PERSONAL DATA PROCESSING POLICY PURSUANT TO ART. 13 OF REGULATION
Pursuant to art. 13 of Regulation (EU) 2016/679 (henceforth the 'GDPR'), this page describes the ways in which the personal data of users who consult the institutional website (also the 'Site') of the Vittoriano and Palazzo Venezia (henceforth 'VIVE') are processed.
The information contained herein does not apply to other websites, web pages, or online services that are reached via hyperlinks published on the Site which refer to resources external to the VIVE web domain.
The data of identified or identifiable natural persons may be processed upon their having accessed and/or viewed the Site.
The Data Controller is the Vittoriano and Palazzo Venezia, with offices in 49 Piazza San Marco, 00186 - Rome (ITALY). Data subjects can contact the Data Controller by sending an email to: firstname.lastname@example.org
DATA PROTECTION OFFICER
Pursuant to art. 37 of the GDPR, the Data Protection Officer (the DPO) is Maria Luisa Lo Monte, an administrative officer of VIVE, who can be contacted as follows:
Email: email@example.com | telephone: +39 06.69994249 | 49 Piazza San Marco 00186 – Rome (ITALY).
PURPOSE AND LEGAL BASIS OF PROCESSING
The personal data indicated on this page are processed by VIVE while completing tasks relating to the public interest or, in any case, connected to exercising its powers as a public entity, including the management and safeguarding of public heritage and relative marketing/communication activities.
The personal data you provide are processed exclusively for purposes strictly connected to and necessary for the use of the Website and any requested services, i.e., for purposes that are functional to the fulfilment of searches, analyses and statistics, the delivery of informative materials and updates on VIVE initiatives and programmes.
Pursuant to art. 13, section 3 of the GDPR, should the Data Controller intend to process personal data for purposes other than those they were collected for, the Controller must provide information on that new purpose and all other pertinent information to the data subject before said processing begins.
TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING
As part of their normal operation, the IT systems and software procedures which ensure the proper functioning of the Website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects. However, by its very nature, it could permit users to be identified through processing and association with data in the possession of third parties. This category of data includes the IP addresses or domain names of computers used by users who connect to the website, addresses of the resources requested in URI (Uniform Resource Identifier) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the exclusive purpose of deriving anonymous statistical information about the use of the website and to check that it is operating correctly. They are erased immediately after the processing operation is complete. The data could be used to determine responsibility in the event that the website was damaged by a hypothetical cybercrime.
Data provided by users
The optional, explicit and voluntary sending of messages to the contact addresses of VIVE, private messages sent by users to institutional profiles/pages on social media platforms (where possible), and the compilation and forwarding of the forms found on the VIVE website necessarily involve the acquisition of the contact data of the sender, which is required to respond, as well as all the personal data included in the sender's message.
Detailed information will be published as necessary on the VIVE web pages which are set up for the provision of such services.
OPTIONAL PROVISION OF PERSONAL DATA
Aside from that specified in relation to browsing data, users are free to provide the personal data listed in the forms used to request services on the Website, to request information, and to send suggestions and corrections to the Site’s managers, or to provide data during telephone calls with the offices of VIVE.
Failure to provide said data will make it impossible to fulfil the user's request.
For services provided by third parties, in which the Site acts exclusively as a 'display’ for said services, VIVE is neither the data controller nor data protection officer.
PLACE, METHODS AND DATA RECIPIENTS
Personal data is processed at the offices of the Data Controller or those of the Data Processors with automated processing tools for the time strictly necessary to complete the purposes for which they were collected, while complying with the privacy and security rules set forth in applicable regulations/laws.
Specific technical and organisational security measures have been adopted to protect the data from changes, erasure, loss, theft or their unsuitable or unlawful use.
Processing connected to the web services of this website are handled exclusively by authorised expert staff that have been instructed on data processing, or by the Processors designated by the Controller pursuant to art. 28 of the GDPR. The data deriving from the web service will not be otherwise disseminated. The personal data provided by users who send requests for information and suggestions will be used exclusively for the purpose of providing the service or activity requested, and said data will only be sent to other staff authorised for data processing within VIVE or to other public or private parties only if required by legal obligations or if strictly necessary in order to provide the information requested by the user.
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
If the data is to be transferred to non-EU countries or to international organisations, the Data Controller shall clarify to the data subject:
- whether or not there is an adequacy decision by the EU Commission, i.e., if the Commission has decided that the third country, a region or one or more specific industries within the third country, or the international organisation in question can guarantee a suitable level of data safeguards. If so, the transfer shall not require specific authorisation;
- lacking the above, reference must be made to appropriate or adequate safeguards and an indication of the means to obtain a copy of said data or the place where it has been made available.
In order to guarantee proper, transparent processing, personal data will be kept for the shortest period required for the purposes for which said data were collected or subsequently processed in accordance with the obligations of the law.
RIGHTS OF THE DATA SUBJECT
Data subjects have the right to obtain from VIVE, in certain cases, access to their personal data and to request the correction, erasure or portability of said data, or the restriction of processing which regards their data, or to object to the processing of said data (art. 15 et seq of the GDPR). Special requests can be submitted to VIVE by contacting its Data Protection Officer (DPO), Maria Luisa Lo Monte, an administrative officer of VIVE, who can be contacted as follows:
Email: firstname.lastname@example.org | tel: +39 0669994249| 49 Piazza San Marco, 00186 – Rome (ITALY).
RIGHT TO LODGE A COMPLAINT
Data subjects who believe that the processing of their personal data conducted via this Site violates the GDPR have the right to lodge a complaint with the Supervisory Authority, as set forth by art. 77 of the GDPR, or to take appropriate legal action (art. 79 of the GDPR). Further information about your rights and the protection of your personal data can be found on the Italian Data Privacy Authority’s website: www.garanteprivacy.it