- Data controller is the natural or legal person who individually or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria applicable to its designation may be established by Union or Member State law;
- Data subject is the natural person to whom the personal data belong
L’Orologio Società Cooperativa, with legal and administrative headquarters in Pontassieve (FI), Via Lisbona 23, P.I. 03142960487, as the data controller, informs you in accordance with Article 13 Legislative Decree 30.6.2003 No. 196 (hereinafter, “Privacy Code”) and Article 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following manner and for the following purposes:
OBJECT OF PROCESSING
The Data Controller processes personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references) – hereinafter, “personal data” or also “data” – communicated by you for the provision of goods and services offered by the Data Controller or newsletter subscription and/or commercial communications and/or advertising material for goods and services offered by the Data Controller.
PURPOSES OF PROCESSING
- Only after your specific and distinct consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR), which can be revoked in any case and at any time, for the following organizational and administrative purposes: related to the conclusion of contracts for the purchase of goods and services provided by the Owner and transmission to partners of L’Orologio Società Cooperativa and/or suppliers necessary to provide the requested service
- Only after your specific and distinct consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR), which may be revoked in any case and at any time, for the following Marketing Purposes:
To send you via e-mail, mail and/or sms, instant messaging services and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and satisfaction survey on the quality of services.
If you request to be removed from the mailing list, your data will no longer be processed for any purpose. We would like to point out that if you are already our customer, we may send you commercial communications relating to services and products of the Controller similar to those you have already benefited from, unless you disagree (art. 130 c. 4 Privacy Code).
NATURE OF DATA PROVISION
The provision of data for the purposes referred to in point A) is mandatory for the purpose of providing the requested goods and services.
Failure to provide consent in this case will result in the non-delivery of the requested good and/or service.
The provision of data for the purposes of point B) is optional.
You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and/or advertising material inherent to the Services offered by the Data Controller.
By ticking the box “I agree” to the processing of data for the purposes referred to in point A) and/or B) at the bottom of the appropriate registration form, after having reviewed this information, the Data Controller will be authorized to process your personal data solely and exclusively for the purposes described above.
Failure to check the “I agree” box will not allow the Controller to Process your personal data in any way.
The legal basis for processing under A) is the performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request. The provision of personal data is necessary to obtain the information and/or to use the services requested. Failure to provide them will result in our staff being unable to respond to your requests.
The legal basis for the processing under B) is the consent you provide, and the provision of personal data is optional. Express consent refers only to the newsletter service and failure to provide it will not affect the receipt of the information you have requested.
MODE OF TREATMENT
The processing of your personal data is carried out by means of the operations indicated in Art. 4 Privacy Code and Art. 4 No. 2) GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison,
use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.
The Data Controller will process and retain personal data for the purposes set forth in A) for the time necessary to provide the requested services and thereafter for a period not exceeding the statutory limitation period for tax, accounting and administrative purposes.
For the purposes of (B) above, the Data Controller will process and retain personal data until the data subject withdraws consent to receive commercial communications from the Data Controller.
ACCESS TO DATA
Your data may be made accessible for the purposes set forth in A) and B) to one or more specified parties in the following terms:
- to subjects entrusted within our structure to process the data, and in particular to the employees of our administrative offices;
- to subjects who can access the data by virtue of a provision of the law, or EU regulations, within the limits provided by law;
- to subjects who need access to the data for purposes auxiliary to the intercurrent relationship, within the limits strictly necessary to carry out the auxiliary tasks entrusted to them (e.g., credit institutions and forwarding agents)
- to our consultants, to the extent necessary to carry out their assignment, subject to our letter of assignment imposing the duty of confidentiality and security in the processing of data;
- to other external parties in their capacity as organizers and/or partners in institutional activities related to initiatives and events in which you request to participate through the sites www.museonazionalerossini.it and www.sistemamuseo.it
COMMUNICATION OF DATA
Without the need for your express consent, the Data Controller may communicate your data for the purposes referred to in point A) and point B) to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom the communication is compulsory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous data controllers. Your data will not be disseminated.
With regard to the data that we are obliged to know, in order to fulfill the obligations provided for by laws, EU regulations and national legislation, or by provisions issued by Authorities empowered to do so by law and by supervisory and control bodies, failure on your part to provide such data will result in the impossibility of establishing or continuing the relationship, to the extent that such data are necessary for the execution of the same. As for the data that we are not obliged to know, failure to obtain them will be evaluated by us from time to time, and will determine the consequent decisions related to the importance for us of the data requested but not provided by you.
Log files: computer systems and applications dedicated to the operation of the sites www.museonazionalerossini.it and www.sistemamuseo.it detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) not associated with directly identifiable users. The data collected include the IP addresses and domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system and the computer environment used by the User. These data are processed, for the time strictly necessary, for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its regular operation.
The reCAPTCHA service is used for the sites www.museonazionalerossini.it and www.sistemamuseo.it, which allows, when filling out the Purchase/Order Forms and contacting the organization of L’Orologio Società Cooperativa, to avoid malicious attempts and fraud.
The reCAPTCHA and MAPS services are provided by Google HQ.
On the sites www.museonazionalerossini.it and www.sistemamuseo.it are not used in any way computer techniques for the direct acquisition of personal data identifying the user or user profiling systems. The so-called technical session cookies, once the connection to the site is terminated, are not stored. Our computer systems use: cookies for the transmission of information of a personal nature, and no persistent cookies.
Personal data are stored in the cloud at Register S.p.A.’s data centers.
RIGHTS OF THE DATA SUBJECT
In your capacity as a data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR, namely the rights to:
- obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form;
- obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and the designated representative under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, managers or agents;
- obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or mail. It should be noted that the data subject’s right to object, set out in point b) above, for direct marketing purposes through automated modalities extends to traditional ones and that, in any case, the possibility for the data subject to exercise the right to object also only in 4 part remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication. Where applicable, he/she also has the rights set forth in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.
HOW TO EXERCISE YOUR RIGHTS
You may at any time exercise your rights by sending:
- a registered letter with return receipt to L’Orologio Società Cooperativa/Business Unit Sistema Museo, Via Danzetta 14 – 06121 Perugia (PG)
- an e-mail to privacy email@example.com