Privacy Policy
sovereigntyofmind.org — Effective date: March 2026 — Pursuant to Regulation (EU) 2016/679 (GDPR)
At a Glance
This page tells you how Associazione Copernicani collects and uses your personal data when you visit sovereigntyofmind.org. We keep it short and plain.
- We collect your name and email to register your signature on the Cannes Declaration.
- If you tick the box, we also send you a newsletter. You can unsubscribe at any time.
- We do not sell, rent, or share your data with third parties for marketing.
- You can exercise your rights by writing to: assistenza@copernicani.it
1. Who Controls Your Data
The Data Controller — the organisation responsible for how your personal data is processed — is:
Associazione Copernicani
Piazza Repubblica, 1 – 20121 Milano (MI), Italy
Tax Code (C.F.): 97803240155
Email: assistenza@copernicani.it
2. What Data We Collect
We collect only the data that is strictly necessary for the purposes described below. We apply the principle of data minimisation.
| Data category | Details |
|---|---|
| Identity data | First name, last name |
| Contact data | Email address |
| Affiliation (optional) | Organisation or institution (if you choose to provide it) |
| Technical data | IP address, browser type, pages visited, timestamps (collected automatically by our web server for security and analytics purposes) |
3. Why We Use Your Data & On What Legal Basis
The table below maps each processing purpose to its legal basis under the GDPR and to the applicable data retention period.
| Purpose | Legal Basis | Retention |
|---|---|---|
| Collecting signatures on the Cannes Declaration | Consent (Art. 6(1)(a) GDPR) — freely given and, where applicable, legitimate interest (Art. 6(1)(f) GDPR) for promoting a public interest initiative | Duration of the initiative + 2 years |
| Publication of the signature related to the Cannes Declaration | Consent (Art. 6(1)(a) GDPR) — freely given | Duration of the initiative + 2 years |
| Sending email updates on the initiative | Consent (Art. 6(1)(a) GDPR) — freely given | Duration of the initiative + 2 years |
About legitimate interest: We have assessed that our interest in registering public support for a civic declaration on digital rights and cognitive freedom does not override your fundamental rights. Your personal data is published only if you affirmatively agree; the minimum data needed is collected; and you may withdraw your signature at any time.
4. Cookies & Technical Data
We use only technical/functional cookies that are strictly necessary for the website to operate. We do not use profiling, tracking, or marketing cookies.
| Cookie type | Purpose |
|---|---|
| Session cookies | Maintain your session while navigating the site (e.g., to process your signature submission). Deleted when you close your browser. |
| CSRF protection cookie | Prevent cross-site request forgery attacks. Strictly necessary for security. |
| Analytics (anonymous) | We may use anonymised server-side analytics (no IP stored) to understand traffic patterns. No third-party analytics script is injected into your browser. |
Because we use only strictly necessary cookies, prior consent to cookies is not required under applicable law. Should we introduce any non-essential cookies in the future, we will update this Policy and deploy a cookie consent banner.
5. Who Receives Your Data
We do not sell or rent your data. We may share your personal data with the following categories of recipients, strictly for the purposes described in Section 3:
| Recipient | Role & Reason |
|---|---|
| Brevo (Sendinblue) | Data Processor — newsletter delivery (only if you opted in). DPA in place. |
| Web Service provider | Data Processor — server infrastructure for sovereigntyofmind.org. EU-based servers. |
| Italian or EU authorities | Data Controller (independent) — only if required by law or official request. |
All third-party processors are contractually bound to process your data solely on our instructions and in accordance with the GDPR.
6. International Transfers
We aim to store and process all personal data within the European Economic Area (EEA). Should any transfer outside the EEA become necessary (for example, due to a service provider operating in a third country), we will ensure that adequate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission — and we will update this Policy accordingly.
7. How We Protect Your Data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure, including:
- HTTPS/TLS encryption for all data transmitted to and from the website.
- Access controls limiting data access to authorised personnel only.
- Regular review of security practices and supplier contracts.
No transmission over the internet is 100% secure. If you suspect a data breach, please contact us immediately at assistenza@copernicani.it.
8. Your Rights Under the GDPR
As a data subject, you have the following rights. You may exercise them free of charge by writing to assistenza@copernicani.it. We will respond within one month (extendable to three months for complex requests).
| Right of access | Ask us what data we hold about you (Art. 15) |
| Right to rectification | Correct inaccurate or incomplete data (Art. 16) |
| Right to erasure | Request deletion of your data (‘right to be forgotten’, Art. 17) |
| Right to restriction | Limit how we process your data (Art. 18) |
| Right to data portability | Receive your data in a machine-readable format (Art. 20) |
| Right to object | Object to processing based on legitimate interest (Art. 21) |
| Right to withdraw consent | Withdraw newsletter consent at any time, without penalty |
| Right to lodge a complaint | File a complaint with the Italian DPA (Garante per la protezione dei dati personali) at www.gpdp.it |
How to exercise your rights: Send an email to assistenza@copernicani.it with the subject line ‘GDPR Request’. Please describe your request clearly. We may ask you to verify your identity before processing your request.
9. Minors
This website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently received data from a minor, please contact us immediately and we will delete it promptly.
10. Links to Other Websites
The website may contain links to third-party websites (for example, the IFDaD — International Forum on Digital and Democracy, or the World AI Cannes Festival). This Privacy Policy does not cover those sites. We encourage you to read the privacy policies of any external websites you visit.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The ‘Effective date’ at the top of this page will indicate when the latest version was published. Material changes will be communicated via the website. Your continued use of the site after any update constitutes acceptance of the revised Policy.
12. Contact Us
Questions? Write to us.
Associazione Copernicani
Piazza Repubblica, 1 – 20121 Milano (MI), Italy
assistenza@copernicani.it
This Privacy Policy was drafted in accordance with Regulation (EU) 2016/679 (GDPR) and applies to personal data processed through sovereigntyofmind.org.
Associazione Copernicani — Privacy Policy — sovereigntyofmind.org