Updated to the EU Reg. 2016/679
(General Data Protection Regulation, so-called GDPR)
The Data Controller is the Foundation, in the person of its President and legal representative Mr. Franco Cologni, with registered office at Via Lovanio n. 5, 20121 Milan, Italy, VAT number 12788720154.
The internal data processor is Mr. Alberto Cavalli.
Both can be reached at the email address firstname.lastname@example.org.
The visit and consultation of the Site do not generally involve the collection and processing of the user’s personal data. The processing of personal data of the user who visits and consults the Site is limited to the so-called “navigation data”, the transmission of which is necessary for the functioning of computer systems and programs essential for the operation of the Site despite the fact that, by their nature and jointly with other data, they may allow the identification of the user. This category includes, for example, the IP (Internet Protocol) addresses or the domain names of the computer used to visit the Site, as well as other parameters relating to the operating system used by the user to connect to the Site. The collection of browsing data takes place automatically and unavoidably and can only be used to obtain statistical information on the use of the Site and to verify its correct functioning. If expressly requested, such data may be used by the Public Authority to ascertain responsibility in case of computer crimes committed against the Site and/or third parties, according to the procedures in force with the competent Authorities. Except for this possibility, the above described navigation data are only temporarily maintained in compliance with the applicable regulations.
In addition, the Foundation processes personal data provided voluntarily by the individual user if, by connecting to the Website, the user provides his/her personal data to subscribe to the Foundation's newsletter. The user, completing in full with his/her own Data the registration form for the newsletter service, gives his/her consent to the acquisition by the Foundation of e-mail address, name and surname. The Foundation does not knowingly process "sensitive" personal data capable of revealing racial and/or ethnic origins, religious beliefs, philosophical convictions, political opinions, membership of political parties, trade unions, religious or philosophical, political or trade union organizations, the health status or sexual orientations of the person concerned. Therefore, please do not provide these types of data.
The Foundation processes the user's personal data for the following purposes:
• to forward the user with the monthly newsletter of the Foundation. The provision of personal data for this purpose is done by filling out the form on the Site, which requires the inclusion of mandatory data, i.e. email address, name and surname. The incomplete and/or incorrect compilation of the form prevents the delivery of the requested newsletter service. The consent to the processing of data for this purpose is necessary for the delivery of the newsletter service itself. The lack of consent implies in fact the impossibility for the Foundation to send the newsletter;
• to send communications, information and invitations related to the initiatives and events organized by the Foundation or its partners. The consent to the processing of data for this purpose is free and optional, however the lack of consent will make it impossible for the Foundation to send information and promotional communications relating to the initiatives and events of the Foundation itself or its partners;
• to make anonymous statistics on the use of the site. The consent to the processing of data for this purpose is free and optional, however the lack of consent will make it impossible for the Foundation to proceed with the gathering of anonymous statistics in order to monitor the use of the Site;
• to send envelopes and parcels, in which case the processing of data for such purpose is conditioned upon the fulfillment of contractual obligations;
• to communicate and promote activities also through social media channels. In this case the processing of data for this purpose is conditioned on both the optional consent of the interested party and the fulfillment of contractual obligations;
• to forward communications regarding the participation to Foundation projects and awards promoted by this latter. In this case the processing of data for this purpose is conditional on the optional consent of the interested party;
• to transfer data to third parties (for example, transfer of contact lists to entities responsible for managing the mailing of guests to an event or transfer data to a firm in charge of drawing up the coupons of the various projects promoted by the Foundation). In this case the processing of data for this purpose is conditioned on both the optional consent of the interested party, and to the fulfillment of contractual obligations, and finally, to statutory obligations to which the Data Controller is subject.
The data processing will be carried out either manually or with the aid of IT and telematic means by ordinary or certified electronic mail, with organizational methods and logics strictly related to the purposes indicated by the employees of the Foundation. The Foundation adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.
The data processing will therefore be carried out in compliance with the security measures pursuant to art. 32 of the GDPR regarding, possibly also by the Foundation’s employees specifically appointed and instructed in compliance with the art. 29 of the GDPR.
The data collected are only processed for the achievement of the above purposes. The Foundation uses security technologies and procedures that guarantee the protection of personal data through the request of the insertion of individual credentials held exclusively by the personnel of the Foundation authorized to access confidential data. The Foundation uses constantly updated devices for the security of the processing and storage of personal data.
The internal Data Controller and the employees of the Foundation specifically authorized and instructed in compliance with the provisions of art. 29 of the GDPR, will have access to personal data.
Personal data collected may be disclosed to third parties to fulfill legal obligations or to the Judicial Authority in cases expressly provided for by the law without the user's consent.
Except for the above, personal data will in no case be disseminated.
The personal data collected are stored in the Foundation's electronic databases. The data are physically on a server located inside the offices of the Foundation and the backup is on an external NAS (Network Attached Storage i.e. a device connected to the network whose function is to allow users to access and share a mass memory) connected to the offices of the Foundation. Hard copies of all documents are filed in dossiers kept in the Foundation's internal archives. Access to electronic databases and paper archives is governed by specific access restrictions.
