Privacy Policy

For Marostica, the privacy and security of users’ personal data are of utmost importance. Therefore, personal data are collected and managed with the highest care, adopting appropriate security measures to protect them.
This page describes the methods and principles for processing the personal data of users who visit the website [www.museoscacchimarostica.it](https://www.museoscacchimarostica.it) (the “Site”).

This notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) to all users who, by interacting with the Site, provide their personal data. The scope of this notice is limited to the Site and does not extend to other websites that may be accessed via hyperlinks.

Below, the following will be clearly outlined:

• the details of who will process your personal data;
• which personal data will be processed;
• the purposes and legal basis for which the data will be processed;
• the retention periods and the rights granted to you.

Users are encouraged to read this privacy notice carefully before browsing the Site or providing any personal information.

The Data Controller is the Municipality of Marostica, located at Via Tempesta, No. 17 - 36063, Marostica, and can be contacted via email at [protocollogenerale@comune.marostica.vi.it](mailto:protocollogenerale@comune.marostica.vi.it) or via certified email (PEC) at [protocollo.comune.marostica.vi@pecveneto.it](mailto:protocollo.comune.marostica.vi@pecveneto.it).

The Municipality of Marostica has appointed a "Data Protection Officer" as required by Article 37 of the GDPR (also known as “DPO”).

The Entity’s Data Processing Officer (DPO) is: ASMEL Association, located at 21013 Gallarate (Varese), Via Carlo Cattaneo, 9
Tel. 081 7879717 [posta@asmel.eu](mailto:posta@asmel.eu) [asmel@asmepec.it](mailto:asmel@asmepec.it)

Contact person: Minucci Salvatore
Tel. 081 7879717 [servizio.dpo@asmel.eu](mailto:servizio.dpo@asmel.eu) [dpo.asmel@asmepec.it](mailto:dpo.asmel@asmepec.it)

The personal data that may be processed within the scope of web services are as follows:

Browsing Data
The IT systems and software procedures of the Municipality of Marostica may, during their normal operation, acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature, it could, through processing and association with data held by third parties, allow the identification of users. This category includes IP addresses or domain names of the computers used by users connecting to the Site, URI (Uniform Resource Identifier) addresses of requested resources, request time, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the server response status (success, error, etc.), and other parameters related to the user’s operating system or IT environment. Data will be retained for no longer than necessary to achieve the intended purposes and, in any case, for the period required by law. Data may also be used to ascertain liability in the event of computer crimes against the Site.

Data voluntarily provided by the user
The optional, explicit, and voluntary sending of emails to the addresses indicated on this Site, as well as the completion and submission of forms/requests for information or registration on telematic services, will result in the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the communication.

Such data will be retained for the time necessary to provide the service and, in any case, for the period necessary to perform the institutional duties of the Administration or to comply with legal or regulatory requirements. Specific information will be progressively provided or displayed on the Site pages for particular on-demand services.

Cookies
See the specific section.

The Municipality of Marostica will process data for the following purposes:

• to allow the User to navigate the Site;
• to obtain anonymous statistical information on the use of the Site to monitor its correct functioning;
• to respond to requests sent by Users through online services or to the Municipality’s email addresses in the exercise of the Entity’s institutional purposes.

The legal bases for processing are as follows, divided by data categories:

• Browsing data and cookies: legitimate interest of the Data Controller;
• Common personal data provided by the User in requests sent via email/online services: consent provided by the Data Subject and the performance of a task carried out in the public interest or in the exercise of official authority.

Data processing will be carried out using both manual methods and IT/telecommunication tools. Processing will be conducted in compliance with the technical and organizational measures necessary to ensure data security, in accordance with legal provisions. Data will be protected against risks of destruction, alteration, deletion, and unauthorized access through physical, logical, and organizational security measures.

Processing will be performed by designated Municipality staff authorized to handle the data and/or by external data processing managers.

No automated profiling processes are in place.

Providing browsing data is mandatory and essential to allow the Data Controller to enable the User to use the Site.

Providing personal data voluntarily submitted by the User through emails or online services is optional. Failure to provide, incomplete, or inaccurate submission of the requested data may result in the Data Controller being unable, either fully or partially, to respond to the User’s requests.

Personal data may be shared with third parties when such sharing is necessary for the proper fulfillment of the purposes indicated in point 4, or when required by law, regulation, or a request from the Judicial Authority.

Personal data will not be disclosed publicly.

Personal data will not be transferred to third countries or international organizations.

