Privacy Policy

This page describes the methods of processing personal data carried out in order to provide services following the consultation of the website https://museoarcheologicoreggiocalabria.cultura.gov.it.

The National Archaeological Museum of Reggio Calabria (hereinafter referred to as “MArRC” or the “Controller”), in its capacity as Data Controller, informs Users and Visitors (and Data Subjects in general) that the personal data collected through the website will be processed in compliance with EU Regulation 2016/679 (GDPR) and current legislation on the protection of personal data.

Data Controller

The Data Controller, including with regard to browsing data collected following the consultation of the website https://museoarcheologicoreggiocalabria.cultura.gov.it/, is the National Archaeological Museum of Reggio Calabria, located in Reggio Calabria (RC), at Piazzza de Nava, 26, 89123, tax code and VAT no. 92094410807 (hereinafter referred to as “MArRC” and/or the “Controller”).

As the Data Controller, MArRC processes personal data in accordance with the applicable Italian data protection legislation in force at the time (the “National Legislation”) and with EU Regulation 679/2016 – General Data Protection Regulation (“GDPR”) (hereinafter, the National Legislation and the GDPR are jointly referred to as the “Applicable Legislation”). MArRC recognizes the importance of protecting personal data and considers its safeguarding one of the main goals of its activities.

Before providing any personal data while browsing the website, we invite you to carefully read this privacy policy (“Privacy Policy”), as it contains important information regarding the protection of personal data and the security measures adopted to ensure confidentiality, in full compliance with the applicable legislation.

Please note that the processing of your personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.

Data Protection Officer

The Data Protection Officer can be contacted by writing to the following email address: rpd@pec.cultura.gov.it

Purposes and Legal Bases of the Processing

The personal data of Data Subjects are processed by MArRC for the following purposes:

Performance of institutional functions
Data are processed based on the following legal grounds:
• to comply with legal obligations, regulations, and EU legislation, and for the performance of institutional functions (Article 6.1.c of Regulation (EU) 679/2016);
• to carry out a task in the public interest or in the exercise of official authority (Article 6.1.e of Regulation (EU) 679/2016);
• for the performance of a contract to which the data subject is a party (Article 6.1.b of Regulation (EU) 679/2016).
Responding to requests submitted by Users through the Contact Form
Data will also be processed to respond to requests that Users may send to the contact details available on the Website. For this purpose, Users are required to provide their contact information (name, email, phone number, etc.), as it would otherwise not be possible to respond.
The legal basis for this processing is the need to take pre-contractual or contractual measures at the request of the User, and to fulfill related legal obligations.
Additional purposes – Newsletter
Subject to prior consent (and subscription), which may be revoked at any time by a simple request sent to the Controller using the contact details provided herein, MArRC may send its newsletter via email, mail and/or SMS and/or phone calls.

Consent to Processing

The collection of consent from the Data Subject is not required for the purposes described under points a) and b), as provided by Article 6 letters b), e), and f) of EU Regulation 2016/679. Conversely, it is necessary to document (ensure traceability of) the acquisition of consent (Article 7 of EU Regulation 2016/679), which must be collected specifically and separately for the newsletter purposes described in point c).
In any case, you may always express your objection to the above-mentioned processing by contacting the Data Controller. However, please note that providing data for the purposes outlined under point a) is mandatory. If such data is not provided, MArRC will not be able to respond to Users’/Clients’ requests via the website, while it remains necessary to process such data in order to comply with specific legal obligations and/or requests from Authorities.

Types of Processing

The types of processing to which personal data may be subject are defined under Article 4, no. 2 of EU Regulation 2016/679. For ease of reference, these include: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, restriction, communication, erasure, and destruction of data.
“Personal Data” means any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Among the Personal Data collected by this website are:

Browsing Data
The website’s IT systems collect certain personal data whose transmission is implicit in the use of Internet communication protocols. These are not collected to be associated with you, but by their very nature could, through processing and association with data held by third parties, allow for your identification. Such data includes IP addresses or domain names of the devices used to connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters related to your operating system and computing environment. These data are used to obtain anonymous statistical information on site usage and to check its proper functioning; to enable — given the system architecture — the correct delivery of the various functionalities you request; for security purposes; and to determine responsibility in the event of potential cybercrimes against the website or third parties. These data are deleted after processing.
Personal Data Provided by the User
The Controller processes personal data (such as name, surname, phone number, email, etc.) provided voluntarily by Data Subjects through the website’s Contact Form. MArRC will process this data in accordance with the Applicable Legislation, assuming that it refers either to you or to third parties who have expressly authorized you to provide it based on a valid legal ground that legitimizes the processing. In such cases, you act as an independent data controller, taking on all related legal obligations and responsibilities. Users who are uncertain about which data is mandatory are encouraged to contact the Data Controller at the following email address: man-rc.dpo@cultura.gov.it
Cookies
Cookies are pieces of information stored on your browser when you visit a website or use a social network via your PC, smartphone, or tablet. Each cookie contains various data, such as the name of the server it came from, a numeric identifier, etc. Cookies can remain on your system for the duration of a session (i.e., until you close your browser) or for longer periods and may contain a unique identification code. For more information about the use of cookies, please read the Cookie Policy provided below.

