MUSEO CAPPELLA SANSEVERO s.r.l., C.F. and P.I. 07055380633, with registered office in Naples in Via Francesco De Sanctis 19, (hereinafter ‘OWNER’), acting as data controller, informs you pursuant to Art. 13 European regulation 2016/679 on data processing (hereinafter ‘GDPR’) that your data will be processed in the manner and for the purposes set out below.
Regarding the protection of personal data, Museo Cappella Sansevero s.r.l. provides its Customers with information on the subjects of data processing, the purposes of processing, the methods of data processing, access to the data, the nature of the data being processed, who owns the processed data, the person responsible for processing, the disclosure and dissemination of data, the rights of the persons concerned, and cookie storage times (click here).
ART. 1 – Personal data processing
Pursuant to European regulation 2016/679 concerning the protection of personal data, Museo Cappella Sansevero s.r.l. ensures compliance with the rules on the protection of personal data, which will be used exclusively for customer relations operations and will not be sold to third parties. Subject to authorisation, Museo Cappella Sansevero s.r.l. may send its customers informative and/or commercial material closely linked to the field and activities in which it operates. Customers have full and free right to waive this type of communication and/or request portability and/or cancellation of their data and the modification or updating of all personal information in our possession at any time by simply sending an email with their request to firstname.lastname@example.org.
ART. 2 – Data controller
The data controller of the collected data is MUSEO CAPPELLA SANSEVERO s.r.l., C.F. and P.I.: 07055380633, Via Francesco De Sanctis 19 – 80134 Naples,
Telephone: +39 081 5524936 – Mail: email@example.com
ART. 3 – Data processors
The data processors are:
– Dr. Fabrizio Masucci, born in Naples on 20/10/1977, President and legal representative of Museo Cappella Sansevero s.r.l., tel.: +39.0815524936, e-mail: firstname.lastname@example.org;
– Computer assistance: Elaborazioni Grafiche di Fabio Paradiso, P.I. 07815170639, Via Ventaglieri 12 – 80135 Naples, e-mail: email@example.com;
– Website management: P&R Agenzia Pubblicitaria Italiana, P.I. Via del Parco Margherita, 23 – 80121 Naples, tel. +39 081400083; e-mail: firstname.lastname@example.org
An updated list of the people responsible for external data processing is kept at the Data Controller’s registered office.
ART. 4 – Subject of data processing
The Owner processes personal data, identified below as ‘PERSONAL DATA’, or simply ‘DATA’, provided by the User when performing the activities that require them on the site or pages linked to it for services or requests made by the User (for example contacting us at one of the email addresses listed in the Contacts section, or subscribing to the Newsletter).
ART. 5 – Types of data:
a) Navigation data
During normal operation, the computer systems and software procedures used to operate this website acquire some personal data from users who connect to the site. The transmission of these data is implicit in the communication protocols of the Internet.
This information is not collected for association with identified data subjects, but, by its very nature, it could allow users to be identified in the course of processing and association with data held by third parties.
This category of data includes the IP addresses or domain names of computers used by those who connect to the site, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other information regarding the operating system and the IT environment of the user.
These data serve exclusively to obtain anonymous statistical information on the use of the site and to verify that it is functioning correctly. The data may be used to ascertain responsibility in the event of cyber crimes against the site: apart from this exception, data regarding web contacts are currently stored for no more than seven days.
b) Data provided voluntarily by the user
Sending e-mail and communications in general to the addresses indicated on this site leads to the subsequent acquisition of the sender’s address, which is necessary to respond to requests, in addition to any other personal data included in the message. Specific summary information will be shown or displayed on any webspages that may be prepared to provide particular services on request.
The site acquires no personal user data.
Please note that no use is made of cookies for the transmission of personal information except persistent third-party cookies for the collective tracking of pages visited by users.
The use of session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of the session identifiers (consisting of random numbers generated by the server) needed to allow users to explore the site securely and efficiently.
In addition, session cookies used on this site do not use any further IT techniques that may be detrimental to the confidentiality of user navigation, nor do they allow the acquisition of users’ personal identification data.
ART. 6 – Optional data provision
With the exception of navigation data, users are free to provide the Owner with personal data in order to request informative material or other communications or to make use of the services provided on the site. Failure to provide such data may render it impossible to obtain the information requested.
ART. 7 – The purpose of data processing
Personal data that have been voluntarily provided – and only with the specific and separate consent of the User (art. 7 GDPR) – will be processed for the following purposes, until request to the contrary is received:
- contact requests, with supply of information requested by the user
- subscription to newsletters
- the compilation of data collection forms in dedicated areas
- administrative-accounting activities in general
In compliance with the personal data protection provisions, processing carried out for administrative-accounting purposes refers to processing related to organisational, administrative, financial, and accounting activities, regardless of the nature of the data processed. Please note that this involves internal organisational requirements, the fulfillment of contractual and pre-contractual obligations, and activities of an informative nature.
