Privacy Policy

This Privacy Policy has been drafted pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the "Regulation") to inform users who interact with the website settimanadellacustodia.it (hereinafter, the "Website") about how their personal data will be processed, both through simple browsing and through the use of specific information request channels made available via the Website.
This notice applies solely to the above-mentioned Website and not to any other websites that may be accessed by the user through links on the Website (for which reference should be made to the respective privacy policies).

***

1. DATA CONTROLLER

The Data Controller is Fondazione Federica e Brunello Cucinelli, Via Giovane Italia 1 -06073 Corciano (PG), Italy (hereinafter, the "Controller"), reachable at the email address [fondazione@fondazionecucinelli.it].

2. PERSONAL DATA SUBJECT TO PROCESSING

We inform you that, by using the Website, the Controller may collect and process information and personal data relating to you. These may include identifiers such as your name, identification number, location data, online identifier, or one or more elements specific to your physical, physiological, genetic, mental, economic, cultural, or social identity that can identify or make you identifiable, depending on the type of services you request (hereinafter, "Personal Data")

In particular, the Controller will process the following categories of PersonalData:

a. Browsing Data

The Controller will process Personal Data collected during your navigation of the Website. These Personal Data include, for example, your IP address, location (country), domain names of the computer or device you use, URI (Uniform Resource Identifier) addresses of the requested resources, request times, the method used to submit requests to the server, the size of the file obtained in response, the numerical code indicating the server response status (success, error, etc.), and so on.
The operation of the Website involves the use of IT systems and software procedures that collect information about users as part of their normal functioning. Although the Controller does not collect such information to associate it with specific users, it is still possible to identify users either directly through this information or by using other information collected—therefore, such information is also considered personal data.

b. Cookies

The Controller will process Personal Data collected through cookies and other tracking tools. For more information on the Personal Data processed through cookies and similar technologies, please refer to the Cookie Policy.

c. Data Provided via Phone or Email Contacts on the Website

Regarding any personal data provided through communications sent to the phone numbers or email addresses listed in the "Contacts" section of the Website and attributable to the Municipality of Perugia, please note that such data will be processed exclusively by the Municipality itself, as an independent Data Controller, in accordance with its own privacy policy. For more information on how personal data is processed, please refer to the privacy notice provided by the Municipality of Perugia.

3. PURPOSES AND LEGAL BASIS OF PROCESSING

YourPersonal Data will be processed for the following purposes:

a) To enable navigation of the Website and interaction with its content, including managing the Website's security

The Controller will process, pursuant to Article 6(1)(b) of the Regulation, thePersonal Data referred to in section 2(a) to allow you to access and navigate the Website and to ensure its proper functioning.Providing Personal Data for this purpose is optional, but failure to do so may result in the inability to access and navigatethe Website.

b) To comply with legal obligations under applicable laws, regulations, or EU legislation, or to respond to requests from authorities

The Controller will process, pursuant to Article 6(1)(c) of the Regulation, the Personal Data referred to in section 2 to fulfill legal obligations to which it is subject.

c) To meet potential legal defense needs, including the detection, prevention, mitigation, and verification of fraudulent or illegal activities related to the services provided on the Website

The Controller will process, pursuant to Article 6(1)(f) of the Regulation, the Personal Data referred to in the previous section to protect its rights and/or legitimate interests in judicial or extrajudicial proceedings. Please note that, pursuant to Article 21 of the Regulation, you have the right to object at any time, based on your particular situation, to the processing of your Personal Data for this purpose. In the event of an objection, the Controller reserves the right to assess the request, which may be denied if there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

4. RECIPIENTS OF PERSONAL DATA

Your Personal Data may be shared, for the purposes outlined in Section 3 of this Privacy Policy, with:

  • Individuals authorized by the Controller, pursuant to Articles 29 and 32 of the Regulation and Article 2-quaterdecies of Legislative Decree 196/2003 (the "Privacy Code"), to process personal data as necessary to perform activities strictly related tothe provision of services, who are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality;
  • Entities that typically act as data processors pursuant to Article 28 of the Regulation on behalf of the Controller, in particular those responsible for providing services necessary for the operation of the Website (e.g., hosting providers, technical maintenance service providers, etc.). A complete list of data processors is available upon written request to the Controller at the contact details provided in Section 1 above.

Additionally, the Controller may disclose your Personal Data to entities, bodies, or authorities to whom disclosure is mandatory under legal provisions or orders from authorities. These entities will process the Personal Data as independent data controllers.

These entities are collectively referred to as "Recipients."

5. TRANSFERS OF PERSONAL DATA

Some of your Personal Data may be shared with Recipients located outside the European Economic Area. The Controller ensures that the processing of your Personal Data by these Recipients is carried out in compliance with applicable law, in accordance with one of the methods permitted under Articles 44-49 of the Regulation, such as the data subject's consent, the adoption of Standard Contractual Clauses approved by the European Commission, or the selection of entities adhering to international data transfer programs, in line with the Recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board.

You may request more information regarding data transfers and the safeguards adopted by writing to the Controller at the contact details provided in Section 1 above.

7. RETENTION OF PERSONAL DATA

Personal Data processed for the purposes referred to in Section 3, letters a) and b), of this Privacy Policy will be retained for the time strictly necessary to achieve those purposes, in accordance with the principles of data minimization and storage limitation set out in Article 5(1)(c) and (d)of the Regulation.

Personal Data processed for the purposes referred to in Section 3, letter c), will be retained for the period required by the specific applicable legal obligation or regulation.

The Controller also reserves the right to retain Personal Data for the time necessary to establish, exercise, or defend a legal claim, both in judicial and extrajudicial proceedings, including pre-litigation phases.

More information on the data retention period and the criteria used to determine such period can be requested by writing to the Controller at the contact details provided in Section 1 above.

8. DATA SUBJECT RIGHTS

As a data subject, you may exercise the following rights at any time:

  • Right of access (Art. 15 of the Regulation) - You have the right to obtain confirmation as to whether or not your personal data is being processed and to receive information regarding such processing;
  • Right to rectification (Art. 16 of the Regulation) - You have the right to obtain the correction of your personal data if it is inaccurate or incomplete. Please note that, with regard to personal data collected through audio and video recording systems, the right to rectification cannot be effectively exercised due to the intrinsic nature of such data, which pertains to objective and specific facts;
  • Right to erasure (Art. 17 of the Regulation) - In certain circumstances, you have the right to request the deletion of your personal data from our records;
  • Right to restriction of processing (Art. 18 of the Regulation) - Under certain conditions, you have the right to request the restriction of the processing of your personal data;
  • Right to data portability (Art. 20 of the Regulation) - You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller;
  • Right to object (Art. 21 of the Regulation) - You have the right to object to the processing of your personal data, providing reasons related to your particular situation. The Controller reservesthe right to assess such a request, which may be denied if there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

To exercise the above rights, you may write to the Controller at Via Giovane Italia 1 - 06073 Corciano (PG), Italy, or via email at [fondazione@fondazionecucinelli.it].

Furthermore, if you believe that the processing of your Personal Data violates data protection laws, you have theright, pursuant to Article 77 of the Regulation, to lodge a complaint with the supervisory authority of the EU Member State where you habitually reside, work, or where the alleged violation occurred.

9. CHANGES

The Controller reserves the right to modifyor simply update the content of this Privacy Policy, in whole or in part, including due to changes in applicable legislation. Therefore, the Controller invites you to regularly visit this section to review the most recent and updated version of the Privacy Policy, so that you are always informed about the data collected and how it is processed.