Privacy statement as per Art. 13 of EU Regulation 679/2016 and per Privacy Code as recently modified by Legislative Decree 101/2018
For the Opera Santa Maria del Fiore (herein, sometimes only OSMF), your privacy and data security are especially important. For this reason, we collect and process them with great care and attention, at the same time using certain technical and structural precautions to guarantee the full safety of the processing.
We therefore inform you as per Art. 13 of EU Regulation 679/2016 and per Privacy Code as recently modified by Legislative Decree 101/2018 (“Regulation”) that processing of your personal data occurs according to methods that guarantee security and privacy. Using paper, digital and/or online supports, processing takes place in accordance with the details provided in this statement.
Personal data: refers to any information regarding a physical person who has been or can be identified (“the interested party”). A physical person who can be identified is one whose identity can be directly or indirectly confirmed through such information as name, identification number, address, online identity or one or more characteristic elements of his/her physical, physiological, genetic, psychological, economic, cultural or social identity.
Processing: refers to any operation or set of operations which are carried out with or without the aid of automated processes and applied to personal data or a set of personal data, such as their collection, recording, organization, arrangement, retention, adjustment or modification, extraction, consultation, use, communication through transmission, diffusion or any other form of making them available, comparison or interconnection, limitation, and cancellation or deletion.
Particular categories of personal data: refer to personal data that reveal racial or ethnic origin, political opinions, religious or philosophical convictions, or trade union membership as well as genetic data, biometric data intended to unequivocally identify a physical person, or data relative to a person’s health, sexual life or sexual orientation.
Controller of the processing: refers to the physical or legal person, public authority, service or other agency which, whether alone or together with others, determines the ends and means of the processing of the personal data.
Controller of the processing
Processing of your personal data is carried out by the Opera Santa Maria del Fiore (herein, sometimes only OSMF), located in Via della Canonica 1, Florence (50122). OSMF is the Controller of the processing as per the purposes of the Regulation.
For any questions regarding the processing of your personal data, you can contact OSMF at any time by sending a request to these addresses:
Fabbriceria di Opera di Santa Maria del Fiore - Onlus
Headquarters: Via della Canonica 1, Firenze (50122)
Data Protection Officer: Paola Casaccino, email@example.com
External Data Processor pursuant to EU. Art. 28 Reg. 679/2016
The Company M.E.T.A. S.r.l. with its registered office in via Ponte a Piglieri, 8 - 56121 PISA, C.F. e P.IVA 01629090463, is appointed by OSMF as the External Data Processor pursuant to Art. 28 of the Regulation, and is required to carry out the activity assigned to it according to the specific instructions given by OSMF.
M.E.T.A, which was previously authorized and properly selected in order to offer a suitable guarantee of compliance with the rules on the processing of personal data, shall treat your data only in order to let you donate a contribution to OSMF through the web site www.duomo.firenze.it.
Data types and purposes of the processing
Personal data processed by OSMF are limited to those which are provided by users: identifying personal data (such as first and last name and email address). These are needed by the Controller in order to execute your request to donate and sending you a thanksgiving.
Once collected, your personal data are processed for the following purposes:
- Personal data provided by users are used to send announcements pertaining to official OSMF events. These data will also be stored in OSMF’s historical archives.
Legal Basis: The use of data for these purposes requires specific consent on the part of the interested party.
- To make donation
Legal Basis: The provision of data is necessary to allow users to donate to OSMF
Categories of recipients of personal data
Your personal data are processed by systems and personnel of OSMF which/who have been specifically authorized as per Art. 4, Section 10, of the EU Regulation. They process data upon specific indications from the Controller of the processing.
Your personal data will not under any circumstances be shared with or communicated to unknown persons.
Finally, your personal data may be communicated to police, legal or administrative authorities, in compliance with the law, to ascertain or investigate criminal action and to prevent or protect from threats to public safety. Your data may also be divulged in cases that allow OSMF to exercise or safeguard rights that either it or a third party has before the legal authorities as well as for other reasons concerning the defense of rights and freedoms of other persons, in compliance with the stipulations of Art. 2 (e) of Legislative Decree 101/2018.
Period of data retention
We inform you that your data will be kept for a limited period of time, aimed solely for the purpose of fulfilling those obligations imposed by contract, and that, in any case, this period will not exceed legal terms.
At the end of this period, your data will be permanently erased by OSMF (at the address: firstname.lastname@example.org)
Mandatory or optional nature of data provision and consequences of any refusal
The provision of data is necessary to provide the service or the performance of a contract to which the data subject is party. Refusal to provide the same will not allow provision of other services.
No profiling of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements is done.
We inform you that you may exercise the following rights with regard to the personal data treated in this statement, as per the guarantees provided for in the Regulation:
- Right to access and amendment (Arts. 15 and 16 of the Regulation): you have the right to gain access to your personal data and request that they be corrected, modified or completed. If you wish, we will provide you with a copy of your data in our possession.
- Right to deletion of the data (Art. 17 of the Regulation): in cases provided for by current legal norms, you may request that your personal data be deleted. Once your request has been received and considered, it will be our responsibility to end the processing and delete your personal data, when the request is held to be legitimate.
- Right to limit processing (Art. 18 of the Regulation): you have the right to request that the processing of your personal data be restricted in the case of illegal processing or if you contest the exactness of your personal data.
- Right to the portability of personal data (Art. 20 of the Regulation): you have the right to obtain your personal data from the Controller of the processing to transmit them to another Controller, in the cases provided for by the above-mentioned article.
- Right to oppose (Art. 21 of the Regulation): at any time, you have the right to oppose the processing of your personal data which was carried out on the basis of a legitimate interest of ours, providing an explanation of the reasons that justify your request. OSMF will assess the reasons for your request before granting it.
- Right to file a complaint (Art. 77 of the Regulation and Art. 141 of Legislative Decree 101/2018): you have the right to file a complaint with the Italian Data Protection Authority if you feel that a violation of your rights with regard to the processing of your personal data has occurred or is occurring.
- Right to revoke consent given previously (Art. 13 of the Regulation): for processing of personal data whose legal basis rests exclusively upon your consent, at any time you have the right to revoke consent given previously by contacting the Controller of the processing.
At any time, you can exercise your rights regarding specific processing operations of your personal data on the part of OSMF.
More information regarding the rights of the interested party can be received by requesting the full version of the articles cited above from the Controller.
Without prejudice to what has been expressed above, we remind you that the rights cited above can be exercised by anyone who has a personal interest or who in the quality of your agent acts to protect you or acts out of family reasons deserving of protection, as per Art. 2 (l) of Legislative Decree 101/2018.
OSFM adopts adequate security measures designed to safeguard the privacy, integrity, completeness and availability of the personal data of the interested party. OSFM takes technical, logistical and organizational precautions which have the goal of preventing damage, loss – including accidental – changes, and improper and unauthorized use of processed data.
We regularly check, verify and assess the effectiveness of our security measures to the end of guaranteeing the continued improvement of data processing safety.
Changes to the present statement
The constant evolution of our services may bring changes to the characteristics of the processing of your personal data as described here. This privacy statement may be changed and supplemented over time, if this becomes necessary as a result of modifications of current norms regarding the protection of personal data or of the development/modification of our services.
We therefore invite you to periodically check the contents of our privacy statement: whenever possible, we will attempt to promptly inform you about any modifications made to it and their consequences.