Privacy

THE REASONS FOR THIS INFORMATION

On this page you will find a description of how the site is managed with regard to processing of the personal data of the users consulting it.

This information is provided in accordance with Regulation (EU) 2016/679 for those interacting with the web services of Fondazione Musei Civici di Venezia (hereafter FMCV), accessible via computer at the address https://www.visitmuve.it /.com / .eu / .tv /.org, corresponding to the first page of the Foundation’s official site and the addresses of its museums palazzoducale.visitmuve.it, correr.visitmuve.it, torreorologio.visitmuve.it, carezzonico.visitmuve.it, capesaro.visitmuve.it, mocenigo.visitmuve.it, carlogoldoni.visitmuve.it, fortuny.visitmuve.it, storianaturale.visitmuve.it, museovetro.visitmuve.it, museomerletto.visitmuve.it, nonché di shop.visitmuve.it

This information can be found on the Foundation’s website and not on any other websites the user might be consulting via links, and also concerns data collected via forms present in invitations to take part in/subscribe to FMCV events

 

DATA CONTROLLER

The Data Controller is Fondazione Musei Civici di Venezia, with head office in Venice – San Marco No. 52. Email privacy@fmcvenezia.it.

Data may be processed by third parties identified by the Foundation as Data Processors, including:

1) professionals and companies appointed to carry out services and activities functional to the provision of institutional / museum activities;

2) professionals and companies appointed to carry out administrative, accounting and legal services related to museum activities;

3) professionals and companies appointed to carry out cultural heritage safety and security services

 

PLACE OF DATA PROCESSING

Processing related to the web services of this site takes place in the Foundation’s aforementioned offices and in the offices of Palazzo Ducale in Piazza San Marco 1 – 30124 Venice; it is performed by both the technicians of the Service entrusted with the task of processing, and by companies responsible for processing as part of the services provided by them.

As for processing of personal data related to the use of third-party cookies that the user has authorized through the initial banner, the place of processing is also that of the company that owns the cookies.

Should processing also concern personal data falling within the category of “sensitive” data (particular data pursuant to Article 9 of the GDPR, i.e. data that reveals racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data revealing the state of health, life and sexual orientation) processing will be carried out on the basis of the interested party’s consent when necessary and within the limits indicated by current, applicable legal provisions, according to the methods provided by the GDPR and only if strictly essential for the regular performance of operations relating to the supply of products / services requested by the user and fulfillment of the related contractual and / or legal and regulatory obligations.

Users are invited to avoid entering superfluous or otherwise unsolicited sensitive data as this could lead to the destruction of the message and failure to execute what is reported therein.

 

PURPOSE AND LEGAL BASIS OF PROCESSING

Data processing will be carried out in compliance with the regulations in force and the principles of correctness, lawfulness, transparency; relevance, completeness and non-excess of information; moreover, the aforementioned data will be collected and recorded only for the purposes indicated below.

Processing may consist in the collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, blocking, communication, dissemination, cancellation and destruction of data and will be carried out with the aid of electronic tools suitable to guarantee the security, integrity and confidentiality of the data.

Unless otherwise exercised through other pages of the site and for which specific information is valid, data collected through the website and through the forms contained in FMCV event invitations are processed for the following purposes:

 

Purpose Legal basis Retention period
Provision of services requested by users such as user information requests, online purchases, event reservations. Fulfillment of contractual and / or pre-contractual obligations.
Compliance with legal obligations.
Until the purpose is achieved, without prejudice to the retention period of documents required by law (e.g. invoices) or by order of a judicial authority.
Subscription to the Foundation newsletter Consent of the interested party. For the entire duration of the service or until consent is withdrawn.
Carry out statistical analyses (on an anonymous basis), in order to improve the supply of services. Data Controller’s legitimate interest. Same duration of retention of data processed for the aforementioned purposes.
Registration and management of access to the site. Fulfillment of contractual and / or pre-contractual obligations.
Data Controller’s legitimate interest.
Until the purpose is achieved, without prejudice to a longer retention period by order of a Judicial Authority or for the protection of the Data Controller’s rights.
Mailing of flyers, brochures, catalogues, invitations or other documentation relating to the services provided and promotional initiatives for the Foundation’s products and / or services. Consent of the interested party. For the entire duration of the service or until consent is withdrawn.
Creation and management of mailing lists with the identification and contact data of journalists and / or press officers for the purpose of subsequent invitations. Consent of the interested party.
Data Controller’s legitimate interest.
Until opposition to processing or withdrawal of consent.
Compliance with transparency obligations pursuant to Law 190/2012 and Legislative Decree 33/2013, relating to the data of the suppliers of goods and services or identification data of FMCV personnel. Legal obligation. Three or five years depending on the type of document.
Management of requests (data, support, collaboration) for the development of degree theses, doctoral theses, university research. Fulfillment of contractual and / or pre-contractual obligations.
Legitimate interest of the Data Controller for statistical purposes (on an anonymous basis) on the use of museum services.
2 years.
Recording user satisfaction index in anonymous form. Legitimate interest. Until the purpose is achieved.
Management of incoming communications for reports, suggestions, complaints and verification of the level of service quality. Fulfillment of contractual and / or pre-contractual obligations for management of communications received.
Consent of the interested party to processing of particular data (state of health / disability condition) indicated in the communications by the interested party.
Legitimate interest in verifying the quality level of the service.
The data of the reporting persons will be retained for up to a maximum of one year.
Compliance with the legal obligations resulting from the aforementioned purposes. Legal obligation. Duration provided by law applicable to the single processing.

 

The Data Controller may retain personal data for a longer period in order to exercise, protect or assert its own rights.

 

TELEPHONE BOOKINGS

 

Purpose Legal basis Retention period
To proceed with telephone bookings made by users. Fulfillment of contractual and / or pre-contractual obligations.
Compliance with legal obligations.
Until the purpose is achieved, without prejudice to the retention period of documents required by law (e.g. invoices or payment receipts, tickets) or by order of a judicial authority.

 

MANAGEMENT OF REPORTS, SUGGESTIONS AND COMPLAINTS

In the appropriate section of the site, users who so wish can fill out the dedicated form and send their suggestions or complaints to FMCV and give feedback regarding the Foundation’s service or services. The required data include identification data of the reporting party (name, surname, email address) which will be processed and retained until the individual communication is archived for a maximum duration of one year. The data will be known by the internal resources involved in management and by external suppliers who participate in the organization and provision of various museum services as data processors.

 

CATEGORIES OF RECIPIENTS

Recipients or categories of recipients which, for achievement of the purposes described, might be informed of the data or receive communication thereof are as follows:

a) Internal delegates: Internal offices and areas as in Organizational Structure.
b) External delegates: Consultants, Free-lance Professionals, Collaborators and External Technicians.
c) External Managers: Companies that provide FMCV with instrumental services for the provision of the services requested by the interested party, Professional Firms and Associations, Law Firms, Auditing Firms, Technical Assistance Companies.

The data may also be disclosed to public bodies, police forces or other administrative authorities exclusively for the purpose of fulfilling legal obligations, regulations or EU legislation.

 

RIGHTS OF THE INTERESTED PARTIES

The interested parties (the natural persons to whom the personal data refers) have the right to exercise their rights pursuant to art. 15 et sq. of the Regulation, in particular to obtain confirmation from the Data Controller of the existence or otherwise of processing of data concerning them, request access to data, updating, rectification, erasure or to request limitation of processing of personal data or to express opposition to processing, to request its portability. These articles also provide for the right of the interested party to lodge a complaint with a European supervisory authority or to bring a judicial appeal pursuant to art. 77 GDPR. The consent and preferences expressed can be withdrawn or modified later by writing to privacy@fmcvenezia.it

At the end of the retention period, personal data will be destroyed or deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Users are advised not to enter unnecessary special data (e.g. health status) in communications.

 

TYPES OF DATA PROCESSED

Information collected automatically
During the normal course of events, the computer systems and software procedures used for this website acquire some personal data, the transmission of which is implicit in the use of internet communication protocols.

This is data that is not collected so it can be associated with identified interested parties, but that, by its very nature, with processing and association with data held by third parties, makes it possible to identify the users, the computers used by the users logged on to the site, the URI addresses (Uniform Resource Identifier) of the resources requested, the time of request, the method used to send the server the request, the size of the file received in reply, the numeric code indicating the state of the server’s reply (successful, error, etc.) and other parameters regarding the user’s operative system and computer surroundings.

