Privacy policy and use of cookies


Update to EU Regulation 2016/679
(General Data Protection Regulation GDPR)


Date of last update: 27 January 2019

Your privacy is important to us. That’s why this Privacy Policy provides you with information about how Wellmade processes your personal data. Please read the following information – if you don’t agree with it, we advise you not to register on the site to use our service.

This policy only applies to the Wellmade website owned by Fondazione Cologni dei Mestieri d’Arte, and does not apply to other websites directly linked to Wellmade that users may access.

This document aims to provide guidance on the methods, timescales and nature of the information that data controllers must give users when they connect to web pages, regardless of the purpose of this connection. This Policy follows that stipulated in article 13 of EU Regulation no.279/2016 (referred to in the remainder of this document as GDPR), which details provisions in terms of personal data protection.
We wish to inform you that any personal data you provide will be subject to processing in line with the legislation indicated above and the following terms and conditions:


1 – The data controller

In accessing and browsing the Wellmade website, information may be processed that refers to identified or identifiable natural persons. The Data Controller is the Fondazione Cologni dei Mestieri d’Arte (referred to in the remainder of this document as the Data Controller), company registered in the companies register in Milan, under Administrative and Economic Index (REA) no. 1660303, Tax Code/VAT number 97155080159/12788720154 with registered office in Via Lovanio 5, 20121 Milano (MI) –

2 – Location of the data processing

Data processing related to Wellmade website services is carried out at the registered office of Fondazione Cologni dei Mestieri d’Arte (address above) by designated staff, or by personnel carrying out temporary maintenance activities. Personal details provided by users who request information to be sent (e.g. newsletters, etc.) are processed for the sole purpose of carrying out the requested service or activity.

3 – Purpose of data processing

Data and information obtained or collected by Wellmade will be used and processed for non-commercial purposes, for example:

a) managing the user subscription process;
b) processing and handling the publication of reviews, editorial contents, data sheets of artisans, ambassadors and circuits, handling processes of online voting, sending legal or technical messages and other related information;
c) to communicate and promote activities also through social media channels;
d) handling surveys and polls to improve our service and the service offered by the Portal;
e) solving potential complaints, claims and disputes with our users and ensure that our rights towards third parties are respected;
f) preventing fraud, conducting surveys and assessing risks, checking the identification data provided by users and performing controls;
g) complying with any legal obligations.

Moreover, Fondazione Cologni will use and process these data for the following non-commercial purposes:

a) to forward the user with the monthly newsletter of the Foundation;
b) to send communications, information and invitations related to the initiatives and events organized by the Foundation or its partners;
c) to send envelopes and parcels, on the base of specific requests communicated by the user.

4 – Disclosure of personal information

Wellmade does not disclose your personal data to third parties. For specific initiatives which form part of certain projects, such as (by way of example but not limited to) competitions or calls for application, promotional projects, events, creation of lists of specialists or similar initiatives, we will expressly request your authorisation to provide your data to third parties, specifying in each case the legal basis for processing the data in this way.

We may collate all our users’ personal information and provide it in an aggregate and anonymised form to third parties, such as (for example) web agencies, in line with specific agreements for marketing and promoting the Fondazione and its projects. In this scenario, this information will be transferred so that:

– No third parties can identify individual users
– Only data which is necessary to carry out the requested services is processed
– No third parties can share the aggregate data obtained

We may share personal information with third parties entrusted by Wellmade to provide technical maintenance or event management services. In this case, we will ask these third parties to only use this information to provide these specific services to Wellmade.

We may share information as part of a change in the company structure – for example dissolution, merger, consolidation or sale of the company, or in the unlikely event of insolvency.

Data may be used to establish responsibility for any potential cyber offences or damages to the website, only upon request by the appropriate supervisory bodies.

5 – Types of data processed

a) Special Categories of Personal Data (previously known as ‘Sensitive data’)
Wellmade does not process special categories of personal data.

b) Navigation data
During the normal course of operation, the IT systems and software procedures required for the functioning of the website may acquire personal data whose transmission is implicit in the use of internet communication protocols.
This information is not collected in order to identify users, but by its nature may allow third parties to associate data sets and identify users if they already hold information about them. The following are included in this category of data:

• Computer IP addresses or domain names used by users accessing the website
• Uniform Resource Identifier of the resources requested
• Time of request
• Method used to make the request to the server
• Size of the file obtained in response
• The numerical code indicating the response status from the server (‘success’ or ‘error’, etc.) and other parameters relating to the operating system and IT environment of the user

This data is only used to obtain anonymous statistics about the website usage, and to check that it is functioning correctly.

c) Data provided voluntarily by users
The voluntary sending of email (which is express and optional) to the addresses listed on the website involves the sender’s addressed being acquired to facilitate a reply. This acquisition includes any other personal data or information in the email content.

d) Data provided voluntarily by registered users
Following user registration, we will collect personal information such as name, email address, postal address, telephone number, username, password and an identifying profile image via the relevant form. Apart from the username and profile image, no other personal information will be visible to other users of the website.

