Privacy Policy

Privacy policy of the website and app of the Palazzo Pretorio Museum

This information describes the methods and conditions of processing of personal data of users who browse the website of the Palazzo Pretorio Museum of Prato, reachable from the link www.palazzopretorio.prato.it, and on the Museum app.

This Privacy policy document has been prepared according to the art. 13-14 of the GDPR (General Data Protection Regulation) 2016/679 and of the Italian national legislation.

The validity of the information is limited to the institutional website and the app of the Palazzo Pretorio Museum: it does not extend to websites of other entities that can be consulted via hypertext links (institutions, associations, companies, etc.).

Data Controller

Municipality of Prato
E-mail address: staffsegretariogenerale@comune.prato.it
PEC: comune.prato@postacert.toscana.it
Telephone: 0574 18361

Responsible for data protection

E-mail: rpd@comune.prato.it

Supervisory authority

Personal data protection guarantor, website www.garanteprivacy.it

Categories of data processed by the website

a) Navigation data
All websites acquire some navigation data from users, such as IP addresses, date and time of the request, the operating system and browser used, etc.
This information is used for the sole purpose of obtaining collective statistical information (therefore anonymous and impersonal) on the use of the site and to check its correct functioning. No information is collected to allow subsequent identification of the user.
This data could be used by the competent authorities (Postal Police, Financial Police, etc.) to ascertain responsibility in the event of computer crimes.
b) Data provided voluntarily by the user
The personal information collected on this site concerns the voluntary entry of data into electronic forms created to request personalized information, send requests that require a specific response, use online services.
In all these cases there is specific information on the processing of personal data.

Permissions and Types of Data collected

The permissions required by this Application include:
Bluetooth permission: Bluetooth activation allows the app to communicate with the sensors present in the Museum, to improve the visiting experience byoffering contextualized content.
Camera Permit: activating the camera allows the app to recognize the works framed with the device's camera and automatically open a linked content.
Approximate localization permission: allows the correct functioning of the dialogue with the sensors and its use for statistical purposes.
These permissions must be provided by the User before any information can be processed. Following the release, the permission can be revoked by the User at anytime, using the system settings of the device.
Please consider that the revocation of one or more permissions may result in the failure or correct functioning of some services of this Application.
Data acquisition for statistical purposes: the app acquires some browsing data from users, the operating system and smartphone model used, the contents displayed, the date and time of a request, etc. for the sole purpose of obtaining collective statistical information (therefore ANONYMOUS and impersonal) on the use of the app. No information is collected to allow subsequent identification of the user.
Even identification data such as the IP address and device ID (UUID) are immediately anonymized, to allow the collection of further statistical data on the use of the app, always anonymously and collectively. Also in this case, no information is collected to allow subsequent identification of the user.

Purpose, methods and legal basis of the processing

The user's data is collected to allow the Owner to:

• provide the service requested by the user;
• for statistical purposes.

The data collected is never used for reasons other than those stated in the specific information.
The processing of personal data is mainly carried out using electronic procedures and supports for the time necessary to achieve the purposes for which the data were collected.
The data processing is carried out in accordance with the principles of lawfulness, correctness, non-excess and relevance provided for by the current legislation on data protection.

Method, legal basis and place of processing of the collected data

-Processing methods
The data controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. The data may also be processed by companies expressly appointed as “processor” or “sub-processor” (see art. 28 of GDPR) of the data processing operated by the Municipality of Prato. The updated list of “processors” can always be requested from the Data Controller.

-Place and period for which the personal data will be stored
The Data is processed at the Data Controller's operating offices and in any other place where the parties involved in the processing are located.
The Data are processed and stored for the time required by the purposes for which they were collected.

-Rights of interested parties
The interested party, in compliance with current regulations, has the right to request and obtain information about the existence of their data in the availability of the owner, the correction or cancellation of the same or the limitation of the treatment that concerns them or to oppose the treatment and copy of such data.
Such requests may be addressed to the owner, by writing to the Data Protection Officer.
The user, in accordance with the regulations in force, can propose any complaints regarding the processing of his personal data to the Italian Supervisory authority for the protection of personal data.