PERSONAL DATA PROCESSING POLICY FOR USING THE ACADEMY WEBSITE
(REG EU 2016/679 and Italian privacy legislation)
DATA CONTROLLER: Fondazione Accademia d’Arti e Mestieri dello Spettacolo Teatro alla Scala (above and hereinafter “Academy”)
Registered Headquarters: Via Santa Marta n. 18, Milano, tel. (+39) 02-8545111; fax (+39) 02-86460020; email: firstname.lastname@example.org
LAWFULNESS AND PURPOSES OF PERSONAL DATA PROCESSING
The processing of personal data of subjects using the Academy website is justified by the legitimate interest of the Academy.
Instructions on requesting information or subscribing to the Newsletter using forms provided on the Academy website are found on the dedicated web pages.
PERIOD OF PERSONAL DATA STORAGE
As long as the user (Data Subject) is connected to the website. When the user disconnects, the personal data will be eliminated, erased, or rendered anonymous (if not already collected in anonymous form).
PERSONAL DATA SUBJECT TO PROCESSING AND METHOD OF PROCESSING
The IP address or domain name of the computer used by the Data Subject to connect to the Academy website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the dimension of the file obtained in response, the numerical code indicating the server response status (success, error, etc.), and other parameters regarding the Data Subject’s operating system and IT environment may be collected and processed.
In processing personal data that may be used to identify the Data Subject either directly or indirectly, the Academy shall adhere to the principle of strict necessity and seek to ensure the confidentiality of the processed data. The Academy has configured its website in such a way that the use of personal data is minimized, and personally identifiable data is processed only if strictly necessary or requested by regulatory or law enforcement authorities (for example: traffic data, how long the Data Subject is connected to the website, and the Data Subject’s IP address) or as evidence in the event of a cybercrime against the Academy.
The personal data will be processed in anonymous form using computerized means by Academy teaching personnel and Academy marketing and public relations personnel.
PERSONAL DATA PROVIDED VOLUNTARILY
PERSONAL DATA SHARED ON SOCIAL MEDIA
The Academy website may collect location data with anonymized IP address via Google Analytics (https://policies.google.com/privacy?hl=en) which makes it impossible to identify the user. No geographic data or information is processed.
PERSONAL DATA PROVISION REQUIREMENT
Certain personal data are strictly necessary in order to access and use the Academy website. Other personal data are processed exclusively for anonymous statistical purposes on website use and to ensure the proper functioning of the website. These latter data are erased immediately after processing.
DATA RECIPIENTS AND SUBJECTS AUTHORIZED TO PROCESS PERSONAL DATA
Personal data are processed by Academy employees or consultants or by external parties acting as authorized external data processors who provide technical, administrative, and/or organizational services for the Academy. While some information system maintenance services are contracted to external parties that have implemented appropriate measures to ensure confidentiality, personal data will not be published or communicated to third parties.
The list of external parties who process personal data on behalf of the Data Controller (the Academy) is available upon request from: email@example.com
SECURITY OF PERSONAL DATA
Data Subject personal data will be processed using automatic tools in keeping with the principle of necessity and proportionality, avoiding processing of personal data when the operations can be carried out using anonymous data or in other ways. The Academy has implemented specific security measures to prevent loss of personal data, illicit or improper use of personal data, and unauthorized access to personal data.
DATA SUBJECT’S RIGHTS
By contacting the Data Controller at: firstname.lastname@example.org, the Data Subject may exercise applicable rights as regards his/her personal data, including deletion of personal data, correction of incorrect data, addition of missing data, limitations to processing, data portability, or objection to data processing without prejudicing the rights or freedoms of the Data Controller.
The Data Subject has the right to lodge a complaint with a supervisory authority in the EU member state where the Data Subject maintains his or her principal residence or in the state in which the presumed violation occurred.
Latest update: June 2018