Privacy Policy

This information is provided under Article 13 of EU Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons about the processing of personal data and the free movement of such data (so-called “General Data Protection Regulation” or “GDPR”) and Legislative Decree 30.06.2003, no. 196, as amended and supplemented by Legislative Decree 10.08.2018, no. 101 (“Personal Data Protection Code” or “Privacy Code”).

The Data Controller, aware of the importance of guaranteeing the security of information of a personal nature, provides the information necessary to make the user (hereafter referred to as ‘User’ or ‘Data Subject’) aware of the characteristics and methods of the processing of his/her data.

Data controller

Who determines the purposes and means of processing?

Fondazione Fila Museum, with registered office in 13900 Biella (BI), via Seminari, 4/A, tax code 90058470023, and its legal representative pro tempore (hereafter referred to as “Holder”).

Object of processing

What personal data is processed?

The User’s data collected while using the website, along with its features and services, may be processed. In particular, the Holder may process:

  • Personal data: The transmission of which is connected with the use of Internet communication protocols (browsing data, e.g. page accesses, amount of data transferred, status message upon access, session ID numbers, IP addresses, URL addresses, location data, display language, Coordinated Universal Time, etc.);
  • Common personal data (e.g. personal data, such as name and surname; contact data, such as e-mail address) is also collected through the completion of forms by the User and other information of a personal nature possibly provided by the User (e.g. photographic images, video footage and/or audio recordings).

The Holder does not intentionally collect unique types of personal data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended for identification purposes, data relating to a person’s health or sex life or sexual orientation). The User is therefore requested not to provide such data, nor any other information from which such information could be deduced (e.g. when sending reports, questions, requests to the Holder, or when using website features such as the “book a museum visit” or “online chat” services, etc.).

Purpose of processing

What are the purposes of data processing?

As a general rule, all personal data collected by the Holder while using the website, its functions and services, will be processed in compliance with the legislation on protecting personal data.

The data subject’s data may be processed for the following purposes:

  • Website page delivery: The User’s data (browsing data) will be processed to enable the delivery of the web pages, to obtain statistical information on the website itself and to monitor its proper functioning;
  • Provision of website functions and services: The User’s data (personal details, contact details) will be processed to enable the provision of website functions and services, such as the “book a museum visit” “online chat” services, etc;
  • Responding to reports, questions or requests from the User: The User’s data (personal details, contact details) will be processed to respond to reports, questions and/or requests from him or her;
  • Sending periodic information updates (newsletter): The personal data of the User (personal details, contact details) will be processed to send periodic information updates by e-mail to those who have expressly requested them by subscribing to the mailing list;
  • Statistical analysis: The User’s data collected via the “Online Chat” service will be processed to acquire information about the use of the service and the types of requests received;
  • Sending of promotional material and/or push notifications (marketing): With the express consent of the User, his or her data (contact data, data collected through the “Online Chat” service), will be processed to allow the sending of advertising material or commercial and promotional communications by e-mail, SMS, push notifications or other digital messaging tools, as well as to carry out market research aimed at assessing the level of customer satisfaction;
  • Documentation, publicity and promotions carried out in communication campaigns: With the express consent of the User, his or her data (photographic images, video footage and/or audio recordings), will be used to allow research, publicity and promotion of the Holder’s activity via communication campaigns that maybe both current and archival.

Lawfulness of processing

What are the legal clauses justifying the processing of data?

The justifications for processing of the User’s data are:

  • Delivery of website pages: The contract into which the User enters at his or her request (aka choice to browse the website), constitutes the lawfulness of processing of personal data by the Holder (Art. 6(1)(b) GDPR);
  • Provision of website functionalities and services: The contents of the contract to which the User is party or the execution of pre-contractual measures taken at the request of the same (aka. the User’s choice to use the relevant website functionalities and services), constitutes the lawfulness of processing of personal data by the Data Holder (Art. 6(1)(b) GDPR);
  • Responding to reports, questions or requests made by the User: The contents of the contract to which the User is party or the execution of pre-contractual measures taken at the request of the User (choice to send reports, questions or requests that need to be answered by the Holder), constitutes the lawfulness of processing of personal data by the Holder. (Art. 6(1)(b) GDPR);
  • Sending periodic information updates (newsletters): The contents of the contract to which the User is party or the performance of pre-contractual measures taken at the request of the same (the User’s choice to request, by subscribing to the mailing list, to receive periodic information updates/newsletters by e-mail), constitutes the lawfulness of processing of personal data by the Holder. (Art. 6(1)(b) GDPR);
  • Statistical analysis: The pursuit of the genuine interest of the Holder (statistical analysis of the use of the service and the types of requests received regarding the “online chat” service) constitutes the lawfulness of processing of personal data by the Holder (Art. 6(1)(f) GDPR);
  • Sending promotional communications and/or push notifications (marketing): The express consent of the User constitutes the lawfulness of processing personal data by the Data Holder (Art. 6(1)(a) GDPR). Consent is optional and always revocable and modifiable;
  • Documentation, publicity and promotion of the activities carried out by the Data Holder in communication campaigns, including both current and archival. When photographs, images, audio and/or video recordings directly and explicitly portray or shoot a specific party, their use is subject to authorisation from the same. This material is subject to art. 10 and 320 c.c. and articles 96 and 97, Law 22.04.1941, no. 633 (or the “Copyright Law”), which can be revoked at any time. In this case, specific authorisation constitutes permission for the processing of personal data by the Data Holder (Art. 6(1)(a) GDPR). When the photographs, images, audio and/or video recordings include several persons and relate to activities carried out during public events, participation in the event implies consent to the processing of personal data, unless otherwise denied. In this case, the pursuit of the legitimate interest of the Holder constitutes the lawfulness of processing personal data by the same. (Art. 6(1)(f) GDPR).

