Information pursuant to ARTT. 13-14 OF REG.TO UE 2016/679
The disclosure is a general obligation that must be fulfilled before or at the latest when initiating the direct collection of personal data. In the case of personal data not collected directly from the data subject, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or the data subject). Pursuant to the General Regulation for the Protection of Personal Data of Natural Persons (GDPR – Reg.(EU)2016/679), the undersigned organization, data controller, informs of the following:
SOURCES AND CATEGORIES OF PERSONAL DATA
The personal data held by the undersigned organization are collected directly from the interested parties. This site does not collect sensitive data, for which we mean those suitable to reveal racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of a religious nature, philosophical, political or trade union, the state of health and sexual life.
The computer systems and software procedures responsible for the operation of the website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but that by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to the operating system and the computer environment of the user. This data is used only for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data may be used to ascertain liability in case of hypothetical computer crimes against the site.
Profiling data on the consumption habits or choices of the data subject are not directly acquired. However, it is possible that through links or by incorporating third-party elements, such information may be acquired by autonomous or separate entities. See in this regard the section of third-party cookies.
Like others, this website saves cookies on the browser used by the interested user for the transmission of personal information and to enhance the experience. In fact, cookies are small strings of text that the sites visited by the user send to their terminal (usually to the browser), where they are stored, sometimes even with features of large time persistence, to be then retransmitted to the same sites the next visit.
As explained below, you can choose whether and which cookies to accept, bearing in mind that refusing to use it may affect the ability to make certain transactions on the site or the accuracy and adequacy of certain customizable content proposed or the ability to recognize the user from one visit to the next. If you do not make any choice in this regard, the default settings will be applied and all cookies will be activated: however, at any time, you can communicate or change the decisions in this regard.
In particular, so-called session cookies are used, which are not stored persistently on the user’s computer and disappear when the browser is closed and whose use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site and to avoid the use of other IT techniques potentially detrimental to the confidentiality of users’ navigation and do not allow the acquisition of personal data identifying the user. Then we use analytics cookies that help us understand how visitors interact with the content of the site, collecting information (geographical and web origin, technology used, language, pages of entry, visits, exit, residence times, etc.) and generating website usage statistics without personally identifying individual visitors. All these are technical cookies for which, since consent is not required, the opt-out mechanism applies. Technical cookies are not communicated to third parties because they are necessary or useful for the operation of the site; therefore, they are processed only by qualified subjects such as data processors or system administrators.
Third party cookies
Finally, the site incorporates cookies and other elements (tags, pixels, etc.) of third parties (autonomous and on which the Data Controller has no responsibility) that also carry out profiling activities and for which you can refer to the respective sites:
• Google Analytics
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail to the addresses indicated on the site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the email. Also the sending, explicit and voluntary forms that can be filled out on the site containing data of the data subject involves the processing to follow up the pre-contractual obligations or the execution of the services provided by sending the forms. This information in the forms may concern personal data, contact details, contact details, telephone numbers, email addresses of data subjects and third parties identified and identifiable having cause with the user of the site. However, specific summary information will be progressively reported or displayed in the pages of the site prepared for particular services on request.
Newsletter and Mailing-list
The e-mail contacts used to send communications from the site come from voluntary registrations by the recipient who is always submitted a request for confirmation, as well as information acquired in a context of sale of products or services of the Data Controller or similar. This includes sending information, promotional communications and material. It should be noted that contacts are not acquired from public subscriber lists. In the event that the communications are not of interest to the recipient, you can avoid any further contact by clicking on the appropriate link contained in each message, or by writing to the addresses below exercising your right to unsubscribe from the newsletter.
It will be possible to make commercial communications on the basis of legitimate interest within 24 canonical months from the last contact.
It will be possible to unsubscribe from the newsletter at any time.
PURPOSE AND LEGAL BASIS OF PROCESSING
Personal data are used (ref. art.6(b) of the GDPR):
a) to allow navigation on the site and
b) possibly to perform the service or the service requested within the normal activity carried out by the undersigned organization (cod. ateco 90.03.02 conservation and restoration of works of art).
In addition, all personal data may be processed:
c) for purposes related to obligations laid down by law, as well as by provisions issued by authorities legitimized by law (ref. art. 6 (c) and 9 (b,g,h) of the GDPR);
d) to establish, exercise or defend a right in court and out of court (legitimate interest) of the undersigned organization (ref. Art. 6 (f) and 9 (f) of the GDPR);
e) for direct marketing purposes according to the legitimate interest of the Data Controller in particular; for cookies, advertising IDs used to show advertising and ads; for e-mail addresses for sending the newsletter; for browsing and use logs to protect the site and the service from cyber-attacks; in these cases the data subject can always deny consent so that the Data Controller will refrain from processing (ref. Art. 6 (f) of the GDPR);
f) for purposes relevant to the activity for which the data subject may or may not give his or her consent, e.g. subscribing to the newsletter to receive information messages and promotion and sale of products and services, detection of the degree of satisfaction, communication of data to third parties for receiving information and promotional communications and marketing (GDPR art.6 (a))
g )with the consent of the data subject, in the case of sensitive data (ref. art.9 (a) of the GDPR).
