Privacy Policy - Explora
Skip to content

The Museo dei Bambini SCS processes your personal, identification and contact data as well as their storage for a period of two weeks, for Art. 6(1) GDPR letter c), according to which the processing is lawful when necessary to fulfil a legal obligation to which the data controller is subject.


Art.13 EU REG. 2016/679

Personal data controller
Pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter “GDPR”) Museo Dei Bambini Scs (hereinafter “Data Controller”), Via Flaminia n. 80/86, 00196 Rome, CF/P.IVA 05504141002, Tel. 06 3613776,

e-mail in its capacity as “Data Controller”, informs you that your personal data collected will be processed in compliance with the aforementioned legislation, in order to guarantee the rights, fundamental freedoms and dignity of individuals, with particular reference to confidentiality and personal identity.

Source of personal data
Pursuant to Article 13 of EU Reg. 2016/679, we inform you that Museo Dei Bambini Scs processes the personal data of the data subjects who, through this website:, have voluntarily communicated their personal data by filling in the various forms, by sending an email or in person at our offices.

Purpose of personal data processing
In accordance with the aforementioned law, the Data Controller guarantees that the processing of personal data is carried out in compliance with the fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity and the right to protection of personal data.

3.1 All personal data communicated by the data subjects are processed for fulfilments related to
administrative practices and tax fulfilments related to the services provided by Museo Dei Bambini Scs and to the performance of the activities of the same company in order to allow the data subject to benefit from personalised services and to fulfil specific requests.
The legal bases of the processing for the purposes indicated above are art. 6.1.b) and 6.1.c) of the Regulations, i.e. the execution of a contract or pre-contractual measures and legal obligations.

Personal data may also be used for purposes functional to the promotional activity of Museo Dei Bambini Scs services, such as:

3.2 Marketing purposes, such as receiving communications of a commercial and promotional nature such as the proposal of new initiatives, communication of new products and services of Museo Dei Bambini Scs, through mailing lists;
The legal basis for the processing of personal data for the purposes referred to in point 3.2 is Art. 6.1.a) of the GDPR as the processing is based on consent.

3.3 detection of the degree of satisfaction with the quality of the services offered by means of a satisfaction questionnaire, sent at the same time as the ticket purchased online. Completion of the questionnaire is optional and totally anonymous; it is sent to comply with the requirements of the

EN ISO 9001:2015 quality certification and to be able to make improvements where necessary in relation to the satisfaction expressed.
The legal basis for the purpose referred to in point 3.3 is Article 6.1 f), i.e. the legitimate interest of the Controller.

  1. Provision of data and consequences in the event of failure to consent to processing
    The provision of your data for the purposes referred to in point 3.1 is necessary to enable the provision and management of the service, any refusal to provide such data will make it impossible to obtain the use of the service proposed by the Owner.
    With reference to the purposes of the processing referred to in point 3.2, consent to the processing of the data is optional and may be expressed by checking the appropriate box for each of the separate purposes present. Failure to consent will have no effect on the possibility of receiving the services requested and will only entail the consequences described below
    the impossibility of receiving informative and promotional communications from Museo Dei Bambini Scs via mailing list.
    For the purpose 3.3 the provision of data is useful for our quality and to obtain a certification that attests an ever-improving service for the user, who may choose not to answer the questionnaire and in any case his or her answer data will be anonymous.
  2. Communication and dissemination of data

The personal data voluntarily communicated by the data subjects may be communicated, should it be necessary, to all subjects to whom the right of access is recognised by virtue of regulatory provisions;
to our collaborators, employees and suppliers, as part of their duties and/or any contractual obligations with them, inherent to business relations with the data subjects
to post offices, forwarding agents and couriers for the dispatch of documentation and/or material; to all those public and/or private individuals and/or legal entities (legal, administrative and tax consultancy firms, judicial offices, Chambers of Commerce, Municipality of Rome, etc.), if the communication is necessary or functional to the performance of our activity and in the manner and for the purposes described above
banking institutions for the management of collections and payments arising from the execution of contracts.
The data may be communicated to third parties appointed as data processors pursuant to Article 28 of the GDPR. To the Data Processors or Persons in charge who may be designated, Museo Dei Bambini Scs will issue adequate operating instructions, with particular reference to the adoption of and compliance with security measures, in order to be able to guarantee the confidentiality and security of the data. The list of those responsible for and authorised to process the data can be consulted at the aforementioned head office of the data controller. In any case, only data that is essential and not excessive in relation to the purposes for which it is communicated will be communicated.

Transfer of data to third countries

The Data Controller does not transfer personal data to third countries.

Processing methods

The processing concerns common personal identification data. The processing of personal data is carried out using both paper and computer media with the observance of all precautionary measures in order to guarantee security and confidentiality. The data will also be managed and protected in environments whose access is under constant control; in particular, all technical, IT, organisational, logistical and procedural security measures will be adopted, so that the appropriate level of data protection required by law is guaranteed, allowing access only to those persons entrusted with the processing by the Data Controller or by the Managers that may have been designated by the same.

Period of data retention

In compliance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Article 5 of the GDPR 2016/679, personal data will be retained for the period of time strictly necessary to pursue the specific purposes of the processing for which the user has given his or her consent and, specifically:

for the purposes indicated in point 3.1 for the time necessary for the fulfilment of contractual and fiscal obligations, no longer than 10 years from the time of collection of your data, with regard to the data collected in relation to the (online) ticketing and subscriptions service the data will be kept for a maximum period of 10 years, once this period has passed, the data will be kept in an anonymised archive, for record history and statistics

for the purposes indicated in point 3.2, i.e. for Marketing purposes, until cancellation or revocation by the data subject from the time consent to processing is given and no longer than 10 years, after which time the data will be kept in an anonymised archive, for the history of records and statistics
for the purposes indicated in point 3.3, i.e. the satisfaction questionnaire, no personal data is collected, as it is filled in and sent anonymously by the data subject.
Rights of data subjects.

The interested party may, at any time, exercise the rights indicated below: