TABLE OF CONTENTS

1. General provisions
2. Area of application
3. Source, nature and type of Data processed
4. Purposes of Data processing. Consequences of non-provision.
5. Assignees and Data Processors
6. Processing of hidden Data (of site navigation)
7. Processing methods, retention of Data and security measures
8. Rights of Data Subjects

General provisions
Data Controller. In compliance with the provisions referred to in Art. 13 of Decree Law 30 June 2003 no. 196 (“Privacy Code”), with the Policy LUCCA IN-TEC – Lucca Innovazione e Tecnologia S.r.l. (“Lucca In-tec”), with offices in Sorbano del Giudice, Lucca (55100), Via Della Chiesa XXXII, Traversa I, n. 231, Tax Code and VAT No. 02082650462, as Data Controller (“Data Controller”), fulfils the obligation to provide Data Subjects, physical persons and – as far as possible – also legal persons and/or entities that use the Site (“Data Subjects”), information concerning the processing of their personal Data (“Data”), provided by these or captured automatically through the use of the Site accessible at the URL: https://www.musapietrasanta.it/content.php (“Site”). Lucca In-tec is not required to appoint a DPO (Data Protection Officer).

 

Extension. As far as is compatible, the Policy also applies to social media channels (“Social channels”, purely by way of example, Facebook™, Twitter™, etc.) designed, developed or otherwise used and managed by the Data Controller.

 

Revisions. The Data Controller reserves the right to modify and/or update the Policy, taking into account any subsequent additions and/or modifications to the national and/or EU regulations on the protection of personal Data. For this reason, the Policy is published with an identifying serial number and the month of publication, starting with the first version of April 2017, which bears the identifying number “00”. Any new versions of the Policy will be published on the Site in place of this version and will be valid and effective and applied from the date of publication, unless otherwise indicated.

 

Applicable regulations. The Data Controller processes the Data in accordance with the principles of lawfulness, correctness, non-excess and proportionality with respect to the purpose for which it is collected, as established by the Privacy Code. The processing of Data is therefore carried out in compliance with the regulations established by the Privacy Code and with the practices developed by the Authority for the Protection of Personal Data (“Authority”), as well as with Directive 2002/58/EC, as updated by Directive 2009/136/EC, concerning Cookies.

 

• For information relating to text strings and/or Data sent by the web server to browsers while navigating the Site (“Cookies”), refer to the Cookies Policy, available on the Site.

 

2. Area of application

Area of Application. Lucca In-tec, through the Site, creates and provides a virtual and interactive space for the “Museo Virtuale della Scultura e Architettura di Pietrasanta” (Virtual Museum of Sculpture and Architecture of Pietrasanta), in which Data Subjects can admire works of art (mainly concerning the working of stone) and virtually visit various places in Versilia as well as interact with them. This Policy is therefore addressed to Data Subjects, ordinary visitors or artists, and – as far as possible – also to legal persons entities and/or entities, which use the Site to take advantage of the aforementioned services and features.

 

Validity and effectiveness. Lucca In-tec is only responsible for the processing of the Data in relation to which it exercises powers, functions and responsibilities as the Data Controller. The Policy is therefore neither valid nor effective for the processing carried out by third parties whose websites are accessible via connections from the Site, including those attributable to Data Subjects.

 

3. Source, nature and type of data processed

Source. The Data Controller may process the Data, as specified below, provided spontaneously by the Data Subjects when they use the Site and/or register themselves on the Site.

 

Common Data processed. The common Data may consist of, by way of example and not limited to, the following: name, surname, tax code, VAT number, tax residence and/or domicile, telephone and fax numbers, email addresses, credentials or identification codes for login to the Site, information necessary for the execution of contracts, bank account details and/or data referring to payments, except for other Data and/or information sent spontaneously by Data Subjects.

 

Sensitive Data. The management of the Site does not require the processing of sensitive Data which, therefore, the Data Subjects are requested not to send and/or make known in any way connected to the Site or using Social channels. In the absence of specific consent to processing, the sensitive Data received will be deleted and/or eliminated or otherwise rendered anonymous by the Data Controller.

