Privacy and Cookies Policy of users visiting the website

This web page describes how and why the personal data of users visiting the website, also the ‘Website’) are processed pursuant to Article 13 of Regulation (EU) 2016/679, the ‘General Data Protection Regulation’ (hereinafter, ‘GDPR’).

Data Controller

The Data Controller is the Office for the promotion of Equal Treatment and the Removal of Discrimination based on racial or ethnic origin (hereinafter also “UNAR”) located in Largo Chigi 19, 00187, Roma, contactable at the following email address:

Data Protection Officer (DPO)

Please find below the contact details of the Data Protection Officer:

Type of data, the purpose of processing and legal basis for data processing

Navigation data

Computer systems and software procedures acquire, during their normal operation, some data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified users but could allow data subject to be identified through processing and association with data held by third parties. This category of data includes:

  • IP addresses or domain names of computers used to connect to the site
  • URI of the requested resources
  • the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of response from the server (successful, error, etc.)
  • other parameters regarding the operating system and the computer environment.

The processing of data of the user is therefore necessary for the pursuit by the Data Controller of legitimate interests, pursuant to art. 6, par. 1, f) of the GDPR, related to the purpose of checking the correct functioning of the Site, to the anonymous processing of statistical information on the use of the Site, as well as the investigation, exercise and judicial defence of rights.

The data in question could also be used for the fulfilment of regulatory obligations, pursuant to Article 6, paragraph 1, letter c) of the GDPR, connected with the management of the Site and in order to comply with requests made by the competent judicial authorities and the judicial police, to ascertain liability in the event of any computer offences committed to the detriment of the Site.

Data communicated by the user

The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller indicated on the Site entails the acquisition of the sender's contact data necessary to respond to the requests forwarded, as well as all personal data included in the communications, the processing of which is carried out to enable the Data Controller to provide a service to the user, pursuant to Article 6, paragraph 1b of the GDPR. UNAR invites users, when making such requests, not to send any personal data that are not strictly necessary.

For further information, please refer to the specific disclosures posted on the pages of the Site specifically prepared for this purpose.

Cookies and other tracking tools

Cookies are small text strings that the websites visited by the user send to his or her browser where they are stored and then resent to the same websites during subsequent visits. While browsing, the user may also receive cookies on his or her browser sent by parties other than the owner of the site visited (so-called 'third parties').

Through this Site, the user's browser may receive technical cookies and, using certain functionalities, third-party profiling cookies.

Technical cookies

This Site uses the following technical cookies:

- browsing or session cookies, which ensure the normal navigation and use of the Site by storing the user's browsing preferences;

These cookies are installed directly by the Owner and are used, pursuant to Article 6, paragraph 1f of the GDPR, to facilitate navigation and, pursuant to Article 6, paragraph 1b of the GDPR, to provide the services requested by the user. Once stored on the user's browser, they are automatically deleted at the end of the session.

In addition, in some pages of the Site, users can find spaces dedicated to allowing the use of functions of other websites by means of so-called social buttons, i.e. icons depicting some social network platforms (in particular, Twitter, Facebook, Instagram, YouTube), and which allow users who are surfing to interact directly with these websites by way of a 'click'.

In this regard, the Site does not share any of the user's browsing information or data with sites that are accessible in this way, but the use of these functionalities implies the possibility for the user to also receive non-technical cookies in his or her browser from the owners of these so-called, 'third party’ sites.

The Data Controller does not have access to the information collected by these cookies, which are used independently by the 'third parties'. For more information, users are invited to consult the respective notes provided by the third parties, in particular by consulting the following links:

How to disable and delete cookies

In some browsers it is possible to set rules to manage cookies on a site-by-site basis, an option that offers more precise control over privacy. You can check your preferences on the following pages, depending on your browser. ·

For browsers other than those listed above, please consult the relevant guide on how to manage cookies.

Recipients of personal data communication

Exclusively for the purposes specified above, the personal data thus collected and processed may be communicated to and processed, in compliance with the legislation in force, by external companies engaged by UNAR in order to perform services of various kinds, such as, by way of example, the maintenance and support of the Site and related services. These companies will be duly designated as data processors by means of a specific contract.

In addition, where necessary, the data may be disclosed to the competent authorities and other public entities that request them on the basis of the laws in force and in connection with investigations and proceedings relating to the prevention, detection and prosecution of criminal offences, as well as for the legal defence of rights.

The personal data provided are not disseminated in any way.

Personal data retention period

The personal data provided by the user and/or collected by the Controller through the use of the Site will be kept for the time strictly necessary to provide the services requested and to carry out the related technical and security operations, as well as, once the latter has ended, for the time period established by the regulations in force for administrative and, if necessary, defence purposes.

With specific regard to cookies, the retention periods are indicated in the preceding paragraphs.

Place and method of data processing, nature of data provision and consequences in case of refusal

The processing operations connected to the web services offered by the Site take place at the Data Controller's premises and are only carried out by technical staff authorised to process data, taking appropriate measures to ensure that they are processed appropriately and in accordance with the purposes for which they are managed.

The personal data are processed by automated means and will not be transferred to non-EU countries.

With the exception of the conditions specified for browsing data and cookies, the user is free to provide his or her personal data for the purposes set out in this notice, but failure to do so may make it impossible to obtain the requested service.

Rights of data subjects

The data subject has the right, at any time, to obtain confirmation of the existence or non-existence of data concerning him/her. He or she also has the right to request, in the forms provided for by law, the rectification of inaccurate personal data and the integration of incomplete data, and to exercise all and any other rights under Articles 18-22 of the GDPR, where applicable.

To this end, the user may send a specific request addressed to UNAR:

If the user considers that the processing has been carried out in a manner that fails to comply with the GDPR, he or she may also refer the matter to the Supervisory Authority, lodging a complaint pursuant to Article 77 of the GDPR.

Further information can be found on the website of the Italian Data protection Authority at


Last updated: June 2022.

The present policy may change. It is therefore advisable to check this web page regularly and to take intoaccount the most up-to-date version of the information contained therein.