Privacy Policy

WEBSITE information https://abbonamentomusei.it/privacy-policy
PRIVACY POLICY MUSEUM SUBSCRIPTION ASSOCIATION WEBSITE
If you were looking for the terms of use and privacy policy of the Museum Subscription, you can consult it at link

Privacy Policy

This page describes how the following sites are managed:

www.abbonamentomusei.it
www.abbonamentomusei.org
www.abbonamentomusei.net
www.abbonamentomusei.com
www.abbonamentomusei.info
And the Abbonamento Musei mobile app for Android and IPhone.

With reference to the processing of the personal data of users who consult and use them. The information concerns the methods, times and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

Data Controller
The Data Controller is ASSOCIAZIONE ABBONAMENTO MUSEI, Via Alessandro Volta n. 9, cap 10121, TORINO (TO), Tel. 011.01166000, Email [email protected]

Data Protection Officer of the Data Controller
SPAZIOTTANTOTTO S.R.L. C.so Ferrucci 76/9 - 10138 Torino (TO)

Place of data processing and personnel
Processing related to the web services of these sites takes place at the suppliers of the Internet services used to create and make available the site and at the offices of the Data Controller.
The data are processed by authorised personnel only, including for any maintenance and administration of the processing systems.

TYPES OF DATA PROCESSED

Navigation and technically indispensable data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site.

Data provided voluntarily by the user
Data relating to identified or identifiable persons may also be processed on the basis of further information communicated by the data subject: for example, by filling in data collection forms; or by the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, which entails the subsequent acquisition of the sender's address, necessary in order to reply to requests, as well as any other personal data included in the communication.

E-commerce data
The data processed for the handling of orders in the shop (shop) includes master data, addresses, purchase lists, reports and notes. In the shop, in particular, it is possible to purchase the Museum Pass and individual activities.

Cookies
Like others, this website saves cookies on the browser of the interested user's computer in order to transmit information of a personal nature and to enhance the user's experience. In fact, cookies are small text strings that the sites visited by the user send to his/her terminal (usually to the browser), where they are stored, sometimes even with wide temporal persistence, to be then re-transmitted to the same sites on the next visit.

For more information, please refer to our Cookie Policy.

Profiling data
Either through cookies, through the options in the reserved area, or through the use of the Museum Membership, we may collect, if the data subject has consented, profiling data regarding his/her consumption habits or choices. However, it is possible that through links or by incorporating third-party elements, such information may be collected by independent or separate entities. See in this respect the section on Cookies.

Geolocation data
Either from the web page, the app, or as a result of using the Museum Pass, we may collect, if the data subject has consented, information about his or her geographical location (geolocation).

Purpose of data processing, communication and dissemination
The personal data collected are used solely for the purpose of performing the services or performances requested and are communicated to authorised persons, to (external) data processors and to third parties (independent data controllers) only in the event that this is necessary for this purpose or required by specific obligations. The services include: consultation and mere use of the site and the app and its contents; registration and access to the reserved area; subscription to and receipt of the newsletter; presentation of personalised content; notifications; contact requests; etc.

In-depth information is provided for some services.
In any case, no data from the web services is disseminated or published without the prior consent of the person concerned.
Finally, please note that in some cases (not covered by the ordinary course of business) the Public Authorities may request news and information, also of a personal nature, which the Data Controller is obliged to follow up.

Optional provision of data
Apart from what has been specified for browsing and technically indispensable data, the user is free to provide personal data for specific requests on Museum Subscription, published products/services. Failure to provide certain data, considered indispensable, may make it impossible to obtain what has been requested.

Processing consent management
When compulsory and in any case after reading the information notice, the data subject is requested to give his or her consent to the processing and communication of his or her data for the purposes and within the limits described, failing which the Data Controller will not be able to process the data in order to perform and implement the services requested by the data subject or proposed to him or her.

INSIGHTS FOR SPECIFIC SERVICES

Chatbot

Within its website, the Data Controller provides users with a chat service managed by a generative artificial intelligence (so-called chatbot), with the aim of facilitating the user in solving questions concerning the Museum Subscription.

The service does not require registration, and data relating to the device used by the user (such as, but not limited to, IP address, operating system, date and time of the request), as well as any personal data provided by the user (such as, but not limited to, name, surname, contact details and Museum Pass number) may be processed.

The service, being designed to process only requests concerning Museum Subscription, requires only technical data, for which the Data Controller invites the user not to provide irrelevant information. The information communicated through the chat tool is voluntarily provided by the user, and in the event that it is necessary to provide information regarding particular data (such as health status, religious, philosophical or political affiliation), the user is advised to request the intervention of a human being.

In compliance with the principle of minimisation, the Museum Subscription Association has had the chatbot trained to filter the acquisition of such information, and during the conversation with the chatbot, the Data Controller advises the user to limit the communication of confidential and personal information.

The legal basis for the use of the chatbot is the legitimate interest of the data controller in providing an additional support tool for the user, and on the basis of the consent provided by the user through the provision of information.

Dialoguing with the chatbot of Associazione Abbonamento Musei entails the user being subject to automated processing, as personal data, with particular reference to his requests, must be processed by a generative Artificial Intelligence model provided by a major international player.

Specifically, the chatbot will provide the user with information regarding the Museum Subscription and the initiatives organised by the Data Controller, based on what is present on the organisation's website.

