PRIVACY STATEMENT ON PERSONAL DATA PROCESSING: TICKET SERVICES – Rev03 del 24 maggio 2018
Article 13 of the EU Regulation 679/2016 on the protection of personal data collected from the data subject
-The Data Controller is the Museo dei Bambini SCS with registered office inVia Flaminia no. 80/86 -00196 (RM)
– The Data Processor is Patrizia Tomasich in compliance with the principles of protection of personal data.
– The Museo dei Bambini SCS staff is tasked with personal data processing.
2.Source of personal information
In accordance with Article 13 of the EU Regulation 679/2016, we hereby inform you that the Museo dei Bambini SCS processes personal data collected from the data subjects who have freely communicated in person and/or by means of forms, telephone or fax their personal information to our offices.
Purposes of personal data processing
In accordance with the above-mentioned regulation, the Data Controller will ensure that the processing of personal data will be carried out in the respect of the data subject’s fundamental rights and freedoms, as well as of the data subject’s dignity, specifically for privacy, personal identity and the right of personal data protection.
3.1 All personal data collected from the data subjects are processed only for the purposes of booking the services requested by the data subjects.
Personal data collection and consequences for non-consent to processing
Personal data collection for the purposes referred to in item 3.1is required in order to allow delivery of the service requested. Should the user not give their consent to the collection of their personal data, the service cannot be provided.
Data communication and disclosure
Personal data freely obtained from the data subject will not be disclosed in any form whatsoever.
Personal data, whenever necessary, might be communicated to:
5.1 all subjects whose access right is acknowledged pursuant to and for the purposes of law provisions;
5.2 our contractor personnel, employees and suppliers, in relation to their tasks and/or our contractual obligations to them, for the purposes of the business relationships with the data subject;
5.3 all public and/or private subjects, individuals and/or legal bodies (legal, administration and tax offices, Courts, Chambers of Commerce, Municipality of Rome, etc.), whenever data communication proves necessary or functional to our business and activities for the purposes and in the manners described above;
5.4 banks for the purposes of receiving and issuing payments arising from contracts.
In the cases described above, only basic data – and no more than basic data – will be communicated for the purposes for which it is communicated.
Transfer of data to third countries
The Data Controller will not transfer personal data to third countries; however, it reserves the possibility to use cloud services; in this case, cloud service providers will be selected among those who provide appropriate safeguards in accordance with article 46 of GDPR 2016/679.
How personal data is processed
Processing involves common identification personal data.
Personal data may be held electronically and in hard copy and is subject to appropriate safeguards in order to ensure protection and privacy. Data will be processed and stored on premises where access is constantly monitored; in particular, all technical, information technology, organisational, logistic and safety procedural safeguards will be adopted so that the appropriate data protection level specified in the regulation is maintained; access will be allowed only to persons tasked with processing by the Data Controller or Data Processors being appointed by the Data Controller.
How long personal data will be kept
Personal data will be kept until the booked day; after that, it will be manually erased.
Rights of the data subject
The data subject can, at any time, exercise the following rights:
a.right of access to personal data;
right to rectification or erasure or right to restrict processing;
right to object to processing of their personal data;
right to data portability;
f.Right to lodge a complaint with a supervisory authority pursuant to article 77 of GDPR based on the data subject’s private address, place of work, or place of breach of their rights; for Italy the competent supervisory authority is the Data Protection Authority (Garante per la protezione dei dati personali) who can be contacted through the website http://www.garanteprivacy.it.
The rights described above can be exercised by sending a request to the Data Controller at the following e-mail address: firstname.lastname@example.org using the contact information included in this privacy statement. Requests related to the exercise of the data subject’s rights will be handled without unjustified delay and within a month from the date of request; only in more complex cases and in the face of a high number of requests, the term may be extended by 2 (two) more months.