ART. 8 – Methods of data processing
Users’ personal data are processed by means of the operations indicated in Art. 4, paragraph 2, of the Regulation, i.e., collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, and the cancellation and destruction of data. Your personal data will be processed both on paper and electronically and/or automatically.
The Data Controller will process your personal data for the time necessary to fulfil the above-mentioned purposes until you request cancellation from the lists, which you are free to do at any time; the data collected are organised, managed, and stored for the purposes and in the manner provided for by Italian law.
ART. 9 – Access to data
Collected user data may be made accessible for the purposes set out here
- to the Owners’ employees and contractors or associated companies in Italy or abroad in their capacity as processors and/or internal controllers and/or system administrators;
- to third parties or other entities (e.g., credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) outsourced by the Data Controller in their capacity as external data processors.
ART. 10 – Disclosure and dissemination of data
The data may be disclosed to the people appointed to carry out the various technical, commercial, and administrative functions within Museo Cappella Sansevero s.r.l. They may also be disclosed to third parties using strictly limited methods and solely for purposes related to the provision of the service (e.g. they may be passed on to Internet and/or telephone carriers, as currently required by law).
The Data Controller may pass on your data to supervisory bodies, judicial authorities, and insurance companies for the provision of insurance services without the need for express consent. The data controller may also pass them on to those legally required to possess them for the purposes set out above.
They will process the data in their capacity as autonomous data controllers.
Your data will not be disclosed.
ART. 11 – Data transfer
Personal data are stored on servers located within the European Union. In any case, the Data Controller is also entitled to move the data and/or the servers outside the EU if necessary. In this case, the Data Controller guarantees that the transfer of data will be transferred outside the EU in compliance with the applicable law subject to the stipulation of the standard contractual clauses provided by the European Commission.
ART. 12 – Rights of data subjects
Users may exercise their rights regarding the data controller at any time pursuant to and by effect of European Regulation 2016/679 on the protection of personal data.
In their capacity as Interested party, users have rights under Art. 15 of European Regulation 2016/679 concerning the processing of personal data, and specifically the right to:
- obtain confirmation of the existence or otherwise of personal data concerning them, even if not yet recorded, and their disclosure in intelligible form;
- obtain information regarding:
a) the origin of the personal data
b) the purposes and methods of processing
c) the logic applied in the event of processing using electronic means;
d) the identification of the owner, manager, and representative designated pursuant to Art. 3, paragraph 1;
e) the subjects or categories of subjects to whom the personal data may be disclosed or who may have knowledge of them as designated representatives, managers, or agents on the national territory;
a) updating, rectification or, where relevant, the addition of data
b) erasure, depersonalisation or blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which the data were collected or subsequently processed
c) certification that the operations mentioned at letters a) and b) have been notified – also with regard to their content – to those to whom the data were disclosed or disseminated, unless this requirement proves impossible or involves a use of means manifestly disproportionate to the protected right
- oppose, in whole or in part:
a) the processing of personal data concerning them for legitimate reasons, even if they are relevant for the purpose of collection;
b) the processing of personal data concerning him/her for the purpose of sending advertising material or direct selling or carrying out market surveys or sending commercial communication, through the use of automated calling systems by operatorless e-mail and/or by traditional marketing methods via telephone and/or mail.
Please note that, for purposes of direct marketing via automated means, the right of opposition of the person concerned, set out in point b) above, extends to traditional ones and that the person concerned may anyway exercise the right of opposition even if only in part. Therefore, the interested party may decide to receive communications via traditional means only, or automated communications only, or neither of the two types of communication.
Where these conditions are met, the user also has the following rights:
- the right to rectify (Article 16 of the Rules)
- the right to cancel: ‘the right to be forgotten’ (Art. 17 of the Regulation)
- the right to limit processing (Art. 18 of the Regulation)
- the obligation to notify in case of rectification or erasure of personal data or limitations to processing (Art. 19 of the Regulation)
- the right to data portability (Art. 20 of the Rules)
- the right of opposition (Art. 21 of the Rules) as well as the right to make a complaint to the Guarantor Authority.
ART. 13 – How to exercise the rights
Users may exercise their their rights at any time by sending:
- a registered letter with return receipt to: Museo Cappella Sansevero Srl, Via Francesco De Sanctis 19 – 80134 Naples;
- an email to the address email@example.com;
Requests may be made free of charge and will be processed by the Owner as soon as possible, in any case within one month.