- The Data Controller is the natural or legal person who individually or together with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or specific criteria applicable to his or her designation may be established by Union law or by the Member States;
- The Data Subject is the natural person to whom the personal data belong.
Società Cooperativa Sistema Museo, with its registered office in Perugia, Via Danzetta 14, VAT No. 01825380544, as the data controller, informs you pursuant to Art. 13 D.Lgs. 30.6.2003 no. 196 (hereinafter “Privacy Code”) and Art. 13 Regulation (EU) no. 2016/679 (hereinafter “GDPR”) that your data will be processed in the following manner and for the following purposes:
OBJECT OF THE PROCESSING
The Data Controller processes personal identification data (e.g. name, surname, company name, address, telephone number, e-mail address, bank and payment details) - hereinafter “personal data” or also “data” - which you have provided for the supply of goods and services offered by the Data Controller or subscription to the newsletter and/or commercial communications and/or advertising material for goods and services offered by the Data Controller.
PURPOSE OF THE PROCESSING
- Only subject to your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), which may be withdrawn in any case and at any time, for the following organizational and administrative purposes: relating to the conclusion of contracts for the purchase of goods and services provided by the Data Controller and sending to Sistema Museo partners and/or suppliers necessary to provide the requested service;
- Only subject to your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), which may be withdrawn in any case and at any time, for the following Marketing Purposes:
- to send you via e-mail, mail and/or text message, instant messaging services and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and collecting data on the degree of satisfaction for the quality of the services.
In the case of a request for cancellation from the mailing list, your data will no longer be processed for any purpose. Please note that if you are already our customer, we may send you commercial communications regarding services and products of the Data Controller similar to those you have already used, unless you withdraw your consent (Article 130 paragraph 4 of the Privacy Code).
NATURE OF THE PROVISION OF DATA
The provision of data for the purposes referred to in point A) is mandatory for the providing of the goods and services requested.
Failure to provide consent in this case will result in the non-provision of the good and/or service requested.
The provision of data for the purposes referred to in point B) is optional.
You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and/or advertising material related to the Services offered by the Data Controller.
By checking the box “I consent” to the processing of data for the purposes referred to in point A) and/or B) at the bottom of the registration form, after viewing this information, the Data Controller will be authorized to process your personal data only and exclusively for the purposes described above.
If you do not check the “I consent” box, the Data Controller will not be allowed to process your personal data in any way.
The legal basis for the processing referred to in point A) is the performance of a contract to which you are a party or the implementation of pre-contractual measures taken at your request. The provision of personal data is necessary to obtain information and/or to use the services requested. Failure to provide such data will make it impossible for our personnel to respond to your requests.
The legal basis of the processing referred to in point B) is the consent you have given, and the provision of personal data is optional. The consent refers exclusively to the newsletter service, and failure to provide it does not affect the receiving of the information you requested.
The processing of your personal data is carried out through the operations indicated in Art. 4 of the Privacy Code and Art. 4 no. 2 GDPR and more specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subjected to both paper and electronic and/or automated processing.
The Data Controller will process and store personal data for the purposes referred to in point A) for the time needed to provide the required services and subsequently for a period not exceeding the statutory limitation period for tax, accounting and administrative purposes.
For the purposes referred to in point B), the Data Controller will process and store personal data until the data subject withdraws consent to receive commercial communications from the Owner.
ACCESS TO THE DATA
Your data may be made accessible for the purposes referred to in points A) and B) to one or more specific parties, under the following conditions:
a) to persons appointed within our structure to process the data, and in particular to the employees of our administrative offices;
b) to parties that can access the data according to law, or to European Union regulations, within the limits established by law;
c) to parties who need access to data for purposes ancillary to the relationship, within the limits strictly necessary to carry out the auxiliary tasks assigned to them (e.g. credit institutions and shippers);
d) to our consultants, within the limits necessary to carry out their duties, subject to our letter of appointment which imposes the duty of confidentiality and security in the processing of data;
e) to other outside parties in their capacity as organizers and/or partners in the institutional activities related to actions and events in which you request to participate through the website www.museoceramicadideruta.it.
Without the need for express consent, the Data Controller may communicate your data for the purposes referred to in point A) and point B) to supervisory and judicial authorities, as well as to those parties to whom communication is mandatory according to law for completion of the said purposes. These parties will process the data in their capacity as independent data controllers. Your data will not be disseminated.
As concerns the data that we are obligated to know in order to comply with the obligations established by law, by EU regulations and by national legislation, or by provisions issued by Authorities legitimated by law and by supervisory and control bodies, your failure to provide them will result in the impossibility of establishing or continuing the relationship, to the extent that such data are necessary for the carrying out of the same. As regards the data that we are not obligated to know, the failure to obtain them will be evaluated by us each time, and will bring about the resulting decisions related to the importance for us of the data requested but not provided by you.
Log files: during their normal operation, the computer systems and the applications dedicated to the operation of the www.museoceramicadideruta.it website detect some data (the transmission of which is implicit in the use of Internet communication protocols) not associated with directly identifiable users. The data collected includes the IP addresses and the domain names of the computers used by the users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful outcome, error, etc.) and other parameters regarding the operating system and the IT environment used by the User. These data are processed for the time strictly necessary for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its regular operation.
Personal data is stored in the cloud at TIM Nuvola IT Data Space.
RIGHTS OF THE DATA SUBJECT
In your capacity as the data subject, you have the rights set forth in Art. 7 of the Privacy Code and Art. 15 GDPR, and more specifically the rights to:
- obtain confirmation of the existence or not of personal data that concern you, even if not yet registered, and their communication in an intelligible form;
- obtain the indication of: a) the origin of the personal data; b) the purposes and procedures of the processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the data controller, the persons in charge and the designated representative pursuant to Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph 1 of the GDPR; e) the parties or categories of parties to whom the personal data may be communicated or who may obtain knowledge of them in their capacity as the designated representative in the territory of the State, the persons in charge or the managers or the persons appointed;
- obtain: a) the updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including those data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the statement that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right;
- object, in whole or in part: a) for legitimate reasons, to the processing of the personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by means of e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right to object of the data subject, set out in the preceding point b), for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even if only in part. Therefore, the data subject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication. Where applicable, the data subject also has the rights set forth in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right of complaint to the Competition Authority.
PROCEDURE FOR EXERCISING RIGHTS
You can exercise your rights at any time by sending:
- a registered letter with advice of receipt to Società Cooperativa Sistema Museo, Via Danzetta 14 - 06121 Perugia (PG)
- an e-mail to: firstname.lastname@example.org.