INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 (‘GDPR’)
Pursuant to the provisions of current legislation on the protection of personal data, with particular reference to Article 13 of EU Regulation 2016/679 (hereinafter ‘GDPR’), Fondazione ADI Collezione Compasso d’Oro, organiser of the events and Orbital Cultura Srl, (hereinafter also ‘Orbital Cultura’), provider of ticketing services through the platform as autonomous data controllers, each with regard to their respective competences in data processing, inform you of the following:
1. Purposes of data processing and data processed
Fondazione ADI Collezione Compasso d’Oro will process the data acquired for the following purposes:
Orbital Cultura will process the acquired data for the following purposes:
The legal basis of the processing is therefore identified in the fulfilment of legal obligations to which Fondazione ADI Collezione Compasso d’Oro and Orbital Cultura are subject and in the need to implement the contractual relationship.
The data acquired may also be processed by Fondazione ADI Collezione Compasso d’Oro and Orbital Cultura for the following additional purposes:
Each of these activities and communications may only be carried out with your specific consent. This consent is optional and revocable at any time.
The fulfilment of the above-mentioned purposes implies the processing of the following personal data:
2. Categories of persons to whom the data may be communicated
The data may be processed by the employees and/or collaborators of Fondazione ADI Collezione Compasso d’Oro and Orbital Cultura allotted to the pursuit of the above-mentioned purposes, who have been expressly authorised to carry out such processing and who have received adequate operating instructions pursuant to Articles 29 of the GDPR and 2-quaterdecies of Legislative Decree 196/2003, as amended and adapted to the GDPR by Legislative Decree 101/2018.
The data may be communicated to subjects acting as independent data controllers, including, by way of example, authorities and supervisory and control bodies and, in general, public or private subjects entitled to make such data requests.
The data may also be processed, on behalf of Fondazione ADI Collezione Compasso d’Oro and Orbital Cultura, by parties appointed as data processors pursuant to Article 28 of the GDPR. The full list of data processors will be made available to the data subject upon request.
3. Rights of the persons concerned
Any customers concerned may request access to the data concerning them, their rectification, integration or deletion, the restriction of processing in the cases provided for by Article 18 of the GDPR, as well as opposition to processing pursuant to Article 21 of the GDPR in cases of legitimate interest.
Data subjects also have the right to the portability of their data pursuant to Article 20 of the GDPR, i.e. the right to receive their data in a structured, commonly used and machine-readable format and, if technically feasible, to transmit it to another data controller without hindrance.
Finally, data subjects have the right to lodge a complaint with the Data Protection Authority.
The above-mentioned rights may be exercised by sending a written communication to:
- Fondazione Adi Collezione Compasso d'Oro [email protected]
As regards Orbital Cultura Srl, [email protected]
4. Data transfer abroad
The data acquired will not be transferred outside the European Union.
5. Period of data conservation
Your personal data will only be stored for the time necessary to ensure the correct provision of the services offered and, where applicable, until such time as legal obligations and contractual obligations entered into between you and Fondazione Adi Collezione Compasso d'Oro and Orbital Cultura have been fulfilled.
6. Data controller
The data controllers are:
Fondazione ADI Collezione Compasso d'Oro with registered office in Via Bramante 29, 20154 Milano, email address [email protected].
Orbital Cultura Srl., with registered office in Florence, Via Policarpo Petrocchi 24. The designated Data Protection Officer is the head of the ‘Compliance & AML’ function of the Nexi Group, who may be contacted at: [email protected].
EXTENDED NOTIFICATION ON THE USE OF COOKIES
In relation to the Provisions of the Guarantor for the Protection of Personal Data “Identification of simplified procedures for the notification and acquisition of consent for the use of cookies – 8 May 2014” (Published in the Gazetta Ufficiale No. 126 of 3 June 2014), we hereby inform you that the company -- processes only technical and/or analytical cookies, and does not use profiling cookies. The installation of such cookies does not require the prior consent of users, while the obligation to provide information pursuant to Article 13 of EU Regulation 2016/679 (hereinafter also ‘GDPR’) remains in place.