CONSEQUENCES OF REFUSAL TO PROVIDE DATA
The provision of the data collected from the data subject is optional but essential for the purpose of processing the data for the purposes of letters a) and b). In the event that the data subjects do not communicate their indispensable data and do not allow the processing, it will not be possible to proceed with the completion and implementation of the proposed services and to comply with the contractual obligations undertaken, with the consequent prejudice for the correct fulfilment of regulatory obligations, such as e.g. accounting, tax and administrative, etc..
Apart from what is specified for navigation data, the user is free to provide personal data for cookies and specific requests through forms e.g. on products and/or services. Failure to provide them may make it impossible to obtain the requested. For all non-essential data, including sensitive data, provision is optional. In the absence of consent or incomplete or incorrect provision of certain data, including sensitive data, the required fulfillments may be so incomplete as to cause prejudice or in terms of penalties or loss of benefits, either because it is impossible to ensure that the obligations for which it is carried out are treated equally, or because the results of the treatment may not correspond to the obligations imposed by the laws to which it is addressed, intending to exempt the undersigned organization from any and all responsibility for any penalties or measures afflicting.
METHODS OF DATA PROCESSING
The processing related to the web services of the site are treated with automated tools for the time strictly necessary to achieve the purposes for which they were collected; take place at the server in Italy or the EU and are handled only by technical personnel in charge of processing, or by any person in charge of maintenance and administration operations. Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorized access and loss of confidentiality. The facility is equipped with anti-intrusion devices, firewalls, logs and disaster recovery. Specific mechanisms of encryption and data segregation and authentication and authorization of users are used.
Data processing means the collection, registration, organisation, storage, processing, modification, deletion and destruction of data or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data is carried out through manual, computer and telematic tools, with logics strictly related to the purposes themselves and, however, in order to ensure the security and confidentiality of personal data will therefore be processed in accordance with the methods indicated in art. 5 Reg.to UE 2016/679, which provides, inter alia, that the data are processed lawfully and fairly, collected and recorded for specific, explicit and legitimate purposes, accurate, and if necessary updated, relevant, complete and not exceeding the purposes of the processing, in compliance with fundamental rights and freedoms, and the dignity of the data subject with particular reference to confidentiality and personal identity, by means of protection and security measures. The undersigned organization has set up and will further improve the security system of access and data retention.
There is no automated decision-making (e.g. profiling).
TRANSFERS OUTSIDE THE EU
The treatment does not take place in non-EU and non-EEA countries.
Personal data will be stored, in general, as long as the purposes of the processing continue according to the category of data processed.
CATEGORIES OF RECIPIENTS
The data (only the indispensable ones) are communicated
to persons in charge and responsible for the processing, both internal to the organization of the undersigned and external, who carry out specific tasks and operations (administration of the site, analysis of navigation data, traffic, profiling, management of emails and forms sent voluntarily by the user, fulfillment of e-commerce requests and orders, etc.)
in the cases and subjects provided by law
The data will not be disseminated unless otherwise provided by law or after anonymization. Without prejudice to what is specified for cookies and third-party elements, without the prior general consent of the data subject to communications to third parties, it will be possible to provide exclusively services that do not provide such communications. In case of necessity specific and punctual consents will be required and the subjects who will receive the data will use them as autonomous owners.
In some cases (not subject to the ordinary management of this site) the Authority may request news and information, for the purpose of controlling the processing of personal data. In these cases, the response is mandatory under penalty of administrative sanction.
RIGHTS OF THE DATA SUBJECT
At any time you may: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided against the data controller, pursuant to art. from 15 to 22 of the GDPR (read the rule here); submit a complaint to the Data Protection Authority; if the processing is based on consent, revoke such consent given, taking into account that the revocation of consent does not affect the lawfulness of the processing based on consent before the revocation.
Almost all browsers offer the possibility of managing and not enabling cookies, in order to respect the preferences of users. In some browsers you can set rules to manage cookies site by site, option that offers a more precise control over the privacy of the user; another feature available on some browsers is the mode of incognito browsing, so that all cookies created in this mode are deleted after closing.
See the following instructions for managing cookies in their browsers:
In the case of educational activities carried out with schools, please refer to the specific school regulations.
CONTACT DETAILS AND CONTACTS
The data controller is Fondazione Centro Conservazione e Restauro La Venaria Reale, in the person of its legal representative pro tempore.
The data protection officer (data protection officer) is Spaziottantotto srl.
The registered office is in Via XX Settembre 18, cap 10078, Venaria Reale (TO).
Contact details are: telephone 011 4993007; fax 011 4993033; e-mail firstname.lastname@example.org