Personal data protection code

The Comune di Firenze guarantees that all personal data collected will be handled in compliance with the above-mentioned law for all operations required to perform the activities associated with the provision of the services offered, including the despatch of promotional material or information on the Musei Civici Fiorentini and on exhibitions/events organised in them, as well as to monitor customer satisfaction in an effort to constantly improve the ways we meet customer requirements. Personal data may be passed on to third parties solely for activities connected with the aforesaid purposes.

This information is provided in connection with the tickets.museums.comune.fi.it website managed in the name of, and on behalf of, the Comune di Firenze, Piazza della Signoria 1, Florence (FI) by in-house company Lineacomune S.p.a. with registered offices in Via Reginaldo Giuliani 250, Florence.
Processing means any operation, or set of operations, carried out with or without the help of electronic or automated means, concerning "the collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, dissemination, erasure and destruction of data, whether the latter are contained or not in a data bank". Data shall be processed in compliance with legal and conventional obligations, and processing shall be performed, including by electronic means, in such a way as to guarantee that data's safety and confidentiality.
Pursuant to Art. 13, 1° subsection letters b) and c), we would highlight the fact that data processing is crucial in order to comply with legal obligations, and that failure to provide that data will therefore effectively prevent use of the service. We would stress that the data will be communicated to third parties solely in compliance with specific legal obligations, in other words when the communication of that data is necessary or functional for the management of the service. We would also specify that the "Owner" of the data processing is the Comune di Firenze.

Purpose of data processing

Personal data (including the recording of said data in the Comune di Firenze's registries) is processed solely for the following purposes:

Provision of data

The provision of data for registration on the website is completely optional, but it is necessary in order to access the confidential area and thus to access the services offered on the website.
So registration on the website demands your consent to the processing of the personal data concerning you, for the processing purposes outlined in the previous paragraph.

Processing modalities

The processing of personal data concerning you will be conducted chiefly with the help of electronic or automated means in accordance with modalities and instruments capable of ensuring the data's safety and confidentiality in compliance with D. Lgs. 196/2003.
The information acquired and the processing modalities shall be relevant to, and not excessive in respect of, the nature of the services rendered.
Moreover, the data shall be managed and stored in environments enjoying constantly monitored access.

Data communication and dissemination

Your data may be communicated:

Right of access to personal data

Pursuant to Art. 7 in D. Lgs. 196/2003, given in full below, data subjects are assigned specific rights guaranteeing the proper acquisition and correct use of the data processed, and in particular:

  1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
  2. A data subject shall have the right to be informed a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
  3. A data subject shall have the right to obtain a) updating, rectification or, where interested therein, integration of the data; b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
  4. A data subject shall have the right to object, in whole or in part, a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.