Information for ChatBot
Information on the processing of personal data for ChatBot
Pursuant to Art. 13 of EU Regulation 2016/679, we provide this information in relation to the processing of personal data (hereinafter, the “Data”) that may be processed in relation to the ChatBot service, aimed at supporting users during and after the purchasing of a product and/or a service in “self-care” mode (hereinafter, for brevity, “Service”), offered by the Veneranda Fabbrica del Duomo di Milano, with its registered offce in via Carlo Maria Martini 1, 20122 Milan, C.F./P.IVA 01989950157 (hereinafter, “VFD”).
1. Data Controller
The Data Controller is VFD.
2. Scope of communication and diffusion of data
Employees and/or collaborators of the Data Controller, charged with managing the Data, may become aware of the Data. These subjects, who have been instructed to do so by the Data Controller pursuant to Art. 29 of GDPR, will process the Data exclusively for the purposes indicated in this statement and in compliance with the provisions of the applicable legislation.
Furthermore, the Data may come to the attention of third parties who process Data on behalf of the Data Controller in the role of external data processors, and in any case are third parties adequately selected and endowed with experience, ability and reliability and guarantering compliance with current personal data processing regulations.
The complete and updated list of data processors appointed by the Data Controller can be requested by sending an email to the following address firstname.lastname@example.org.
3. Object and purpose of data processing
The processing is aimed at using the Service and in particular: i) to assist and support with the User’s questions; ii) to support and assist with the purchasing of VFD services; iii) to manage the User’s commercial requests. Processing carried out by the Data Controller does not foresee any automated decision-making processes and the Data will not be subject to diffusion.
Data processing shall be based on the principles of correctness, lawfulness, transparency, legally and in compliance with the rules of confidentiality and security.
4. Data retention
Data will be kept for the time necessary for the execution of the Service and in any case for a maximum duration of 12 months.
5. Data provision
The provision of Data is not mandatory, but failure to provide said Data entails the impossibility of using the Service.
6. Methods and legal basis of data processing
The legal basis of data processing lies in consent.
7. Data security
Adequate security measures are observed in accordance with the Privacy Code and GDPR to prevent, in addition to non-authorised access, the loss of Data and the illicit or incorrect use of said Data.
8. Rights of the interested party
Considering that which is indicated in the preceding paragraphs, the interested party has the right to:
a) Ask the Data Controller for access to personal Data and the correction or cancellation of said Data, or to limit the processing or to oppose the processing of said Data;
b) In relation to data processing founded on the legal basis of consent, withdraw consent at any time, without prejudice for the lawfulness of the data processing based on the consent given prior to annulment;
c) Lodge a complaint with the national supervisory authority;
d) Receive the personal Data provided in a structured, commonly used and readable (on automatic devices) format for portability purposes.
To exercise the rights listed, as for every request regarding the processing of Data and the security measures adopted, the interested party can contact the following email address email@example.com.