INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA OF WEBSITE USERS Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter "GDPR")
Why this notice
The OPERA DEL DUOMO DI ORVIETO-FABBRICERIA (hereinafter also referred to as the "Data Controller") is committed to respecting and protecting your privacy and wishes to ensure that you feel secure both while simply browsing the website and if you decide to provide your personal data to benefit from the services made available to Users and/or Customers.
On this page, the Data Controller intends to provide some information regarding the processing of personal data of users who visit or consult the website accessible electronically at the address www.duomodiorvieto.it (the "Website").
This privacy notice applies only to the website of Opera del Duomo di Orvieto-Fabbriceria and not to other websites that may be accessed by the user via links (for which reference should be made to their respective privacy policies).
The reproduction or use of pages, materials, and information contained within the Website, by any means and on any medium, is not permitted without the prior written consent of the Data Controller. Copying and/or printing is permitted exclusively for personal and non-commercial use (for requests and clarifications, please contact the Data Controller at the contacts provided below). Any other use of the content, services, and information present on this site is not allowed.
Regarding the content provided and the information offered, the Data Controller will strive to keep the Website content reasonably updated and reviewed but does not offer any guarantees regarding the adequacy, accuracy, or completeness of the information provided, explicitly disclaiming any liability for possible errors or omissions in the information provided on the Website.
Origin – Navigation Data
The OPERA DEL DUOMO DI ORVIETO-FABBRICERIA informs you that personal data provided by you and acquired simultaneously with your request for information and/or contact, and the use of services via smartphones or any other tool used to access the Internet, as well as the data necessary for the provision of such services—including navigation data and data used for any purchase of products and services offered by the Data Controller, but also solely "navigation" data—will be processed in compliance with applicable regulations.
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. These are pieces of information that are not collected to be associated with identified individuals but, by their very nature, could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes "IP addresses" or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (success, error, etc.), and other parameters relating to the user's operating system and IT environment.
These data are used solely to obtain anonymous statistical information on the use of the site and to check its proper functioning. It should be noted that these data could be used to ascertain liability in the event of cybercrimes against the Data Controller’s site or related or connected sites. However, except in such cases, web contact data do not persist for more than a few days.
Origin – Data Provided by the User
The OPERA DEL DUOMO DI ORVIETO-FABBRICERIA collects, stores, and processes your personal data to provide the products and services offered on the Website or to comply with legal obligations. Regarding certain specific Services or Products, the Data Controller may process your data for commercial purposes. In such cases, specific, separate, optional, and always revocable consent will be requested.
The optional, explicit, and voluntary sending of emails to the addresses indicated in the relevant section of the Website, as well as the completion of questionnaires (e.g., forms), push notifications via APP, social networks, etc., involve the subsequent acquisition of some of your personal data, including those collected through the use of Apps and related services, necessary to respond to requests.
You may access the Website or connect to areas where you may be allowed to post information, using blogs or bulletin boards, and communicate with others, for example, via the Opera del Duomo di Orvieto-Fabbriceria pages on Facebook®, Instagram, YouTube®, and other social networks. Before interacting in these areas, we invite you to carefully read the General Terms of Use, considering that, in some cases, the information published may be viewed by anyone with access to the Internet, and all information included in your publications may be read, collected, and used by third parties.
Purpose of Processing and Legal Basis
The data is processed for the following purposes:
- Strictly related and necessary to access the website www.duomodiorvieto.it, the services and/or Apps developed or made available by the Data Controller, the use of related informational services, the management of contact or information requests, and the purchase of products and services offered through the Company’s website.
- Ancillary activities related to the management of User/Customer requests and sending responses, which may include the transmission of promotional material; for the completion of purchase orders for offered products and services, including aspects related to credit card payments, shipment management, the possible exercise of the right of withdrawal for remote purchases, and updates on the availability of temporarily unavailable products and services.
- Compliance with obligations established by EU and national regulations, the protection of public order, and the detection and suppression of crimes.
- Direct marketing: insertion of data into the CRM system and the sending of advertising materials regarding services, events, and initiatives promoted by the Data Controller. These activities may be carried out using “traditional” methods (such as postal mail and/or operator calls) or via “automated” contact systems (such as SMS, email, interactive applications), in accordance with Art. 130, paragraphs 1 and 2 of Legislative Decree 196/03 and subsequent amendments.
Providing data for the purposes outlined in points 1, 2, and 3, which are linked to a pre-contractual and/or contractual phase, a user request, or a specific legal requirement, is mandatory. Failure to provide such data will make it impossible to receive information and access the requested services. Regarding point 4 of this Notice, user/customer consent for data processing is voluntary and revocable at any time, without affecting the usability of products and services, except for the inability of the Data Controller to keep users/customers updated on new initiatives, special promotions, or available benefits.
The Data Controller may send commercial communications related to products and/or services similar to those already provided, in accordance with Directive 2002/58/EC, using the email or postal addresses provided on such occasions, which you may opt out of by following the methods and contact details outlined below.
