Information on the processing of personal data pursuant to Articles 13 and 14 of EU Reg. no. 679/2016

The Basilica di San Petronio website collects and processes personal data of users who browse or use the online services on the site https://www.basilicadisanpetronio.org/

By personal data we mean any information that can be used to identify a user as an individual.

The purpose of this policy is to provide a clear and detailed explanation of how, when and why we collect and process personal data and information. It is designed to explain in a simple and transparent way our policy regarding the protection of personal data and to explain to users how to effectively exercise their rights.

This information refers only to the data collected and processed through this website and does not concern other websites, social network platforms or pages, even if they are accessible via links on the Website: In such cases, reference should always be made to the information available on the respective pages.

This information may change and vary over time, Therefore, users are invited to regularly consult this page to be updated on the processing of personal data.

INDEX:

Data controller
When we collect personal data
Which data are processed
For what other purposes we may use personal data
Who the data is shared with
How the data is processed
Where personal data is processed
How long data is stored
Links to third-party sites and social networks
The rights of data subjects
Possibility of lodging a complaint
Any changes to this policy

1. Data controller

The controller of personal data related to the website is Basilica di San Petronio, C.F. 80007310370, as it determines the means and purposes and guarantees adequate protection.

You can contact the Data Controller by sending a communication to the following addresses:

by post: Basilica di San Petronio, Piazza Maggiore, 40124 Bologna – Italy;
e-mail: info@basilicadisanpetronio.org;
PEC: basilicadisanpetronio@pec.it.

2. When we collect personal data

Personal data may be collected directly from the user:

when you access and browse the Site (browsing data);
when you submit requests (including tour bookings) through dedicated sections or contacts (email address and information contained in the communication sent);
when you register to attend an event (registration and contact details);
when donations are made in favor of the Basilica or you participate in the initiative “Adopt a brick” (name and surname to be indicated in the Register of donors);
if the user subscribes to the newsletter service (e-mail address).

3. Which data are processed

When the user navigates or uses the services on the Site, the following types of data may be processed:

navigation data

Some personal data whose transmission is implied in the navigation of websites, including but not limited to traffic and location, the weblog and other communication data for billing purposes or related to resources accessed by a user via their device, are acquired by the computer systems and allow their proper functioning. Although this information is not collected to be associated with identified data subjects, it may identify users – by their very nature and/or through processing and associations with data held by third parties. For example, these include the IP addresses or domain names of computers used by users connecting to the Site, unique addresses of requested resources, the time of requests, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server and other parameters related to the operating system and browser used.

Purpose of the processing: to allow you to use the Website safely and correctly;
- Legal basis of the processing: the legitimate interest of the Data Controller in the proper functioning of the Website and the security of navigation, regularly balanced with the rights of the data subject (Art. 6, paragraph 1, lit. f, GDPR).

Request for information through dedicated sections

You can contact us via the contact form (https://www.basilicadisanpetronio.org/contatti/) or using the contact details on the website to request information (info@basilicadisanpetronio.org), to book visits (prenotazioni@basilicadisanpetronio.org), or to request information or material from the

historical archive (archio.storico@basilicadisanpetronio.org) or musical (archivio.musicale@basilicadisanpetronio.org) of the Basilica, as well as to request assistance for any problems. This involves the subsequent acquisition of data that users communicate (name, surname, e-mail address and the information contained in the communication) and legitimate the sending of any response communications by the Controller using the contact details provided by the user at the time of the request.

Purpose of the processing: to provide adequate support to users in order to use the services made available through the Site;
- Legal basis of the processing: the provision of the service requested by the user (art. 6, paragraph 1, lit. b, GDPR).

event registration

By filling in the forms available on the https page://www.basilicadisanpetronio.org/events/ you can register directly through the Site to participate in the events organized or promoted by the Basilica of San Petronio. The data provided will be processed by the staff appointed by the Controller exclusively to manage the registration request and the activities related to the user’s participation in the event. Events may also be organized by third parties in relation to the Data Controller, as indicated on the relevant descriptive pages: in these cases, the data provided by the user, Within the limits and as necessary to allow proper participation in the event itself, may also be communicated to the organizer. In case of doubt, please contact the Data Controller directly for any clarification at info@basilicadisanpetronio.org

Purpose of the processing: manage the request for registration to one or more events and the subsequent participation in them of the data subject;
- Legal basis of the processing: the provision of the service requested by the user (art. 6, paragraph 1, lit. b, GDPR).

