Brescia Musei Foundation (from now “Owner”) takes privacy and security of the interested parties who visit the site https://www.bresciamusei.com/ into high consideration. The Owner, in compliance with the European Regulation 2016/679 relating to the protection of individuals, with regard to the processing of personal data and the free movement of such data (from now on “GDPR”) and Legislative Decree 196/03 (hereinafter the Privacy Code), provides the following information:
1) OWNER OF THE TREATMENT
The data controller is the Brescia Musei Foundation, via Musei 81 – 25121 Brescia, P.Iva/C.F. 02428570986, TEL 030.2400640 e-mail: email@example.com. The Data Controller has identified the structure DPO, who can be contacted at the email address: firstname.lastname@example.org, as well as an internal delegate for the processing of personal data, who can be contacted at the address email@example.com.
2) CATEGORIES OF DATA PROCESSED
The Data Controller will process the personal data that will be entered by the user in the dedicated forms, in particular:
To activate the Musei Civici or Cinema Nuovo Eden newsletter: name, surname, email, date
of birth, city, profession;
For the purchase of Civic Museum tickets: name, surname, e-mail address;
For the purchase of Cinema Nuovo Eden tickets or subscriptions: name, surname, e-
email, payment method;
To book Cinema Nuovo Eden events with subscription: subscription code.
3) SOURCE OF PERSONAL DATA
The personal data of which the Data Controller will be in possession are collected directly by the interested party when completing the active forms.
4) PURPOSE OF DATA PROCESSING AND LEGAL BASIS
The processing of data, collected and stored in relation to the compilation of the forms on the site, has consent as its legal basis and is carried out for the following purposes:
Newsletter: send informational, promotional communications
Ticket purchase: provide the service requested for access to the Museum/event
5) RECIPIENTS OF THE DATA
Within the limits pertinent to the processing purposes indicated, the data will not be disclosed to third parties in the absence of an explicit request for consent or in the absence of an appointment as External Manager.
In this case, the personal data collected from this site will be destined for our collaborators appointed as External Managers for the performance of the requested service or for the legitimate interest of the Data Controller. In particular, the Owner communicates that to finalize the online ticket purchase for exhibitions or events at the Civic Museums, the user will be directed to the platform of the Ticketlandia supplier who will take care of the payment directly; for the events organized by the Cinema Nuovo Eden, on the other hand, the managing supplier of the platform for booking and purchasing tickets/subscriptions will be Webtic. In any case, the data will not be disseminated in any way. The data may be communicated to all those subjects (including the Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions.
6) TRANSFER OF DATA ABROAD
The collected data will not be transferred abroad. The Controller’s servers are based in Europe.
7) CONSERVATION PERIOD
The data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed (“conservation limitation principle”, art.5, GDPR) or on the basis of the deadlines set by law. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically. The consent given for the activation of the newsletter will have a maximum duration of two years, after which it will be necessary to reformulate one’s preferences.
8) PLACE OF TREATMENT
The personal data released by the interested parties will be processed at the registered office of the data controller or at the headquarters of the External Managers identified by contract.
9) RIGHTS OF THE INTERESTED PARTY
The interested party always has the right to request from the Data Controller access to the data released, the rectification or cancellation of the same, the limitation of the treatment or the possibility of opposing the treatment, to request the portability of the data, to revoke the consent to the treatment by asserting these and other rights provided for by the GDPR (articles from 12 to 22) by simple communication to the Data Controller at the addresses indicated above. The interested party can also lodge a complaint with the supervisory authority.
10) MANDATORY CONSENT
The provision of consent to the processing of data covered by this information takes place through a specific optional check. Consent is however essential to proceed with sending the form both for the purchase of tickets and for the activation of the newsletter. As regards the subscription to the newsletter, the indication of one’s date of birth, the city of residence and the profession are optional. Without these optional data it will not be possible for the Data Controller to send you free offers dedicated to your birthday and personalized information relating to your interests.
11) DATA PROCESSING METHODS
The personal data provided will form the subject of processing operations in compliance with the aforementioned legislation and the confidentiality obligations which inspire the activity of the Data Controller. The data will be processed with IT tools, through paper supports and with any other type of suitable support, in the compliance with adequate technical and organizational security measures provided for by the GDPR.
12) LIMITATION OF LIABILITY
The information is provided only for this site, not for other websites that may be consulted by the user through promotional or advertising banners. The Site may contain links to other websites that do not belong to or are not under the direct supervision of the owner of this site and which, therefore, is not responsible for any illegal conduct or in any case non-compliant with current legislation.
In the event of failure or unsatisfactory response, you have the right to contact the supervisory authority responsible for the protection of personal data for any violation you believe you have suffered (Guarantor for the protection of personal data www.garanteprivacy.it).