INFORMATION ON THE PROTECTION OF PERSONAL DATA IN ACCORDANCE WITH ART. 13 of EU Regulation 2016/679
In compliance with the provisions of the current legislation on the protection of personal data, the company --, in its capacity as Data Controller, informs the person concerned, who provides their IP data by consulting the ticket.adidesignmuseum.org website, of the purposes and methods of processing of the personal data collected, their possible scope of communication and dissemination, as well as the nature of their provision. The data collected from the person concerned are exclusively IP data, i.e. data that can be qualified as coming from public registers and therefore whose consent is not required for processing purposes.
The data subject to processing is used directly to fulfil the purposes instrumental to the site (such as, for example: checks to prevent attacks, statistical analysis) in full compliance with the principle of correctness and the provisions of the law.
With regard to the methods, data processing is carried out through IT procedures by the owner.
The data of the data subject shall not be communicated, sold or exchanged with third parties, nor shall they be disseminated, except as foreseen by law.
The data subject may assert his or her rights pursuant to Articles 15 et seq. of the GDPR by contacting the data controller. In particular, the data subject has:
• right of access: the right to obtain confirmation from the Controller as to whether or not personal data are being processed, and if so, to obtain access to the personal data and further information on the origin, purpose, category of data processed, recipients of communication and/or transfer of the data, etc.;
• right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary declaration;
• right to cancellation: the right to obtain from the Data Controller the deletion of personal data without undue delay in the event that:
a) personal data are no longer necessary for the purposes of processing;
b) the consent on which the processing is based is withdrawn and there is no other legal basis for the processing;
c) personal data have been unlawfully processed;
d) personal data must be deleted to comply with a legal obligation.
• right to object to processing: the right to object at any time to the processing of personal data that have a legitimate interest of the Controller as their legal basis;
• right to restriction of processing: right to obtain from the Controller the restriction of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data) if the processing is unlawful and/or the data subject has objected to the processing;
• right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that processing operations concerning him/her are in breach of the Privacy Law shall have the right to lodge a complaint with the supervisory authority of the Member State in which he/she resides or habitually works, or of the state in which the alleged breach occurred.
Rights may be exercised by sending an email to the following address: [email protected] or by sending a fax or a written letter to the addresses shown on printed paper.
The data are stored in computer and digital archives, and the minimum security measures provided for by the legislator are ensured.
The owner reserves the right to block access to those IPs whose visits reveal anomalies. Users who are unable to view pages from the site or the site itself may contact the following email address: [email protected]
What are cookies?
‘Cookies’ are small text files that a server can save on a computer’s hard drive and which can store certain information about the user. Cookies allow the website to record user activity and store user preferences. Cookies help analyse interaction between the user and the website, and allow for smoother and more personalised browsing.
What kinds of cookies are there?
Depending on its duration, a cookie can be classified as either ‘session’ or ‘permanent’.
‘Session’ cookies are temporary and disappear from the computer when the user leaves the visited site or closes the browser. They are usually stored in the cache memory of the computer.
‘Permanent’ cookies remain on the user’s computer even after closing the browser and until they expire or the user deletes them. The expiry date is determined by the site that initiates them. They are often used to track the user’s habits, so that when the user returns to the site, the site reads the stored information and adapts to the user’s preferences.
Depending on its function, a cookie can be classified as ‘technical’ or ‘profiling’.
‘Technical’ cookies relate to activities strictly necessary for the operation of the site and the provision of the service. In most cases, they are session cookies. Technical cookies do not require the user’s consent as they are not used for purposes other than the proper functioning of the site.
‘Profiling’ cookies can be used to track the user’s browsing habits and preferences in order to provide advertising and services based on the user’s interests. These types of cookies are installed or activated only after the user has given his or her consent the first time he or she visits the site. Consent can be expressed by interacting with the short information banner on the landing page of the site in the manner indicated (by closing the banner, explicitly accepting it, scrolling the page or clicking on any of its elements).
What cookies does the site use?
-- ticket.adidesignmuseum.org uses technical cookies generated and used for its website and not third-party cookies.
Visiting this site may generate the following types of cookies:
Internal cookies
Technical session cookies: these are used to improve the user’s browsing experience and interaction with the site.
How to deactivate cookies through the browser
It is possible to configure the browser used for navigation to eliminate or prevent the installation of cookies. The user can control which cookies are installed, how long they last and delete them. The steps to do this differ from browser to browser. Below are guides for the most popular browsers:
Deactivating certain cookies may hinder access to the website and the proper functioning of the pages.