This privacy policy describes the methods and the purposes of the processing of personal data of users who browse and/or visit the website www.fulcrumproject.org (hereniafter also referred to as the “Website”).
The term “user(s)” refers to any individual who visits or browses the Website.
Hereinafter, users are also referred to as Data Subjects, pursuant to the applicable data protection legislation.
1. The Data Controller
The Data Controller is InterCloud Exchange Foundation, VAT no. and Tax Code 97970470155 (hereinafter also referred to as the “Data Controller” and/or the “Foundation”), with registered office at Via Paleocapa 6, Milan (MI) IT, e-mail address: secretary@icxfoundation.org
2. Types of Data processed
Among the types of Personal Data processed there are:
Personal data freely provided by the user, such as:
Name, surname, country, company affiliation, e-mail address. These are all personal data freely provided by the user on the website through the section “To participate in the project or Request more information” or to sign up for the newsletter.
Data communicated while using the service:
Technical information related to the use of the service (personal data collected automatically, such as electronic traffic data, connection ID, connection logs).
The IT systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. The website integrates plugins from the following social networks: LinkedIn, Instagram, Facebook. For the processing of personal data carried out by the social media platforms used by the Data Controller, please refer to the information provided by them in their respective privacy policies. For more detailed information, please consult our cookie policy.
3. The purposes of processing and nature of provision
The Personal data will be processed for the following purposes:
- responding to requests regarding the services offered by the Data Controller: e.g., requests for information on activities carried out;
- sending newsletters to users subscribed to the service;
- to comply with any obligations under applicable laws, regulations, or EU legislation, to satisfy requests from the Authorities, and to protect the rights of the Data Controller in the event of disputes arising from users.
For the purpose indicated in letter a), the provision of data is necessary. Failure to provide such data will make it impossible for the Data Controller to fulfill the user’s request.
For the purpose indicated in letter b), the provision of personal data is optional. The user is free to give or withdraw consent to subscribe to the newsletter.
4. Legal basis for processing
The legal basis for the processing of the personal data is:
- for the purposes indicated in Article 3 letter a) execution of the contract, as such data are essential for the execution of the same;
- for newsletter subscription, the applicable legal basis is the express and specific consent of the user, which will be requested during registration and can always be revoked through the unsubscribe link in our emails or by sending a request for cancellation to the contact details indicated above;
- The purpose referred to in Article 3(c) constitutes legitimate processing of personal data pursuant to Article 6(1)(c) of the GDPR (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject […]”).
5. Methods of processing
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Personal Data. The Data processing is carried out using computers and/or IT enabled tools. In addition to the Data Controller, in some cases, the Data may be accessible to external parties (such as third-party technical service providers, hosting providers, IT companies).
6. Data Retention
Unless the user explicitly requests their removal, personal data will be retained for as long as necessary for the purposes for which it was collected:
Responding to inquiries submitted via the Website or Email: for the time needed to fulfill the request and for the following 12 months;
Fulfilling contractual and pre-contractual obligations arising from ongoing relationships: for the mandatory retention period of accounting records (Article 2220 of the Italian Civil Code), which is 10 (ten) years;
Newsletter: until consent is withdrawn;
Complying with any obligations required by current laws, regulations, or EU legislation, or to fulfill requests from authorities: for the time necessary to meet legal obligations;
Establishing or defending legal claims, until the expiration of the limitation or forfeiture periods for the rights accrued against Users and Requesters.
7. Transfer of Data to Third Countries and/or International Organizations
Personal data collected and processed through this website are not transferred to countries outside the EEA (European Economic Area). The website hosting service is provided by a company located in Italy, and the data are stored on servers located within Italy.
8. Data Disclosure and Sharing
The personal data of data subjects may be shared, when necessary for the provision of the service, with third parties such as, by way of example but not limited to, technical service providers, hosting providers, newsletter service providers, and external consultants. If necessary these external parties will be appointed as Data Processors pursuant to Article 28 of the GDPR by the Data Controller. The update list of of these parties may be requested from the Data Controller at any time. Data could be communicated to the competent authorities, in accordance with law.
9. Data Subjects rights
Data Subjects may exercise their rights by contacting the Data Controller at: secretary@icxfoundation.org
They have the right to:
- Access their personal data (Art. 15 GDPR – Right of Access);
- Rectify inaccurate or incomplete data (Art. 16 GDPR – Right to Rectification);
- Request erasure (Art. 17 GDPR – Right to Erasure);
- Restrict processing (Art. 18 GDPR – Right to Restriction of Processing);
- Obtain data portability (Art. 20 GDPR – Right to Data Portability);
- Object to processing, including for direct marketing (Art. 21 GDPR – Right to Object);
- Object to automated processing or profiling (Art. 22 GDPR – Right to Object to Automated Processing).
- Data Subjects also have the right to lodge a complaint with the competent Data Protection Authority
The Data Controller reserves the right to amend and/or update this Privacy Policy based on potential legislative and regulatory developments that may occur based on applicable legislation.
The up-to-date version of the Privacy Policy will be made avallabile on this website.
Last update: June 2025