Pursuant to Article 22(2)(a) of the GDPR, the automated processing, consisting of the interaction with the Museum Subscription Association chatbot, is based on the need to respond to requests made by the user. As a user, you have the right at any time to request the intervention of a human being. To exercise this right, it will be sufficient to ask the chatbot that you wish to speak with a human being, and follow the instructions provided.

The collection of the data provided by the user concerns all information provided by the latter during the discussion with the chatbot, thus also including potential information collected concerning third parties. The data controller retains this data for a period of 30 days, after which it will anonymise the texts of the conversations, which may be used to train the chatbot to provide more appropriate and relevant answers.

Access to the databases containing the conversations undertaken with the chatbot is reserved to the working group in charge of supervising this digital assistant, duly authorised by the data controller, and the data provided - subject to appropriate anonymisation measures - may be used in the training and improvement of the chatbot itself. The processing is carried out on the basis of the legitimate interest of this organisation.

The processing of personal data provided during the use of the chatbot of the Associazione Abbonamento Musei will mainly take place within the European Union. In the event that it is necessary for the Data Controller to engage the services of the artificial intelligence system provider, the data may be transferred outside of the European Union through the use of Standard Contractual Clauses pursuant to Article 46(2)(c) of the GDPR, and - to the United States of America - Commission Implementing Decision (EU) 2023/1795 Of 10 July 2023 (EU Data Privacy Framework), pursuant to Article 45 of the GDPR.

Museum passes and reserved activity bookings
The page is managed within theUser Area.
The data requested are freely provided by the person concerned: some of them (First Name, Surname, Date of Birth, Gender, Address, Telephone, E-mail, Qualification) are indispensable; others are optional.

Consent to processing is required for the purposes of registration in order to then proceed to purchase on e-commerce (see specific paragraph), including the Museum Subscription, or to book reserved activities; with the first registration you are offered subscription to the newsletter (see specific paragraph) for informative, promotional and commercial communications, and consent to the profiling of your preferences and geographical location. It is possible at any time, by accessing one's profile from the reserved area, to change one's choices regarding optional consents, unsubscribing from the newsletter or ceasing the collection of profiling data.

Newsletter
The e-mail contacts used to send the periodic newsletter come from voluntary registrations by the addressee, who is always subject to a request for confirmation, as well as from information acquired in the context of the sale of products or services of the Controller or similar. The newsletter includes the sending of information, communications, including commercial or promotional communications and material. In the event that the data subject has consented to the profiling of his/her data (possibly including geolocation), the contents may be personalised. It is emphasised that contacts are not acquired from public lists of subscribers. Should the communications not be of interest to the recipient, it is possible to avoid any further contact by clicking on the appropriate link contained in each message, or by writing to the contact details at the bottom of the page exercising one's right to unsubscribe from the newsletter.

Customer care

The Museum Subscription Association provides the user with a customer care service, which the user can contact if he/she has any problems or queries regarding the purchase and use of the Museum Subscription, the functionalities of the site or his/her own reserved area.
Customer Care is available by calling 011 52210 or sending an e-mail to [email protected].

Store (e-commerce)
The personal data provided are collected electronically and processed, including by electronic means, directly and/or by delegated third parties (home delivery, mailing and data entry companies) for the following purposes:

• administrative management of orders and purchases;
• management of any participation in loyaltyprograms;
• statistical purposes related to the detection of purchasing behaviour;
• sending advertising material on products and offers by means of newsletters, sms, mms.

Customer information may be accessed by persons specifically appointed as employees or collaborators who need it for the performance of their duties or by virtue of the position they hold, who are fully aware of privacy regulations and the processing of personal data, in the processing necessary for or related to the execution of orders, the sending of communications and advertising material and free gifts. Third party service providers (persons in charge, external managers or autonomous data controllers) strictly functional to the execution of the contractual relationship, such as: carriers for home delivery, companies that provide payment services, other group companies, consultants of the Company, data entry companies, call centres, etc., may also be involved.

The payment system requires the communication of certain data to the bank providing the service.

Treatment modalities
The processing of personal data, understood as collection, registration, organisation, storage, processing, modification, deletion and destruction, or the combination of two or more of these operations, is carried out by manual, computerised and telematic means, also in an automated manner, with logic strictly related to the stated purposes and, in any case, in such a way as to guarantee security and confidentiality and for the time strictly necessary to achieve the purposes for which they were collected.

The data are processed lawfully and fairly, collected and recorded for specific, explicit and legitimate purposes, accurate, and if necessary updated, relevant, complete and not excessive in relation to the purposes of processing, in compliance with minimum security standards and with fundamental rights and freedoms, as well as with the dignity of the person concerned with particular reference to confidentiality and personal identity.

Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access.
Personal data will not be transferred to a recipient in a third country or to an international organisation outside the European Union (EU) or the European Economic Area (EEA).

Rights of data subjects
At any time, the data subject may: exercise his/her rights (access, rectification, erasure, limitation, portability, objection, no automated decision-making processes) when provided for and where the conditions are met against the data controller, pursuant to Articles 15 to 22 of the GDPR; lodge a complaint with the Garante (www.garanteprivacy.it); and where the processing is based on consent, revoke that consent, bearing in mind that revocation of consent does not affect the lawfulness of the processing based on consent before revocation

Applicable standard
The processing of personal data relating to the site is subject to European and Italian legislation, in particular Legislative Decree No. 196 of 30 June 2003, as amended and supplemented, as well as the provisions of the Data Protection Authority.

Addresses
Requests, including the request to know the name of the Data Processor, should be addressed to the Data Controller, Associazione Abbonamento Musei.it, through the email address [email protected] or by calling 011.01166000.