In accordance with Article 13 of Italian Legislative Decree 196/2003 and EU Regulation 2016/679 (GDPR) in regard to the protection of personal data, we wish to inform you that the personal data that you voluntarily supply to Associazione MUS.E through this Portal will be processed by the Association through means which guarantee safety and confidentiality, as per the above-mentioned norms.

Controller of the processing

The controller of the processing is Associazione MUS.E, located in Via Nicolodi 2, Florence, Italy.

Collection of information

• This privacy statement concerns data collected through this Portal through online registration (or similar procedures): filling of relevant fields, forms and contracts, to the end of accessing services reserved by the Association for its clients.
• The Controller of the processing collects personal information and other data voluntarily given on registration forms or provided in the fields of the Portal form. These data may regard information necessary to provide services requested by the data subject or to contact him/her.
• When visitors use this Portal, the information systems and software procedures which make its functioning possible acquire a series of personal information, whose transmission is implicit in the use of Internet communication protocols. This information includes: the user’s IP address or the domain name of the computer used to access the website, the URL of the requested resources, the time of the request or the length of the session, the method used to provide the server with the query, the size of files received in answer to the request, the numerical code concerning the status of the data response from the server, and other types of information regarding the user’s operating system and digital environment.

Aims and methods of data processing

Collected data are processed exclusively for the following purposes:

• contractual purposes, that is, to carry out necessary and/or complementary operations regarding the request to register for activities organised by the Association, such as exhibitions, events, guided tours, workshops and educational activities;
• direct marketing purposes, that is, sending of informational messages regarding events organised by the Association, using the email address indicated on this form;
• to conduct statistical, marketing and quality control analyses, to the sole end of improving our service offerings;
• to comply with legal obligations.

Legal basis of the processing

The legal basis of the processing for the purposes described in the section ‘Aims of data processing’ consists in the stipulation of a contract to which the data subject is party; specifically, it aims to allow for the participation of the data subject in activities organised by the Association (Art. 6, paragraph 1, point b) of the GDPR).

The legal basis of the processing for the purposes specified in point 2 of the section ‘Aims of data processing’ is the consent of the data subject to the processing of his/her personal data (Art. 6, paragraph 1, point a) of the GDPR).

Data processing methods

Data collection occurs in respect of the principles of pertinence and completeness, while remaining within the limits of the purposes of the processing. Personal data are processed in respect of the principles of lawfulness, fairness and transparency, as indicated by the law. Processing takes place with the aid of instruments suitable for recording and storing data and in such a way that safety is guaranteed and the maximum confidentiality of the data subject is preserved. Specific safety measures are followed to prevent the loss of data, their illegal or incorrect use and unauthorised access to them, in full respect of Art. 32 of the GDPR.

Nature of data provision

Providing personal data is optional. Nonetheless, failure or partial failure to provide the requested data makes it impossible for Associazione MUS.E to completely deliver the requested services.

Provision of data for marketing purposes is optional and revocable at any moment. Failure to provide data will not in any way affect the possibility of using the requested service, yet it will prevent the data subject from making use of such services as the newsletter.

Storage period

Collected data are stored for a period of time not to exceed the purposes for which they are processed (Art. 5 of the GDPR – principle of ‘storage limitation’). Once the above-mentioned period has expired, your data will be destroyed, erased or rendered anonymous, in accordance with the technical procedures of erasure or backup.

Transmission and dissemination of data Storage period

Collected personal data will not be subject to dissemination or transmission to third parties, unless otherwise indicated in this privacy statement and/or by the law. In the latter case, transmission will occur in accordance with the means permitted by law.

Data may be accessible by the processor or other persons engaged by Associazione MUS.E for processing activities, in relation to their respective tasks and in conformity with received instructions, which limit them to carrying out the specific purposes indicated in this privacy statement.

Data may be transmitted to third-party companies for the sole purpose of permitting the delivery of the requested service; they will not be shared for marketing purposes.

Rights of the data subject

The data subject has the following rights:

• right of access: the data subject has the right to obtain confirmation from the controller of the processing as to whether processing of his/her personal data is in effect, and if so, to obtain access to his/her personal data for the information specified in Art. 15 of the GDPR;
• right to correction: the data subject has the right to obtain correction from the controller of those personal data which are not exact, without undue delay. He/she may further request the supplementation of incomplete personal data by providing a supplemental declaration;
• right to erasure: the data subject has the right to obtain the erasure of his/her personal data from the controller, without undue delay, in the case that reasons specified in Art. 17 of the GDPR apply;
• right to limitation of the processing: the data subject has the right to obtain limitation of the processing from the controller in the case that any of the conditions given in Art. 18 of the GDPR applies;
• right to portability of data: the data subject has the right to receive personal data provided to a controller of the processing in a format that is structured, of common use and legible by an automated device, as well as the right to transmit these data to another controller of the processing, without objections posed by the controller of the processing to whom he/she provided the data, should the conditions given in Art. 20 of the GDPR apply;
• right of opposition: at any time, the data subject has the right to oppose the processing of his/her personal data for reasons connected to his/her particular situation, in cases stipulated by Art. 21 of the GDPR and by the means specified therein;
• right to revoke consent: at any time, the data subject has the right to revoke his/her consent, as per Art. 7 c. 3 of the GDPR, provided that the processing that was carried out in accordance with the revoked consensus was legitimate;
• right not to be subject to a decision based solely on automated processing, including profiling, which has juridical consequences which regard him/her or which similarly produce significant effects on his/her person, according to the means stipulated in Art. 22 of the GDPR.

These rights may be claimed directly via fax (055-2616785) or email (segreteria@musefirenze.it).

Should the data subject believe that his/her rights have been violated by the controller and/or a third party, he/she has the right to file a claim with the Supervisor for the protection of personal data and/or with another control authority with competence in EU Regulation 2016/679.