The Tarot Museum is part of Mutus Liber, a non-profit cultural association
Via Arturo Palmieri, 5 Riola
40038 Vergato (Bologna) Italy
Tel. 3349975005
Tax Code 91368630371 - VAT No. 03386331205
REA BO-554574
Pec: mutusliber@pec.mutusliber.it
International Tarot Museum/Mutus Liber
Via Palmieri 5
Riola Vergato (Bologna)
40038 - Tax Code 91368630371 - VAT Number 03386331205
Italy
The
Last updated: June 2024
PRIVACY POLICY
GENERAL INFORMATION
With this notice, Associazione Mutus Liber, via A. Palmieri n. 5, zip code 40038, Fraz. Riola Vergato (BO); email museodeitarocchi@gmail.com as Data Controller (hereinafter simply “Controller”) – wishes to inform you about the processing of personal data that you will provide while browsing this Site https://www.museodeitarocchi.com (hereinafter simply “Website”).
For any clarification, information, or exercise of the rights listed in this notice, please contact:
mail: museodeitarocchi@gmail.com
address for sending registered mail with return receipt: Associazione Mutus Liber, via A. Palmieri n. 5, cap. 40038 Fraz. Riola Vergato (BO) .
Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 and EU Regulation 2016/679 (“GDPR”) establish the rules to protect and safeguard natural persons with regard to the processing of their personal data, and this information notice is drafted in accordance with the new legislative provisions.
The information notice may be subject to changes following the introduction of new regulations, so we invite you to periodically visit this section for updates.
The Privacy Policy you are reading refers exclusively to the Website and the Data Controller is not responsible for the methods of processing personal data carried out by third-party websites that can be linked through the Cookie section, or through any link-windows present on the Homepage.
According to the law, the processing of personal data is based on the principles of fairness, lawfulness, transparency, accuracy, purpose and storage limitation, minimization, data integrity, protection of user confidentiality, as well as the safeguarding of their rights.
The Data Controller undertakes to observe the aforementioned principles and, also for this purpose, informs you from the outset that—except for those processing activities for which the law requires your explicit consent—by browsing this Website, uploading or providing personal data, you accept and agree to be bound by the terms and conditions of this notice. Consent to data processing—where given by the user—may be revoked at any time by contacting the above addresses.
If you are under 16 years of age, your consent is valid only if given or authorized by the person holding parental responsibility over you, in accordance with Article 8 of EU Regulation 2016/679. For individuals located in Italy, consent is also valid, under the same conditions as above, for those who have reached the age of 14.
In any case, we want to give you some information about the concept of personal data processing and the people who manage it.
1. PROCESSED PERSONAL DATA
2. DATA CONTROLLER
3. DATA CONTROLLER
4. METHODS OF PROCESSING
5. PLACE OF PROCESSING AND SCOPE OF DATA CIRCULATION
6. PURPOSE OF THE PROCESSING
7. LEGAL BASIS FOR DATA PROCESSING
8. DATA RETENTION PERIOD
9. RECIPIENTS OF PERSONAL DATA
10. DATA DISCLOSURE
11. DATA TRANSFER
1. PERSONAL DATA PROCESSED
By “personal data” we mean all information that could directly or indirectly allow the identification of users.
Such information, for example, may include: name and more generally contact details, residential address, username, email address and phone number, or even the IP address of the device used.
The personal data processed are those voluntarily provided by the user (e.g. common data such as identification data, company name, business name, their phone number, email address, more generally the data provided in the "Request a consultation" form and those collected by tracking technologies (cookies) – hereinafter "Personal Data". The mentioned data are common data.
The Data Controller processes this data in compliance with the applicable regulations, assuming that it refers to you, or to third parties who have expressly authorized you to process it. With regard to third-party data entered in the fillable fields on the website, you act as an independent data controller, assuming all related legal obligations and responsibilities. In this regard, you grant the Data Controller the broadest indemnity for any claims that may arise from the third parties concerned and relating to the processing of their data entered on this website.
2. DATA CONTROLLER
The "data controller" is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. They are also responsible for security aspects.
With regard to this Website, the data controller is specified and identified above, and for any clarification or exercise of your rights, you can contact them at the following email address: museodeitarocchi@gmail.com.
3. DATA CONTROLLER
The “data processor” is the natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
More information is available at the following email address: museodeitarocchi@gmail.com .
4. METHODS OF PROCESSING
On this website, data is collected electronically and processed mainly using electronic tools, ensuring the use of appropriate measures for the security of the processed data and guaranteeing its confidentiality. In particular, data processing is carried out by minimizing the use of sensitive personal data.
Your Personal Data will be processed by collaborators and/or employees of the Data Controller as data processors or persons in charge of processing, within the scope of their respective functions and in accordance with the instructions given by the Data Controller.
5. PLACE OF PROCESSING AND SCOPE OF DATA CIRCULATION
The processing of Personal Data relating to the services of the Website takes place at the Data Controller indicated above and is carried out only by personnel authorized to process it.
