Privacy

The personal data held by the undersigned organization are collected directly from the interested parties. This site does not collect sensitive data, for which we mean those suitable for revealing racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of a religious, philosophical, political or trade union nature, the state of health and sex life.

Navigation data

The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Profiling data

Profiling data on the consumption habits or choices of the data subject shall not be directly acquired. However, it is possible that through links or by incorporating elements of third parties, such information may be acquired by independent or separate parties. See in this regard the section of third-party cookies.

Cookies

Like others, this website saves cookies on the browser used by the user concerned for the transmission of personal information and to enhance their experience. In fact, cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored, sometimes even with characteristics of wide temporal persistence, to be then retransmitted to the same sites at the next visit.

As explained below, it is possible to choose whether and which cookies to accept, bearing in mind that refusing their use may affect the ability to carry out certain transactions on the site or the accuracy and adequacy of some customizable content proposed or the ability to recognize the user from one visit to the next. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: In any case, at any time, you can communicate or modify the decisions in this regard.

Technical cookies

In particular, so-called session cookies are used, which are not stored permanently on the user’s computer and disappear when the browser is closed and whose use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site and which avoid the use of other IT techniques potentially prejudicial to the confidentiality of users’ browsing and do not allow the acquisition of personal identification data of the user. Then we use analytics cookies that help to understand how visitors interact with the contents of the site, collecting information (geographical and web origin, technology used, language, pages of entry, visits, exit, time spent, etc.) and generating statistics of use of the website without personal identification of individual visitors. All these are to be considered technical cookies for which, since it is not necessary to give consent, the opt-out mechanism applies. Technical cookies are not communicated to third parties as they are necessary or useful for the operation of the site; therefore they are processed only by persons qualified as processors, processors or system administrators.

Third-party cookies

Finally, the site incorporates cookies and other elements (tags, pixels, etc.) of third parties (autonomous and on which the Owner has no responsibility) that also carry out profiling activities and for which reference is made to the respective sites:

• Google Analytics
• Facebook
• Youtube
• Instagram
• Linkedin

Data provided voluntarily by the user

The optional, explicit and voluntary sending of emails to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the email. The explicit and voluntary sending of the forms that can be filled in on the website containing the data subject’s data also entails processing to follow up on pre-contractual obligations or the performance of the services provided by sending the forms. This information in the forms may concern personal data, contact details, contact details, telephone numbers, email addresses of data subjects and of identified and identifiable third parties having cause with the user of the site. However, specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.

Newsletter and Mailing-list

The e-mail contacts used to send communications from the site come from voluntary registrations by the recipient to whom a confirmation request is always submitted, as well as from information acquired in the context of the sale of products or services of the Owner or in any case similar. This includes the sending of information, promotional communications and material. Please note that contacts are not acquired from public subscriber directories. In the event that the communications are not of interest to the recipient, you can avoid any further contact by clicking on the appropriate link contained in each message, or by writing to the addresses at the bottom exercising your right to unsubscribe from the newsletter.

Work with us

It is possible to send your application for a job position, sending your data and an updated CV including authorisation to process sensitive data.

Reservations

The system allows you to book an appointment for the JRC visit (required data: name, surname, membership, telephone, e-mail).

Reserved area

The information (texts, videos and images) that the user uploads to the reserved area are protected by encryption and authentication systems and are accessible only to authorised users, i.e. those directly concerned and/or the intermediaries involved. This information shall not be disseminated.

Personal data are used (ref. articles 6(b) of the GDPR):

• to allow navigation on the site and
• possibly to perform the service or service requested as part of the normal activity carried out by this organisation (ateco code 90.03.02 conservation and restoration of works of art).

In addition, all personal data may be processed:

• for purposes related to obligations provided for by laws, as well as by provisions issued by authorities legitimated by law (ref. articles 6 (c) and 9 (b,g,h) of the GDPR);
• for the establishment, exercise or defense of a right in court and out of court (legitimate interest) of the undersigned organization (ref. articles 6 (f) and 9 (f) of the GDPR);
• for direct marketing purposes according to the legitimate interest of the Data Controller in particular; for cookies, the advertising ids used to show advertisements and ads; e-mail addresses for sending the newsletter; for navigation and usage logs to protect the site and the service from cyber-attacks; in these cases, the data subject can always refuse consent so that the Data Controller will abstain from processing (ref. Article 6(f) of the GDPR);
• for purposes functional to the activity for which the interested party has the right to express consent or not, such as, for example, subscription to the newsletter to receive information messages and promotion and sale of products and services, detection of the degree of satisfaction, communication of data to third parties for receiving information and promotional communications and marketing (GDPR art.6 (a))
• with the consent of the data subject, in the case of sensitive data (ref. Article 9 (a) of the GDPR)

