A) INFORMATION REGARDING THE WEBSITE'S PRIVACY POLICY

The ETS Insurance Museum, based in Milan, VAT/Tax Code 97389580156 (hereinafter referred to as "Data Controller"), as the data controller, informs you pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as "GDPR") that your data, in relation to your browsing on our website, will be processed in the following ways and for the following purposes.

​

B) DATA PROCESSING

​

1. Subject of the processing

​The Data Controller processes personal data, both identifiable and non-sensitive (by way of example but not limited to, name, surname, email - hereinafter referred to as "personal data" or also "data") that you provide when registering on the website: www.museodellassicurazione.com of the Data Controller (hereinafter referred to as "Site"), filling out contact forms via the Site, or making online requests for clarifications or support.

​

2. Purpose of the processing​

Your personal data are processed:

A) Without your explicit consent (Article 6, letters b) and e) of the GDPR), for the following purposes:

• To allow navigation of the Site;

• To respond to specific requests for information directed to the Data Controller;

    Legal basis: Performance of a service​

B) Only with your specific and distinct consent (Article 7 of the GDPR), for the following marketing purposes:

• To send you newsletters, information about the activities of the Data Controller via email.

    Legal basis: Consent (optional and revocable at any time).

​

3. Processing methods

The processing of your personal data is carried out through the operations indicated in Article 4 of the Privacy Code and Article 4, paragraph 2) of the GDPR, specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data may be processed both manually and electronically and/or automated.

​

Retention period of processed data

The Data Controller will process personal data for the time necessary to fulfill the purposes outlined above.

​

4. Processing of browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information not collected to be associated with identified data subjects, but which by their very nature could, through processing and associations with data held by third parties, allow for the identification of users. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URIs (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment. This data is used solely to obtain anonymous statistical information about the use of the site and to check its correct functioning. Data may also be used to ascertain responsibility in the event of hypothetical cyber-crimes against the site.

​

5. Security measures

The Data Controller has adopted a wide range of security measures to protect your data against the risk of loss, misuse, or alteration.

​

6. Access to data

Your data may be made accessible for the purposes outlined in Article 2.A) and 2.B):

• To employees and collaborators of the Data Controller, in their capacity as authorized personnel and/or internal data processors;

• To third-party companies or other entities performing outsourcing activities on behalf of the Data Controller, in their capacity as data processors.

​

7. Data communication

Without your explicit consent (under Article 24, letters a), b), d) of the Privacy Code and Article 6, letters b) and c) of the GDPR), the Data Controller may communicate your data to supervisory bodies, judicial authorities, and any other entities to whom communication is mandatory by law for the fulfillment of the stated purposes. Your data will not be disseminated.

​

8. Data transfer

The management and storage of personal data will take place in Europe, on servers located in Italy owned by the Data Controller and/or third-party companies duly appointed as Data Processors.

​

9. Nature of data provision and consequences of refusal to respond

Providing data for the purposes outlined in Article 2.A is mandatory as it is necessary to respond to information requests. However, for the purposes outlined in Article 2.B, acceptance is optional. You can therefore choose not to provide any data or subsequently deny the processing of already provided data: in this case, you will not receive newsletters, commercial communications, or advertising material related to the services offered by the Data Controller. Nonetheless, you will continue to have the right to the services referred to in Article 2.A.

​

10. Rights of the data subject

In accordance with the provisions of Chapter III, Section I of the GDPR, you can exercise the rights indicated therein, in particular:

• Right of access - To obtain confirmation of whether or not personal data concerning you is being processed, and in that case, to receive information regarding, in particular: purposes of the processing, categories of personal data processed, retention period, and recipients to whom the data may be communicated (Article 15, GDPR);

• Right to rectification - To obtain, without undue delay, the rectification of inaccurate personal data concerning you and the completion of incomplete personal data (Article 16, GDPR);

• Right to erasure - To obtain, without undue delay, the erasure of personal data concerning you, in cases provided for by the GDPR (Article 17, GDPR);

• Right to restriction - To obtain from the Data Controller the restriction of processing in cases provided for by the GDPR (Article 18, GDPR);

• Right to data portability - To receive in a structured, commonly used, and machine-readable format, the personal data concerning you that you have provided to the Data Controller, and to obtain that the same be transmitted to another data controller without hindrance, in cases provided for by the GDPR (Article 20, GDPR);

• Right to object - To object to the processing of personal data concerning you, unless there are legitimate grounds for the Controllers to continue the processing (Article 21, GDPR);

• Right to lodge a complaint with a supervisory authority - To lodge a complaint with the Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM).

​​

11. Methods of exercising rights

You can exercise your rights at any time by sending: a registered letter to Museo dell’assicurazione, Via Rugabella 10, 20123 Milan, or an email to: info@museodellassicurazione.com.

​

12. Changes to this Notice

This Notice may undergo changes. It is therefore recommended to regularly check this Notice and refer to the most updated version. The updated version of the privacy policy will be published on this page, indicating the date of its last update.

​

Last updated on May 25, 2018.