The data controller
Your personal data is processed by Opera di Santa Maria del Fiore, headquartered in 50122 Firenze, Via della Canonica, 1, as data controller pursuant to and in accordance with the Regulation.
For any queries on the processing of your personal data, you can at any time contact OSMF at:
Fabbriceria di Opera di Santa Maria del Fiore - non-profit organisation
Registered office: Via della Canonica, 1, Firenze (50122)
DPO: Paola Casaccino, email@example.com
Location of data processing
Data processing in relation to the website's web services takes place at the headquarters of Opera and is handled only by the technical personnel of the office in charge of data processing. Infrastructure is hosted on cloud server owned by Amazon Aws Europe. Data regarding the web services is likewise processed by the personnel of the company that holds the platform for the newsletter (Mailchimp).
The purpose of processing the data collected
User data is collected to enable the controller to provide services, as well as for the following purposes: statistics, contacting users, managing addresses and sending emails, commenting on contents and interacting with social networks and external platforms.
The types of personal data used for each purpose are indicated in the specific sections of this document.
Commenting on contents
The comment service allows users to voice and make public their comments on the content of this website. Users, depending on the settings chosen by the data controller, can also leave comments anonymously. If the personal data provided by the user includes an email address, it could be used to send notifications of comments about the same content. Users are responsible for the content of their comments. Opera del Duomo nevertheless reserves the right to check such content and delete it should it prove inappropriate or damaging to the good name of the organisation.
If the comment service is provided by third parties (e.g. Facebook, Twitter), these may, even where users do not use the comment service, collect traffic data on the pages on which the comment service is installed.
Mailing list or newsletter
Following registration with the mailing list or newsletter and the giving of specific consent, the user's email address is automatically added to a list of contacts to whom emails may be sent containing information about the newsletter, including of a commercial and promotional nature. The user's email address may also be added to the mailing list following registration with the newsletter or after a purchase.
The data controller monitors and analyses website traffic data to track user behaviour through the Google Analytics tool with anonymous IP (Google Inc.)
Types of data processed
Personal data collected by this website is solely and exclusively data for identification collected independently or through third parties.
Personal data can be entered voluntarily by the user, or collected automatically during a visit to this website.
The computer systems and software procedures used for this website's operation collect, during their normal functioning, some personal data the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected for the purpose of associating it with any interested parties identified, but, by its very nature, could allow users to be identified through processing and association with data held by third parties.
This data category includes the IP addresses or domain names of the computers used by visitors to the website, the URIs (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the server's response (successful, error, etc.) and other parameters related to the user's operating system and computer environment.
This data is used only to obtain anonymous statistics on the use of the site and to check its correct operation, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of computer crimes against the site: aside from this eventuality, data on web contacts is currently not retained for more than no. 1 days.
Optional provision of data
Apart from that specified for navigation data, the user is free to provide Opera with the personal data contained in enquiry forms.
Failure to provide such data would make it impossible to fulfil the request.
Means of processing personal data
Personal data is processed using automated tools
Personal data is stored for the time strictly necessary to fulfil the purposes for which it was collected and in compliance with the Policies of the Organisation and with the specific nature of the same regarding the requirements of the law and of the historical archive.
OSMF has adopted appropriate security measures in compliance with current regulations (art. 32-36 of the EU Regulation).
Rights of interested parties
You may exercise the following rights in relation to personal data covered by this notice, as specified and guaranteed by the Regulation:
- Right to access and rectification (articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that it is corrected, amended or supplemented. If you wish, we will provide you with a copy of your data that is in our possession.
- Right to data deletion (art. 17 of the Regulation): in cases provided for by current regulations, you can request that your personal data be deleted. Once your request has been received, analysed and found to be legitimate, we will discontinue processing your personal data and delete it.
- Right to limited data processing (art. 18 of the Regulation): you have the right to request the limited processing of your personal data in the event of unlawful processing or of a dispute over the accuracy of the personal data by the interested party.
- Right to data portability (art. 20 of the Regulation): you have the right to request to obtain your personal data, from the data controller, in order to send it to another controller, in the cases provided for by the article cited.
- Right to object (art. 21 of the Regulation): you have the right at any time to object to the processing of your personal data carried out in our legitimate interest, by explaining the motivation for your request; before accepting it, OSMF shall assess the reasons for your request.
- Right to lodge a complaint (art. 77 of the Regulation and art. 141 of Legislative Decree 101/2018): you have the right to lodge a complaint before the Antitrust Authority for personal data protection if you believe that a violation of your rights regarding the processing of your personal data has occurred or is taking place.
- Right to withdraw consent (art. 13 of the Regulation): for the processing of personal data whose legal basis depends exclusively on your consent, you have the right to withdraw your consent, at any time, by contacting the data controller.
At any time, you may exercise your rights regarding the specific processing of your personal data by OSMF.
Without prejudice to that so far expressed, we remind you that the aforementioned rights may also be exercised by anyone who has an interest, or who acts for your protection, as your proxy, or for family reasons worthy of protection, as per art. 2-terdecies of Legislative Decree 101/2018.