The function of data conferment

Why provide data?

User’s personal data – acquisition and processes:

  • The delivery of the website pages: Data acquisition is necessary to enable the delivery of the website pages. Personal data is automatically acquired during the User’s browsing activities by the computer systems and software protocols used to operate the website;
  • Provision of website functionalities and services: Data acquisition is necessary for the provision of website functionalities and services, such as the “book a museum visit” “online chat” services, etc. Failure to provide such information may make it impossible for the User to benefit from website functionalities and services;
  • Responding to reports, questions or requests made by the User: This is necessary to be able to respond to reports, questions or requests made by the Data Subject; failure to do so may therefore make it impossible for the Data Subject to receive replies to reports, questions or requests sent to the Holder.
  • Sending of periodical information updates (newsletter): Data acquisition is necessary to allow the User to subscribe to the mailing list and for the reception periodical digital information updates/newsletters. Failure to provide such information may make it impossible for the User to subscribe to the mailing list and to receive messages. The User may subscribe to the mailing list by filling in the appropriate form with the required data, and the Holder will process the information transmitted to activate the sending of the relative messages. The User may at any time request deactivation of this service;
  • Statistical analysis: Personal data is acquired automatically in the course of using the ‘online chat’ service;
  • Sending promotional communications and/or push notifications (marketing): This is optional, but failure to provide data for this purpose will therefore make it impossible for the Holder to send advertising material or commercial and promotional communications by e-mail, text message, push notifications or other digital messaging tools, as well as to carry out market research also aimed at assessing the level of customer satisfaction;
  • Documentation, publicity and promotion of the activities carried out, using communication campaigns, including current and archival, campaigns. The release of photographic images, video footage and/or audio recordings directly and explicitly portraying or filming a specific party is optional. Therefore, in the case that the release form is not signed by the subject or, where applicable, by his/her legal representative(s), the photographic images, video footage and/or audio recordings may not be used in any way.

Storage period

How long is the data kept?

The User’s data will be stored in each case for:

  • Provision of website pages: For a period not exceeding what is necessary for this purpose. As a rule, personal data is kept for a few days, unless this is prolonged for specific requests, e.g. those from judicial authorities or other public authorities;
  • Provision of website features and services: For a period not exceeding what is necessary for this purpose. As a rule, personal data is stored for a period not exceeding 1 year;
  • Responding to reports, questions or requests from the User: For a period not exceeding what is necessary for this purpose. As a rule, personal data is kept, depending on the subject and type of messages, for the time required to respond to the reports, questions or requests made by the User;
  • Sending periodic information updates (newsletters): For a period not exceeding what is necessary for this purpose. As a rule, personal data is stored for the duration of the period of subscription to the newsletter;
  • Statistical analysis: For a period not exceeding what is necessary for this purpose. As a rule, personal data is stored for a period not exceeding 1 year;
  • Sending promotional communications and/or push notifications (marketing): For a period not exceeding what is necessary for this purpose. As a rule, personal data is stored for a period not exceeding 1 year;
  • Documentation, publicity and promotion of the activities carried out, by means of communication campaigns, both current and archival: For a period not longer than is necessary for the pursuit of the above-mentioned purposes and, in all cases, for a period no longer than 5 (five) years from the date of the data’s acquisition, except in cases of conservation for historical memory of any initiatives, or when the safekeeping of data is required by special circumstances (e.g. defence in court). It should be noted that methods of dissemination where photographs, images, audio and/or video recordings are made public (e.g. publication on social media and social networks) may be subject to downloading, sharing or re-edition by third parties.

