Privacy Legislation


web site privacy policy

The following is a description of the site management procedure regarding the processing of the personal data of users who consult it.

This notification only regards the Web site, not other Web sites that users may consult using links.



Following consultation of this site, data regarding identified or identifiable persons may be processed.

The controller of the processing is Fondazione ARENA DI VERONA



During normal operation, the IP systems and software procedure involved in this Web site’s operation acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interests but, due to its very nature, could, by means of processing and association with data held by third parties, enable to identify users.

This category of data includes IP addresses or dominion names of the computers used by users who visit the Web site, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, a numerical code indicating the status of the reply given by the server (OK, error, etc.) and other parameters regarding the user’s operating system and IP environment.

These data are only used to obtain anonymous statistical information on the site’s use and check its correct operation. The data may be used to determine responsibility in the event of suspected cyber crimes involving the site: apart from this eventuality, currently, data on Web contacts do not remain stored for more than seven days.

No data resulting from the Web service is divulged.



Personal data are processed with automated means for the time strictly necessary to carry out the aims for which it has been collected.

Processing connected with the Web services of this site is carried out by members of Fondazione ARENA DI VERONA staff, or by people responsible for occasional maintenance work.

Specific security measures are taken to prevent the loss of data, illicit or incorrect use and unauthorized access.

No data resulting from the Web service is divulged.

Personal data provided by users who send requests to receive informative material (newsletters, replies to questions, etc.) are only used to carry provide the service requested and are only communicated to third parties should it be necessary for this purpose.



Apart from what is specified for navigation data, users are free to provide the personal data requested during navigation to apply for the sending of informative material or other communications.

Failure to release these data may result in it being impossible to obtain the requested material or information.

When users visit any part of the Web site that requires the collection of personal data, they are always provided a link to this notification and, if necessary, their consent is requested.

The optional, explicit and voluntary sending of e-mails to addresses appearing on this site leads to the successive acquisition of the sender’s address, necessary to reply to his or her request, as well as any other personal information included in the message.

Specific notifications follow regarding the pages of the site dedicated to particular services available on request or by means of which it is possible that further personal data are acquired.


Personal data voluntarily released by interested parties via the contact area:

a) are processed by mainly automated means to:

- Ensure a certain rapid reply and satisfy interested parties’ requests

- Comply with obligations laid down by law, rules and community regulations; compliance with provisions issued by Judicial Authorities/Courts,

- Develop  the system for acquiring knowledge of the public, necessary to control, improve and therefore plan a service that is increasingly efficient and suited to the demand, they may be processed by commercial staff, staff responsible for the maintenance of the IP systems that has the task of ensuring the systems’ functionality, data security and backup operations, other employees within the limits of the assignments received and whatever is foreseen by company procedure and other subjects who provide services for purposes that facilitate meeting interested parties’ requests, within the limits that are strictly necessary for carrying out their work;

b) they may be communicated or made available:

- to subjects who can access the data due to legal provisions, rules or community regulations or other regulations, within the limits foreseen by the regulations in question;

- to other subjects who provide services for purposes connected with meeting interested parties’ requirements, within the limits that are strictly necessary for carrying out their work.

Lastly, it is specified that the law requires consent to be obtained for processing judicial data and data defined as “sensitive” (i.e. data “able to reveal racial or ethnic origin, religious beliefs, philosophical or other beliefs of a similar nature, political opinions, membership of political parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal information able to reveal physical or mental health conditions or sexual life”); therefore, USERS ARE REQUESTED NOT to include information of this type in their first contact request since, without their explicit consent, it will not be able to be processed.

registering for the newsletter

Personal data voluntarily released by interested parties registering for the Newsletter:

are processed with mainly automated means for the sole purpose of meeting the requirements of interested parties, who have the right to block the aforementioned processing at any time.

> they may be processed by communication and marketing staff, staff responsible for IP the systems’ maintenance with the task of ensuring the systems’ correct operation, data security and backup operations, other employees within the limits of the assignments received and as foreseen by company procedure, and other subjects who provide services for purposes connected with meeting interested parties’ requirements, within the limits that are strictly necessary for carrying out their work;

>  they may be communicated or made available:

-  to subjects who can access the data due to legal provisions, rules or community regulations or other regulations, within the limits foreseen by the regulations in question,

- to other subjects who provide services for purposes connected with meeting interested parties’ requirements, within the limits that are strictly necessary for carrying out their work;

- to connected (subsidiary - parent) companies, again for current administrative/accounting purposes connected with meeting interested parties’ requirements.


