Privacy statement on personal data processing: newsletters and quality

Rev. 04 of 18/01/2024

IN-09

PRIVACY STATEMENT FOR NEWS ACTIVITIES OF MUSEO DEI BAMBINI SCS ON PERSONAL DATA PROCESSING

Under Article 13 of EU Regulation no. 2016/679

1. Data Controller

Pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter referred to as “GDPR”), the Data Controller is Museo Dei Bambini Scs with a registered office in Via Flaminia 80/86, 00196 Roma (RM), Tel. 06 3613776, e-mail: privacy@mdbr.it

2. SOURCE OF DATA FOR PROCESSING

In accordance with Article 13 of the EU Regulation 2016/679, we hereby inform you that Museo Dei Bambini Scs processes personal data collected from the data subjects who have freely communicated by means of this form to receive news related to the Museum’s activities.

3. PERSONAL DATA FOR PROCESSING

To receive news, the data subject shall provide the Data Controller with the following data: name, surname and e-mail address.

4. PURPOSES OF PERSONAL DATA PROCESSING, HOW LONG PERSONAL DATA WILL BE KEPT AND LAWFUL BASIS

According to the above-mentioned regulation, the Data Controller shall guarantee that the processing of personal data is carried out with respect of the data subject’s fundamental rights and freedoms, as well as of the data subject’s dignity, specifically for privacy, personal identity and the right of personal data protection.

The data provided will be used with computer and online tools to send service promotional messages from the Data Controller through mailing lists; for this reason, data will be kept from the time data subjects give their consent to the time they withdraw their consent, for no longer than 10 years; after that deadline, data will be kept in anonymous form for reasons of record chronology and statistics.

The lawful basis for personal data processing is found in Article 6, paragraph 1, point a, of GDPR, consent is given directly by the data subject to make it easier for communications to be sent to them.

5. SERVICE CANCELLATION AND NON-CONSENT

Should the user not consent to the collection of their data, they will not receive messages on the museum’s news.

To cancel your sign-up, use the link sent with the sign-up and you will be directed to the procedure to follow to cancel your sign-up. For technical problems, you can send a report to the Data Controller at the following e-mail address: privacy@mdbr.it

6. RECIPIENTS OF PERSONAL DATA AND TRANSFER OF DATA

Personal data will be processed exclusively by the museum’s staff and contractors or companies duly appointed, by the Data Controller, as Data Processors (ex. for technological maintenance of the site). In the cases described above, only basic data – and no more than basic data – will be communicated for the purposes for which it is communicated. Data Processors list is available with the Data Controller and can be requested at contacts included in this statement.

Transfer of data to third countries

Personal data is not transferred outside the UE.

7. RIGHTS OF DATA SUBJECTS

The data subject can, at any time, exercise the following rights:

Right of access, Article 15: obtain confirmation or not that their personal data is being processed; in this case, obtain access to their personal data;
Right to rectification, Article 16: obtain rectification of incorrect personal data without undue delay;
Right to erasure, Article 17: obtain erasure of their personal data without undue delay; the Data Controller has the obligation to erase personal data without undue delay, under certain conditions;
Right to restrict processing, Article 18: obtain restriction of processing in some cases;
Right to data portability, Article 20: receive personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, in certain cases:
Right to object, Article 21: object, on grounds relating to their particular situation, at any time to processing of personal data concerning them;
Withdraw consent given at any time (Conditions for consent, Article 7).

In any case, you always have the right to lodge a complaint with a supervisory authority under Article 77 of EU Regulation, if you think that your personal data is not processed lawfully; for Italy, the competent supervisory authority is the Data Protection Authority (Garante per la protezione dei dati personali) who can be contacted through the website http://www.garanteprivacy.it. Requests related to the exercise of the data subject’s rights will be handled without unjustified delay and within 30 days from the date of request; only in more complex cases and in the face of a high number of requests, the above term can be extended by 2 (two) more months. Requests related to the exercise of the data subject’s rights can be sent to the following e-mail: privacy@mdbr.it

Promotion/sale of the Museum’s services

For the purposes described in item 3 of the Privacy Statement (functional purposes of marketing activities through mailing lists)

I give my consent
I do not give my consent

to my personal data processing.