MUTUS LIBER PRIVACY POLICY
TAROT MUSEUM IS PART OF THE MUTUS LIBER ASSOCIATION

Last update: June 2024

PRIVACY POLICY
GENERAL INFORMATIONS
With this information Mutus Liber Association, via A. Palmieri n. 5/1, chap. 40038, Fraz. Riola Vergato (BO); email museodeitarocchi@gmail.com as Data Controller of personal data (hereinafter simply “Owner”) – wishes to inform you about the processing of personal data that you will provide by browsing this Site https://www.museodeitarocchi.com (hereinafter simply "Website").

For any clarification, information, exercise of the rights listed in this information, please contact:

email: museodeitarocchi@gmail.com

address for registered mail. return: Mutus Liber Association, via A. Palmieri n. 5/1, chap. 40038 Fraz. Riola Vergato (BO) .
Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 and REG. EU 2016/679 ("GDPR") establish the rules to protect and protect natural persons with regard to the processing of their personal data and this information is drawn up in compliance with the new legislative provisions.

The information may undergo changes following the introduction of new rules, so we invite you to periodically visit this section for updates.

The Privacy Policy you are reading refers exclusively to the Website and the Owner is not responsible for the methods of managing the processing of personal data carried out by third-party websites that can be linked through the Cookies section, or through any link windows present on the Homepage .

According to the law, the processing of personal data is based on the principles of correctness, lawfulness, transparency, accuracy, limitation of purpose and conservation, minimization, data integrity, protection of the user's privacy as well as protection of his rights.
The Data Controller undertakes to observe the aforementioned principles and, also for this purpose, informs you immediately that - with the exception of those treatments for which the law requires your explicit consent - by browsing this Website, uploading or providing personal data , you accept and agree to be bound by the conditions and terms set out in this statement. Consent to data processing - where granted by the user - may be revoked at any time by contacting the aforementioned addresses.

If you are under 16 years of age, your consent is legitimate only if given or authorized by the person with parental responsibility for you, in accordance with the provisions of art. 8Reg. EU2016/679. For interested parties located on Italian territory, consent is legitimate, under the same conditions as above, also for the subject who has reached the age of 14.

In any case, we want to give you some information on the concept of processing personal data and the people who manage it.

1. PERSONAL DATA PROCESSED

2. DATA SUPERVISOR

3. DATA CONTROLLER

4. PROCESSING METHODS

5. PLACE OF PROCESSING AND SCOPE OF CIRCULATION OF DATA

6. PURPOSE OF THE TREATMENT

7. LEGAL BASIS FOR DATA PROCESSING

8. DATA RETENTION PERIOD

9. RECIPIENTS OF PERSONAL DATA

10. DISSEMINATION OF DATA

11. DATA TRANSFER
1. PERSONAL DATA PROCESSED

“Personal data” means all information that could directly or indirectly allow users to be identified.

This information, for example, can be: the name and more generally the contact details, the residential address, the username, the e-mail address and the telephone number, or even the IP address of the device used.

The personal data processed are those provided voluntarily by the user (e.g. common data such as identification data, company name, telephone number, email address, more generally the data released in the "Receive a consultancy" form ” and those collected by tracking technologies (cookies) – hereinafter “Personal Data”. The data mentioned are common data.

The Data Controller processes this data in compliance with applicable legislation, assuming that it refers to you, or to third parties who have given you express authorization for processing. With respect to the data of third parties entered in the fillable fields on the website, you act as an independent data controller, assuming all legal obligations and related responsibilities in this regard. In this sense, you grant the Data Controller the broadest indemnity on this point for any disputes that may arise from interested third parties and relating to the processing of their data included in this website.

2. DATA SUPERVISOR

The “data controller” is the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data. It also takes care of security profiles.

In relation to this Website, the data controller is better specified and identified above, and for any clarification or exercise of your rights you can contact him at the following email address: museodeitarocchi@gmail.com.

3. DATA CONTROLLER

The “data controller” is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

More information is available at the following email address: museodeitarocchi@gmail.com.

4. PROCESSING METHODS

On this Website, the data is collected electronically and processed through operations carried out mainly with the aid of electronic tools, ensuring the use of suitable measures for the security of the data processed and guaranteeing its confidentiality. In particular, data processing occurs by minimizing the use of sensitive personal data.

