This page describes how the website is managed with regard to the processing of the personal data of users who consult it, in compliance with current regulations.
Pursuant to the provisions of art. 13 of Legislative Decree 196/2003 (hereinafter the privacy code) and art. 13 of EU Regulation no. 2016/679 (hereinafter GDPR), the data will be processed based on the following methods and purposes.
We also wish to specify that this information is provided solely for the Tuscany World Heritage website and not for other websites that users may eventually consult and to which they have access via links on our pages.
The data controller is Fondazione Sistema Toscana, Via Duca d’Aosta no. 9, Florence, in the person of the General Manager and internal contact person for compliance with privacy requirements, Dr Alessandro Giannini.
Subject and purpose of the processing
The Data Controller processes the personal data communicated by users on the occasion of any online request for information, clarifications or requests for support. This data will be used, in all cases, for the sole purpose of performing the service or support requested.
The Data Controller will process the personal data using automated tools and exclusively for the time necessary to fulfil the aforementioned purposes and, in any case, for no longer than 10 years from the termination of the relationship, for the purposes determined by the service rendered, and for no longer than 2 years from the moment the data was collected, for other purposes.
Specific security measures have been adopted to prevent loss of data, illicit or incorrect use of the data, as well as unauthorized access to it, in line with the provisions indicated in articles 32-34 privacy code and art. 32 GDPR.
Type of data processed
• The IT systems and software procedures necessary for this website to function capture, as part of their normal operations, certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, but as a result of its very nature, it could - through processing and associations with data held by third parties - make it possible for users to be identified. This category of data includes the IP addresses or the domain names of the computers used by users when they connect to this website, notation of the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.) and other parameters linked to the user's operating system and the user's computing environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning and it is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website: except for this eventuality, the data on web contacts does not currently last for more than seven days.
• Data provided voluntarily by users: the optional, explicit and voluntary sending of emails to the email addresses indicated on this website entails the subsequent acquisition of the sender's address, necessary in order to respond to requests, as well as any other personal data included in the message.
• Cookies: a statistical analysis is adopted on this website to improve the experience of the browser by a third party such as Google Analytics (www.google.com/analytics/). The service uses performance cookies to collect user data, such as the time spent on a page, the search engine that allowed redirection to the Toscana World Heritage website, the user's country of destination, the time spent on various pages, etc. Therefore, by browsing this website, users accept this informative document.
Session cookies are generally essential in order to distinguish between the connected users and are useful in preventing a requested functionality from being provided to the wrong user, as well as for security purposes aimed at preventing cyber attacks on the website. Session cookies do not contain personal data and only last for the ongoing session, i.e. until the browser is closed.
For further information, users of the website are invited to visit the cookie information page.
Nature of the provision
The provision of data for the purposes indicated in the previous art. 3 a) is mandatory; in its absence, it would not be possible to guarantee the services indicated therein and requested by users.
The provision of data for the purposes referred to in art. 3 b) is optional; users can therefore decide not to provide any data or to deny, at a later time, the possibility of processing data already provided. In this case, users will not be able to receive communications from the data controller. In any case, once this choice has been made, users will be guaranteed the right to receive the services referred to in art. 3 a).
Rights of the interested party
Users have the rights indicated in art. 7 privacy code and art. 15 GDPR, and, more precisely, they have the right to:
• obtain confirmation of the existence, or not, of personal data concerning them, even if not yet registered, and receive communication regarding it in an intelligible form;
• obtain information regarding: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) details identifying he data controller, the people in charge and designated manager pursuant to art. e, par. 2, privacy code and art. 3, par. 1, GDPR; e) the individuals or categories of individuals to whom the personal data may be communicated or who may learn about it in their role as designated representatives in the State territory, managers or agents;
• obtain: a) updating, amendment or, if interested, integration of data; b) cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data that does not require retention regarding the purposes for which the data was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also for what concerns their content, of those to whom the data has been communicated or distributed, except in the case that such compliance proves impossible or involves the use of means that are clearly disproportionate compared to the right being protected;
• oppose, wholly or in part: a) the processing of data concerning themselves, for legitimate reasons, even if pertinent to the purpose of its collection; b) the processing of data concerning themselves for the sending of material for advertising or direct sales or for conducting market research or commercial communication.
Where applicable, users also have the rights referred to in articles 16-21 GDPR (right of amendment, right to be forgotten, right to the limitation of data processing, right to data portability, right to oppose), understood as fully recalled and transcribed herein, as well as the right to lodge a complaint with the Guarantor Authority.
How to exercise your rights
Users can exercise the rights indicated in the previous point, at any time, by sending a request to the Data Controller, that is Fondazione Sistema Toscana, Via Duca d’Aosta n. 9, Florence, in the person of the General Manager and the internal contact person for compliance with privacy requirements, Dr. Alessandro Giannini.
Changes to this policy
Since this information may be subject to variations, we recommend that you check this information regularly and always refer to the most updated version.