INFORMATIION PURSUANT TO ARTICLES 13-14 OF THE GDPR (GENERAL DATAPROTECTION REGULATION) 2016/679 AND NATIONAL LEGAL REQUIREMENTS

FOR “MUSEI CIVICI FIORENTINI ONLINE TICKETING”
DEPARTMENT OF CULTURE AND SPORT - MUNICIPAL MUSEUMS AND CULTURAL ACTIVITIES SECTION

In accordance with the legal requirements mentioned above, all data processing involved in the provision of this service will be based on the principles of propriety, legality, transparency and the protection of your confidentiality and rights.

The Comune di Firenze (situated in Palazzo Vecchio – Piazza della Signoria, IT-50122 - VAT Reg. no. 01307110484; certified email address: protocollo@pec.comune.fi.it; switchboard: +39 055055) in its capacity as owner of the website entitled biglietti.musei.comune.fi.it managed on its behalf by SILFI SOCIETÀ ILLUMINAZIONE FIRENZE and SERVIZI SMARTCITY SPA (situated in Via Dei Della Robbia 47 - 50132 FIRENZE - VAT Reg. No.06625660482) shall process all personal data collected primarily by electronic means using information technology and telematic tools, for the purposes outlined in (EU) Regulation 2016/679 (RGPD), in particular for the performance of all operations necessary for the fulfilment of the activities associated with delivery of the service. Such personal data may be communicated to third parties solely for activities connected with those purposes.

Personal data collected and processed pursuant to subscription to this service comprise:
- personal identification data: given name and family name, nationality, telephone number, e-mail address, online identification (username, password, customer ID and so forth)
- connectivity data: IP address, login and so forth.

In particular, there shall be no processing of sensitive data for which specific consent is required.

All data collected shall be processed inasmuch as:
- the data subject has given consent to the processing of his/her personal data for a specific purpose;
- processing is necessary for the fulfilment of the contract to which the data subject is party; Details: The data collected is also used to ensure the regular fulfilment of the following:
  • to ensure registration on the website and the correct delivery of the services required of the Comune di Firenze via the website, and therefore in order to correctly and punctually fufil all obligations occasioned by the contractual relationship established, as well as obligations occasioned by the laws and regulations currently in force, in particular in the spheres of taxation and public security;
  • for purposes of an administrative and accounting nature, including the potential issue of commercial invoices by the Comune di Firenze via electronic mail;
All personal data supplied may be:
- collected
- recorded
- organised
- structured
- stored
- adapted or modified
- extracted
- consulted
- used
- communicated by transmission
- compared or linked
- erased or otherwise destroyed

Details: The data may be communicated:
  • to all those entities (including the public authorities) that have access to personal data on legal or administrative grounds;
  • to banks and companies that manage the national or international payment circuits via which online payment is made for products purchased on or through the website;
  • to companies, consultants or professional persons tasked with the installation, maintenance, updating, general managent and daily running of the hardware and software of the Comune di Firenze or of the company of which the Comune avails itself for the delivery of its services;
Processing:
- does not entail the activation of an automatic decision-making process;
- the information acquired and the processing modalities adopted shall be relevant and in proportion to the nature of the services provided.

Pursuant to Article 14 in the GDPR 2016/679, we specify the following:
Processing will avail itself chiefly of electronic or in any case automatic means via information technology and telematic tools, on the basis of an organisational and processing rationale strictly related to the purposes of the service and in any case such as to guarantee the security, integrity and confidentiality of the data in compliance with the organisational, physical and logical measures stipulated in the provisions currently in force.
In particular, the minimum appropriate security measures required by the systems security manager shall be implemented.
In the context of the processing purposes illustrated above, the supply of data is compulsory in order for the user to be able to access the services offered in the website and thus his/her own personal area. Registration therefore entails consent to the processing of personal data, and failure to supply that data, or the supply of partial or incorrect data, may result in the user being unable to use the service.

Personal data are stored:
- for no longer than is required to achieve the purposes for which it is processed, saving legal provisions and regulations

You may, at any moment, exercise the right:
- to demand more information regarding the content of this information note;
- to access your personal data;
- to obtain the rectification or cancellation of your personal data or a limitation on the processing concerning it (where provided for by law);
- to oppose processing (where provided for by law);
- to data portability (where provided for by law);
- to withdraw your consent, where provided for: withdrawal does not jeopardise the legality of the processing based on consent supplied prior to withdrawal;
- to appeal to the supervisory authority (Privacy Ombudsman);
- to mandate an entity, organisation or not-for-profit association for the exercise of your rights;
- to sue for damages pursuant to any infringement of the provisions (Article 82).

If the data owner intends to further process personal data for purposes other than those for which the data was originally collected, information shall be provided regarding the different purposes involved along with all other relevant information before any further processing goes ahead, and consent will be sought when and wherever necessary.

You may exercise your rights through direct contact and/or by sending a request, including by e-mail, to:

Entity Name Telephone no. e-mail address
       
Owner Comune di Firenze +39 055 276 8519 dir.affaristituz@comune.fi.it
Sub-owner SERVIZIO Musei comunali ed Attività Culturali +39 055 262 5957 musei.civici@comune.fi.it
  DPO (Data Protection Officer) Dr. Otello Cini   rpdprivacy@comune.fi.it cittametropolitana.fi@postacert.toscana.it


Owner's website: www.comune.fi.it
You may obtain further information regarding the processing of data and the exercise of your rights, as well as the regulatory framework governing the same, by visiting the following websites:

Description URL
Owner's website www.comune.fi.it
(EU) Regulation 2016/679 issued by the European Parliament and Council on 27 April 2016, relating to the protection of physical persons in connection with the processing of personal data, and to the free circulation of such data, in replacement of Directive 95/46/CE (general regulation on data protection) (Text relevant for the purposes of the SEE)     https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ITA
European Data Protection Ombudsman (GEPD) https://europa.eu/european-union/about-eu/institutionsbodies/european-data-protection-supervisor_it
Italian data protection ombudsman http://www.garanteprivacy.it/web/guest/home


THE OWNER

Comune di Firenze situated in Florence, Piazza della Signoria, 1 VAT Reg. No. 01307110484. websitewww.comune.fi.it