What Cookies are

A cookie is a small quantity of data, often containing a unique anonymous ID code, which is sent to a browser by a Web server and then stored on the hard disc of users’ computers. Each cookie is read and recognized exclusively by the Web site that sent it every time users visit the Web site in the future.

The browser is the software that enables to navigate the Web by displaying and transferring the information to users’ devices’ hard discs. If the browser’s preferences are set to accept cookies, any Web site can send its cookies to the browser, but – in order to protect users’ privacy – it can only ”see” those sent by the site itself, not those sent to the browser by other sites.


In any case, cookies cannot cause damage to users’ computers/devices.



Users’ privacy is essentially guaranteed by the fact that AT ANY TIME WHATSOEVER they can:

>   configure their browser in order to accept all cookies, refuse them all, or receive an alert message whenever one is sent,

>   cancel one, some or all cookies.

Every browser has its specific settings, so it is necessary to remember to consult the “Help” section of the browser used to have the most information on how to modify its preferences.

Internet Explorer:

Google Chrome:

Mozilla Firefox:

Apple Safari:



The use of so-called session cookies (which are not stored persistently on users’ computers/devices and cancelled when the browser is closed) is strictly limited to the transmission of session IDs (formed by random numbers generated by the server), necessary to enable the site to be visited safely and efficiently.

The session cookies used on this site avoid resorting to other IP techniques potentially prejudicial for the privacy of users’ navigation and do not allow the acquisition of users’ personal ID data.

We use cookies essentially to facilitate users, speeding up and personalizing communication and navigation as much as possible, and to enable us to provide the best possible service. Thanks to cookies, it is possible to identify users (to be more precise, the computer/device they use) that have already visited our site, thus being able (for example) to remind them what they have already seen and highlighting any updates.

Cookie cannot damage users’ computers/devices, and we take particular care to accurately select all third-party providers who can set cookies for their own purposes.

A list follows of the cookies used on this site, indicating if they are installed by a third-party site (e.g. Google Analytics or social networks) and the category each of them belongs to, according to the following classification [general provisions of the Italian Authority for the protection of personal data [doc. web n. 3118884] "Identifying simplified methods for notification and obtaining consent to the use of cookies" of 08/05/2014]



Technical cookies are those that are only used to "transmit a communication over an electronic communication network, or as is strictly necessary to the provider of a service of information explicitly requested by a subscriber or user to provide the service in question" (see Art. 122, para. 1 of the relative Law). They are not used for other purposes. These can be divided into navigation or session cookies, which ensure the normal navigation and use of Web sites (enabling, for example, to purchase items or to log in to reserved areas); analytical cookies, assimilated to technical cookies when used directly by the site owner to collect information, in aggregate form, on the number of users and how they visit the site; functionality cookies, that enable users to navigate according to a series of selected criteria (e.g. language, products selected for purchase) in order to improve the service provided by the site. Users’ prior consent is not requested for the installation of these cookies



Profile cookies are aimed at creating user profiles and are used in order to send advertising messages that match the preferences shown by users during their Web navigation.


These cookies:

>   are used to display advertising announcements tailored to users’ interests, obtained from the site pages visited. They are also used to avoid always showing the same ad announcement and to help measure the effectiveness of advertising campaigns.

>   They are usually placed by advertising networks with the permission of Web site owners.

>   They keep track of your visits to the site and this information is shared with organizations such as advertising agencies.

>   They are often connected with facilities on the site provided by thirty-party companies



Cookie name


what it is used for

(when it is cancelled)


 (Link to third-party site)








Google Analytics (*)



This site uses Google Analytics, a Web analysis service provided by Google Inc. for the generation of statistics on the use of the Web site.

Google Analytics uses "cookies" that are placed on your computer to analyze the use of the Web site by users. The information generated by the cookies on the use of the Web site (including the IP address) is transmitted by users’ browsers to Google, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, and stored on its servers.

Google Analytics collects the information in an anonymous manner without identifying individual visitors. The browsers do not share the proprietary cookies of the Google Analytics tool with other dominions. Google Analytics does not report information regarding effective addresses: Google Analytics communicates information in such a way that only part of the IP address is used for geographic reporting, rather than the entire address, using a method known as IP masking.

Google will use this information in order to track and examine the use of the Web site, prepare reports on the Web site’s activity and provide the sites’ owner other services regarding the Web site’s activities, connection methods (mobile, PC, browser used, etc) and the methods for searching for and reaching the Web site’s pages. Google can also transfer this information to third parties when this is established by law or if the aforesaid third parties process the information on behalf of Google. Google will not associate your IP address with any other datum possessed by Google.

