In the documentation of our WordPress theme (checkout) there is a misleading section called "SEO" that is somehow unrelated from "search engine optimization stuff" but it's really about analytics and tracking stuff. From there I was able to identify some trackers and disable them. For historical reasons, note that this is the backend page I'm talking about:

https://www.wikimedia.it/wp-admin/admin.php?page=be-options

From there I was allowed to disable these trackers:

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-178106070-1"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-178106070-1');
</script>

<!-- Facebook Pixel Code -->
<script>
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window,document,'script',
'https://connect.facebook.net/en_US/fbevents.js');
fbq('init', '375183623897553'); 
fbq('track', 'PageView');
</script>
<noscript>
<img height="1" width="1"
src="https://www.facebook.com/tr?id=375183623897553&ev=PageView
&noscript=1"/>
</noscript>
<!-- End Facebook Pixel Code -->

<!--
 __________________________
< I'm a tracker! Trust me. >
 --------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
-->

In the meanwhile from that backend page I noticed an hardcoded logo stuck at the http:// protocol. That was causing this warning:

Fixed just replacing the wrong absolute logo URL with its relative version:

diff --git
-http://www.wikimedia.it/wp-content/uploads/2020/08/logo-wikimedia.png
+/wp-content/uploads/2020/08/logo-wikimedia.png

Also removed a tracker from this backend page:

https://www.wikimedia.it/wp-admin/admin.php?page=gf_settings&subview=GFGAET_UA

And disabled the plugin Gravity Forms Event Tracking, now probably not used.

In the meanwhile we are contacting the service provider about:

• a weird http://188.213.160.48/wiki/ entry point that should be disabled / redirected to the canonical domain and protocol
• a tracker that we are not able to disable without reverse-engineering or FTP or SSH access (again, actually everything is managed by the service provider and we have only access to the WordPress panel)

New story. Talking with @Galessandroni he has just discovered that in https://sostieni.wikimedia.it there was a (test?) legacy URL pointing to an unknown domain with a blank privacy page. It seems this domain is served by a CRM that we never seen in our life.

It was not easy to be detected because of that onclick bind event that was silently overriding the destination.

Anyway one of the Wikimedia Italia staff members with access to that system reported that she can change that behavior from this field:

So she fixed now. Now the webpage points to the real Wikimedia Italia privacy policy.

Uhm. At the same time we noticed that https://sostieni.wikimedia.it/ contains some legacy trackers that should not be present! www.googletagmanager.com, connect.facebook.net and www.googletagmanager.com. Also some fonts can be deployed locally. Now the service provider is aware of these requests. We have to wait.

As pointed out by @Nemo_bis the website https://www.wikimedia.it/ still has proprietary & third party trackers. This should be fixed ASAP but this well-known issue was not fixed by our provider/webmaster since December 2020 (and they have an exclusive management).

If I'm not mistaken @Maupao70 sent the third reminder recently, setting a call with them for some clarifications (for example, it is okay that the site is managed by a professional, but it is not good that it has the exclusive management).

@valerio.bozzolan: Hi, the Due Date set for this open task was a while ago.
Can you please either update or reset the Due Date (by clicking Edit Task), or set the status of this task to resolved in case this task is done? Thanks.

This task has an overly broad subject. It's impossible to check an unspecified number of things for an unspecified number of regulations. The subtasks appear to be about configuration of Wikimedia Italia websites for the sake of privacy and antifraud compliance, so the task could reflect that.

I'd add there isn't much to review. When something violates the privacy policy, it must be killed on the spot.