The Data Subject is entitled to the rights provided by Article 15 of the GDPR, which stipulates the following:
The Data Subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them are being processed and, where that is the case, access to the personal data and the following information:

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients are in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
e) the existence of the right of the Data Subject to request from the Data Controller the rectification (Art. 16 GDPR) or erasure of personal data (Art. 17) or the restriction of processing of personal data concerning them (Art. 18) or to object to their processing (Art. 21), where applicable;
f) the right to lodge a complaint with a supervisory authority, including by using a non-profit body, organization, or association under Art. 80 GDPR;
g) the existence of automated decision-making, including profiling pursuant to Art. 22, paragraphs 1 and 4, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject.

In the cases referred to in Article 20 GDPR, the Data Subject also has the right to data portability.

Where processing is based on consent, the User has the right to withdraw consent by contacting the Data Controller or the DPO using the contact details provided in this notice. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

These rights can be exercised by contacting the Data Controller or the DPO at the contact details indicated in this privacy notice.

Browsing Data

The IT systems and software procedures responsible for the operation of the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category includes IP addresses or domain names of the computers and devices used by users, URI/URL addresses (Uniform Resource Identifier/Locator) of requested resources, request time, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the server response status (“success,” “error,” etc.), and other parameters related to the user’s operating system and IT environment.
These data, necessary for the use of web services, are also processed to obtain statistical information about service usage (most visited pages, number of visitors by time slot or day, geographic areas of origin, etc.) and/or to monitor the correct functioning of the services offered.
Browsing data are not retained for more than 60 days and are deleted immediately after aggregation (except in cases where required for the investigation of crimes by the Judicial Authority).
For details on the list of cookies, their retention periods, disabling methods, and respective controllers, users are invited to read the cookie policy available at this link: www.comune.marostica.vi.it/it/cookie

Data Voluntarily Provided by the User

Through the Site, it is possible to send requests and communications via the addresses and contact forms indicated. For this purpose, the Data Controller will process common personal data, such as the user’s identification and contact information. Providing this data is optional, but necessary to respond to submitted requests and to contact the sender for clarifications regarding the information provided.
Specifically, personal data are provided by users to access the services offered by the Site. If such data are not provided, the Data Controller will be unable to offer these services, in whole or in part. The Data Controller does not collect or process personal data relating to minors. By accessing the Site and using the services offered, the user declares that they are of legal age. Users under 18 are therefore asked not to register on the Site or provide personal data.

In particular, user identification occurs at the time of:

• Submitting requests for information/assistance and communications via the addresses and contact forms indicated on the Site. In this case, the Data Controller will process the sender’s contact data, necessary to respond, as well as any personal data included in the communications.

The processing of personal data is carried out by the Data Controller for the following purposes:

• To respond to user requests for information and assistance. Processing is necessary to fulfill a user request and is based on the performance of pre-contractual or contractual measures taken at the request of the Data Subject (Art. 6, para. 1, letter b GDPR);
• To ensure the proper functioning of the Site’s web pages and their content. In this case, data processing is based on the legitimate interest of the Data Controller to guarantee accessibility and security of its Site (Art. 6, para. 1, letter f GDPR).

Data processing will be carried out using electronic tools, with methods and procedures strictly necessary to achieve the purposes for which the data were collected.
To prevent the risk of data loss, unlawful use, misuse, unauthorized access, or alteration, appropriate technological and managerial security measures have been adopted. Personal data will be processed by the Data Controller, by its personnel duly authorized for processing, or by individuals specifically appointed as Data Processing Managers.

At any time, the Data Subject may request from the Data Controller a complete list of the appointed Data Processing Managers involved in processing the data for the purposes described in this privacy notice.

The Data Controller adopts the following data retention policies for users of the Site:

• Data provided to conclude and execute contracts for the purchase of goods or services will be retained until the completion of administrative and accounting formalities. Data related to invoicing will be kept for ten years from the invoice date;
• Data provided through contact forms or emails sent to the addresses published on the Site will be retained only for the time necessary to respond to the requests received;
• Browsing data will be retained for 60 days.

The Data Subject may exercise, at any time, the rights provided by Articles 15 et seq. of the GDPR by sending an email to [protocollo.comune.marostica.vi@pecveneto.it](mailto:protocollo.comune.marostica.vi@pecveneto.it) or by writing to Marostica – Via L. Tempesta, 17, Marostica.

Where applicable, the Data Subject also has the right to lodge a complaint with the Italian Data Protection Authority if they believe that the processing of their personal data violates the provisions of current legislation.