Your Personal Data will be processed by collaborators and/or employees of the Data Controller as managers or persons in charge of processing, within the scope of their respective functions and in accordance with the instructions given by the Data Controller.
5. PLACE OF PROCESSING AND SCOPE OF CIRCULATION OF DATA

The processing of Personal Data relating to the services of the Website takes place at the Data Controller indicated above and is handled only by personnel authorized to process it.

Your Personal Data may be communicated to Judicial Authorities and Police Forces only in cases where this is required by law and used by the Data Controller for the purposes of any defense of his rights in court, where strictly necessary.

The Personal Data collected will not be disclosed. However, for the effective execution of the requested service, some data may be shared with external parties, appointed as data controllers pursuant to art. 28 EU Reg. 2016/679, called to carry out specific tasks on behalf of the company (e.g. web agencies, professionals, etc.). The Data Controller undertakes to protect the security of Personal Data by adopting all IT and physical measures necessary for the protection of the Personal Data provided. No security system guarantees such protection with absolute certainty, therefore, except in cases of negligence, the Data Controller is not liable for actions committed by third parties who illegally access the systems without the necessary authorizations.

6. PURPOSE OF THE TREATMENT

- provide the Services through the Website, allow you to contact the Owner for information related to the Owner's activity, to request information regarding the services described on the Website (e.g. "Request training" or similar), to provide you with a quote or specific information, if requested, and manage the organizational and administrative aspects connected to any contractual execution and more generally, provide you with any other Service or information you request and is available to the Owner. To allow you to purchase the services offered on the Site. For the processing of common data of third parties released by completing the form, the Data Controller will process these data in compliance with the applicable legislation, assuming that they refer to you or to third parties who have expressly authorized to provide them on the basis of an appropriate legal basis that legitimizes the processing of the data in question (Purpose of "Provision of the Service"). The Personal Data processed is common data. The Data Controller invites the user not to enter sensitive data (concerning their health condition, be it physical or psychological, political, religious orientation, etc.) unless strictly necessary for the purposes of requesting information or purchasing services;

- subscribe to the Newsletter by requesting registration in the appropriate online form (“Promotional and informational activity” or in other cases better specified below, “Soft spam”);

- fulfill legal obligations that require the Data Controller to collect and/or further process certain types of Personal Data ("Compliance" purposes). The data processed are common Personal Data;

- prevent or identify any abuse in the use of the Website, or any fraudulent activity and therefore allow the Owners to protect themselves in court (Purpose of "Prevention of Abuse and Fraud"). The Personal Data processed is common personal data.

7. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of personal data provided by you through navigation is:

- Provision of the Service: the legal basis for this purpose is the fulfillment of contractual or pre-contractual obligations pursuant to art. 6 co 1 lett. b) GDPR. Processing for this purpose is necessary to be able to provide you with the requested service (e.g. request information relating to the Data Controller's services, answer your questions). It is not mandatory to provide the requested Personal Data, however failure to provide them does not allow us to provide you with the requested information.

- Promotional and informational activity: The data processed are common data. You can object to this processing at any time by writing to museodeitarocchi@gmail.com without any consequences. Where the newsletter has only an informative and non-promotional nature (e.g. service communications for subjects who have already purchased) the legal basis for the communication is art. 6.1.b) GDPR i.e. the execution of pre-contractual or contractual measures. Where the same is sent by the Data Controller to those who are already customers, via the email channel, to propose similar products or services, and the interested party has not objected to such processing via unsubscribe link ("Soft spam"), the basis legal for said communication is the art. 6.1.f) GDPR, i.e. the legitimate interest of the Data Controller.

- Compliance: the legal basis is the fulfillment of a legal obligation pursuant to art. 6 co 1 lett. c) GDPR. Processing for this purpose is necessary for the Data Controller in order to fulfill the legal obligations established by legislation, including sector regulations, including fiscal, tax or other obligations.

- Prevention of Abuse and Fraud: the legal basis is the legitimate interest pursuant to art. 6 co 1 lett. f) GDPR. The processing for this purpose is aimed solely at allowing the Data Controller to prevent and/or identify any fraudulent activities committed via the Website and therefore protect himself in court.

