Information on the processing of personal data, made pursuant to Article 13 of Regulation (EU) 2016/679

Owner of the Treatment: State Library attached to the Montevergine National Monument, via Domenico Antonio Vaccaro 1, 83010, Mercogliano (AV). Email: bmn-mnv@cultura.gov.it

Subjects concerned: Internet Site Navigators

Pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of processing of personal data of users consulting the institutional website of the State Library of Montevergine (hereinafter “BMV”). This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the site but refer to resources outside the domain of the BMV.

DATA PROTECTION OFFICER

The Ministry of Culture (hereinafter MiC) has appointed, pursuant to Article 37 of the GDPR, the Data Protection Officer (DPO or DPO) who can be reached at the following address: Ministry of Culture – Data Protection Officer, Via del collegio Romano 27, IT-00186,Rome, email: rpd@cultura.gov.it; rpd@pec.cultura.gov.it.

 

PURPOSE AND LEGAL BASIS FOR PROCESSING

The personal data indicated on this page are processed by the BMV in the performance of its tasks of public interest or otherwise related to the exercise of its responsibilities, including the management and protection of cultural heritage and related communication activities. Personal data provided by the user are processed only for purposes strictly related and necessary to the use of the site and the services requested, or for purposes functional to the conduct of research, analysis and statistics, sending information material and updates on initiatives and programs of the Ministry. Pursuant to Article 13 para. 3 of the Regulations, if the Data Controller intends to further process personal data for a purpose different from the one for which it was collected, it shall provide the data subject with information regarding that different purpose and any further relevant information prior to such further processing.

TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING

Navigation data

The computer systems and software procedures used to operate this website acquire,during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data reported by the user

The optional, explicit and voluntary sending of messages to the contact addresses of the BMV, private messages sent by users to the institutional profiles/pages on social media (where this possibility is provided), as well as the completion and submission of forms (forms) on the pages of the BMV website, involve the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications. Any refusal to provide personal data implies the impossibility to use the services themselves; the above personal data are not used to perform user profiling.

Cookies

No personal data of users is acquired by the site in this regard. No use is made of cookies for the transmission of information of a personal nature, nor are so-called persistent cookies of any kind, i.e. systems for tracking users, used. The use of c.d. session cookies (which are not stored persistently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The so-called session cookies used in this site avoid the use of other computer techniques potentially prejudicial to the privacy of users’ browsing and do not allow the acquisition of personal identification data of the user. The use of permanent cookies is strictly limited to the acquisition of statistical data relating to access to the site. The portal uses a market product for tracking access to its site. It resorts to the use of permanent cookies for the purpose of collecting statistical information about “unique visitors” (different people) to the site. These cookies, referred to as “Unique Visitor Cookies,” contain an alphanumeric code that identifies browsing computers, but without any collection of personal data. There is also a portion of code on each page of the site, aimed at collecting statistical data on site usage, again without any collection of personal data. Disabling cookies on your location will not affect your interaction with the site in any way.

OPTIONALITY OF PROVIDING DATA

Apart from what has been specified for navigation data, the user is free to provide the personal data indicated in the registration forms for the services of the site, to request information and to send suggestions and reports to the editorial staff of the site or otherwise indicated in telephone contacts with the central or peripheral structures of MiC. Failure to provide them may result in the impossibility of obtaining what has been requested. For services provided by third parties, for which the site represents only an exhibition space, BMV is neither owner nor responsible for the data collected.

PLACE, MANNER AND RECIPIENTS OF TREATMENT

Personal data are processed at the headquarters of the Data Controller or Managers with automated tools for the time strictly necessary to achieve the purposes for which they were collected, in compliance with the rules of confidentiality and security required by current legislation. Specific technical and organizational security measures are taken to protect the information from alteration, destruction, loss, theft or improper or illegitimate use. Treatments related to the web services of this site are handled only by technical personnel authorized and instructed to the treatment, or by the Managers designated by the Owner pursuant to art. 28 of the Regulations. No data from the web service is disseminated. Personal data provided by users who submit requests for information and suggestions are used only for the purpose of performing the service or provision requested and are possibly communicated to other personnel authorized to the treatment within the MiC or to other public or private entities in the only case in which this is imposed by legal obligations or strictly necessary to provide the information you requested.

DATA RETENTION PERIOD

In order to ensure fair and transparent processing, data are kept for a period of time no longer than necessary for the purposes for which they were collected or subsequently processed in accordance with legal requirements.

RIGHTS OF INTERESTED PARTIES

Data subjects have the right to obtain from BMV, in the cases provided for, access to their personal data and the rectification, erasure or portability thereof or the restriction of processing concerning them or to object to processing (Articles 15 et seq. of the Regulations). Appropriate application to the Ministry is made by contacting the Data Protection Officer (Ministry of Culture – Data Protection Officer, via del Collegio Romano 27, 00186 – Rome (ITALY), email: rpd@cultura.gov.it; rpd@pec.cultura.gov.it.).

 

RIGHT OF COMPLAINT

Data subjects who believe that the processing of personal data relating to them carried out through this site is in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor for the protection of personal data, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation). Further information regarding your rights on the protection of personal data can be found on the Guarantor’s website at www.garanteprivacy.it