PERSONAL DATA PROCESSING PRIVACY POLICY
pursuant to Article 13 of Regulation EU 2016/679
Collaboration activities
Introduction
The “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, requires the protection of natural persons and other entities in relation to the processing of personal data.
MUSE – MUSEO DELLE SCIENZE, in its capacity as “Data Controller”, wishes to inform you about the purposes and methods underlying the collection and processing of your personal data. More specifically, the following information is provided:
1. Identity and contact details of the Data Controller
The Data Controller is MUSE – MUSEO DELLE SCIENZE located in Corso del Lavoro e della Scienza, 3 – 38122 Trento.
Below are the contact details where the Data Controller may be reached:
- Phone: +39 0461 270311
- Email: amministrazione@muse.it
- Certified email (PEC): museodellescienze@pec.it
2. Identity and contact details of the Data Protection Officer
The Data Protection Officer of MUSE – MUSEO DELLE SCIENZE is QSA S.r.l. – ENGINEERING CONSULTING TRAINING, having its registered office in via alla Marcialonga, 3 – 38030 Ziano di Fiemme (Trento).
Below are the contact details where the Data Protection Officer may be reached:
- Email: privacy@qsa.it
- Certified email (PEC).: privacy.qsasrl@pec.it
3. Purposes of processing and legal basis
Personal data may be collected and processed for the following purposes:
(a) Selection of applications
Your personal data will be processed to select applications, carry out the related checks required by law and send communications strictly related to this procedure.
(b) Contract performance and purpose
Your personal data will be processed to (i) formalise and manage contract-related transactions (e.g. billing, handling payments), including dealing with any litigation, (ii) send communications strictly related to the performance of the respective contractual obligations, and therefore (iii) ensure the progressive management of the services covered by the contract.
(c) Fulfilment of legal obligations
Your personal data will be processed for the fulfilment of legal obligations laid down by EU regulations, national laws, or other regulatory sources.
More specifically, MUSE – MUSEO DELLE SCIENZE may process your data for the fulfilment of accounting and tax obligations.
While providing your data for the purposes under (b) and (c) above is optional, failure to do so will prevent you from entering into a contract.
The legal basis that makes processing lawful will, with respect to the purposes described above, be deemed to exist in order to perform the contract to which the Data Subject is a party and take pre-contractual steps at his or her request (Article 6(1)(b) GDPR); comply with legal obligations the Data Controller is required to abide by (Article 6(1)(c) GDPR); and perform a duty of public interest (Article 6(1)(e) and (Article 9(2)(g) GDPR), such interest being identified in the purpose of providing information, establishing a dialogue and inspiring on the subjects of nature, science and sustainable future, which duty MUSE – Museo delle Scienze is required to discharge under Article 2 of Decree of Provincial Board President
4. Processing methods
In relation to the aforesaid purposes, your personal data will be processed using manual, electronic and/or computer telecommunications tools, in strict accordance with the aforesaid purposes and, in any event, in such a way as to guarantee the security and confidentiality of your data in compliance with the aforesaid Regulation.
No automated decision-making processes will be used, including profiling.
5. Third parties to whom the data may be disclosed.
MUSE – MUSEO DELLE SCIENZE may disclose your personal data to the following entities:
- Entities engaging in broadcasting, mailing, transporting and delivering communications;
- Firms and companies in the context of professional assistance and consultancy relations;
- Public authorities, if conditions are met;
- Credit institutions or banks for the payment of fees due;
- Insurance and legal institutions;
- Technicians to maintain and manage the IT infrastructure system and the video surveillance system;
- Contractors involved in the management of services offered by the Museum;
The entities mentioned above operate, in some cases, entirely on their own as separate Data Controllers; in other cases, they act as Data Processors on behalf of MUSE – MUSEO DELLE SCIENZE and are, as such, specifically appointed by the Data Controller in accordance with Article 28 GDPR.
You may request a list of the Data Processors using the contact details of the Data Controller provided under 1 above.
The data will not be disclosed, except in the event of compulsory disclosure required by law or in the event of a request for access to the records, or in the event that this is expressly required under the contract in order to fulfil the purposes thereunder. In any case, any disclosure will not relate to particular data.
6. Duration of processing and retention period.
Your data will be processed only for the time necessary to pursue the above purposes.
More specifically, below are the main periods of use and retention of your personal data with reference to the different processing purposes:
- Data processed for the selection of applications and performance of the contract: Time limits set out in respect of the mandatory record retention period established by the Provincial Authorities of Trento.
- Data processed for the fulfilment of legal obligations: Retention as per statutory time limits
7. Transfer of data outside the European Union
Data collected will not be transferred to non-European countries.
8. Rights of the data subject
In your capacity as a data subject, you may exercise the rights set forth in Articles 15 et seq. of the GDPR as shown below:
Rights of access, rectification, amendment and erasure of data, portability, limitation of processing and withdrawal of consent given.
(a) According to Regulation EU 2016/679, you have the right at any time to obtain from the Data Controller access to your data, as well as the rectification, amendment or erasure of such data. Within 30 days of submitting your request, you will receive a written reply, including by electronic means.
(b) You also have the right to object to the processing or request limitation of such processing, for legitimate reasons and in the cases as under Articles 18 and 21 of Regulation EU 2016/679.
(c) You may withdraw at any time your consent to the processing of your data given for the purposes stated herein.
(d) Finally, you may exercise your right to data portability, requesting the Data Controller to transmit your data to another data controller.
You may exercise the aforesaid rights by using any of the Data Controller’s contact details provided under 1 above.
Right to lodge a complaint with the Supervisory Authority.
(a) If you believe that your data have been processed unlawfully or in breach of applicable law provisions, you will be entitled to lodge a complaint with the Supervisory Authority.