It is possible to disable Google Analytics cookies, using the opt-out browser add-on  provided by Google for the main browsers. It will thus be possible to also use the anonymous online services.


See also:

-    the terms of service of Google Analytics

-    Google’s privacy overview

-    Google’s privacy policy


This site also uses “Social Plugins” (hereafter called “buttons”) of social networks such as Facebook and Twitter. These buttons are disabled by default, i.e. they do not send data to the relative social network without your consent.

To enable the buttons, it is sufficient to click on them. The button remains enabled until it is disabled again or its cookies are cancelled. After it is enabled, a direct connection is established with the server of the respective social network. The content associated with the button is thus transmitted directly by the social networks to your browser and connected by the latter to the Web page.

To know the purpose and extent of the acquisition and processing/use of the data carried out by social networks, in which we play no part, users can access the notifications and privacy policy available on the social networks’ sites.

When a button is enabled, the respective social network can read a series of data, no matter what your interaction with the button itself.  If you have carried out log-in procedure for a social network, it can allocate your visit to this page to your user profile.

interested parties rights

Data subjects (subjects whose personal information is involved) have the right at any time to obtain confirmation to the existence (or not) of said information and to know its content and origin, check its accuracy and request its integration, updating or rectification (art. 7 Legislative Decree. 196/2003).

According to this same article, data subjects have the right to request the cancellation, anonymization or blocking of any data processed unlawfully, as well as opposition for legitimate reasons to their processing.

All requests must be sent to Fondazione ARENA DI VERONA using the “Contact” area of the Web site


privacy for the spectators


We found it necessary to summarize in the following document all the elements dealing with the processing of personal data, already available to the spectators through relevant documentation, to keep in line with the constant updating of our procedures dealing with the Privacy of our spectators and with the obligations imposed by Italian Legislative Decree no. 196/2003. We have integrated them with more specific information aimed at providing maximum transparency for all data collected when accepting reservations, issuing personal tickets at a concessionary fare or free of charge, managing some types of payment methods, and during public relations and customer relations activities.


-data supplied directly by the spectator or through a third party (first name, last name, possibly Identity Document number and when buying or reserving a ticket at a concessionary fare: personal details of any escorting person, particular requests in order to meet special needs of the spectator or any escorting person, certification of the degree of invalidity);

-data related to the services acquired and the shows attended or to be attended (e.g.: time, seating, any specific service requested by disabled people);

-in some cases, data related to the organization (travel agency, Company, association, other) that has organized or offered to the spectator the attendance to the show in our buildings;

-only in few cases, the ticket office will require as a guarantee to the spectator a copy of the Identity Document of the person paying for the ticket with a credit card or by check; such copies will be destroyed as soon as said guarantee is no longer needed;


Article 26 of the Italian Legislative Decree no. 196/2003 grants specific protection for data considered “sensitive”, that is personal data “allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life”. Said information can only be processed with the written consent of the data subject and after the authorization of the Garante (Privacy guarantor). Some of the aforementioned data falls in this category, as in the case of data acquired when issuing tickets at a concessionary fare for disabled people, and for this reason the data subject will be asked to give specific consent should the processing method require it.



The processing takes place for the following purposes:

1-to fulfil any obligation imposed by a law, regulations or European Community legislation; specifically, tax legislation requires the organization issuing a ticket at a concessionary fare to identify the recipient and to request at the same time proof of eligibility of a concessionary fare;

2-to fulfil contractual obligations as well as accounting- and tax-based requirements;

3-to fulfil orders given by the Judicial and Financial Authorities;

4-to meet possible Spectator’s requests by offering thorough and qualified services; personal details provided by the Spectator may be used to send information related to the show for which tickets have been reserved;

5-to manage client master data, mailing lists and statistical computations for company purposes;

6-to possibly protect a legitimate interest, to exercise or defend a right;

7-other purposes connected to public relations, marketing, advertising, information activities for the public. In particular, any details, mailing addresses and emails provided may be used to send courtesy information and/or informative material related to specific offers, seasonal tickets, future shows.

For this type of processing, the fourth subparagraph of Article 130 of the Italian Legislative Decree 196/2003 does not oblige the data controller to request the data subject’s consent, and the data subject is entitled to oppose said processing at any time.



With reference to the aforementioned purposes, personal data may be processed in paper, IT, and telematic formats. Personal data will be treated with absolute confidentiality and its use shall be relevant and not excessive in relation to the previously mentioned purposes in terms of data entry and retention data periods.

More specifically, Fondazione’s database stores data related to reservations made and tickets issued at a concessionary fare for the purposes referred to in points (c)-(d)-(e)-(g) of paragraph 2 above.