Making donations to the Basilica

On the Site users can find instructions for making donations in favor of the Basilica at the https page://www.basilicadisanpetronio.org/en/support-us/. If you participate in the “Adopt a brick” initiative, you can request that it be sent to you at the e-mail address given in the same notice, the corresponding adoption certificate and, in case of prior consent, the name of the user will be included in the List of donors, published on the Site in the appropriate section https://www.basilicadisanpetronio.org/en/support-us/.

Purpose of the processing: to leave a trace of the donation made by the person concerned to support the Basilica;
- Legal basis of the processing: the consent of the data subject (art. 6, paragraph 1, lett. a, GDPR).

Newsletter

The newsletter of the Basilica di San Petronio is sent by e-mail to those who make an explicit request, filling in the appropriate form on the Site with their address andmail and authorizing the Data Controller to process his personal data for the aforementioned purpose. The service is provided only after explicit and unequivocal statement of consent by the user (issued by selecting the appropriate box on the Site) and the provision of data is mandatory only for the purpose of receiving the newsletter and any refusal will result in the impossibility of using the service, without further consequences.

The newsletter service is provided through the platform Mailchimp, of the group of companies under Intuit Inc., based in the United States of America: more information on the compliance with current legislation is available here: https://mailchimp.com/it/gdpr/ and the related Privacy policy is available here: https://www.intuit.com/privacy/statement/.

Because Mailchimp is located in the USA, if you decide to activate the newsletter service, you must know that your data may be transferred outside of European territory for this processing. Mailchimp applies several measures to ensure that such data transfers take place safely and in compliance with European requirements (of the GDPR, in particular): more information is also available here: https://mailchimp.com/help/mailchimp-european-data-transfers/. For further clarification, please contact privacy@intuit.com or directly the Mailchimp Data Protection Officer (DPO) at: dpo@mailchimp.com.

In any case, to no longer receive the newsletter, simply select the unsubscribe link at the end of each e-mail or send a specific request to e-The European Commission has published a report on the European Union’s work in this field. The cancellation is managed in a partially automated way, so further newsletters may be received for a period after this request, no later than 72 hours after the request for cancellation, and whose submission was planned before the receipt of the request for cancellation.

Purpose of the processing: to send the data subject e-mail communications with information and updates on the Basilica and events and activities organized;
- Legal basis of the processing: the consent of the data subject (art. 6, paragraph 1, lett. a, GDPR).

f) Cookie

What are they? The term cookie refers to a small text file in which brief information about browsing a particular website is stored, that will be installed on your device at the time you log in. Each cookie contains different data (e.g., the name of the server from which it comes, a numerical identifier, etc.), can remain in the system for the duration of a session (until the browser is closed) or for long periods and may contain a unique identification code.

What are they for? Cookies are used for different purposes depending on their type: some are strictly necessary for the correct functionality of a website (technical cookies), while others optimize their performance to provide a better user experience or allow you to collect statistics on the use of the Site, such as analytics cookies, or allow you to display personalized advertising, such as profiling cookies.

When you visit the Site again, cookies will be re-installed on the site that generated them (first-party cookies) or those provided by third parties able to recognize them (cookies from third parties).

In any case, cookies do not harm the users’ devices in any way, but they allow you to browse faster, offering users a better browsing experience.

The Site may use both cookies that do not require your consent for their installation (such as technical and anonymized analytics cookies), cookies that require your prior consent to be used (such as profiling cookies). This information is shown in the banner displayed when opening the Site and in the cookie settings panel always available on the Site.

In particular, the site may activate:

a.Technical cookies (which do NOT require your consent):

These cookies are necessary for the functioning of the site and allow you to access its functions (c.d. navigation cookies) or to authenticate yourself in the session.

We also use functional cookies, which allow us to store your preferences and settings, thus improving your browsing experience within the site.

