https://www.centropecci.it/ hereinafter referred to as: “WEBSITE”
“Regolamento EU 2016/679” hereinafter referred to as: “GDPR”
“Fondazione per le arti contemporanee in Toscana - Centro per l'Arte Contemporanea Luigi Pecci” hereinafter referred to as: “DATA CONTROLLER”
The safeguarding of your privacy is one of our main objectives.
For this, the contents and services offered on the website are provided only to those who explicitly request it, and in the various sections of the website (where we collect personal data) specific information is published pursuant to art. 13 of the GDPR for its inspection before the provision of the requested data.
Foundation of Contemporary Arts in Tuscany – the Luigi Pecci Center for contemporary art
Headquarters: 277 Viale della Repubblica, 59100 Prato
VAT Registration Number 02357450978
We declare that the data controller applies the GDPR and provides for the protection of persons and other subjects regarding the processing of personal data. According to the law, the processing carried out by the WEBSITE will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
For “the processing of personal data” we mean any operation or combination of operations, done with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, deletion or destruction (Article 4.2 of the GDPR).
We inform you that the personal data being processed will be constituted - also according to your decisions on how to use the services of the WEBSITE - by an identifier such as the name, the email address, the telephone number or other identification number, data relating to the location and other data suitable to make it identified or identifiable, depending on the type of services requested (hereinafter only "personal data"). The data controller here does not collect any particular categories of data (religion, political affiliation, state of health, etc.).
Personal data categories processed on the website are as follows:
Data provided willingly by the interested party
In the use of particular areas of the website, it may be possible to process the personal data voluntarily left by you in order to be contacted and / or obtain a service in exchange, such as: request for information, personalized offers, purchase of product or services.
The IT systems and software procedures used to operate the PRESENT SITE acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning, to identify anomalies and / or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site or third parties. Currently, this SITE is hosted on OVH's servers.
What are cookies
Cookies (literally “little biscuits”) are small test files that remember different types of information about the user that is visiting a website, such as their location, the device used (pc, smartphone, tablet..), the browser used, authentication data, browsing preferences, etc… but they can also remember habitual data and personal choices:
the latter information can be used retrospectively to trace a profile of the individual consumer.
More specifically, there are two cookie macro-categories.
“Technical” cookies strictly necessary for the functioning and fruition of web services, they are used to collect information about site visits in an aggregated way. Some of these are:
Browsing cookies (or session cookies)
Authentication cookies (for example, user and password insertion
Personalisation cookies (for example, relative to preference saving activity)
Functionality cookies (for example, saving shopping cart or language / currency preferences)
Analytic cookies (that is statistics, considered technical if adopted by the manager to collect data in an aggregated way (=without collecting IP addresses) about user numbers and how they visit the website)
Flash player cookies (if they do not exceed the duration of the session)
They outline the user profile and send them targeted adveritising, such as:
Profiling first or third party advertising cookies
Social network cookies
Statistical cookies managed entirely by third parties (except: analytics cookies installed directly on the server of the first part or of their server farm without third party interactions, such as Piwik; third-party cookies, but anonymous, or in relation to which the third party can’t access the disaggregated analytics data at IP level).
All cookies used on the WEBSITE do not allow the acquisition of personal data of the user and can’t retrieve any other data from the user's hard drive or transmit computer viruses or take possession of the e-mail address of the user.
Browsing the WEBSITE cookies, necessary to the fruition of the website, defined as “technical” cookies will be downloaded: in particular, the user gives consent to the installation of this type of cookie simply by continuing to browse the site, by selecting a link or a scroll action on the page itself (or by confirming the brief information provided in the banner when accessing the site for the first time ).
The same goes for any other links to third party sites, which refer to the relative policies.
Necessary cookies help to contribute and render usable a website enabling basic functions like page browsing and access to protected areas of the website. The website can’t function correctly without these cookies.
Necessary present cookies are attributable to the Centro Pecci and they are needed to:
Remember preferences about cookie use
Reconduct navigation to a technical session so to allow correct browsing between pages
Preference cookies allow a website to remember information that influence the way in which the site behaves or presents itself, like the preferred language or region that finds you (?)
Present preference cookies referable to the Pecci Center serve to:
Present preference cookies attributable to Google Inc. for the YouTube product, Vimeo, Facebook, LightWidget, are used to:
Statistical cookies attributable to Google Inc. for the Analytics product, to Vimeo, to Facebook, are used to:
The processing we intend to carry out, with your specific consent (if necessary), has the following purposes:
To improve site navigation: allow browsing, consultation and viewing information material on the wensite, as well as improving your browsing experience on the website.
Law obligations: comply with legal, accounting and tax obligations to which the holder is subject, representing this is a legitimate treatment of personal data (pursuant to Article 6.1 (c) of the GDPR).
Responding to requests for information: responding to requests for information, which we will receive via e-mail, telephone or chat, or through a specific form, on services and solutions proposed on the website.
Statistical purposes and market research: developing studies, research, market statistics; sending advertising material, information, commercial information or surveys to improve the service ("customer satisfaction") via e-mail or text message, and / or through the use of the telephone with operator and / or through the official pages of the webiste or on social networks or other official channels of the data processor .
