PERSONAL DATA PROCESSING PRIVACY POLICY
pursuant to Articles 13 and 14 of Regulation EU 2016/679
Online donations
Introduction
Dear user, the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, requires the protection of natural persons in relation to the processing of personal data.
MUSE – MUSEO DELLE SCIENZE, in its capacity as “Data Controller”, wishes to inform you about the purposes and methods underlying the collection and processing of your personal data. More specifically, the following information is provided:
1. Identity and contact details of the Data Controller
The Data Controller is MUSE – MUSEO DELLE SCIENZE located in Corso del Lavoro e della Scienza, 3 – 38122 Trento.
Below are the contact details where the Data Controller may be reached:
- Phone: +39 0461 270311
- Email: amministrazione@muse.it
- Certified email (PEC): museodellescienze@pec.it
2. Identity and contact details of the Data Protection Officer
The Data Protection Officer of MUSE – MUSEO DELLE SCIENZE is QSA S.r.l. – ENGINEERING CONSULTING TRAINING, having its registered office in via alla Marcialonga, 3 – 38030 Ziano di Fiemme (Trento).
Below are the contact details where the Data Protection Officer may be reached:
- Email: privacy@qsa.it
- Certified email (PEC).: privacy.qsasrl@pec.it
3. Purposes of processing and legal basis
Personal data are collected or processed for the following purposes:
(a) Management and formalisation of online donations
Your personal data will be processed for the purpose of carrying out activities related to the formalisation of online donations, for registration is required by filling out a form on the website. All the data collected will therefore be processed to (i) manage the registration process, (ii) carry out the ensuing accounting and administrative operations necessary to formalise the donation itself, and (iii) send communications concerning the payment and use of the sums collected.
(b) Fulfilment of legal obligations
Your personal data will be processed for the fulfilment of legal obligations laid down by EU regulations, national laws, or other regulatory sources.
More specifically, MUSE – MUSEO DELLE SCIENZE may process your data for the fulfilment of accounting and tax obligations.
While providing your data for the purposes under (a) and (b) above is optional, failure to do so will prevent you from accessing the services.
The legal basis that makes processing lawful will, with respect to the purposes described above, be deemed to exist in order to perform the contract to which the Data Subject is a party and take pre-contractual steps at his or her request (Article 6(1)(b) GDPR); comply with legal obligations the Data Controller is required to abide by (Article 6(1)(c) GDPR); and perform a duty of public interest (Article 6(1)(e) GDPR), such interest being identified in the purpose of providing information, establishing a dialogue and inspiring on the subjects of nature, science and sustainable future, which duty MUSE – Museo delle Scienze is required to discharge under Article 2 of Decree of Provincial Board President No. 4 - 62/Leg dated March 2011.
(c) Formalisation and disclosure of a donor list
Following the donation and subject to your consent, your personal data (i.e., your “name and surname”) will be included in a special “donor list” that will be disclosed on the Institution’s website.
For the purpose under (c) above, the provision of data is optional and refusing to do so will have no consequences.
The legal basis that makes processing lawful will, with respect to the purposes described above, be deemed to lie in the specific consent of the data subject.
4. Processing methods
In relation to the aforesaid purposes, your personal data will be processed using manual, electronic and/or computer telecommunications tools, in strict accordance with the aforesaid purposes and, in any event, in such a way as to guarantee the security and confidentiality of your data in compliance with the aforesaid Regulation.
No automated decision-making processes will be used, including profiling.
5. Third parties to whom the data may be disclosed.
MUSE – MUSEO DELLE SCIENZE may disclose your personal data to the following entities:
- Firms and companies in the context of professional assistance and consultancy relations;
- Public authorities, if conditions are met;
- Credit institutions or banks for the payment of fees due;
- Insurance and legal institutions;
- Technicians to maintain and manage the IT infrastructure system, including the institutional website;
- Contractors involved in the management of services offered by the Museum.
The entities mentioned above operate, in some cases, entirely on their own as separate Data Controllers; in other cases, they act as Data Processors and are, as such, specifically appointed by the Data Controller in accordance with Article 28 GDPR.
You may request a list of the Data Processors using the contact details of the Data Controller provided under 1 above.
The data will not be disclosed, with the exception of data processed for the purposes set out under (3)(c) above, which will be disclosed through the institutional website of our Organisation. Disclosure will only take place subject to the donor’s consent.
6. Duration of processing and retention period.
Your data will be processed only for the time necessary to pursue the above purposes.
More specifically, below are the main periods of use and retention of your personal data with reference to the different processing purposes:
- Data processed for the management and formalisation of donations: Time limits set out in respect of the mandatory record retention period established by the Provincial Authorities of Trento
- Data processed for the fulfilment of legal obligations: Retention as per statutory time limits
- Data disclosure: Until revocation of any consent given
7. Transfer of data outside the European Union
Data collected will not be transferred to non-European countries.
8. Rights of the data subject
In your capacity as a data subject, you may exercise the rights set forth in Articles 15 et seq. of the GDPR as shown below:
Rights of access, rectification, amendment and erasure of data, portability, limitation of processing and withdrawal of consent given.
(a) According to Regulation EU 2016/679, you have the right at any time to obtain from the Data Controller access to your data, as well as the rectification, amendment or erasure of such data. Within 30 days of submitting your request, you will receive a written reply, including by electronic means.
(b) You also have the right to object to the processing or request limitation of such processing, for legitimate reasons and in the cases as under Articles 18 and 21 of Regulation EU 2016/679.
(c) You may withdraw at any time your consent to the processing of your data given for the purposes stated herein.
(d) Finally, you may exercise your right to data portability, requesting the Data Controller to transmit your data to another data controller.
You may exercise the aforesaid rights by using any of the Data Controller’s contact details provided under 1 above.
Right to lodge a complaint with the Supervisory Authority.
If you believe that your data have been processed unlawfully or in breach of applicable law provisions, you will be entitled to lodge a complaint with the Supervisory Authority.