8. DATA RETENTION PERIOD

Personal Data processed to fulfill legal obligations will be retained until fulfillment itself, and in any case for the period of time necessary to demonstrate fulfillment; Personal Data processed to fulfill contractual purposes until the fulfillment of the same and, if a contract is concluded or there have been pre-contractual negotiations, for ten years from the stipulation of the same in order to allow any judicial or extrajudicial protection as well as the demonstration of the correct fulfillment of the contractual obligations assumed.

The Personal Data processed for the purposes of promotional and informational activities are processed until the user revokes consent which can be expressed via the unsubscribe link at the bottom of the communications. Personal Data processed for Compliance purposes for the period of time indicated by the specific legislation.

Personal Data processed for the purposes of Abuse and Fraud Prevention for the time strictly necessary to allow the Data Controller to defend himself in court.

9. RECIPIENTS OF PERSONAL DATA

The Personal Data provided by you may become known to the Data Controller and/or any appointed data controllers.

Any further categories of recipients who may become aware of your Personal Data during or after the execution of the contract are:

1. subjects who process data in compliance with specific legal obligations;

2. consultants and external professionals who provide functional services, deriving from or connected to the purposes indicated above (e.g. marketing activities), identified in writing and to whom specific written instructions have been given with reference to the processing of Personal Data;

3. subjects with whom it is necessary to interact to execute the requested services (e.g. hosting providers, credit institutions);

4. persons authorized by the Data Controller to process Personal Data necessary to carry out activities strictly related to the provision of the Services, who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees of the Data Controller);

5. in general, to all those public and private entities for whom communication is necessary for the correct and complete fulfillment of the indicated purposes;

6. subjects or bodies to whom it is mandatory to communicate the data for the purposes of Compliance, prevention of abuse and fraud, or by order of the authority.

10. DISSEMINATION OF DATA

Except for your specific written request, or specific order of the General Manager/regulatory obligation, the personal data provided by you are not subject to disclosure.

11. DATA TRANSFER

To provide some services, personal data may be transferred to third-party organizations or countries where the hosting or supplier servers are located.

In the event that this occurs, the Data Controller ensures that the processing of your Personal Data by these recipients takes place in compliance with the applicable legislation including the European and Italian legislation to which we are subject. Where required by European data protection legislation, the transfer of your Personal Data outside the European Union will take place on the basis of adequate guarantees (such as the European Union standard contractual clauses for the transfer of data between countries belonging to the EU and countries outside the EU) and/or other legal bases according to EU law.

More information is available at museodeitarocchi@gmail.com.

The Website also processes your Personal Data through cookies. For more information on this topic, we invite you to read our Cookie Policy which forms an integral part of this Privacy Policy found in the cookie banner.

YOUR RIGHTS ACCORDING TO THE REG. EU 2016/679

Chapter III of EU REG. 2016/679 lists the user's rights.

The Data Controller therefore intends to inform you of the existence of specific rights, including that of obtaining from the Data Controller confirmation, or not, of the existence of your Personal Data (i.e. access), their making available in an intelligible form, as well as the rectification, or cancellation of the same, or to limit the processing in whole or in part or oppose the same for legitimate reasons and/or revoke consent to the processing at any time (without prejudice to the consequences referred to in the previous point 5), or to request the portability of your Personal Data regarding the data subject to specific consent, or even updating. As an "interested party" you also have the right to request transformation into anonymous form, limitation or blocking of data processed in violation of the law; you can also lodge a complaint regarding the unauthorized processing of your data to the Guarantor for the Protection of Personal Data using the methods published on the website of said authority (see http://www.garanteprivacy.it/). You have the right to know the origin of the Personal Data, the purpose and methods of the processing, the logic applied to the processing, the identification details of the Data Controller and the subjects to whom the data may be communicated.

Requests relating to the exercise of the aforementioned rights can be addressed to the Data Controller, at the addresses indicated above, without formalities or, alternatively, using the form provided by the Guarantor for the Protection of Personal Data available on the Site: http://www.garanteprivacy .it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

Likewise, in case of violation of the law, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as the authority responsible for monitoring processing in the Italian State. The form for submitting a complaint to the Privacy Guarantor can be found at:

http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

To exercise one or more of the aforementioned rights, you can contact us at the following email address: museodeitarocchi@gmail.com

For any information on cookies you can directly access the following link, i.e. the consent management platform/cookie banner, where you can find all the necessary information.