 

4. Purposes of data processing. Consequences of non-provision.

Purposes. The Data Controller processes the Data for the purposes specified in the following table (“Table”) with the relevant indication of the need for express consent or otherwise for processing purposes:

Purposes
A – allowing compliance with legal obligations, including the sending of tax documents
Consent not required
B – responding to communications sent by Data Subjects to addresses present on the Site (postal and email addresses, fax, telephone)
Consent not required
C – sending newsletters and informative material on the activities of the Site, promotional offers and services offered through the Site
Consent required

Optional nature of Data provision. Apart from what is specified in the Cookie Policy, the provision of Data, except for that necessary to fulfil legal obligations, is optional. In any forms to be filled in online, the optional or obligatory nature of the provision of the Data will however be specified. Note that the symbol * in the online forms indicates Data indispensable for the purposes of pursuing the specific purpose.

 

Refusal of processing. Failure to provide the Data necessary for the provision of the service offered by Lucca In-tec or opposition, for legitimate reasons, to the processing of Data already provided will prevent the use of the service itself.

 

Performance and withdrawal of consent. In relation to the purpose referred to in letter C of the Table, Data Subjects express their consent to the processing by ticking the appropriate box on the form. Data Subjects may withdraw their consent by communication to the Data Controller, in a non-specific manner, without special formalities, including by telephone. The withdrawal of consent for the purpose referred to in letter C of the Table will cause the interruption of the related processing.

 

5. Assignees and Data Processors

Assignees to the processing. The Data Controller’s Directors, shareholders, employees and associates (regardless of the specific contractual title) may process the Data as assignees to the processing, in accordance with Art. 30 of the Privacy Code.

Co-Data Controllers and Processors. The Data Controller may designate as Data Processors internal or external parties, such as (tax and legal) professionals and third-party companies (in particular, providers and suppliers of services). The complete list of Data Processors may be requested by Data Subjects by contacting the Data Controller at the email address referred to in Art. 8.1. In some cases the third party can take on the role of Co-Data Controller.

Limits. The assignees, as well as any Data Processors designated for the processing, are appropriately trained and provided with specific prerogatives that allow access to the Data according to the roles covered and the assignments undertaken and in compliance with the Policy.

6. Processing of hidden Data (of site navigation)

Navigation Data. The Data Controller processes hidden Data collected during browsing in accordance with the Cookie Policy.

 

Links. The Site may contain hypertext links to other sites not belonging to Lucca In-tec. The Data Controller has no kind of access to or control over these sites. The Data Controller invites the Data Subject to learn about the Privacy Policies of third party websites which the Data Subject accesses from the Site in order to ascertain the procedures for collection and processing of personal Data, since the Policy applies only to this Site as defined above.

 

Access Data for the newsletter. Analysis of the Data for opening and viewing of the newsletter happens only in anonymous and aggregate form, in order to provide Lucca In-tec with statistics regarding use of the same, helpful for modifying its formal and functional aspects.

 

7. Processing methods and security measures

Processing methods. The Data of Data Subjects is processed, almost exclusively, in an automated way, through computer systems or in a limited number of cases manually, however with logic strictly related to the purpose for which it was collected and in order to ensure its security, in accordance with Art. 11 of the Privacy Code.

 

Location of processing and storage of the Data. The processing of Data is carried out at the offices of the Data Controller and/or any Data Processors and/or Co-Data Controllers. The Data of the Data Subjects is stored in one or more electronic databases, hosted on the server located at the premises of the Data Controller and is retained until withdrawal of the consent of the Data Subjects concerned (for example, to send the Lucca In-tec newsletter), for the period of time necessary to carry out the purposes for which it was collected, without prejudice to that Data legally obliged to be stored. The Data processed will not be released, nor is its transfer to third parties envisaged. Specific consent will be required otherwise.

 

8. Rights of Data Subjects

◦ Rights: The Data Subject, if a natural person, can exercise the rights envisaged by Art. 15, 16, 17, 18, 20 and 21 of EU regulation 678/2016 for their personal Data:
◦ right of access
◦ right of rectification
◦ right to erasure or to be forgotten
◦ right to restrictions on processing
◦ right to data portability
◦ right to object
◦ More details on the rights are available on the website of the Authority: www.garanteprivacy.it

◦ The Data Subject can exercise these rights by sending a request to the certified e-mail address of Lucca In-tec (luccaintec@legalmail.it), specifying in the subject the right that you intend to exercise, specifying for what purpose you know or suppose that your Data has been collected by Lucca In-tec s.r.l. and attaching, if the request does not come from a certified mailbox in the name of the Data Subject, an identity document of the same.

◦ The Data Subject may also lodge a complaint to the Supervisory Authority, which for Italy is the Privacy Authority, using the forms available on the said Authority’s website: www.garanteprivacy.it