Registered users are authorised to add new content, which may be publicly visible to all users visiting the relevant section of the website – for example, reviews of artisans and their products and services. The user declares to be fully responsible for publishing new content, and to possess all relevant rights to publish it. If false, incorrect or inappropriate content is published, the data controller reserves the right to approve, refuse or delete the publication of this content at their sole discretion. The data controller is not liable in any way for the contents of published reviews. Users accept full responsibility for the content, whether or not they are the authors

If the data provided belongs to third parties, the user will ensure that these third parties are informed of the contents of this Privacy Policy and that the user has received prior authorisation to send this data to the data controller for the purposes indicated.

e) Data provided voluntarily by registered Artisans
If the user decides to register on the website as an Artisan, they accept the data processing terms and conditions as per the previous point, which apply to all registered users.

They also declare to be fully responsible for the images and text uploaded on their personal profile pages, which will be publicly visible to all website visitors subject to prior approval by the data controller (which is non-contestable). They accept that this content may be used by the data controller on various online and offline platforms to promote the Wellmade project or to describe the Artisan’s activities. If any uploaded content belongs to third parties, the Artisan will ensure that these third parties have been informed of the contents of this Policy, and that the Artisan has received prior authorisation to provide this information to the data controller for the purposes described. Artisans absolve the data controller of any responsibility for the use of this content.
Artisans agree to communicate any change in the personal, contact or service details shown on their personal profile page, to ensure that information is correct for website users. The data controller cannot be held responsible if the Artisan does not update their data.
The data controller reserves the right to change public content present on the Artisan’s personal profile page, subject to their prior approval.
The Artisan agrees to receive reviews on their personal profile page written by other users registered on the website, which will be publicly visible by all website visitors. The Artisan has the right to ask the data controller to remove or correct these reviews where they deem them inappropriate, untruthful or incorrect. The data controller agrees to consider the request and to protect the professional and personal profile of the Artisan (within the limits of their role and excluding any legal proceedings). If the Data Controller deems it necessary, they may verify information published by users but cannot guarantee to Artisans that it will be removed or corrected. The final decision rests with the Data Controller.

6 – Processing methods and security measures

Personal data is processed with automated tools for the time strictly necessary to carry out the purposes for which it is collected.

Specific security measures are in place to prevent unauthorised or illegitimate processing, accidental transferral, destruction, damage or loss of data, and illicit/incorrect use or access by non-authorised persons. Data processing is carried out in adherence to article 32 of the GDPR in relation to security measures. If any assigned third parties are involved in data processing they will operate in line with article 29 of the GDPR.

The Data Controller will use technologies and procedures to ensure that personal data is protected. This is carried out via requesting individual credentials which are held exclusively by staff at Fondazione Cologni authorised to access the confidential data. The Fondazione will use devices which are continuously updated to ensure the security of personal data processing and storage.

Whilst all possible organisational and technical measures are adopted, it is not possible for us to absolutely guarantee complete data security.

7 – Data storage methods and timescales

Collected personal data is stored in electronic databases by Fondazione Cologni. The data is physically present on a server located in the Fondazione offices. It is backed-up on an external NAS (Network Attached Storage) connected to the Fondazione offices, allowing users to access and share mass storage.
Paper copies of some documents are filed in folders kept in the internal archives of the Fondazione. Access to the electronic databases and the paper-based archives is regulated via specific access limits.

Data will be kept for the time necessary to fulfil the purpose for which it was collected, and in any case in adherence to the current legislation in force.

8 – Rights of interested parties

Interested parties hold rights as per sections 2, 3 and 4 of Heading III of GDPR (Right to access personal data). The subjects of this personal data have the right to obtain confirmation if the data concerning them exists, to know the contents and the origin of the data, the verify if it is correct, and to request additions, updates or corrections at any time. These subjects also have the right to request the deletion (erasure), transformation into anonymous form or blocking of data being processed in violation of the law, including the right to oppose data processing for legitimate reasons. They also have the right to make complaints to the appropriate supervisory body.

For more information and any requests relating to the upholding of Wellmade’s Data Protection Policy, please contact us via email at



Fondazione Cologni dei Mestieri d’Arte has created this Cookie Policy to provide information to users about Cookies used by the website (referred to in hereafter as ‘the Website’) and describes the purposes and terms and conditions of their use.

1 – Cookies

Cookies are small text files which are sent to the user’s terminal (usually their browser) by websites they visit. They are stored on the user terminal and then re-transmitted to the website in successive visits by the user to the same website. While browsing a website, users, may receive cookies from other websites or web servers, known as ‘third party’ cookies. These occur because the website visited may contain elements such as images, maps, audio files, or connections to single web pages on different domains, which are found on servers different from those where the visited page is stored.

