, Via Volta, 19 – 46100 Mantova (Italy).
In cases of exceptions to the rights described in the previous paragraph, you also have the possibility to exercise the rights through the Guarantor, with the assessment procedure provided for by the art. 160 of Legislative Decree. n. 196/2003.

The response deadline is one (1) month, extendable by two (2) months in particularly complex cases; in these cases, the Data Controller provides at least one interim communication within one (1) month.
The Data Controller has the right to request further information necessary for identifying the applicant.

6. Data retention period

Criteria used to define the limit of data storage: The Data will be kept in our archives according to variable criteria depending on the category of the data, the nature of the processing and the purposes of the processing itself. In principle, the following assessments apply to establish the data retention criterion:

all Data relating to the services requested or donations are retained as long as the relationship remains active and, upon termination of the relationship, for a number of years equal to that which laws and regulations, including community ones, impose for administrative, accounting, legal and tax;
all Data of supporters or people interested in our mission used for information and promotion purposes are retained until you express opposition to the processing for these purposes or revoke your consent.
Once the retention periods indicated above have expired, the Data will be destroyed or made anonymous, compatibly with the technical cancellation and back-up procedures.

7. Transfer of data to third countries

The Data is stored on servers located within the EU. The owner, if necessary, will also have the right to use servers in non-EU countries.

In this case, the transfer of the Data will take place in non-EU countries recognized by the European Commission as having an adequate level of data protection or, otherwise, only if an adequate level of data protection compared to that of the Union is contractually guaranteed. European Union (e.g. through the signing of the standard contractual clauses provided by the European Commission) and that the exercise of rights by supporters is always ensured.

Last Update: February 29, 2024