INFORMATIVE NOTICE PURSUANT TO ART. 13 OF EU REGULATION 2016/679 (GDPR)
1. Data Controller
The Data Controller is Veneranda Fabbrica del Duomo di Milano, with its registered office in Via Carlo Maria Martini 1, 20122 Milan, fiscal code and VAT number 01989950157 (hereinafter, “Controller”).
2. Scope of communication and diffusion of data
Employees and/or collaborators of the Data Controller, charged with managing the Data, may become aware of the Data. These subjects, who have been instructed to do so by the Data Controller pursuant to Art. 29 of GDPR, will process the Data exclusively for the purposes indicated in this statement and in compliance with the provisions of the applicable legislation.
Furthermore, the Data may come to the attention of third parties who process Data on behalf of the Data Controller in the role of external data processors, such as, by way of example, suppliers of goods and/or services, professionals, and consultants, and in any case third parties adequately selected and endowed with experience, ability, and reliability, guaranteeing compliance with current personal data processing regulations.
The complete and updated list of data processors appointed by the Data Controller can be requested by sending an email to the following address email@example.com.
3. Object and purpose of data processing
The Data entered by you (name, surname, and email address) (hereinafter, “Data”) will be used to send promotional news in relation to products, services, or activities organised by the Data Controller.
Data processing shall be based on the principles of correctness, lawfulness, and transparency, legally and in compliance with the rules of confidentiality and security.
4. Data Retention
Data will be kept for a maximum duration of 24 months.
5. Data Transfer
Your Data will not be transferred to Countries outside of the European Union.
6. Data Provision
The provisnon of Data in not mandatory,but faliure to provide said Date entails impossibility of subscribing to the Newsletter
7. Legal basis of data processing
The legal basis for the processing of your Data lies mainly in consent.
8. Data Security
Adequate security measures are observed in accordance with the Privacy Code and GDPR to prevent, in addition to non-authorised access, the loss of Data and the illicit or incorrect use of said Data.
9. Rights of the interested party
Notwithstanding that which is indicated in the preceding paragraphs, you have the right to:
a) ask the Data Controller for access to personal Data and the correction or cancellation of said Data, or to limit the processing or to oppose the processing of said Data;
b) in relation to data processing founded on the legal basis of consent, withdraw consent at any time, without prejudice for the lawfulness of the data processing based on the consent given prior to annulment;
c) lodge a complaint with the National Supervisory Authority;
d) receive the personal Data provided by you in a structured, commonly used, and readable (on automatic devices) format for portability purposes, if applicable in the specific case (Privacy Guarantor).
To exercise the rights listed, as for every request regarding the processing of Data and the security measures adopted, the interested party can contact the following email address firstname.lastname@example.org.