The information pursuant to Article 13 GDPR regarding the processing carried out on personal data entered by the user (hereinafter "Data Subject") to use the online services (hereinafter "Service" or "Services") that the Ministry of Culture makes accessible through this Portal is provided below.

The Data Controller is the Ministry of Culture and the Director General of Museums exercises its functions, pursuant to Article 2 paragraph 2 of DM. 147 of 2019.

All requests and requests relating to the processing of personal data concerning you may be addressed to the Data Controller or the Manager indicated above, at the following addresses: Directorate General for Museums, via di San Michele, 22 - 00153 Rome, dg-mu@cultura.gov.it

The Data Controller has appointed its own Data Protection Officer who can be contacted for issues relating to the processing of personal data at the address above or by e-mail to: rpd@cultura.gov.it

For the purpose of finalizing the purchase procedures relating to museum entrance tickets, the processing operations carried out are put in place for the execution of the contract, pursuant to art. 6, par. 1, lett. b) GDPR.

The Administration undertakes to periodically verify the lawfulness of its processing based on the provisions of current legislation and future amendments/additions by the competent Authorities.

The processing of personal data (including their registration in the registers) is aimed exclusively at achieving the following purposes:

• Registration and account creation;
• Sale of entrance tickets;
• Service communications regarding booked admissions.

The Data Subject directly provides their personal data when registering on the platform and related registration.

Specifically, the Administration will process the following personal data:

• Name and surname
• Email address

Only the personal data that you provide to us when purchasing the ticket will be processed.

Your personal data are processed using IT media and by personnel formally appointed by the Data Controller for the operations deemed necessary to comply with the aforementioned purposes.

Failure to provide data makes it impossible for the Data Subject to correctly complete registration to the Portal for the use of the Services.

The processing of personal data is carried out only by:

• personnel authorized by the Data Controller designated with a specific appointment act, previously trained and who have received the related instructions;
• external subjects with respect to the Data Controller, appointed by the same as Data Processors pursuant to art. 28 of the GDPR;
• public or private subjects only if this is required by legal obligations

Personal data will be processed in compliance with the "storage limitation" principle referred to in art. 5, par. 1, lett. e) of the GDPR.

Personal data are kept at the Data Processors for a period equal to one year, starting from December 31 of the year following registration on the platform, after which they will be deleted.

In the event of cancellation, exclusion or disabling due to non-use of your account, the data will be kept for administrative purposes for a period not exceeding one year, without prejudice to any specific legal obligations on the retention of accounting documentation or for public security purposes.

The Data Subject has the right to exercise the rights referred to in articles 15-22 GDPR, in particular:

• Obtain, in the cases provided for, access to their personal data;
• Obtain confirmation of the existence or not of personal data concerning him/her and their communication in intelligible form;
• Obtain, from the Data Controller or Data Processor:
  • indications on the origin of personal data, on the purposes and methods of processing, on the logic applied in case of processing carried out with the aid of electronic tools;
  • indication of the identification details of the Data Controller and Data Processors, as well as, if applicable, of the representative designated by a foreign subject for the processing of data in Italy;
• Obtain:
  • the updating, rectification or integration of data concerning him/her;
  • cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those for which storage is necessary in relation to the purposes for which the data were collected or subsequently processed;
  • the attestation that the operations referred to in the preceding points have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate with respect to the protected right;
• Oppose, in whole or in part:
  • for legitimate reasons, to the processing of data concerning him/her, even if pertinent to the purpose of collection;
  • to the processing of personal data concerning him/her, provided for the purposes of commercial information or sending advertising material or direct sales or for carrying out market research or commercial communication.

It is possible to exercise the rights by means of a specific request to be addressed to the Data Controller or to the Data Protection Officer through the contacts mentioned above.

Data subjects who believe that the processing of personal data relating to them is carried out in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by art. 77, or to take appropriate legal action (art. 79).

This information notice is effective from 02/09/2024.

Our website https://museiitaliani.it/ (hereinafter: "the website") uses cookies and other related technologies (for convenience all technologies are defined as "cookies").

During navigation on the site, you can also receive cookies on your terminal that are sent from different sites or web servers (so-called "third parties"), including suppliers such as Google for analytical and advertising services.

In the document below we inform you about the use of cookies on our website.

A cookie is a small amount of data that, in the form of an anonymous unique code, is sent to your browser from a web server and then stored on the hard disk of your computer, smartphone and/or tablet. Cookies can be used both to allow the correct use of a website (so-called technical cookies), and to create profiles relating to the user in the context of his navigation on the network in order, generally, to offer the same advertising messages in line with them (so-called profiling cookies). Cookies can be stored in the device permanently and have a variable duration (so-called persistent cookies) or disappear when the browser is closed or have a limited duration (so-called session cookies).

The Site uses the following cookies:

These cookies guarantee normal navigation and use of the Site and allow you to view content in the language and for the market from the user's first access. They are able to recognize which country you are connecting from and ensure that, every time you visit the Site, the user will be automatically directed to the version of the Site for their country. They also allow you to create an account, log in and manage orders. If you are a registered user, thanks to cookies the Site will be able to recognize you as such when you access the services offered to registered users. These cookies will recognize if you make purchases on the Site through an affiliated or partner site, so as to allow compliance with obligations towards partner Sites. These cookies, in other words, are necessary for the operation of the Site.

These cookies allow the Site to recognize the user, based on their request (expressed, for example, by clicking on "Remember me next time"), each time they access the Site, so as not to have to enter login details every time. These cookies are not essential for the operation of the Site, but improve the quality and browsing experience.

The portal uses first-party analytical cookies which are used only by the portal manager to, for example, estimate the number of unique visitors and for mere monitoring purposes, such as identifying the main keywords for search engines that lead to an institutional web page or identifying website navigation problems.

These data do not allow the user to be personally identified because they are automatically "anonymized" before being processed by the web access statistical analysis software.

You can configure your browser to accept all cookies, reject them all or receive a notification when a cookie is imported. To do this, you can follow the specific instructions for the browser used:

• Microsoft Edge
• Chrome
• Firefox
• Opera
• Safari

Remember that our site may not work properly if all cookies are disabled. If you delete cookies in your browser, they will be re-placed on your device if you give your permission when you visit our site again.

The Data Controller, pursuant to art. 4 of the GDPR, is the Ministry of Culture and the Director General of Museums, pursuant to art. 2 paragraph 2 of DM. 147 of 2019, exercises its functions.

Directorate General for Museums, via di San Michele, 22 - 00153 Rome, dg-mu@cultura.gov.it

The data acquired through cookies are processed by employees and collaborators of the Data Controller, as Data Processors and persons in charge of processing or in any case persons authorized to process data suppliers of technical and organizational services, as data processors.

At any time, the user can:

• request and obtain the cancellation, transformation into anonymous form, copy, updating, rectification, integration of their data;
• oppose the processing of their personal data for commercial and marketing purposes;
• oppose, for legitimate reasons, the processing of the same for other purposes;
• request the limitation of the processing concerning him/her;
• exercise -where possible- the right to data portability;
• lodge a complaint with the supervisory authority;
• revoke the consent previously given.

In order to assert their rights, in addition to using the tools described above, it is possible to send a written communication to the Data Controller's headquarters or write an e-mail to the Data Protection Officer ( rpd@cultura.gov.it ).