The following information is automatically collected when visiting the website:

  1. User’s hostname The hostname or address of the Internet Protocol of the user asking to access the Fondazione Musei Civici di Venezia website.
  2. HTTP registration and the ‘user agent’ that includes: the type and version of browser used and the operative system with which the browser is working.
  3. System date. The date and time of the user’s visit.
  4. Complete request. The user’s exact request.
  5. Method. The kind of request used.
  6. Universal Resource Identifier (URI). Collocation of the resources in the server.
  7. Type of device used to consult the site
  8. Protocol. Transmission protocol and version used

 

PROVISION OF DATA

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

With the exception of automatically collected information, the user is free to provide personal data in request forms to the Foundation or indicated in contacts with the Foundation requesting informative material or other communication to be sent. Failure to supply this information may make it impossible to fulfil a request.

For the direct collection of such data it will be the visitor who gives his/her own personal data and the relative consent to processing for the individual services/products requested from the Foundation such as registering on the web site or reserved areas, purchases on line, requesting information, subscribing to events, booking visits, courses, newsletters or mailing lists. The consent given may be withdrawn at any moment

 

COOKIES

  1. What are Cookies?

Cookies are small text files that the sites visited by the user send to their terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit by the same user. While browsing a site, the user can also receive cookies on his terminal that are sent from different sites or web servers (so-called “third parties”), containing some elements (such as images, maps, sounds, specific links to pages of other domains) present on the site that they are visiting. Cookies, usually present in users’ browsers in very large numbers and sometimes even with extended duration, are used for different purposes: electronic authentication, session monitoring, storage of information on specific configurations concerning users who access the server, choice of consultation language, storage of the shopping cart, etc.

  1. Which are the main types of Cookie?

In this regard, also for the purposes of Provision No. 229/2014 and the Guarantor for the Protection of Personal Data’s Guidelines on the Use Cookies and other Tracking Tools dated 10 June 2021, two macro-categories are identified: “technical” cookies and “profiling” cookies.

  1. Technical Cookies. Technical cookies are those used for the sole purpose of “carrying out the transmission of certain information on an electronic communications network or as strictly necessary for the provider of an information service to provide services requested explicitly by the subscriber or user.” (see art. 122, paragraph 1 of the Personal Data Protection Code). They are not used for other purposes and are normally installed directly by the owner or manager of the website. They can be divided into browsing or session cookies, which guarantee normal navigation and use of the website (for example, allowing users, to make a purchase or authentication for access to restricted areas. Analytics cookies, similar to technical cookies, help website owners measure how users interact with content, together with the number of users and how they visit the website. Functional cookies allow the user to browse according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided. The prior consent of the users is not required for installation of these cookies, also used by this Site.
  2. Profiling cookies. Profiling cookies are aimed at creating user profiles and are used in order to send advertising messages in line with the preferences expressed by the user while surfing the net. Due to the particular invasiveness that such devices may have with regard to users’ privacy, European and Italian legislation requires the user to be adequately informed about their use and thus express their valid consent. Art. 122 of the Personal Data Protection Code provides that “the storage of information in the terminal equipment of a contractor or a user or access to information already stored is permitted only on condition that the contractor or user has given his consent after have been informed in a simplified manner “. Our site does not use profiling cookies; however, it allows the use of third-party cookies (e.g. Facebook) for which the relevant policies apply (see below).

Session and Persistent Cookies

Session Cookies contain information that is used in your current browser session. These cookies are automatically deleted when you close your browser. Nothing is stored on your computer beyond the time of use of the site.

Persistent Cookies, which are used to maintain the information that is used in the period between accesses to the website, or used for technical purposes and to improve navigation on the site. This data allows sites to recognize that you are already a known user or visitor and adapt accordingly. Persistent cookies have a duration that is set by the website and that can vary from a few minutes to two years. Our site uses this type of cookies only to allow faster and easier subsequent access.

