COOKIES & PRIVACY POLICY

The personal data collected will be processed by the Association Rifugio Digitale E.T.S., with its legal headquarters at Via della Fornace 41 – Florence, which will act as the data controller for requesting information (e.g., information about exhibitions, artists, and artworks), and for subscribing to the newsletter of the Association Rifugio Digitale E.T.S.

If you have any questions regarding this privacy notice, including any requests to exercise your legal rights, please contact us via email: info@rifugiodigitale.it

1. Data Controller

The data controller is Association Rifugio Digitale E.T.S.

2. Purposes for which your data is processed

The personal data provided by users will be used to allow navigation and access to the services offered on the website. Registration is permitted for those who explicitly request it by filling out the forms on the pages of the website dedicated to this service, after reading the specific privacy notice and authorizing the Association Rifugio Digitale E.T.S. to process their personal data. Refusing to provide the data will result in the inability to access the services offered by the website.

3. Mode of data processing and security measures applied

Personal data are processed using automated tools and not for a period longer than necessary to achieve the purposes for which they were collected. Specific security measures are in place to prevent data loss, unlawful or improper use, and unauthorized access. The transmission of data voluntarily provided by the user through the completion of the fields in the questionnaire is managed with SSL encryption technology, which encodes the information before it is exchanged over the internet between the user’s device and the data controller’s central systems, making it unintelligible to unauthorized parties and ensuring the confidentiality of the transmitted information.

Within the Association Rifugio Digitale E.T.S., employees or external collaborators assigned to services, as well as internal and external structures performing consultancy and support tasks on behalf of the Association Rifugio Digitale E.T.S., may become aware of your personal data. Data processing is carried out by personnel directly employed by the data controller and/or individuals or legal entities specifically appointed by the controller as responsible for or authorized to process the data.

4. Communication of data

The data provided will never be subject to dissemination or communication to third parties, except for the communication to:

•  to those parties whose right to access the data is recognized by law or by order of the authorities;
• to those parties, inside or outside the company, engaged by the Data Controller to perform activities instrumental and/or accessory to management of the data collection and provision of the relative services and benefits, including the suppliers of software solutions, web applications and the like.
  These entities will use the data received as independent “controllers,” unless they have been designated by the Association Rifugio Digitale E.T.S. as responsible for processing specific data tasks.
  The newsletter is sent by email to those who explicitly request it by filling out the form on the page of the website dedicated to this service and authorizing the data controller to process their personal data.

The newsletter is sent by email to those who explicitly request it by filling out the form on the page of the website dedicated to this service and authorizing the data controller to process their personal data.
The data related to registration for the services offered by the website (the “Services”) may also be communicated to companies that allow the data controller to provide the services to the user.

These companies:

• may also be based outside the European Union;
• will never make direct use of the personnel data communicated to them by the Data Controller;
• will not sell the personnel data communicated to them by the Data Controller to third parties.
  Data will be communicated using methods that strictly comply with the regulations in force at the time.
  By registering for the website Services, users acknowledges that they consent for the Data Controller to come into possession, through analysis of the data provided by the supplier of the service,  of the following information:
• number of times the mail relative to the newsletter is opened;
• number of clicks on links contained in the newsletter;
• failure to open the mail relative to the newsletter;
• forwarding of mail relative to the newsletter to e-mail address;
• cancellation of subscription;
• claims;
• possible use of the contents of the newsletter via Facebook.

5. Location of data processing

The data processing related to the web services of this site takes place at the headquarters of the Association Rifugio Digitale E.T.S. and the entity used by the data controller to carry out instrumental and/or ancillary activities for managing the collected data, or by third parties acting as data processors for Rifugio Digitale.
No personal data from the web service is disclosed.

6. Types of data processed

Website search data
The information systems and software procedures used for the operation of this website acquire, in the course of their normal operation, some personal data whose transmission is implied in the use of internet communication protocols.
These are data that are not collected to be associated with identified users but that, by their nature, could, through processing and association with data held by third parties, allow for the identification of users.
This category of data includes the IP addresses or domain names of the computers used by users connecting to this site, the IP address of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters related to the operating system and the user’s IT environment.

Data provided voluntarily by the user
The optional, explicit, and voluntary sending of emails to the addresses indicated in the appropriate sections of this website results in the subsequent acquisition of certain personal data and special categories of personal data from the applicant, entered in the necessary forms to respond to the requests.

7. Nature of provision of data

If the user intends to interact with the company via the website, providing data is optional, but it is a necessary and essential condition for providing the requested information. Therefore, failure to provide the data will result in the data controller being unable to guarantee a response.

8. Rights of Data Subjects

According to the Regulation, the data subject has the right to access their data, in particular to obtain confirmation at any time of whether the data exist, and to know the content, origin, geographical location, and to request a copy.
The data subject also has the right to verify the accuracy of their data, request integration, updating, correction, restriction of processing, deletion, transformation into anonymous form, or blocking of data processed in violation of the law, as well as to object to their processing in any case. Additionally, the data subject has the right to request data portability and file a complaint with the supervisory authority.

9. Period of custody of data

The Association Rifugio Digitale E.T.S. will process the data for the entire period during which the interested party who has subscribed to the services has not requested deletion.

10. How to exercise your rights

To exercise the rights referred to in point 8, the data subject can contact the data controller by sending an email to info@rifugiodigitale.it.
The response time to the user is thirty days, extendable to three months in cases of particular complexity; in these cases, the data controller will provide at least an interim communication to the data subject within thirty days.
Exercising the rights is, in principle, free of charge; however, the data controller reserves the right to request a contribution in cases of manifestly unfounded or excessive requests (even repetitive), taking into account the indications provided by the Privacy Authority.

11. Claims to the Privacy Guarantor

Data Subjects may file claims with the Privacy Guarantee Authority at the website http://www.garanteprivacy.it.