DATA PROTECTION STATEMENT OF THE WWW.MOSTRAMORANDI.IT WEBSITE
(Last update: August 1, 2023)
This policy is provided, also pursuant to article 13 of REGULATION (EU) 2016/679 – “GDPR” – to users (the «Users») connecting to the website www.mostramorandi.it (the «Website»), for the purposes of informing them on terms and conditions applicable to the processing of their personal data. The policy applies only to the Website and not to other websites which the user may visit using links.
- DATA CONTROLLER
The data controller is Civita Mostre e Musei S.p.A. with registered office at Piazza Venezia 11, 00187, Rome (hereinafter the “Company”).
- DATA PROCESSED
The ICT systems, platform and software procedures adopted for the functioning of this Website, as a part of their normal functioning, collect various items of personal data and usage data whose sharing is implicit in the use of internet communication protocols. This information is not collected to be linked to the specific persons it refers to. However, its nature is such that, through processing and collating of data held by third parties, it may be possible to identify the Users.
2.1 WHAT NFORMATION DO WE COLLECT ABOUT YOU AND WHY
We may collect information about you directly from you, from third parties, and automatically through your use of the Website and associated services.
2.2 INFORMATION WE COLLECT DIRECTLY FROM YOU
We will collect any information that you provide to us. For example, the possible voluntary transmission of e-mails to the addresses indicated on this Website or the filling in of forms (contact form) for future communication purposes (i.e., sending of newsletter, request of information about projects or cultural event, etc.) may implies the acquisition of the Users’ e-mail address, necessary to reply to requests, as well as the acquisition of the personal data requested with the contact form. We may use the information we collect about you as it is, in aggregated form or associate it with other information that we collect about you.
2.3 INFORMATION WE COLLECT AUTOMATICALLY
3.1 WHAT ARE COOKIES AND WHAT THEY ARE USED FOR
3.2 TYPE OF COOKIES
Cookies can be broken down into the two following categories according to their ownership:
- Primary Cookies: managed directly by the owner and / or publisher of the Website.
- Third-party Cookies: cookies that are managed on the Website by external providers.
3.2.1 PRIMARY COOKIES
The following is a description of the types of primary cookies that we use on the Website:
- Technical Cookies: these are essential for the operation of certain sections of the site and are used to enable users to navigate and use the services correctly. Without these cookies, the site would not work properly. Technical cookies may also include analytics cookies when such cookies are used just to collect aggregated information about the Website traffic or the user’s behavior, pages visited etc.
- Session cookies: these are sent to the device / browser for technical functionality (e.g., the transmission of session identifiers required for authentication to restricted areas) but are not stored permanently on the user’s computer. They are deleted at the end of the session.
3.2.2 THIRD-PARTY COOKIES
When browsing the Website, users may receive cookies (the “Third Party Cookies”) that do not belong to the Website domain. For example, users could visit a page that includes content and/or services by third-party suppliers. These cookies may submit aggregate statistical information regarding the user’s habits whilst browsing the Website. We use this information to better understand and improve the usability and performance of our site.
For clarification, the following is a list of all third-party cookies used on the Website. You can view the third-party cookies policy through the following links:
– Google Tag Manager and Google Analytics (https://policies.google.com/technologies/cookies)
– Google Ads Services (https://privacy.google.com/businesses/adsservices/)
– Facebook and Instagram (https://en-gb.facebook.com/business/help/471978536642445?id=1205376682832142)
– LinkedIn (https://www.linkedin.com/legal/cookie-policy)
The Company uses a CMP platform which is compliant to the best international standard, according to the Transparency and Consent Framework released by the IAB Europe.
3.4 HOW TO MANAGE COOKIES THROUG THE BROWSER PREFERENCES
The consent to receive cookies may also be expressed and/or modified by the user, through specific browser configurations. Most browsers allow you to set rules to manage cookies sent only by some or all of the sites. This is an option that gives users finer control of privacy and enables them to deny the possibility of receiving cookies. Here are the directions for the management of cookies for the main browsers:
Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in Websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, measure popularity of the Services and associated advertising, and to access user cookies. We and/or our service providers may include Web beacons in email messages, newsletters, and other electronic communications to determine whether the message has been opened and for other analytics, personalization, and advertising. As we adopt additional technologies, we may also gather additional information through other methods.
We may use third-party web analytics services on our Website and Services to collect and analyze the information discussed above, and to engage in auditing, research, or reporting.