First and third-party cookies It is necessary to take into account the different subjects that install cookies on the user’s terminal, depending on whether it is the operator of the site that the user is visiting (so-called “first party”) or a different site that installs cookies through the former (so-called “third party”). First-party cookies are created and readable by the site that created them. Third-party cookies, on the other hand, are created and readable by domains external to the site and whose data are stored at the third party. For more information about this type of advertising based on user tastes, deriving from third-party cookies, you can visit the third-party sites at the links below. At the links www.youronlinechoices.com and www.aboutads.info/choices/ you will also find information on how behavioural advertising works and a lot of information on cookies as well as the steps to follow to protect your privacy on the internet.

If you would like to know more about cookies and how to manage them, you can also visit www.aboutcookies.org.

Third party cookies

These cookies are not controlled directly by the Site; therefore, to retract your consent you have to refer to the third parties’ internet sites or refer to the site https://www.youronlinechoices.com/ to get information about how to eliminate or manage the cookies depending on which browser you are using, and to manage the preferences of  third party profiling cookies

  • This Website uses You Tube and Google Analytics, which is a web analysis service supplied by Google, Inc. (“Google”). Google Analytics uses cookies that make it possible to collect and analyse the information regarding how you use the website anonymously (including your IP address).The site manager has set up Google Analytics in such a way that your IP address is partially anonymized (click to view the manager’s declaration). For more information, you can visit the Google page on the use of cookies for Analytics (Link).

    The YouTube service, owned by Google Inc., is mainly used so users of the site can use the contents via the Fondazione Musei Civici di Venezia YouTube channel https://www.youtube.com/user/museicivicidivenezia)

However, to give website visitors the possibility to stop Google Analytics using their personal data, Google has developed an additional browser component to deactivate the JavaScript of Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=it).

• The Site also uses Google Maps to provide detailed information on how to locate our sites. For more information on the Google Maps service, you can consult the specific page. We use Google Maps tools on the basis that Google complies with its privacy policy and terms of service.

AddThis.com is a plug-in to share contents that the operators of websites can install on web pages to facilitate content sharing amongst users. The service also collects information that allows publishing and advertising operators to send specific advertising material in accordance with the self-regulation practices of Online Behavioural Advertising (OBA). The cookies used are described below. For more information about how AddThis.com installs cookie see its privacy policy The opt-out makes sure you stop AddThis storing information about your use of the Site.

PayPal. PayPal is a service for making payments or donations online, provided by PayPal Inc. Privacy Policy

• The Site allows you to express your preferences through interaction with other applications (social media sites). For example, by clicking on the respective button present on the pages of the Site, the user can access their Facebook, Twitter or LinkedIn profile (to name the most popular, widely used ones) and express or report their preference regarding the content of the Site. In this case, the Controller of the aforementioned application’s personal data protection policy applies, respectively https://it-it.facebook.com/about/privacy/https://twitter.com/privacy?lang=ithttps://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv). With regard to the AddThis service, that company’s policy applies (https://www.addthis.com/privacy, which also gives you the right to opt out (https://datacloudoptout.oracle.com/optout https://datacloudoptout.oracle.com/).

JotForm is a service for creating forms to be filled in that the site makes available to visitors to book participation in events organized by the Foundation. JotForm has stated that its systems comply with the main global laws on the protection of personal data (including those of the EU) and that it uses the data entered only for purposes related to administration of the request. Below is the link to their Privacy Policy.

• Google Forms is a Google Drive service for the creation of forms to be filled in that the site makes available to visitors to book participation in events organized by the Foundation. Google Inc., owner of the Google Drive platform, has guaranteed the security and protection of the confidentiality of the information entered. Below is the link to the Privacy Policy.

Cookie persistence, therefore, goes from a single session to two years from the date the page is visited.

The Data Controller does not guarantee that the links to the aforementioned policies are always functional, and this is due to any updates that do not depend on the company, therefore the user is required to personally consult and verify the current text. The Data Controller is not liable for any malfunctions or conditions that do not allow consultation of the policies of the aforementioned applications.

 

GMANAGEMENT OF COOKIES IN THE CONFIGURATION OF THE MAJOR BROWSERS USED

Manage cookies in Google Chrome >>>

Manage cookies in Internet Explorer >>>

Manage cookies in Mozilla Firefox >>>

Manage cookies in Safari >>>

Manage cookies in IOS >>>

The following site is indicated again to analyze, more generally, and manage your preferences in terms of online behavioural advertising http://www.youronlinechoices.com.

 

Latest update: 27 September 2022