The data will be kept for the time necessary to achieve the purposes for which it was collected and, in any case, in accordance with the current regulations.
The interested party shall have the rights set out in Sections 2, 3 and 4 of Chapter III of the GDPR:
a) the right to access the personal data provided;
b) the right to rectify, limit, modify, supplement, delete, anonymise the personal data provided, this by unsubscribing the newsletter of the Foundation, deleting his/her email address from the mailing list through a special link placed at the end of each newsletter; or with a request communicated by telephone or email to the staff of the Foundation, the interested party has the right to request the cancellation or modification of his/her data in the Foundation's databases;
c) the right to transfer data to another data controller;
d) the right to oppose to the processing of personal data provided.
The interested party also has the right to:
a) revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation. In this case, no further data concerning him/her will be collected, without prejudice to the use of those already collected, without altering them, or those that, originally or as a result of treatment, are not referable to an identified or identifiable person;
b) propose a complaint to a supervisory authority.
With regard to the exercise of these rights, the interested party can contact the Foundation by e-mail at: email@example.com<7a>
Cookies are small text files that are sent to the user's device (usually to the user's browser) from the websites visited. They are stored in the user's device and then re-transmitted to the websites on the subsequent visits of the user to those websites. While browsing a website, a user may receive cookies from other websites or web servers, which are the so-called "third-party" cookies. This is because the visited website can contain elements such as images, maps, audio files, links to individual Web pages on different domains that are on different servers than the one in which the visited page is stored.
Cookies are usually present in substantial numbers in the browser of each user and, sometimes, remain stored for a long time. They are used for different purposes ranging from IT authentication to monitoring browsing sessions to storing specific information about user configurations accessing a particular server and so on. To regulate these devices appropriately, it is necessary to distinguish them taking into account the aims pursued by those who use them, since there are no technical features that allow them to be differentiated. This is actually the approach followed by the Italian Parliament, which imposed the obligation to obtain the informed consent of users for the installation of cookies for purposes other than those of a purely technical nature - according with the EC Directive 2009/136. From this point of view and for the purposes of this decision, cookies can be divided into two main groups: "technical" cookies and "profiling" cookies.
Technical cookies are those used exclusively for the purpose of transmitting a communication over an electronic communication network, or those strictly necessary for a company providing an Information Technology service that has been explicitly requested by the contracting party or by the user to provide the aforementioned service. They are not used for other purposes and are usually installed directly by the data controller or the website operator. They can be grouped into:
browsing or session cookies, which allow users to browse and use a website (for example, to make online purchases or authenticate to get access to certain sections);
analytical cookies, which can be equated to technical cookies to the extent that they are used directly by the website operator to collect aggregate information on the number of visitors and the pattern of the visits to the website;
functional cookies, which allow users to navigate according to certain predetermined criteria, such as language or products to purchase, in order to improve the service quality. Users' prior consent is not required to install these cookies.
Profiling cookies aim at creating the user profile. They are used to send advertising messages in line with the preferences shown by the user while browsing. In light of the highly invasive nature of these cookies towards the privacy of users, Italian and European legislation require users to be appropriately informed about their use in order to give their valid consent.
a) Proprietary statistical cookies
They help the Site owners to understand how visitors interact with the Site by collecting and transmitting information in an anonymous form. In detail:
Cookie name: _ga
Deadline: 2 years
First URL found: http://www.fondazionecologni.it/en
Description of the cookie’s purpose: it registers a unique ID used to generate statistical data on how the visitor uses the website.
Initializer: Script tag, source line page number: 770.
Data sent to: United States (adequate)
Previous consent enabled: No
Cookie name: _gat
Description of the cookie’s purpose: used by Google Analytics to limit the frequency of requests.
Cookie name: _gid
Description of the cookie’s purpose: it records a unique ID used to generate statistical data on how the visitor uses the website.
b)third-party statistical cookies:
Cookie name: collect
Description of the cookie’s purpose: unclassified
In fact, the Site applies mechanism set up by Google Analytics to render all users’ IP addresses anonymous.
Such mechanism operates by masking a part of the IP address at the time of its acquisition on the site owner, and disables all settings to share data with Google. Therefore, the information collected is anonymous and used only for the Google Analytics service, for the sole purpose of allowing the Foundation to perform internal statistical analysis, useful for optimizing the site and the services offered. In any case, Google provides visitors, who do not want the information relating to their navigation to be sent to Google Analytics, with the possibility to selectively disable the action of Google Analytics by installing on their browser the opt-out component provided by Google (see http://tools.google.com/dlpage/gaoptout). The data generated by Google Analytics are stored by Google as indicated in the information available at http://www.google.com/intl/en/analytics/privacyoverview.html.
Cookies that are in a classification hase, together with the providers of individual cookies.
Cookie name: concretes
Data sent to: Italy (adequate)
To limit, block or delete cookies, it is enough to change the settings of your web browser. The procedure varies slightly according to the type of browser used. For detailed instructions, click on the link related to the browser used.
