Editions it en

Policy on the Purchase of Tickets and Services

INFORMATIVE NOTICE PURSUANT TO ART. 13 OF EU REGULATION 2016/679 (GDPR)

1. Data Controller

The Data Controller is Veneranda Fabbrica del Duomo di Milano, with its registered office in Via Carlo Maria Martini 1, 20122 Milan, fiscal code and VAT number 01989950157 (hereinafter, “Data Controller”).

2. Scope of communication and diffusion of data

Employees and/or collaborators of the Data Controller, charged with managing the Data, may become aware of the Data. These subjects, who have been instructed to do so by the Data Controller pursuant to Art. 29 of GDPR, will process the Data exclusively for the purposes indicated in this statement and in compliance with the provisions of the applicable legislation.

Furthermore, the Data may come to the attention of third parties who process Data on behalf of the Data Controller in the role of external data processors, such as, by way of example, suppliers of goods and/or services, professionals, and consultants, and in any case third parties adequately selected and endowed with experience, ability, and reliability, guaranteeing compliance with current personal data processing regulations.

The complete and updated list of data processors appointed by the Data Controller can be requested by sending an email to the following address privacy@fabbricaservizi.it.

3. Object and purpose of data processing

The Data entered by you (personal data, email address, residential address, tax code, or VAT number) (hereinafter, “Data”) will be used in order to allow the Data Controller to fulfil contractual obligations (administrative, accounting, and tax) deriving from the concluded sales contract (hereinafter, “Contract”). Pursuant to Art. 130 of Legislative Degree 196/03, Paragraph 4, your email address may be used for promotional communications in relation to products or services similar to those covered by the Contract, without prejudice to your right to oppose this processing at any time by exercising your right to opt-out and cancel said service.

Data processing shall be based on the principles of correctness, lawfulness, and transparency, legally and in compliance with the rules of confidentiality and security.

4. Data Retention

Data will be kept for the time necessary for the execution of the Contract and, in any case, for a maximum duration of 10 years in compliance with administrative and accounting obligations pursuant to the law.

5. Data Transfer

Your Data will not be transferred to Countries outside of the European Union.

6. Data Provision

The provision of Data is not mandatory, but failure to provide said Data entails the impossibility of signing the Contract.

7. Legal basis of data processing

The legal basis for the processing of your Data lies mainly in consent given for establishing the Contract and in the obligations related to the establishment and execution of said Contract.

8. Data Security

Adequate security measures are observed in accordance with the Privacy Code and GDPR to prevent, in addition to non-authorised access, the loss of Data and the illicit or incorrect use of said Data.

9. Rights of the interested party

Notwithstanding that which is indicated in the preceding paragraphs, you have the right to:

a) ask the Data Controller for access to personal Data and the correction or cancellation of said Data, or to limit the processing or to oppose the processing of said Data;

b) in relation to data processing founded on the legal basis of consent, withdraw consent at any time, without prejudice for the lawfulness of the data processing based on the consent given prior to annulment;

c) lodge a complaint with the National Supervisory Authority;

d) receive the personal Data provided by you in a structured, commonly used, and readable (on automatic devices) format for portability purposes, if applicable in the specific case (Privacy Guarantor).

To exercise the rights listed, as for every request regarding the processing of Data and the security measures adopted, the interested party can contact the following email address privacy@duomomilano.it.