To ensure their functionality, these cookies are not deleted when you close your browser; however, they have a default duration (generally up to a maximum of 2 years) and after that period shall be automatically deactivated. These cookies and the data collected by them will not be used for any other purpose.

The installation of technical cookies is automatic following access to the site or to activate certain features (e.g. for security checks when sending a request via the appropriate contact form). You can always decide to disable them by changing your browser settings at any time, but in this case you may experience some problems with the site display.

The aim: to ensure the proper functioning and safety of the site;
Legal basis of the processing: the legitimate interest of the Data Controller in the proper functioning of the site and the security of navigation, regularly balanced with the rights of the data subject (Art. 6, paragraph 1, lit. f, GDPR).

b. Analytical cookies (which may NOT require your consent if anonymised)

These cookies track the choices made on the site and data related to users’ online browsing (for example, pages viewed, time spent on a page, etc.)The EU’s European Commission has published a report on the implementation of the Fifth Framework Programme for Research and Development. If users are traceable and identifiable through these analyses, these tools can only be used with their consent.

When the following circumstances occur:

the IP address has been duly anonymised;
lthe information obtained with analytical cookies refers to a single computer resource (website, app, etc.) and is used only in an anonymous and aggregated form;
the cookie provider does not combine the information with other processing and does not transmit it to third parties,

complete anonymisation of the collected data is guaranteed and also cookies falling into this category can be activated without the need for consent from the user, precisely because the data processed cannot be linked to any identifiable user.

Purpose: to have statistics on the behaviour of users on the Site, based on aggregated and anonymised data.
Legal basis of the processing: as appropriate:

– ithe Data Controller’s legitimate interest in optimizing the performance of the Site and improving the services provided through the Site, regularly balanced with the rights of the data subject (Art. 6, paragraph 1, lit. f, GDPR);

– ithe consent of the user (art. 6, paragraph 1, lett. a, GDPR), freely given and revocable at any time, through the cookie banner or by following the instructions below and in the Cookie Policy available on the Site.

c. Profiling and marketing cookies (which require your CONSENT):

This site also uses profiling and third-party cookies, whose installation is subject to your prior consent granted through the banner or managed at any time through the Cookie Policy available on the Site.

Profiling cookies can include different categories, including advertising profiling, retargeting or social cookies.

Advertising profiling cookies: they create a user profile that allows you to view advertising content in line with the preferences expressed during browsing the site;
Retargeting cookies: they are created in order to send you advertising content related to the products that you have purchased or viewed on the site and for which you have expressed interest;
Social cookies: this site allows the installation of cookies related to the plug-ins of social networks. These cookies are managed directly by third parties and allow the display of advertising messages in line with your preferences.

When you access the Site, through a special banner you will be informed of the presence of profiling and retargeting cookies and, through it, you can consent or not to their installation, by selecting the individual cookies you want to install.

You can revoke your consent at any time, without prejudice to the possibility of visiting the site and accessing its contents.

The installation of profiling, retargeting, analytical and social cookies, including any other activity related to them, is managed through third-party services. For more information and to enable or disable these cookies, you can access the information provided directly by third-party companies: The corresponding list is available in our Cookie Policy available on the Site.

The user is informed either by short information (banner displayed until consent is given or denied) either through our Cookie Policy available on the Site that we invite you to read carefully for all other information about the cookies used in the site and for information about their disabling.

Purpose: to analyze the user’s browsing behavior to present personalized advertising;
Legal basis of the processing: consent of the user (art. 6, paragraph 1, lett. a, GDPR), freely given and revocable at any time, through the cookie banner or by following the instructions below and in the Cookie Policy available on the Site.

Disabling via browser

Please note that the website http://www.youronlinechoices.com/it/ can not only acquire more information on cookies, but also check the installation of numerous cookies on your browser/device and, if supported, also disable them.

The commonly used browsers (e.g., Internet Explorer, Firefox, Chrome, Safari) also accept cookies by default, but this setting can be changed by the user at any time. This applies to PCs as well as mobile devices, such as tablets and smartphones: it is a generally widely supported function.

