Privacy and Legal Notices

1. Introduction

For the Bardini and Peyron Monumental Parks Foundation, your privacy and the security of your personal data are of utmost importance. We collect and process your data with the greatest care and attention, adopting specific technical and structural precautions to ensure its full security.

In accordance with Article 13 of the European Regulation 2016/679 (“GDPR” or “Regulation”) and the Privacy Code (“Privacy Code”), as recently amended by Legislative Decree 101/2018 (together, the “Regulations”), we inform you that the processing of your personal data is carried out in a manner that ensures security and confidentiality, using paper, electronic and/or telematic supports as detailed in this notice.

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Special categories of personal data: Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor: The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3. Data Controller

The processing of your personal data is carried out by the Bardini and Peyron Monumental Parks Foundation (“Foundation” or “Controller”), with its legal office at 50122 – Florence, Via Bufalini No. 6 and operational office at 50125 – Florence, Costa San Giorgio No. 2, as the Controller under the Regulation.

The Foundation has not appointed a Data Protection Officer pursuant to Article 37 of the GDPR.

For any questions or requests related to the processing of your personal data, you can contact the Foundation at any time by sending a request to the following contact details:

Data Controller

Legal Name: Bardini and Peyron Monumental Parks Foundation
Legal Office Address: 50122 Florence, Via Bufalini No. 6
Operational Office Address: 50125 Florence, Costa San Giorgio No.2
Telephone Contact Data: 055 20066233
Email Contact Data: info@bardinipeyron.it

4. Types of Data, Purposes and Legal Basis of Processing

The personal data that the Foundation processes are those you provide while browsing or using the online services offered by the same.

The Foundation may thus collect data about you, such as personal details including name and surname, email, browsing data.

Special categories of data under Article 9 of the GDPR or data relating to criminal convictions and offenses under Article 10 of the GDPR are not processed.

Your personal data, once collected, are processed for the following purposes:

	Purposes	Legal Basis
A	To assess your user experience of our web services and the services we offer, as well as to ensure the correct functioning of the web pages and their content.	The processing for these purposes is based on the legitimate interest of the Controller and does not require specific consent from the data subject.
B	To comply with obligations prescribed by laws, regulations, and European legislation.	The processing for these purposes is necessary for compliance with legal obligations and to make the requested service available, and does not require specific consent from the data subject.
C	To respond to your requests for information	The processing for this purpose is based on the legitimate interest of the Controller to respond to your requests and does not require specific consent from the data subject.

Your personal data is processed by personnel of the Foundation specifically authorized and designated under Article 4(10) of the Regulation and Article 2-quaterdecies of the Privacy Code, who process data according to precise instructions from the Controller.

5. Data Recipients

Your personal data will also be transmitted to third parties we rely on. These parties have been adequately selected and offer suitable guarantees respecting the rules on the processing of personal data. These subjects have been appointed as processors under Article 28 of the Regulation and are required to carry out their activities according to specific instructions provided by the Foundation and under its control.

These third parties may belong to the following categories: financial operators; internet providers; companies specialized in IT services, consulting firms. A specific and updated list of such parties is available at the office of the Controller and can be consulted upon request by the data subject.

It is understood that your personal data will not be communicated to third parties for their promotional purposes and will not be disseminated in any way.

Your data may also be transmitted to law enforcement and judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, as well as to enable the Foundation to exercise or protect a right of its own or of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others.

6. Obligation or Optionality of Providing Data

While you are free to provide your personal data, it is noted that:

• Communication of data for purposes A), B), and C) as mentioned in paragraph 4 is mandatory. Failure to communicate data will result in the Foundation being unable to establish any relationship with you, to allow you to use the site or to respond to your requests.

7. Trasferimento dati extra-UE

Some of the third parties referred to in the above paragraph 5 may be located in non-European Union countries which, however, offer an adequate level of data protection as determined by specific decisions of the European Commission.

The transfer of your personal data to third parties resident or located in non-European Union countries that do not ensure adequate levels of protection will be carried out only with your consent or following the conclusion of specific agreements between the Foundation and such subjects, containing safeguard clauses and appropriate guarantees for the protection of your personal data known as “standard contractual clauses,” also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of a contract between you and the Foundation or for the handling of your requests.

8. Data Retention

We inform you that your data will be kept for a limited period of time, which varies depending on the type of processing activity and the specific purposes thereof, as indicated below:

• Data collected in the context of using services offered by the Foundation: These data are retained for the duration of the service until the termination of the same or the cancellation of your subscription to the service.

At the end of these periods, your data will be permanently deleted or otherwise irreversibly anonymized by the Foundation.

9. Your Rights

We inform you that you have the right to exercise the following rights with respect to the personal data covered by this notice, as provided for and guaranteed by the Regulation:

• Right of access and rectification (Articles 15 and 16 of the Regulation): You have the right to access your personal data and to request that it be corrected, amended, or supplemented. If you wish, we will provide you with a copy of your data in our possession.
• Right to erasure of data (Art. 17 of the Regulation): In cases provided by current legislation, you can request the deletion of your personal data. Once your request is received and analyzed, we will take care to cease processing and delete your personal data if found legitimate.
• Right to restriction of processing (Art. 18 of the Regulation): You have the right to request the restriction of processing of your personal data in the case of unlawful processing or dispute of the accuracy of the personal data by the data subject.
• Right to Data Portability (Art. 20 of the Regulation): You have the right to request to obtain your personal data from the Data Controller in order to transmit them to another Controller, in cases provided for by the referenced article.
• Right to Object (Art. 21 of the Regulation): You have the right to object at any time to the processing of your personal data based on our legitimate interest, by explaining the reasons justifying your request. Before accepting it, the Foundation will evaluate the reasons for your request.
• Right to Lodge a Complaint (Art. 77 of the Regulation): You have the right to lodge a complaint with the competent Data Protection Authority if you believe that a violation of your rights concerning the processing of your personal data has occurred or is occurring.

You may exercise your rights at any time regarding the specific processing of your personal data by the Foundation.

Subject to what has been stated so far, we remind you that the aforementioned rights can also be exercised by anyone who has a direct interest, acts on your behalf, or for family reasons worthy of protection, pursuant to Art. 2-terdecies of Legislative Decree 101/2018.

These rights can be exercised via email at info@bardinipeyron.it or by postal mail to: Fondazione Parchi Monumentali Bardini e Peyron, Via Bufalini n. 6, 50122, Florence.

Further information regarding the data subject’s rights can be obtained by requesting the complete excerpt of the above-mentioned articles from the Controller.

10. Security Measures

The Foundation adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness, and availability of the data subject’s personal data. Technical, logistical, and organizational measures are implemented to prevent damage, even accidental loss, alterations, improper and unauthorized use of the processed data.

Furthermore, the Controllers cannot be held responsible for inaccurate information sent directly by the user (e.g., correctness of email address or postal address), as well as for information related to the user and provided by a third party, even fraudulently.

11. Changes to this Privacy Notice

The constant evolution of our services and regulations may result in changes to the characteristics of the processing of your personal data described so far. This privacy notice may undergo changes and additions over time, as necessary due to new regulatory interventions regarding the protection of personal data or changes/evolution of our services.

We therefore invite you to periodically check the contents of our notice: where possible, we will try to promptly inform you of the changes made and their consequences.

The updated version of the privacy notice will be published on the Foundation’s page, indicating the date of its last update.

12. Data di ultimo aggiornamento

18/12/2020