Notice for information request and/or reservation pursuant to article 13 of EU Regulations 2016/679 and applicable current rules.
Pursuant to article 13 of EU Regulations 2016/679 (here called “The Regulations”) and moreover to the current rules about privacy, Asti Musei Foundation, as the Controller of your personal data (hereinafter referred to as “Foundation” or “Data Controller“), informs you that the personal data you provide on the occasion of requests submitting for specific information, booking to the events organized by the Foundation and/or booking for the use of the museum areas, will be processed in accordance with the regulations in force and the principles of fairness, lawfulness, transparency and protection of confidentiality provided by it.
Purpose of processing and nature of data provision
Personal data provided by data subjects will be processed in order to:
- purposes related to the execution of legal obligations and/or regulations, or orders from the authorities. The provision of personal data is a legal obligation and failure to provide it would make it impossible for the Foundation to fulfill the legal obligations to which it is bound, while for the user it would make it impossible to browse the site www.museidiasti.com, register on the site and use the related services;
- purposes related to contractual obligations and, in general,
- to the provision of services;
- or the navigation of the site museidiasti.com
- to allow the user to register on the site www.museidiasti.com and to execute the conditions of use of the site www.museidiasti.com, accepted during registration;
- to manage any inquiries received through the appropriate form on the website museidiasti.com;
- in order to enable the use of services provided through the website www.museidiasti.com, including issuance and purchase of admission tickets to events organized by the Foundation, and also throughof third-party platforms (e.g. the website https://www.vivaticket.com/it), the shipment of purchased tickets, etc. The provision of personal data is, at times, a contractual obligation or a necessary requirement for the conclusion of any contract, and failure to provide the data will result in the Foundation being unable to fulfill the contractual obligations to which it is bound therein described and the user being unable to browse the www.museidiasti.com website, register on the www.museidiasti.com website, and, in general, to take advantage of all the services offered and outlined above;
- to manage and fulfill requests for reservations to events organized at the Foundation and/or for the use of the museum areas, as well as in order to perform obligations arising from the contract; the provision of data could be, in relation to the relationship that the data subject has established with the Company, a contractual obligation or a necessary requirement for the conclusion of any contract. In any case, refusal to provide the data means that the Data Controller will not be able to use the personal data in order to examine, manage and respond to the data subject’s request for information and/or to properly fulfill the obligations arising from the contract;
- administrative-accounting purposes, related to the performance of activities of an administrative, organizational, financial and accounting nature (e.g. activities functional and ancillary to the fulfillment of contractual and pre-contractual obligations). The provision of personal data for these purposes is a contractual and legal obligation, and failure to provide the data will make it impossible for the Foundation to fulfill its obligations (e.g., finalizing purchases on the site);
- marketing and promotional purposes, including the sending of newsletters, through automatic means, such as e-mail and sms, as well as traditional means, such as telephone contact with operator, all in full compliance with the principles of lawfulness and fairness and the provisions of the law; this purpose concerns only those users who have expressed optional consent and will not affect the performance of treatments that do not involve the provision of consent (e.g. it will still be guaranteed the issuance of the ticket for access to events organized by the Owner) even in the case of failure to provide consent. The conferment of the same for these purposes is, precisely, optional, and involves the impossibility for the Foundation to send users communications having a promotional nature.
Any processing for additional purposes will be carried out after complying with the information requirements of Articles 13 and 14 of the Regulations.
Data processing methods.
The processing of personal data will be carried out by means of paper, computer or telematic tools and with adequate security measures to ensure the security and confidentiality of your personal data in compliance with the provisions of current legislation.
Legal basis for data processing
The legal basis for data processing is the fulfillment of legal obligations, the consent that may have been given for specific optional activities, the execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the data subject who submits requests for information and/or reservations to events organized at the Foundation and/or for the use of the museum areas by:
- the sending of an e-mail to the address found on the Foundation’s website;
- the telephone channel set up by the Foundation;
- social channels used by the Foundation;
- the ticket office at the Foundation’s headquarters.
In compliance with the principles of proportionality and necessity, the data will be retained for the time necessary to fulfill the achievement of the purposes indicated above and, therefore, the service offered or the specific legal regulations on the subject.
In any case, the Data Controller undertakes to inspire the data processing to the principles of adequacy and minimization, periodically verifying the necessity of their retention for a period of time no longer than necessary to achieve the purposes for which the data were collected and processed.
At the end of the data retention period, the data will be permanently deleted and/or irreversibly anonymized.
Communication and dissemination of data
Without prejudice to the communications carried out in fulfillment of legal obligations, personal data may be processed by authorized employees in charge of the processing appointed connected by the Data Controller, or by professionals and personnel who for organizational and functional needs need to process them, as well as by any third parties involved (e.g., subjects in charge of managing the site and all services provided through the same, subjects owners of platforms through which it is possible to purchase access tickets to events organized by the Foundation, etc.), appointed as External Data Processors pursuant to Article 28 of the Regulations.
The updated list of External Data Processors is available from the Data Controller and the data subject may request it at any time by sending an e-mail to the following address: firstname.lastname@example.org.
Personal data will not be disseminated in any way.
Personal data will be processed and stored within the European Union.
In the event of any processing of personal data carried out in Third Countries, the same will take place only after the adoption of adequate safeguards, as required by the mandatory regulations.
Rights of the interested parties
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (Articles 15 and 16 Regulations).
In addition, data subjects have the right to request the deletion, limitation of processing, and portability of data as well as to lodge a complaint with the supervisory authority and to object in any case, for legitimate reasons, to their processing (Art. 17 ff. of the Regulation).
Data subjects also have the right to revoke at any time any consent given to specific optional activities, without prejudice to the lawfulness of the processing carried out prior to revocation.
These rights may be exercised by written notice to be sent to: email@example.com.
The Data Controller
The Data Controller is Fondazione Asti Musei with registered office in Asti, Corso Vittorio Alfieri No. 357.
Third Party Processing