Noi e terze parti selezionate utilizziamo cookie o tecnologie simili per finalità tecniche e, con il tuo consenso, anche per altre finalità come specificato nella informativa cookie.
Reference: Information Notice MP/Inf/EM-MdC – Rev. 0 dated 06/02/2025
EU Regulation 679/2016 (hereinafter the “Regulation” or “GDPR”) sets out the rules concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data.
It safeguards the fundamental rights and freedoms of natural persons, in particular their right to the protection of personal data.
This privacy notice is issued by Fondazione Roma (hereinafter the “Foundation”) pursuant to Article 13 of the Regulation, regarding the processing of personal data collected by the Foundation as the organizer of exhibitions or events held at its Museum Hub, and acquired through the Made Ticket web platform managed by Matematici Ricerca e Sviluppo S.r.l., used for the advance sale/sale of admission tickets. Matematici Ricerca e Sviluppo S.r.l. acts as an independent data controller for this service. Access to the platform may occur directly or via redirection through specific buttons when the data subject is browsing the museodelcorso.com website, managed by Fondazione Roma.
The processing is carried out in accordance with the purposes described in this notice and is based on the principles of fairness, lawfulness, and transparency, in compliance with the technical and organizational security measures adopted by the Foundation.
DATA CONTROLLER
The Data Controller (hereinafter “Controller”) is Fondazione Roma, headquartered in Rome IT-00187, Via Marco Minghetti no. 17; phone: +39 0697645113; email: fgabrielli@fondazioneroma.it.
DATA PROTECTION OFFICER (DPO)
The Data Protection Officer (DPO) is Maurizio Belli of Università del Lavoro ETS, reachable at: dpo_fr@unilavoro.org.
TYPES OF PERSONAL DATA AND PURPOSES OF PROCESSING
The processing concerns identifying and contact data, including email address, provided directly by the data subject during the online purchase of admission tickets to exhibitions or events organized by Fondazione Roma and purchased via the Made Ticket platform managed by Matematici Ricerca e Sviluppo S.r.l. For group and school bookings, reservations are mainly handled via email initiated by the data subject using dedicated buttons on the museodelcorso.com website. Group booking requests are sent to the service at “info@museodelcorso.com,” which provides assistance and support for the complete purchase process.
The purposes of processing the collected personal data are:
a) to fulfill contractual obligations (ticket purchase) between the data subject and the organizer (Foundation), including any pre-contractual measures and related services such as administrative activities and booking management;
b) to manage newsletter subscriptions, send newsletters and communications for informational and promotional purposes regarding events and services related to the Foundation’s museum hub (communications and newsletters are sent to the email address provided by the data subject based on their explicit consent);
c) to comply with legal and regulatory obligations.
LEGAL BASIS FOR PROCESSING
The processing of personal data for the above purposes is based on the following legal grounds:
a) necessity to perform a contract and manage the service provided to which the data subject is a party (Art. 6(1)(b) GDPR);
b) explicit consent of the data subject for newsletter subscription and acceptance to receive informational and promotional communications (Art. 6(1)(a) GDPR). Consent is obtained via the Made Ticket platform during the ticket purchase process for events and exhibitions organized by Fondazione Roma;
c) necessity to comply with legal obligations to which the Controller is subject (Art. 6(1)(c) GDPR).s
CONSEQUENCES OF REFUSAL TO PROVIDE DATA
Providing personal data for contractual and legal purposes is necessary and mandatory following the voluntary purchase of admission tickets to exhibitions and events at the Foundation’s museum hub. Refusal to provide such data will prevent the completion of the ticket purchase.
Regarding newsletter services and promotional communications, the user is free to opt-in by providing explicit consent through the platform’s functionalities. Without such consent, the Foundation will not use the provided email address for newsletter subscription or promotional communications.
RECIPIENTS AND CATEGORIES OF RECIPIENTS
Personal data provided will be processed by authorized personnel of the Foundation and may be processed on behalf of the Foundation by organizations, entities, companies, consultants, freelancers, or other bodies with which the Foundation interacts for institutional purposes or service provision. These entities act as Data Processors or independent Data Controllers. The complete and updated list of Data Processors is available from the Foundation’s Legal Affairs Department. Personal data may also be disclosed to comply with legal, regulatory, or EU provisions, or based on instructions from authorized authorities or supervisory and control bodies.
METHODS OF DATA PROCESSING
Personal data is processed to ensure maximum security and confidentiality, using paper, IT, and telematic tools, and adopting appropriate technical and organizational security measures to reduce the risk of loss, destruction, unauthorized access, improper disclosure, and data tampering.
TRANSFER OF DATA TO THIRD COUNTRIES
Personal data provided and processed directly by Fondazione Roma is not transferred to third countries.
DATA RETENTION PERIOD
Personal data is processed for the time necessary to achieve the purposes for which it was collected, including administrative and accounting purposes related to the established relationship and legal obligations, within the statutory limitation periods applicable to the rights and obligations involved.
Data collected for newsletter subscription and communications will be retained until the data subject exercises their right to object or request deletion.
Retention is carried out in compliance with sector regulations, the principle of proportionality, and within the limits necessary to achieve the described purposes.
DATA SUBJECT RIGHTS
Data subjects may exercise their rights under Articles 15–22 of EU Regulation 2016/679 at any time. They may contact the Controller to access, rectify, delete, restrict, or object to the processing of their personal data. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before the withdrawal. To exercise these rights, contact:
Data subjects also have the right to lodge a complaint (Art. 77 GDPR) or seek judicial remedy (Art. 79 GDPR) if they believe that the processing violates the GDPR.
Fondazione Roma does not adopt any automated decision-making processes, including profiling, as referred to in Article 22(1) and (4) of the GDPR.