Methods, Processing Logic, Retention Periods, and Security Measures
Processing is carried out using electronic or otherwise automated means and is performed by the Data Controller and/or third parties engaged by the Data Controller for data storage, management, and transmission. Data processing will be conducted using organizational and processing logic that ensures the security and confidentiality of personal data, including logs generated from access and use of web-based services, products, and services, in relation to the above-mentioned purposes. The processed personal data will be retained for the period required by applicable law.
Regarding data security, in sections of the website designated for specific services where personal data is requested from the user, data is encrypted using a security technology called Secure Sockets Layer (SSL). SSL technology encodes information before it is transmitted over the Internet between the user's device and the Company’s central systems, making it incomprehensible to unauthorized parties and thereby ensuring the confidentiality of transmitted information. Additionally, transactions using electronic payment methods are conducted directly on the platform of the Payment Service Provider (PSP), and the Data Controller retains only the minimum necessary information to handle potential disputes.
In reference to personal data protection, users/customers are encouraged, in accordance with Art. 33 of the GDPR, to report any circumstances or events that may result in a potential personal data breach to allow an immediate assessment and adoption of necessary measures. Reports should be sent to opsm@pec.it / info@duomodioprvieto.it.
The security measures adopted by the Data Controller do not exempt Customers from exercising due diligence in using sufficiently complex passwords/PINs, which should be updated periodically, especially if suspected to be compromised or known by third parties. Users should also safeguard their credentials to prevent unauthorized and improper use.
Cookies
A cookie is a short text string sent to your browser and, potentially, stored on your computer (or alternatively on your smartphone/tablet or any other device used to access the Internet). This occurs each time you visit a website. The Controller uses cookies for various purposes to provide you with a fast and secure digital experience, for example, allowing you to keep your login active while navigating through the website’s pages.
The cookies stored on your device cannot be used to retrieve any data from your hard drive, transmit computer viruses, or identify and use your email address. Each cookie is unique to the browser and device you use to access the Website or use the Controller’s App. Generally, cookies aim to improve the functionality of the website and enhance the user experience, although they may also be used to send advertising messages (as specified below). For more information on what cookies are and how they work, you can visit the website “All about cookies” at http://www.allaboutcookies.org.
For detailed information on Cookies, users/visitors are encouraged to consult the "Cookie Policy" page on this website.
Data Communication and Transfer
In addition to the Controller, in some cases, the following recipients may have access to the data:
Entities typically acting as Data Processors, such as:
- Individuals, companies, or professional firms providing assistance and consultancy services to the Controller in accounting, administrative, legal, financial, and debt collection matters concerning service provision and relationship management.
- Entities required to interact for service provision and relationship management (e.g., hosting providers, marketing support service providers, and related service suppliers).
- Entities designated to perform technical maintenance activities (including maintenance of network devices and electronic communication networks).
- For marketing purposes, the Controller may process personal data to use marketing and targeting services provided by third-party platforms, including social media (such as Facebook and Google). Using such services may require the Controller to communicate personal data to these third-party platforms.
- Entities, bodies, or authorities to whom it is mandatory to disclose personal data under legal provisions, authority orders, or to prevent and/or detect fraudulent activities or abuses in using the site and services offered by the Controller.
- Persons authorized by the Controller to process personal data necessary to perform activities strictly related to service provision, who have committed to confidentiality or are legally bound to confidentiality (e.g., employees and/or collaborators).
Personal data is stored in paper, computer, and telematic archives located in countries where the GDPR applies (EU countries).
Data is not transferred outside the European Union.
User Rights
All Users may exercise their rights recognized by law at any time, including:
- The right to access their personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom the data may be disclosed, the applicable retention period, and the existence of automated decision-making processes.
- The right to obtain without delay the correction of inaccurate personal data.
- The right, in specific cases, to obtain the deletion of their data.
- The right to obtain restriction of processing or to object to processing, when possible.
- The right to request data portability, i.e., to receive the personal data provided to the Controller in a structured, commonly used, and machine-readable format, including for transmitting such data to another controller, within the limits and constraints established by Article 20 of the GDPR.
Additionally, users can file a complaint with the Data Protection Authority under Article 77 of the GDPR.
For processing activities related to point 4) of the purposes, the Client may always revoke consent and exercise the right to object to direct marketing (in both "traditional" and "automated" forms). In the absence of an alternative indication, the objection will apply to both traditional and automated communications.
Data Controller
The Data Controller is OPERA DEL DUOMO DI ORVIETO - FABBRICERIA, tax code 81000670554, with its registered office in Orvieto, Piazza del Duomo, 26, zip code 05018.
PEC: opsm@pec.it
Phone number: 0763 342477
Email: opsm@opsm.it
Users can exercise their rights by sending a request using the following methods:
Sending a registered letter with return receipt to: OPERA DEL DUOMO DI ORVIETO, Piazza del Duomo, 26, Orvieto
Sending a PEC/email to the following addresses: opsm@pec.it / info@duomodiorvieto.it
Using the Website, including those intended for tablets and/or smartphones, by the Client and/or User implies full knowledge and acceptance of the content and any indications included in this version of the notice published by the Controller at the time of website access. The Controller informs that this notice may be modified without prior notice and therefore recommends periodic reading.