1. More information on disabling cookies on Firefox
2. Further information on disabling cookies on Chrome
3. Further information on disabling cookies on Internet Explorer
4. Further information on disabling cookies on Safari
5. Further information on disabling cookies on Opera
Some sections of the Site are accessible only by enabling cookies; turning them off it is possible that the user no longer have access to some content and the user cannot fully appreciate the features of the website.
The information is prepared in compliance with the provisions of Article 13 of EU Regulation 2016/679 (hereinafter also only the "Regulation" or "GDPR"), Article 3.1 of the Provision on video surveillance of the Privacy Authority of the 8 April 2010 and the European Guidelines 3/2019, in order to provide information relating to video surveillance systems, their use and the rights of third parties.
1. DATA PROCESSING HOLDER and DPO (Data Protection Officer)
The Data Controller is the Cologni dei Mestieri d'Arte Foundation, in the person of its President and legal representative Dr. Franco Cologni, with registered office in Via Lovanio n. 5, 20121 Milan, VAT number 12788720154.
E-mail address firstname.lastname@example.org.
The designation of a DPO is not envisaged as the type of data processing in question does not require regular and systematic monitoring of the data subjects and therefore the provisions of Article 37, paragraph 1, letter b) of the Regulation do not apply. In addition to this, the evaluation carried out excludes the designation of a DPO as the surveillance is neither systematic nor on a large scale even though the area is accessible to the public.
2. PURPOSE OF THE TREATMENTS
The personal data collected and processed through the video surveillance system are images of people and things that are within the shooting range of the cameras. These images are treated exclusively for the purpose of protecting the works of considerable value exhibited in exhibition / museum areas, preventing and prosecuting the carrying out of any illegal acts.
3. LEGAL BASIS OF THE PROCESSING
The video surveillance activity is based on the pursuit of legitimate interest (Article 6, paragraph 1, letter f), of the GDPR) in order to carry out the processing for the purposes indicated in point 2 of this information.
4. PROCESSING METHOD AND DATA STORAGE PERIOD
The video surveillance system is equipped with n. 4 total cameras and allows:
- viewing of images in real time (“live”);
- recording images.
The video surveillance system is in operation 24 hours a day, 7 days a week. The display and management of images taken through the video surveillance system are reserved for the data controller and / or persons formally appointed by them. The data is stored with the use of security measures suitable to prevent access by unauthorized personnel and to ensure the confidentiality and integrity of the same.
The images contained in the video recordings are stored, ordinarily, for a maximum of 7 days from detection as required by law, except in the case in which it is necessary to adhere to a specific investigative request by the judicial authority or police bodies.
After this deadline, the images will be automatically deleted.
5. COMMUNICATION TO THIRD PARTIES
The data may be disclosed only and only to public entities entitled to request such data, by way of example, the judicial authority and / or police bodies.
Apart from such cases, the transfer of the collected data to any third party is not foreseen in any way.
6. RIGHTS OF THE INTERESTED PARTY
The data subject, that is the person who believes he has been taken back, may exercise all the rights provided for in Article 15 et seq. of the European Regulation.
a)ask the owner for access to the images;
b)oppose the processing;
c) request the limitation of processing and / or cancellation where applicable.
In consideration of the intrinsic nature of the data processed, that is, images collected in real time concerning an objective fact, the right to update or supplement, as well as the right of rectification referred to in Article 16 of the GDPR, cannot be practically exercised.
The right to data portability referred to in Article 20 of the GDPR cannot be exercised as the images acquired with the video surveillance system - except in the case of a request from the judicial authority and / or police bodies (as required by art. 5) - cannot be transferred to other subjects.
The interested party may request to view the images in which they believe they have been taken by exhibiting, or possibly attaching to the request, suitable identification documents.
It should be noted that the response to an access request will not include any data referring to third parties, unless the breakdown of the data processed or the deprivation of some elements makes the personal data relating to the interested party understandable.
It remains unless the conservation terms indicated in art. 4, it will be impossible to satisfy the access request.
7. HOW TO EXERCISE RIGHTS AND CLAIM TO THE GUARANTOR AUTHORITY FOR THE PROTECTION OF PERSONAL DATA
To exercise the rights as soon as to described, interested parties may contact the data controller using the contact details indicated in art. 1. of this information. The data subject also has the right to lodge a complaint with the supervisory authority pursuant to Article 77 of the Regulation.
In Italy the function of supervisory authority is exercised by the Guarantor for the protection of personal data (https://www.garanteprivacy.it).
8. COMPULSORY OR OPTIONAL NATURE OF DATA PROVISION
The provision of data is mandatory and is strictly instrumental to access to museum or exhibition premises relating to the exhibitions carried out by the Foundation.
In case of failure to provide it, it will not be possible to access the museum or exhibition premises.
9. CHANGES TO THIS NOTICE
The Data Controller reserves the right to make changes to this information at any time, promptly making this update public.
Essential cookies enable basic functions and are necessary for the proper functioning of the website.
We use analytics services to understand the behaviour of our visitors and make our website better.