Additional information on the website services ‘book a museum visit’ and ‘online chat’

What is the additional information related to the ‘book a museum visit’ website service?

This service enables the User to book a visit to the Holder’s museum by filling in the appropriate form (requiring the entry of the name, surname, telephone number and e-mail address of the User booking the visit). The User can reiterate an express request not to provide particular personal data or other information from which such data could be obtained, within the “notes” form.

What additional information is related to the ‘online chat’ website service?

This service facilitates interaction with the Virtual Assistant of Fondazione FILA Museum, a chatbot service that provides automatic replies to any request for information made by the User. If the User decides to use this service, the Holder may become aware of their social media profiles and other information released while using the chatbot. (For example, how often and for how long the service is interacted with.) Also in this case, the Holder reiterates the express request not to provide any particular personal data or other information from which such data could be obtained via the chatbot.

Cookies and other tracking tools

What cookies and other tracking tools are used and what function do they perform?

The website uses cookies or other tracking tools to ensure the correct functionality of the website and/or services, and to improve its operation. To find out which cookies and/or other tracking tools are used by the website, what functions they perform and how you can manage your preferences, read the website’s specific cookies policy.

Treatment modules

How is data processed?

Personal data is processed using electronic and manual means. The processing of personal data shall be based on the principles of lawfulness, correct protocols and transparency, limitation of purpose, minimisation, accuracy, storage limitation, integrity and confidentiality. It shall be carried out through computerised procedures (and, residually, by manual or paper means) efficient in guaranteeing security and integrity. It shall have appropriate procedures to avoid the risk of destruction, loss, modification, unauthorised disclosure or access to the personal data transmitted, stored and, in all cases., processed.

Access, communication and dissemination of data

Who can access and process the data?

Personal data may be made accessible to persons involved in various capacities in the organisation of the Holder’s activities (e.g. employees or collaborators), expressly instructed and authorised to process them, who are employed by or under the direct authority of the Holder. Personal data may also be processed by third parties carrying out activities on behalf of the Holder (or to workers or collaborators, expressly instructed and authorised to process data, who work in the employ or under the direct authority of the same third parties), who can prove that they have adopted technical and organisational measures capable of guaranteeing data security. These third parties, expressly designated as data processors, are given adequate operating training. The personal data processed may not be disclosed to other specific persons, except when required by law, such as to judicial authorities or other public authorities. The data processed may not be disclosed to unspecified persons.

Data Transfer

Where is personal data stored?

Personal data are stored in Italy or, in all cases, within the European Union and the European Economic Area. Any transfer to third countries, not belonging to the European Union or the European Economic Area, may only take place to countries that guarantee an adequate level of protection of personal data, using methods that comply with the legislation on the protection of personal data.

Rights of the User

What are the rights granted to the User?

Pursuant to Art. 15 et seq. of the GDPR, the User has the right to:

  • Obtain from the Holder confirmation as to whether or not personal data relating to him or her is being processed and, if so, access to the personal data and other related information, including receiving a copy thereof (‘right of access);
  • Obtain from the Holder a rectification of inaccurate personal data and/or correcting incomplete personal data pertaining to him/her (‘right to rectification);
  • Without prejudice, obtain from the Holder the erasure of personal data (‘right to erasure);
  • Without prejudice, obtain from the Holder the restriction of the processing of all or part of the personal data processed by Holder (‘right to restriction of processing);
  • Where the processing is based on consent or on the performance of a contract to which the User is party and is carried out by automated means, to request and receive from the Data Holder, in a standard electronic format, the personal data concerning him/her, as well as, if technically feasible, its transmission to another Holder (‘right to portability);
  • Withdraw, at any time, any consent that may have been given about the processing of personal data (‘right to be forgotten);
  • Without prejudice, object, in whole or in part, to the processing of personal data (‘right to object’);
  • Without prejudice, not be subjected to a decision based solely on automated processing.

If the User considers that the processing of data is in breach of data protection legislation, he/she has the right to lodge a complaint with the supervising authority of the EU Member State where he/she normally resides or works, or of the place where the alleged breach occurred. (In Italy this is governed by the Garante per la protezione dei dati personali). Without prejudice, he or she may take legal action.

Methods of exercising rights

How can the data subject exercise his/her rights?

The Data Subject may exercise his or her rights at any time by contacting the Data Controller:

Fondazione Fila Museum
via Seminari, 4/A
13900 Biella (BI)
e-mail: info_fondazione@fila.com

Updates to the policy

How to stay up-to-date following any changes to the policy?

This information notice is subject to change. We therefore recommend that you check this notice regularly and refer to the most up-to-date version.