Processing Methods

Personal data are mainly processed using automated methods and are stored in a manner that minimizes, through the adoption of appropriate and preventive security measures, the risk of destruction or loss (even accidental), unauthorized access, or processing that is either unlawful or not in accordance with the purposes of the collection.

Profiling

MArRC does not carry out any activities involving the automated profiling of personal data and does not use—either directly or indirectly—automated tools that generate such classifications.

Data Retention

MArRC will process personal data for the time strictly necessary to fulfill the purposes described above, unless different retention periods are required by law. After this period, personal data will be deleted.

Browsing data: retained for a maximum of 12 months, unless otherwise required by law.
Newsletter data: retained until consent is withdrawn.
Request-related data: retained until the request has been fulfilled and for any additional legal obligations.

Minors

No personal data should be entered on the website by minors without the prior consent of their parents or guardians. The Controller encourages all parents and guardians to educate minors on the safe and responsible use of their personal data on the Internet.
MArRC is committed to not knowingly storing or using any personal data collected from minors for any purpose, including disclosure to third parties.

Recipients

Your personal data may be shared, for the purposes outlined above, with:

subjects operating on behalf of the Data Controller and providing services necessary for the proper functioning of the MArRC website, who typically act as Data Processors;
individuals authorized by MArRC to process personal data, who are bound by confidentiality obligations, whether contractual or legal (e.g., MArRC employees and collaborators);
administrative or judicial authorities, in the exercise of their functions when required by applicable law.

Personal data will not be publicly disclosed.

Location and Data Transfers

Data are processed at the operational headquarters of the Data Controller and at any other location where the parties involved in the processing are located. For more details, you may contact the Controller.
Some of your personal data may be transferred to recipients located outside the European Economic Area.
MArRC ensures that both electronic and paper-based processing of your data by such recipients is carried out in compliance with the applicable regulations.
Data transfers outside the EU are based on adequacy decisions or Standard Contractual Clauses approved by the European Commission.

Data Subjects’ Rights

Users may exercise certain rights regarding their data processed by the Controller.
In particular, the User has the right to:

Withdraw consent at any time. The User can withdraw previously given consent to the processing of their personal data.
Object to the processing of their data. The User may object to the processing when it is carried out on a legal basis other than consent. Further details are provided below.
Access their data. The User has the right to obtain information on the data processed by the Controller and receive a copy.
Verify and request rectification. The User can check the accuracy of their data and request updates or corrections.
Request restriction of processing. Under certain conditions, the User can request that the processing of their data be limited. In such cases, the Controller will process the data solely for storage purposes.
Request erasure or removal of personal data. Under certain conditions, the User may request the deletion of their data by the Controller.
Receive their data or have it transferred to another controller. The User has the right to receive their data in a structured, commonly used, and machine-readable format, and—where technically feasible—have it transferred to another controller without obstacles. This right applies when data is processed by automated means and based on the User’s consent, a contract, or pre-contractual obligations.
Lodge a complaint. The User can file a complaint with the competent data protection authority (www.garanteprivacy.it) or take legal action.

These rights may be exercised by contacting MArRC, as the Data Controller, at the following email: man-rc.dpo@cultura.gov.it

Links to Other Websites

The website may contain hyperlinks to other websites, offered for the purpose of providing a better service to users.
MArRC is not responsible for the content of websites accessed through its own site.
The presence of a hyperlink does not imply endorsement or acceptance of responsibility by the Data Controller regarding the content of the external site, including its privacy policy or use of personal data.

Social Media Buttons and Widgets

Social buttons are icons on the site representing social networks (e.g., Facebook, Instagram) that allow users to interact directly with the relevant platforms via a single click.
The social buttons used on the site link only to the Data Controller’s social accounts and do not install third-party cookies on the site.
Below are the links to the privacy notices of the respective social media platforms:

https://www.facebook.com/privacy/center/

https://privacycenter.instagram.com/