Therefore, cookies can easily be disabled or disabled by accessing the options or preferences of the browser used and generally can also be blocked only cookies third parties; Generally speaking, these options will only apply to that browser and device unless you have options to unify preferences on different devices. The specific instructions can be found in the options or help page (help) of the browser itself. Disabling technical cookies, however, may affect the full and/or proper functioning of different sites, including this Site.

As a rule, browsers used today:

offer the “Do not track” option, which is supported by some websites (but not all). This may result in some websites no longer collecting certain browsing data;
offer the option of anonymous or incognito browsing: this way no data will be collected in the browser and no browsing history will be saved, but the browsing data will still be available to the operator of the website visited;
allow you to delete cookies stored in whole or in part, but the new visit to a website are usually installed if this possibility is not blocked.

Links to the support pages of the most popular browsers are indicated (with instructions on disabling cookies on these browsers):

Firefox (https://support.mozilla.org/it/kb/Attivairy and deactivate cookies);
Microsoft Edge (http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11);
Safari (iOS) (https://support.apple.com/it-it/HT201265);
Chrome (desktop: https://support.google.com/chrome/answer/95647?hl=it; Android e iOS https://support.google.com/chrome/answer/2392971?hl=it).

4. For what other purposes we may use personal data

The personal data of the users, moreover, may be used also for the purpose of:

comply with legal obligations and requests from public or governmental authorities;
manage any disputes or contentions and therefore defend the rights of the Owner, both judicially and out of court.

In such cases, the legal bases for processing will be:

for point a), the fulfilment of a legal obligation;
for point b), the Data Controller’s legitimate interest in protecting its rights, provided that it is adequately balanced, from time to time, with the rights of the data subject.

5. Who the data is shared with

In compliance with the purposes indicated in the previous section, the staff appointed by the Data Controller may be responsible for processing users’ personal data collected through the Site, in order to provide the services, information or support requested. Access to personal data will be expressly authorized by the Data Controller, who, if necessary, appoints the subjects to which it turns for the provision of services and for activities under its own responsibility as Data Processors in accordance with articles. 28 of the GDPR. The list of data processors is available from the Controller, who can request it using the contact details indicated above.

The data of users will not be transferred to third parties except in cases where the nature of the services rendered requires it, or the case where, by virtue of a legal obligation or in the presence of its legitimate interest, the Data Controller has the need to notify the competent judicial or supervisory authorities.

6. How the data is processed

The personal data of users will also be processed with the aid of electronic means for the time strictly necessary to achieve the purposes intended by the collection.

The Data Controller will take appropriate technical and organisational measures to limit the risks of loss, misuse or incorrect use of data, and prevent unauthorised access by third parties.

The Data Controller undertakes to put in place adequate solutions to ensure the security of personal data, limiting the number of persons who will be allowed access to servers or databases and putting in place protection systems to avoid the risk of cyber attacks.

7. Where personal data is processed

The data collected through the Site are located in servers located in Italy owned by the company Aruba SPA.

However, some service providers may also be based in countries outside Europe, particularly the USA, as specifically indicated in this policy with reference to the Newsletter service provided through the Mailchimp platform and for some cookies, provided by Google Inc., as indicated in the Cookie Policy available on the Site: in these cases, personal data related to the service provided could also be transferred to servers located in the United States, even if they are collected and stored mainly in European territory. In these cases, the supplier guarantees compliance with and adoption of the guarantee measures provided for and required by the adequacy decision adopted by the European Commission on 10 July 2023 on personal data transferred from the EU to US companies. All necessary precautions shall be taken to ensure the best possible protection of personal data, based on: a) on decisions of adequacy of the third countries addressed expressed by the European Commission; b) on adequate guarantees expressed by the third party addressed pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules, cd. Corporate binding rules and, in particular, by establishing technical and IT security measures that best protect the personal data and the rights of the data subjects, as provided by the GDPR and European legislation.

8. How long data is stored

Users’ personal data will be kept for the time reasonably necessary to achieve only the purposes listed above, which can be consulted in the Section “What data is processed?” , for example, the data used to send the newsletter will be kept until the service is active or until the user requests to cancel from the service; or for the terms of conservation possibly provided by the sector legislation, for example, in case of making donations to the Basilica.