Data may be processed solely by the following staff and/or managers:


-staff for the issuing of tickets/seasonal tickets,

-reservations staff, call centre staff,

-access control staff,

-administration management staff,

-marketing staff,

-IT maintenance staff that guarantees system performance, data security and backup operations excluding consultation,

-companies/consultants appointed as external Data Processors that need to access some data for purposes linked to services requested by data subjects, and strictly within the limits necessary to perform the assigned duties such as: assistance in the execution or direct execution of compliance to tax/accounting/assistance issues, management of IT systems, financial services,

and only within the limits of what is deemed necessary to carry out one’s duty.



Personal data may be communicated or made available to:

-those people that may access data according to any law, regulation or European Community legislation, still within the limits foreseen by said norms;

-public and private bodies that manage letter post business;

-banks, credit institutions, data processing companies and credit card issuing companies, limited to accounting and tax data and only for activities strictly connected to the execution and administrative management of the contract;

-other parties (companies/consultants) that need to access some data for purposes linked to the management of services requested by data subjects, and strictly within the limits necessary to perform the assigned duties such as: assistance in the execution or direct execution of compliance to tax/accounting/assistance issues, management of IT systems, financial services;

-entities that have acted as a liaison for reservations or purchasing of personal tickets (associations, travel agencies, etc.) as a confirmation, and that have a direct relationship to the spectator; within this scope and after authorization (when required), the data that is the subject of processing may be transferred outside the country, both inside or outside the European Union and to the country where the spectator comes from;

It should be mentioned that all aforementioned communication is limited only to the data necessary to the specific Entity/office (which will remain an independent Data Controller of all additional processing) to carry out its duties and/or to achieve those ends connected to the communication of the data.



Communicating and updating one’s personal data is mandatory within the limits of what is required to comply with agreements and tax issues as foreseen by current legislation and with contractual obligations (refer to points (a)-(b)-(c)-(d) of paragraph 2). Failure by the data subject to fulfil this obligation would make it impossible for Fondazione ARENA DI VERONA to meet the spectator’s requests and to carry out the normal activities connected with ticket issuing or acceptance of a reservation. Clearly, on a case by case basis, the required data is clearly pointed out depending on which format is used (highlighted on paper forms and on forms found on the website or pointed out by a Fondazione staff member).


It is necessary to specify that most processing done is not subject to requesting a consent pursuant to Article 24 of the Italian Legislative Decree 196/2003, with only few exceptions for which specific forms are available (for example, the processing necessary for issuing a ticket at a concessionary fare).



Fondazione ARENA DI VERONA will not disclose personal data.

However, it must be pointed out that TV/recording/photographic services carried out by third parties during the events may at times show identifiable spectators.



The data controller is Fondazione ARENA DI VERONA – Via Roma 7/D – 37121 VERONA



To exercise one’s rights pursuant to Article 7 of the Italian Legislative Decree no. 196/2003 (full text enclosed) the data subject may contact the Marketing and Sales Manager by calling the number +39 045 8005151, sending a fax to +39 045 8015593 or an email to



Tickets at a concessionary fare are issued as personal tickets in order to provide for a better service and to avoid their misuse and staff members may request an Identity Document to verify the recipient’s identity. We strongly recommend keeping the tickets in a safe place and to promptly notify any loss by calling the following number: +390458005151.


Italian Legislative Decree no. 196 of 30 June 2003 (Italian Personal Data Protection Code).


Article 7 (Right to Access Personal Data and Other Rights):

a. A data subject [natural person or legal person to whom the data refers to] shall have the right to obtain confirmation as to whether or not personal data concerning him exists, regardless of its being already recorded, and communication of such data in intelligible form.

b. Data subject shall have the right to be informed:

  1. of the source of the personal data;
  2. of the purposes and methods of the processing;
  3. of the logic applied to the processing, if the latter is carried out with the help of electronic means;
  4. of the identification data concerning data controller, data processors and the representative designated as per Article 5(2);
  5. of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.

A data subject shall have the right to obtain:

  1. a) updating, rectification or, where interested therein, integration of the data;
  2. b) erasure, anonymization or blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected or subsequently processed;
  3. c) certification to the effect that the operations as per points (a) and (b) have been notified, as also related to their contents, to the entities to whom or which the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected.


  1. A data subject shall have the right to object, in whole or in part:
  2. a) on legitimate grounds, to the processing of personal data concerning him/her, even though it is relevant to the purpose of the collection;
  3. b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys;
  4. g) setting up, managing, planning and monitoring the relationships between the administration and the entities bound by contractual agreements with and/or recognized by the National Health Service.