Cookies are usually present in substantial numbers on each user’s browser and are sometimes stored for a long period of time. They are used for various purposes such as authentication, monitoring browsing sessions, storing specific information on the user’s access configuration on a particular server, and so forth. To adapt to these devices in an appropriate fashion, it is necessary to distinguish between them by considering users’ purposes, as there are no technical characteristics which enable this. This is the approach adopted by the Italian Parliament, which has set out the obligation to obtain informed consent from users to install cookies for purposes other than the purely technical, as per EC Directive no. 136/2009. In light of this, cookies may be categorised into two main groups: ‘technical’ cookies and ‘profiling’ cookies.

a) Technical cookies
This type of cookie is used exclusively to carry out communications on an electronic network, or where strictly necessary for a company which provides IT services which have been expressly requested by a contracted party or user. They are not used for other purposes and are usually directly installed by the data processer or the web manager (or webmaster). They may be grouped as follows:
Browser or session cookies – these allow users to browse and use a website (for example to make purchases online or to use credentials to access particular sections)
Analytical cookies – these are considered technical cookies in the sense that they are used directly by the webmaster to collect aggregated information about the number of visitors and the pattern of visits to the website
Functional cookies – these allow users to browse within pre-determined criteria, such as language or products to purchase in order to improve the quality of service. It is not necessary to obtain prior consent from users to install these cookies.

b) Profiling cookies
Profiling cookies are for creating a profile of the user. They are used to send advertising messages which adhere to preferences shown by the user while browsing. In light of the highly invasive nature of these cookies on the private sphere of the user, Italian and European legislation imposes the requirement for users to be appropriately informed about the use of profiling cookies, and be able to provide valid consent.

2 – Types of cookie used by the website

a) Statistical cookies for website owners: these help the owners of the website to understand how users interact with the website, collecting and transmitting information in anonymous form. Specifically:

_ga HTML 2 years
First URL found:
Description of purpose of cookie: Recording a unique ID used to general statistical data on how the visitor uses the website.
Initialisation: Script tag, page and line number: 770.
Data sent to: United States (approved)
Prior consent enabled: No


_gat HTML Session
First URL found:
Description of purpose of cookie: Used by Google Analytics to limit the frequency of requests
Initialisation: Script tag, page and line number: 770.
Data sent to: United States (approved)
Prior consent enabled: No


_gid HTML Session
First URL found:
Description of purpose of cookie: Recording a unique ID used to generate statistics on how the visitor users the website.
Initialisation: Script tag, page and line number: 770.
Data sent to: United States (approved)
Prior consent enabled: No


b) Third party statistical cookies:

concretes HTTP Session
First URL found:
Description of purpose of cookie: unclassified
Initialisation: Script tag, page and line number: 770.
Data sent to: United States (approved)
Prior consent enabled: No

Google Analytics

This is an analytical service provided by Google Inc. (‘Google’) which uses cookies stored on user terminals for statistical analysis on website usage in aggregate form (access, visits, events, actions and studies of user browsing routes on the website). This information is collected by Google Analytics, who process it to create reports for the website owners about activity on the website. This website does not use (and does not allow third parties to use) Google analysis tools to monitor or collect personal identifying information.
The website applies a mechanism provided by Google analytics to render user IP addresses anonymous.
This mechanism operates by masking a part of the IP address at the moment it is obtained by the website, disactivating all the settings for sharing data with Google. In this way, information collected is anonymous and only used for the Google Analytics service to allow the Fondazione to carry out internal statistical analysis, useful for optimising the website and the services offered. In any case, Google offers the possibility for visitors who do not want their browser data to be sent to Google Analytics to disactivate this option, installing the ‘opt-out’ component (see Data generated by Google Analytics is stored by Google using methodology laid out here: Google Inc’s Privacy Policy as autonomous data processer for the Google Analytics service is available here:

c) Unclassified cookies: these are cookies which are in classification phase, together with the providers of individual cookies.

3 – Third party links

The website may include ‘buttons’ which allow visiting users to navigate to and interact directly with social networks in one click, such as Facebook or Instagram. These services may, in turn, request personal data from users. These websites have their own Privacy Policies and conditions of use – which we recommend users read when visiting third party websites, as they may be very different to this Policy. The Fondazione is not liable for the collection or use of information carried out by third party websites.

4 – Disabling cookies

Browser settings may be adjusted to limit, block or eliminate cookies. The process varies slightly according to the type of browser used. For detailed instructions, click on the link relating to the relevant browser below:
– Further information on disabling cookies on Mozilla Firefox;
– Further information on disabling cookies on Chrome;
– Further information on disabling cookies on Internet Explorer;
– Further information on disabling cookies on Safari;
– Further information on disabling cookies on Opera;

Some sections of the website are only accessible by enabling cookies. Disabling them may mean that the user cannot access some of the content or experience the full functioning of the website.

5 – Consent

Using this website, the user gives their consent to the processing of their data and the use of cookies, in line with the terms and conditions of this Policy. If the user does not intend to give their consent to this processing, they must immediately cease browsing the website. Continuing to navigate the site is effectively equivalent to providing this consent.