Updated on February 11th 2019
This page describes the management methods of the Web site with reference to the processing of the personal data of users who consult it. In fact, after consulting this site, data regarding identified or identifiable individuals may be processed. This notice is given those interacting with the Web service of the Controller, accessible online from the URL: https://www.arena.it
It is specified that the notice is only provided for the abovementioned Web site and not for other Web sites that may be consulted by users via links. This document may undergo periodical updates.
THE “CONTROLLER” OF THE PROCESSING
The Controller of the Processing is Fondazione Arena di Verona, with registered office in Via Roma 7/D - 37121 Verona – e-mail: firstname.lastname@example.org (hereafter for brevity indicated as “Fondazione”). The Data Protection Officer (RPD/DPO) appointed by Fondazione can be contacted at email@example.com
TYPE OF DATA PROCESSED - NAVIGATION DATA
During operation, the IT systems and software procedures used to operate this Web site collect some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties but, for their very nature, by means of processing and association with data held by third parties, could enable users to be identified. This category of data includes IP addresses or the dominion names of the computers used by the users who access the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (OK, error, etc.) and other parameters regarding users’ operating system and IT environment. These data are only used to obtain anonymous statistic information on the use of the site to control its correct operation. The data could be used to ascertain responsibility in the event of possible computer crimes damaging the site: apart from this eventuality, at present, the data regarding Web contacts are not retained for more than 30 days. The legal basis of the processing is therefore a legitimate interest on behalf of the controller to ensure the execution and improvement of the services provided by the site.
DATA RELEASED VOLUNTARILY BY USERS
The optional, explicit and voluntary sending of e-mails to the addresses shown on this site or the completion of dedicated forms for entering data to receive services/information or make requests implies the successive acquisition of the sender’s address, necessary for replying to the requests, as well as any other personal data keyed in. The personal data released by users who send requests (e.g. registering for the newsletter) are only processed in order to provide the service(s) requested, unless otherwise foreseen in any further notices specifically regarding data processing in the login or registration pages. Specific summary notices and any requests for consent, if necessary, will be gradually published on the pages of the site dedicated to particular on-demand services. The legal basis of the processing is therefore the execution of contractual obligations (requests) of the users/ individuals requesting consent.
The legal basis of the processing is therefore the legitimate interest of the Controller in the event of technical cookies and the consent of the interested parties for profiling cookies.
COMMUNICATION OF DATA TO THIRD PARTIES AND TRANSFER TO OTHER COUNTRIES
No data obtained from the Web service will be diffused. No navigation data is communicated to third parties, apart from the company providing technical support for the site, which respects current regulations/law. The personal data released by users (such as for example name, surname, e-mail, telephone and information contained are handled by in-house company subjects to respond to requests).
Diffusion of data The personal data will not be released by the Fondazione. Nevertheless, it must be noted that during television coverage/recording/photographic sessions destined for diffusion, carried out by other subjects during shows, identifiable spectators might occasionally appear.
To whom they can be communicated Personal data can be communicated or made available to:
- subjects who can access the data due to legal provisions, rules or community regulations or other regulations, within the limits foreseen by the regulations in question.
- the organization (travel agency, company, association, etc.) that has organized or offered the spectator the viewing of the show in our venues, in the form of confirmation.
- only in the case of data of an accounting and fiscal nature, to banks, data processing companies and credit card companies, for activities exclusively connected with the execution and administrative management of the contract.
- to other subjects (companies/consultants nominated as responsible) who need to have access to some data for purposes regarding the management of the services requested by the interested parties, within the limits strictly necessary for carrying out the tasks entrusted to them, such as: assistance in the carrying out or direct execution of fiscal/accounting/assistance work, management of IT systems, financial services.
- to bodies that played an intermediary role for bookings or for the purchase of personal tickets (associations, travel agencies, etc.) in the form of confirmation, who have direct relationships with the spectators; in this context, the processing of the data in question may also consist in their communication abroad, both within and outside the European Union, to the country of origin of spectators, subject to authorization (if foreseen).
Naturally, all the communications described above are only limited to the data necessary to the receiving body/office (which will remain the independent Controller for all the consequent processing) for the executing its tasks and/or achieving the aims connected with communication.
PROCESSING METHODS, PERIOD OF RETENTION OF DATA AND AUTOMATED PROCESSES
The personal data are processed with computerized means. The personal data released by users are retained for the period necessary for the execution of the purpose(s) indicated. Navigation data are retained for the period necessary for the execution of the purpose(s) indicated, and at most 30 (thirty) days from the collection. No automated decision-making process is carried out, including profiling, via the Web site Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
Apart from what has been specified for navigation data, users are free to provide personal data in the request forms or anyhow indicated in contacts with the Controller. Failure to release them can result in it being impossible to obtain what is requested. Fondazione, owner of the Web site and Controller of the data processing, reserves the right to cancel registrations and block the provision of services in the event of the data supplied for access to certain services being found to be untrue.
RIGHTS OF THE INTERESTED PARTIES, FACULTY TO LODGE COMPLAINTS AND WITHDRAW CONSENT
The subjects which the personal data refer to have the right at any time to request access to their personal data, amend, delete and limit them, block their processing and exercise the right to data portability. In any case, interested parties have the right to withdraw at any time any consent given to data processing, without prejudicing the legality of the processing based on the consent given prior to withdrawal.
To exercise the rights foreseen by the current regulations/law on matters of personal data protection and to see the complete list of external parties responsible for processing appointed for each area and activity, to obtain information regarding the transfer of data to non-EU countries and regarding guarantees, you can write to firstname.lastname@example.org
Interested parties also have the right to lodge a claim with the Authority for the control of data processing, located in particular in the member nation in which they habitually reside, the member nation in which they work or in which the presumed violation occurred.