POLICY GOVERNING THE PROCESSING OF PERSONAL DATA OF WEBSITE USERS
PURSUANT TO ARTICLE 13 OF REGULATION EU 2016/679
Introduction
Dear user, the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, requires the protection of natural persons in relation to the processing of personal data.
This policy sets out the methods whereby the portal of the MUSE – Museo delle Scienze is managed. It does not cover other websites, pages, social networks or online third-party services that may be reached by following hypertext links that may be published on the portal itself.
In our capacity as “Data Controller”, we wish to inform you that the data provided to MUSE – Museo delle Scienze will be processed by adopting appropriate measures ensuring security and confidentiality thereof, in accordance with the above mentioned regulation. Below are the purposes for which and methods whereby we collect and process your personal data. More specifically, the following information is provided:
1 IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller is MUSE – Museo delle Scienze located in Corso del Lavoro e della Scienza, 3 – 38122 Trento.
Below are the contact details where the Data Controller may be reached:
- Phone: +39 0461 270311
- Email: amministrazione@muse.it
- Certified email (PEC): museodellescienze@pec.it
2 IDENTITY AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The Data Protection Officer of MUSE – Museo delle Scienze is QSA S.r.l. – ENGINEERING CONSULTING TRAINING, having its registered office in via alla Marcialonga, 3 – 38030 Ziano di Fiemme (Trento).
Below are the contact details where the Data Protection Officer may be reached:
- Email: privacy@qsa.it
- Certified email (PEC).: privacy.qsasrl@pec.it
3 PURPOSE OF PROCESSING
Personal data may be collected and processed for the following purposes:
- Provide the services requested by customers/users;
- Provide support to customers/users;
- Comply with legal requirements;
- Send any communications, including by email, regarding new initiatives launched by the museum;
- Carry out statistical analysis for the purpose of improving the services being offered.
While providing your data for the above-mentioned purposes is optional, failure to do so will prevent you from accessing the services offered by the Museum.
4 LEGAL BASIS OF PROCESSING
The legal basis that makes processing lawful will, with respect to the purposes described above, be deemed to exist in order to:
- Perform the contract to which the Data Subject is a party and take pre-contractual stapes at his or her request;
- Comply with legal obligations the Data Controller is required to abide by;
- and perform a duty of public interest, such interest being identified in the purpose of providing information, establishing a dialogue and inspiring on the subjects of nature, science and sustainable future, which duty MUSE – Museo delle Scienze is required to discharge under applicable regulations.
5 TYPE OF DATA PROCESSED
• Common data voluntarily provided by the user (personal data and contact details) through the interactive features of the website for the following purposes:
- Sending newsletters;
- Sending publications, catalogues and invitations;
- Joining membership programmes;
- Participating in surveys, online contests, competitions, events.
- Promotional initiatives on products and/or services of MUSE – Museo delle Scienze and its local offices;
- Online purchase of admission tickets and booking to events/activities;
- Application for job positions/training opportunities;
- Donations to support the museum;
- Subscription to the Mediaroom area to access folders and press releases.
The data collected through the portal will be used for the delivery of the aforementioned services.
Appropriate disclosure is provided for the different services, so that in the event that special data are collected and/or special profiling is required, the existence of such processes will be specified.
• Navigation data
Information systems and software procedures of this portal will, during their normal operations, collect some personal data, the transmission of which is considered as implied in the use of Internet communication protocols.
This information is not collected for the purpose of being associated with identified users. However, due to its nature it may, through associations with and processing of data held by third parties, allow users to be identified.
This type of data includes the IP addresses and domain names of the computers used by the users to access the website, addresses in URI (Uniform Resource Identifier) notation of the resources requested, time of request, method used to submit the request to the server, size of the file received in response, numerical code representing the status of the response provided by the server (successful, error, etc.) and other metrics related to the user’s operating system and IT environment.
These data are (i) used for the sole purpose of gathering anonymous statistical data regarding the use of the site and to check its proper running and (b) retained for such time as may be strictly necessary. These data may be used to investigate and establish liability in the event of possible cybercrimes against the site.
6 PLACE OF DATA PROCESSING
The servers of our web farm are located in the data centre on the museum’s premises.
7 DISCLOSING DATA TO THIRD PARTIES
MUSE – Museo delle Scienze may disclose your personal data to entities that deliver specific services and, for this purpose, are appointed as data processors in accordance with Article 28 of the GDPR.
You may request a list of the Data Processors using the contact details of the Data Controller provided above.
8 PROCESSING METHODS
In relation to the aforesaid purposes, your personal data will be processed using manual, electronic and/or computer telecommunications tools, in strict accordance with the aforesaid purposes and, in any event, in such a way as to guarantee the security and confidentiality of your data in compliance with the aforesaid Regulation.
9 DURATION OF PROCESSING AND RETENTION PERIOD
Your data will be processed only for the time necessary to pursue the above purposes.
10 COOKIES AND ANALYTICS
This website makes use of cookies, i.e. text files that are recorded on the user’s device or that allow access to information on the user’s device. Cookies make it possible to store information about visitors’ preferences. They are used to (i) ensure the proper running of the website, (ii) improve its features by customizing the content of the pages according to the type of browser used, and finally (iii) perform a depersonalised analysis of how visitors use the website.
Visitors’ data (technological features of the device used, area of origin, length of stay on the website, pages visited, etc.) area analysed through software tools that ensure compliance with European regulations on the right to privacy by:
- Encoding data (including IP address);
- Deleting visitor data when so requested;
- Storing data on servers in the European Union.
This website uses the following types of cookies:
- Necessary (required to visit web pages)
- Preference (to store the user’s browsing preferences)
- Statistics (to gain insights on how visitors interact with the site)
- Marketing (to show appropriate advertisements to the user).
The use of unnecessary cookies will require the user’s consent.
Our website also uses third-party cookies and makes use of the following third-party products:
- CookieBot to manage users’ consent to the use of cookies;
- Matomo to analyse the way in which our website is visited in order to improve user experience;
- Meta Pixel to analyse the effectiveness of our promotional campaigns.
- Google to offer specific tools (e.g. Google Maps).
- YouTube to offer video content.
11 RIGHTS OF THE DATA SUBJECT
In your capacity as a data subject, you may exercise the following rights as set forth in Articles 15 et seq. of the GDPR: right of access, rectification, amendment and erasure of data, portability, limitation of processing and withdrawal of consent given.
(a) According to Regulation EU 2016/679, you have the right at any time to obtain from the Data Controller access to your data, as well as the rectification, amendment or erasure of such data. Within 30 days of submitting your request, you will receive a written reply, including by electronic means.
(b) You also have the right to object to the processing or request limitation of such processing, for legitimate reasons and in the cases as under Articles 18 and 21 of Regulation EU 2016/679.
(c) You may withdraw at any time your consent to the processing of your data given for the purposes stated herein.
(d) Finally, you may exercise your right to data portability, requesting the Data Controller to transmit your data to another data controller.
You may exercise the aforesaid rights by using any of the Data Controller’s contact details provided under 1 above.
Right to lodge a complaint with the relevant Supervisory Authority.
(a) If you believe that your data have been processed unlawfully or in breach of applicable law provisions, you will be entitled to lodge a complaint with the Supervisory Authority.