The provision of the data collected from the data subject is optional but essential in order to process them for the purposes referred to in points (a) and (b). In the event that the interested parties do not communicate their essential data and do not allow the processing, it will not be possible to carry out and implement the services proposed and follow up on the contractual obligations undertaken, with the consequent prejudice to the correct fulfillment of regulatory obligations, such as accounting, tax and administrative obligations, etc..

Apart from what is specified for navigation data, the user is free to provide personal data for cookies and specific requests through forms e.g. on products and/or services. Failure to provide them may make it impossible to obtain what has been requested. For all non-essential data, including sensitive ones, the conferment is optional. In the absence of consent or incomplete or incorrect provision of certain data, including sensitive data, the required obligations could be so incomplete as to cause prejudice or in terms of penalties or loss of benefits, both for the impossibility of guaranteeing the adequacy of the treatment itself to the obligations for which it is performed, and for the possible mismatch of the results of the treatment itself with the obligations imposed by the laws to which it is addressed, intending to exempt the undersigned organization from any and all responsibility for any sanctions or afflictive measures.

The treatments connected to the web services of the site are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected; take place at the server in Italy or in the EU and are only handled by technical staff in charge of processing, or by any persons in charge of maintenance and administration operations. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access and loss of confidentiality. The facility is equipped with anti-intrusion devices, firewalls, logs and disaster recovery. Specific mechanisms of encryption and segregation of data and authentication and authorization of users are used.

Data processing means the collection, recording, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data is carried out using manual, IT and telematic tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of personal data will therefore be processed in compliance with the methods indicated in Article 5 of Regulation (EU) 2016/679, which provides, among other things, that the data are processed lawfully and correctly, collected and recorded for specific, explicit and legitimate purposes, exact, and if necessary updated, relevant, complete and not excessive in relation to the purposes of the processing, in compliance with the fundamental rights and freedoms, as well as the dignity of the data subject with particular reference to confidentiality and personal identity, through protection and security measures. The undersigned organization has prepared and will further refine the system of security of access and storage of data.

No automated decision-making (e.g. profiling) is carried out.

Treatment does not take place in non-EU and non-EEA countries.

Personal data will be stored, in general, as long as the purposes of the processing continue depending on the category of data processed.

The data (only the indispensable ones) are communicated

• to persons in charge and responsible for processing, both internal to the organisation of the undersigned and external, who carry out specific tasks and operations (administration of the site, analysis of navigation, traffic, profiling data, management of emails and forms sent voluntarily by the user, processing of e-commerce requests and orders, etc.)
• in the cases and to the subjects provided for by law

The data will not be disseminated unless otherwise provided by law or after anonymization. Without prejudice to what is specified for cookies and third-party elements, without the prior general consent of the interested party to communications to third parties, it will be possible to run only services that do not provide for such communications. In case of need, specific and specific consents will be requested and the subjects who will receive the data will use them as autonomous owners.

In some cases (not subject to the ordinary management of this site) the Authority may request news and information, for the purposes of monitoring the processing of personal data. In these cases the answer is mandatory under penalty of administrative sanction.

At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided for against the data controller, pursuant to articles 15 to 22 of the GDPR (read here the standard); lodge a complaint with the Guarantor; if the processing is based on consent, withdraw such consent given, taking into account that the revocation of consent does not affect the lawfulness of the processing based on consent before the revocation.

Disabling cookies

Almost all browsers offer the possibility to manage and not enable cookies, in order to respect the preferences of users. In some browsers it is possible to set rules to manage site-by-site cookies, an option that offers more precise control over the user’s privacy; Another feature available on some browsers is the incognito mode, so that all cookies created in this mode are deleted after closing.

Please refer to the following instructions for managing cookies in the relevant browsers:

• Chrome
• Firefox
• Internet Explorer
• Safari

The data controller is La Venaria Reale Conservation and Restoration Centre Foundation, in the person of its pro tempore legal representative.

The data protection officer is Spaziottantotto srl.

The registered office is in Via XX Settembre 18, cap 10078, Venaria Reale (TO).

The contact details are: telephone 011 4993007; fax 011 4993033; e-mail privacy@centrorestaurovenaria.it