Information pursuant to articles 13 and 14 of EU Regulation no. 679/2016 dated 27 April 2016, “on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/ED (General Data Protection Regulation, hereinafter referred to as the GDPR)”
Pursuant to articles 13 and 14 of Regulation EU 2016/679 we herewith inform visitors to the Museo Galileo and users of the services provided by the museum of the following:
- The Museo Galileo – Istituto e Museo di Storia della Scienza located in Piazza dei Giudici n° 1, Florence (hereinafter also referred to as “Museum”) is the responsible entity to this agreement.
- The personal data furnished by users will be processed by the Museum itself for the purposes of the institution, connected with or contributing to the activities of the Museo Galileo, and therefore necessary for the provision of its contractual services and the fulfillment of its legal obligations in terms of its administration and bookkeeping, as well as all other legal obligations assumed as the responsible entity to this agreement. The Museum will in addition, for the same purposes as specified above, conduct statistical studies on aggregate, duly anonymized data.
- The processing of all personal data will be conducted in conformity with the principles of lawfulness, accuracy, fairness, transparency, and confidentiality as required by article 5 of the GDPR and the other laws and regulations in force. All data will be processed in a correct and transparent manner either manually or by computer and stored in printed, digital and/or other forms in designated archives that will be constantly monitored using adequate procedures and security measures, in conformity with the requirements laid out in article 32 of Regulation EU 2016/679 in order to safeguard and ensure the confidentiality of all personal data, and to prevent any loss or illicit use of, or unauthorized access to this data.
- The legal basis for the processing of personal data as per point 2 lies in the specific contractual agreement established for the provision of services and the fulfillment of the associated legal obligations. The processing of this data is retained to be indispensable to the execution of the contract to which the user is co-signatory and refusal of consent by the user will render the Museum unable to proceed with the execution of the services themselves.
- The processing of personal data will be undertaken by members of the Museum staff at the express request of organizations, companies or consortiums, and also by outside professionals and consultants designated as per article 28 of the above-cited EU regulation. These contracted service providers will furnish specific data processing or administrative services or carry out functions connected with, necessary to, or in adjunct support of the Museum and its activities as outlined above.
A list of the duly authorized Museum personnel and outside service providers is available on request from the Museum.
- The personal data referred to above may be provided by the Museum to public entities, as allowed for by the relevant laws and regulations, in order to enable them to carry out their duly mandated administrative functions.
- In adherence to the EU’s principles of necessity and proportionality, the data as specified in point 2 will not be kept for periods longer than is indispensible for the realization of the objectives outlined above and therefore the time necessary for the proper execution of its contractual obligations, and in any case no longer than the 10 years stipulated in the Civil Code on this matter.
- The GDPR recognizes a series of rights held by the user as dictated in articles 15 to 22, among them full access rights to his/her own personal data, the right to correct or cancel any of this data, to limit its processing, and to deny permission for its use in direct marketing activities. The interested party has the right to revoke his/her consent at any time, without prejudicing the legality of the use by the Museum of the data as consented to by the interested party up to the date of the his/her revocation of consent.
- The interested party has the right to file a complaint regarding the improper use of his/her data with the relevant authorities as provided for in art. 77 of EU regulation 2016/679.
The data controller