At the end of the retention period, your personal data will be deleted or irreversibly anonymised.

9. Links to third-party sites and social networks

The Website may contain links to and from third party websites and social networks. Please note that the Data Controller does not assume any responsibility for personal data that may be collected through these sites and the use of their services and that, If you follow a link to any of these websites, you are invited to consult the privacy policies issued by each external party with respect to the Website.

In particular, the Site contains some buttons that refer you to the profiles of the Owner on social networks. Only after clicking on these buttons, some cookies for marketing and profiling purposes may be activated by third parties that manage the social networks. The Site Owner does not directly manage these tools, but informs you of the possibility that, by using the functionalities of the Site, they will be activated. For more information, including how to disable these cookies, please read the privacy policies of social networks:

Facebook: http://www.facebook.com/policy.php
YouTube: https://policies.google.com/privacy?hl=it
Instagram: https://help.instagram.com/519522125107875

10. the rights of data subjects

In accordance with the provisions of the GDPR, the Data Controller informs users that all interested parties have the right to request:

access to their data;
To amend and correct any errors in our personal data databases;
the deletion of their data if they are held in the absence of legal conditions;
the limitation of data processing;
Objection to the processing of data;
Obiezione al trattamento dei dati.

Models and further information are also available here: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

In the following table we explain how to exercise your rights:

YOUR RIGHT	HOW CAN YOU PRACTICE IT?
Access	You can: ask for confirmation on any processing of personal data;obtain a copy of the data;request other information about personal data that is not already present in this policy.
Correction	You can request the correction of inaccurate or incomplete personal data. Before proceeding with the correction, we will verify the accuracy of the data present in our archives.
Deletion/ Right to be forgotten	You can request the deletion of your personal data, but only in case: their storage is no longer necessary in relation to the purposes for which they were collected; you have revoked your previous consent (where processing is based on consent);The processing has been carried out in an unlawful manner;is necessary to comply with a legal obligation to which the Data Controller is subject (in relation to an order from an Authority).
Limitation	You can ask to limit your personal data, but only in the event that: their accuracy has already been challenged;they are no longer necessary for the purposes for which they were collected, but there is a legal dispute about their use; Following a request for limitation, the use of personal data is however permitted when: the consent of the data subject remains in any case;is necessary to exercise or resist a legal action;is necessary to protect the rights of another natural or legal person involved in the processing.
Portability	You can request a copy of your personal data in a structured, readable and commonly used format.
Opposition	You can object to the processing of personal data at any time when: the legitimate interest of the data controller is the basis for lawfulness of the processing;personal data is processed for direct marketing purposes, including profiling as far as it relates to such direct marketing. In the event of opposition: processing for direct marketing purposes, personal data will no longer be processed for such purposes;in the case of a legitimate interest of the holder, the processing may continue only if he demonstrates compelling legitimate grounds for processing which outweigh interests, on the rights and freedoms of the data subject or for the establishment, exercise or defence of a right in court. You can also exercise your right to object by automated means using technical specifications, such as those made available on the website in the personal page and in the e-mails (link for cancellation).

The Data Controller guarantees that any request concerning the rights of the data subjects will be acknowledged within thirty days from its receipt, unless further investigation is necessary.

11. Possibility of lodging a complaint

Every data subject has the right to lodge a complaint with the Data Protection Authority, if it considers that the processing of its personal data carried out by the Controller is not in accordance with the requirements of European Regulation n. 679/2016 and national legislation.

In Italy, the competent authority is the Garante per la protezione dei dati personali, whose contact details are available at http://www.garanteprivacy.it/.

More information and the sample document to be used for the complaint can be found here: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 .

Furthermore, if the conditions provided for in articles. 78 and 79 of the GDPR, any data subject has the right to bring an appeal before the competent court.

12. Any changes

The information contained herein may be modified over time, when processing activities change, data collected or when legislative or regulatory changes occur, The Commission has also adopted a number of measures to help the industry in this field. Users are therefore invited to periodically consult this Privacy policy, always updated on this page.

Privacy Policy