Introduction
This privacy notice describes the methods of processing users’ personal data collected during web browsing.
In accordance with Article 13 of the General Data Protection Regulation (GDPR) (EU) 2016/679, we inform you that the Museo Civico delle Carrozze d’Epoca di Codroipo (hereinafter also referred to as the Museum or Data Controller) processes the personal data provided by you and freely communicated for the purpose of carrying out its institutional functions.
The Museum ensures that the processing of your personal data is carried out in compliance with fundamental rights and freedoms, as well as your dignity, with particular reference to confidentiality, personal identity, and the right to the protection of personal data.
This notice does not concern other websites, pages, or online services accessible via hypertext links possibly published on the site but referring to external resources.
Data Controller
The Data Controller is the Museo Civico delle Carrozze d’Epoca di Codroipo, represented by the Director, Mrs. Donatella Guarneri.
Contact Information
Address: Via S.Pietro, 6 – 33033 Codroipo (UD), Italy
Pec: comune.codroipo@certgov.fvg.it
Contact Information of the Data Protection Officer
The Data Protection Officer (DPO) is Studio Legale Avv. Paolo Vicenzotto and can be contacted via the institutional contact details:
Email: dpo@studiolegalevicenzotto.it
Phone: +39 0434 1856002
Legal Basis of Processing
The personal data processed concerning the navigation and use of the institutional website are processed by the Museum for the performance of its tasks of public interest.
Types of Data Processed and Purposes of Processing
A) Browsing Data
During navigation on the site, the system, as part of its normal operation, acquires certain personal data. These data include IP addresses or domain names of computers (or other systems) used, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the operating system and the IT environment used.
These data, necessary for using the site, are processed as part of the activities of providing the services available there. Browsing data are also processed to obtain statistical information on the use of services and to ensure the proper functioning of the services offered.
B) Data Voluntarily Provided by the User
The optional, explicit, and voluntary sending of messages to the Museum’s contact addresses, as well as the completion and submission of forms on the site, involve the acquisition of the sender’s contact data necessary to respond, as well as all personal data included in the communications. Such data are processed solely for the purpose of responding to questions, requests, and inquiries.
Specific information may be published on the pages of the Municipality of Codroipo’s websites prepared for the provision of certain services.
C) Cookies
Cookies are small files sent by the web server to the user’s browser and stored by the user on their device/terminal. On subsequent visits to the site, the web server accesses these files stored on the user’s device for different purposes.
No use is made of cookies for user profiling, nor are other tracking methods employed. Session cookies are used strictly limited to what is necessary for safe and efficient navigation of the sites. The storage of session cookies in browsers is under the user’s control.
For further information regarding the processing of personal data resulting from the use of cookies, please refer to the specific information provided pursuant to Article 122 of the privacy code and the measure no. 229/2014 of the Guarantor for the protection of personal data.
Recipients or Categories of Recipients of Personal Data
The recipients of your personal data are:
- Employees and collaborators of the Museum, expressly designated and authorized, who have been provided with specific instructions. The authorized individuals have differentiated levels of access, depending on their specific duties.
- Any data processing managers for the management and maintenance of the institutional website.
The collected data will not be disclosed—except as required to fulfill regulatory obligations—and are not subject to transfer outside the European Union.
Data Management and Retention Period
Browsing data and cookies will be stored for a period of seven days. However, this data could be retained for a longer period for the purpose of establishing responsibility in the event of crimes.
Data voluntarily communicated by users via email or by filling out forms on the site will be kept for the time necessary to fulfill the processing purposes mentioned above and, in any case, not beyond the terms to which the Data Controller is subject, by law or regulation.
Rights of the Data Subject
As a data subject, in accordance with current regulations, you may:
- Exercise the right to access your personal data and information related to them; request the correction of inaccurate data or the integration of incomplete data; request the deletion of personal data concerning you (when one of the conditions indicated in Article 17, paragraph 1 of the GDPR occurs and subject to the exceptions provided for in paragraph 3 of the same article, for example, if your data is processed unlawfully); request the limitation of the processing of your personal data (when one of the hypotheses indicated in Article 18, paragraph 1 of the GDPR occurs, for example, if your data is processed unlawfully);
- Object at any time to the processing of your personal data in special situations concerning you;
- These requests can be addressed to the Data Controller—also through the Data Protection Officer (DPO)—by communicating to the above addresses, by completing the attached form available on the website of the Guarantor Authority for the protection of personal data;
- File a complaint with a supervisory authority (Guarantor Authority for the protection of personal data – www.garanteprivacy.it), or resort to the appropriate judicial authorities if you believe that the processing of personal data concerning you, carried out through this site, violates the provisions of the GDPR.
Consequences of Not Providing Personal Data
Regarding the communication of personal data for a legal obligation or for the performance of a task of public interest, failure to communicate personal data prevents the provision of the requested online services.
Automated Decision-Making, Including Profiling
Your personal data will not be subject to any automated decision-making, including profiling.
This page was last modified on 18 December 2023 17:05