- SCOPE OF THE DATA ACQUISITION AND USE
The information, including personal data, that we collect about you, can be used for the following purposes:
- to communicate with you via e-mail or other channels and/or to provide our Services to you.
- to tailor the content and information that we may display or send to you, to offer location customization and personalized help and instructions, and to otherwise personalize and optimize your experiences while using our Website and Services.
- to better understand how visitors access and use our Website and Services, including to learn about their engagement levels and navigation paths, as well as user retention and funnel drop-offs, and for other research and analytical purposes.
- to honor our contractual commitments. Some of our processing of personal data is to meet our contractual obligations to Clients, or to take steps at Clients’ request in anticipation of entering into a contract with them.
- to contact you (including for marketing and promotional purposes if you provided us with your consent). With special regards to these scopes, personal data acquired shall be processed as follows:
- to supply services provided through and on the Website and associated services: e.g., allow the participation to activities published on the Website; enable the user to register on the website should such feature be available; answer specific requisites of the User; fulfill legal or contractual requirements (or exercising rights in terms of the Website terms and conditions). These data are necessary to provide the mentioned services since a possible refusal to provide such data could make impossible the use of the services requested.
- newsletter and marketing related activities: subject to obtaining the express consent of the User, personal data could be used for the purpose of sending newsletters via email for promoting projects and cultural initiatives run by the Company. For example, we may use your information, such as your email address, to send you news and/or communications regarding on going or coming soon cultural events or other initiatives available on the Website and that you might be interested in. Provision of data for such scope is optional and opt-out is always granted, unsubscribing straight by the newsletter itself or by making a simple request sent to the Company via e-mail to the address email@example.com.
Legitimate Interests. In most cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities, such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- Customer service.
- Analyzing and improving our business.
- Protecting our business, personnel, and property.
- Marketing and sales.
- Managing legal issues.
- DATA RETENTION
We will hold your information for as long as necessary to fulfil the purposes set forth in this Policy or as long as we are legally required or permitted to do so. Information may persist in copies made for backup and business continuity purposes for additional time.
- DATA PROCESSING PROCEDURE
The Company has defined – both internally and with professional third parties and advisors – specific procedures to ensure adequate data protection, including constant updates of the electronic means and platforms used for the data acquisition, storing and processing regarding the Website. The protective measures implemented aim to prevent and minimize risks due to unauthorized and/or unlawful access, processing, alteration, or destruction of such data. Further organizational measures and policies are in place to ensure that the processing is carried out for the relevant scope and no longer than the necessary time.
6.1 PURVIEW OF COMMUNICATION AND DISTRIBUTION
Personal data can be communicated to:
- subsidiary or holding companies of the Company, assignees of business or line of business, entities resulting from possible a merger or de-merger with the Company who will be able to use the data for the purposes listed in § 4 letter e;
Subject to the express consent of the User, personal data can be also communicated to:
- other companies engaged in the fields of cultural events, entertainment, production of audiovideo content, social networking.
- partner companies, involved in specific projects/initiatives promoted through the Website. These companies can use the data for marketing and advertising, via e-mail, phone, or any other technical means of distance communication in existence or which will be developed in future. These entities will act as autonomous data-controller.
The consent to the transmission of personal data, mentioned at point 2 and 3 of this paragraph, is optional and any refusal will not affect the possibility to access the Website or participate in the initiatives promoted on the Website. Even if the User gives consent, such User will still be able to object, in whole or in part, to the use if his/her personal data for marketing and/or direct sales purposes, by doing a simple request sent to the Data Controller without any need for further formalities to be fulfilled. The User’s personal data shall not be divulged to the public, save for the publication on the Website of the name, surname and “nick name” of the User or images or video voluntarily sent by the User for publication on the Site.
- RIGHTS OF THE DATA SUBJECT
The data subject can exercise specific rights set forth at Chapter III of EU Regulation 679/2016 (article 12 and following) at any moment, upon request to the Data Controller.
In particular, the data subject has the right to be informed on the existence of personal data concerning such data subject, even if data are not yet registered, and to request its communication accordingly.
The data subject shall have the right to obtain from the controller restriction of processing should one of the following applies:
- a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
- d) the data subject has objected to processing pursuant to Article 21(§1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Requests can be addressed to the data controller, via e-mail address at firstname.lastname@example.org, specifying full name and email address.