Fraudulent conduct: for exclusive purposes of security and prevention of fraudulent behavior, the data processor implements a system of automatic control that involves the detection and analysis of user behaviour on the site, associated with the processing of personal data including the IP address. The consequences of this treatment are that if a subject attempts to carry out fraudulent conduct on the website (for example to benefit several times of the same promotion without having the right) the holder reserves the right to exclude this subject from the promotion or to adopt any another appropriate measure for its protection. This treatment is also based on the legitimate interest of the holderto detect frauds and frauds committed against him (see Recital (47) of the GDPR, Article 6.1 (f) of the GDPR).
Communication to third parties: only with reference to certain services, the data may be processed for purposes of communication to third parties for third party marketing purposes, ie to provide information and / or make offers on products, services or initiatives offered or promoted by other data processor companies and / or its affiliated and / or controlled companies, and / or by other commercial partners and outsourcers acting as independent data controllers.
The provision of your personal data for the purposes of processing based on the issuance of its consent (pursuant to Article 6.1 (a) of the GDPR) is entirely optional and does not affect the use of the other services of the website.
The site could use Vimeo to host video consent. For more information visit the privacy disclaimer.
Your personal data will be processed by electronic means with reserved access to appointed and authorised subjects by the data processor, which has predisposed all necessary informatic security measures to reduce the violation of privacy risk by third parties, and in each ready moment to adopt security measures that show themselves to be indispensable.
Your personal data can be shared, for “Data processing purposes” as listed above, with:
Subjects that typically act as data controllers, that is: people, companies or professional firms that provide assistance and advice to the DATA PROCESSOR in management, accounting, administrative, legal, tax, financial and credit recovery with regard to the provision of services , as well as individuals, companies or professional firms that provide professional assistance and consultancy services and / or to support the provision of the services offered on this website. The complete list of data controllers is kept at the headquarters of thedata controller and you can request an updated copy at any time by sending a request to the data processor’s email address.
Subjects who perform activities necessary for the services offered by the data processor, or subjects with whom it is necessary to interact for the provision of services, or delegated to perform technical maintenance activities (including maintenance of network equipment and electronic communications networks) , or companies of the group or connected to the data processor (Italian or foreign) who carry out administrative or statistical purposes (collectively "Recipients")
Persons authorized by the OWNER to process PERSONAL DATA required to perform activities strictly related to the provision of services, whether they are committed to confidentiality or have an appropriate legal obligation of confidentiality, such as data processor employees;
Business partners for their own purposes, autonomous and distinct, of commercial information and market research, and only if you have given a specific consent.
Subjects, bodies or authorities to whom it is mandatory to communicate their personal data according to the provisions of law or orders of the authorities (for example, requests by the judicial authorities in the course of criminal investigations);
Some of your personal data is shared with Recipients that could find themselves outside the European Economic Area. The data processor insures that the processing of your personal data on the part of these recipients respects GDPR. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission.
More information is available from the data processor, in particular to find out which treatments involve the transfer of the data in question outside the European Economic Area. Given that this transfer is necessary for its use of the service, according to the current privacy legislation, it is justified pursuant to Art. 44 and following of Chapter V of the GDPR.
In general, all personal data collected for the purposes described above will be processed for only the strictly necessary time to reach the same purposes. In any case, the data processor will process personal data until the time allowed by the Italian law of safeguarding personal interest (Art. 2946 c.c. and s.s.). The conservation period of personal data varies according to the processions purpose for which the following are collected :
• For legal obligations: they will be kept until the time required by the specific legal obligation or applicable law, and subsequently may be retained for a longer period necessary in order to protect the interests of the data processor from possible responsibilities related to supplies.
• To respond to requests for information: they will be used for the time strictly necessary to achieve the same purpose, and will subsequently be kept exclusively for management purposes and to protect the interests of the data processor from the possible responsibilities based on such treatments.
• To use the services of the site or to respond to requests for assistance or for communication to third parties: they will be used for the time strictly necessary to achieve the same purpose and, as such personal data IS processed to provide the products / services, will be subsequently retained for a longer period and as may be necessary in order to protect the interests of the data processor from possible liability for supplies.
In any case, the data processor may retain its personal data up to the time allowed by Italian law to protect its own interests (Article 2947 (1) (3) of the Civil Code) and in particular to protect itself from fraudulent conduct. More information about the data retention period and the criteria used to determine this period can be requested by email to the data processor.
You have the right to ask the data processor, at any time, access to your personal data (according to Article 15 of GDPR), the correction (according to Article 16 of GDPR), the cancellation of the same (according to Article 17 of GDPR), processing limitation (according to Article 18 of GDPR) or to oppose their processing in the cases provided for by Article 21 of GDPR, as well as obtaining in a structured format, commonly used and readable by an automatic device, relevant data ("portability" according to Article 20 of the GDPR). All requests can be addressed by writing an email to the DATA PROCESSOR, using the address indicated at the beginning of this document.
In any case, you are always entitled to lodge a complaint with the competent supervisory authority (Personal Data Protection Authority), pursuant to Article 77 of the GDPR, if it considers that the processing of its personal data is contrary to the legislation in force.
To read the version valid until 20th May 2018 click here.