Your Personal Data may be disclosed to Judicial Authorities and Law Enforcement Agencies only in cases provided for by law and used by the Data Controller for the purpose of defending its rights in court, where strictly necessary.
The Personal Data collected will not be disseminated. However, for the actual execution of the requested service, some data may be shared with external parties, appointed as data processors pursuant to Art. 28 EU Regulation 2016/679, called upon to carry out specific tasks on behalf of the company (e.g.: Web agency, professionals, etc.). The Data Controller undertakes to protect the security of Personal Data by adopting all necessary IT and physical measures to safeguard the Personal Data provided. No security system guarantees such protection with absolute certainty; therefore, except in cases of liability for fault, the Data Controller is not liable for acts committed by third parties who unlawfully access the systems without the necessary authorizations.
6. PURPOSE OF THE PROCESSING
- to provide the Services through the Website, allow you to contact the Data Controller to obtain information related to the Controller's activity, to request information regarding the services described on the Website (e.g. "Write to the teacher" form, "Request information" or similar), to provide you with a quote or specific information, if requested, and to manage the organizational and administrative aspects related to any contractual execution and, more generally, to provide you with any other Service or information you request and that is available to the Controller. To allow you to purchase the services offered on the Website. For the processing of common data of third parties provided by filling in the form, the Controller will process this data in compliance with the applicable regulations, assuming that it refers to you or to third parties who have expressly authorized you to provide it based on an appropriate legal basis that legitimizes the processing of the data in question (Purpose of "Provision of the Service"). The Personal Data processed are common data. The Controller invites the user not to enter sensitive data (regarding their physical or psychological health condition, political or religious orientation, etc.) unless strictly necessary for the purpose of requesting information or purchasing the services;
- subscribe to the Newsletter by submitting a subscription request using the appropriate online form (“Promotional and informational activity” or in other cases better specified below, “Soft spam”);
- fulfill legal obligations that require the Data Controller to collect and/or further process certain types of Personal Data (Purpose of “Compliance”). The data processed are common Personal Data;
- prevent or detect any abuse in the use of the Website, or any fraudulent activity and thus allow the Data Controllers to protect themselves in court (Purpose of "Prevention of Abuse and Fraud"). The Personal Data processed are ordinary personal data.
7. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of personal data provided by you through browsing is:
- Provision of the Service: the legal basis for this purpose is the fulfillment of contractual or pre-contractual obligations pursuant to Art. 6 para. 1 letter b) GDPR. Processing for this purpose is necessary in order to provide you with the requested service (e.g. requesting information relating to the Controller's services, responding to your questions). It is not mandatory to provide the requested Personal Data, however failure to provide such data will make it impossible to provide you with the requested information.
- Promotional and informational activity: The data processed are common data. You may object to such processing at any time by writing to museodeitarocchi@gmail.com without any consequences. Where the newsletter is only informational and not promotional (e.g. service communications for those who have already purchased), the legal basis for the communication is Art. 6.1.b) GDPR, i.e., the execution of pre-contractual or contractual measures. Where it is sent by the Data Controller to those who are already customers, via email, to propose similar products or services, and the data subject has not objected to such processing via the unsubscribe link (“Soft spam”), the legal basis for such communication is Art. 6.1.f) GDPR, i.e., the legitimate interest of the Data Controller.
- Compliance: the legal basis is the fulfillment of a legal obligation pursuant to Art. 6 para. 1 letter c) GDPR. Processing for this purpose is necessary for the Data Controller in order to comply with legal obligations provided for by the regulations, including sector-specific ones, such as tax, fiscal, or other obligations.
- Prevention of Abuse and Fraud: the legal basis is the legitimate interest pursuant to art. 6 para 1 letter f) GDPR. The processing for this purpose is solely intended to allow the Data Controller to prevent and/or detect any fraudulent activities committed through the Website and thus protect itself in legal proceedings.
8. DATA RETENTION PERIOD
The Personal Data processed to fulfill legal obligations will be retained until the fulfillment itself, and in any case for the period necessary to demonstrate compliance; the Personal Data processed to fulfill contractual purposes will be retained until such purposes are fulfilled and, if a contract has been concluded or there have been pre-contractual negotiations, for ten years from the signing of the contract in order to allow for possible judicial or extrajudicial protection as well as to demonstrate the proper fulfillment of the contractually assumed obligations.
The Personal Data processed for promotional and informational purposes are processed until the user withdraws consent, which can be done via the unsubscribe link at the bottom of the communications. The Personal Data processed for Compliance purposes are processed for the period of time indicated by the specific regulations.
The Personal Data processed for the purposes of Abuse and Fraud Prevention for the time strictly necessary to allow the Data Controller to defend itself in court.
9. RECIPIENTS OF PERSONAL DATA
The Personal Data you provide may be accessed by the Data Controller and/or any data processors who may be appointed.
Any additional categories of recipients who may become aware of your Personal Data during or after the execution of the contract are:
1. the subjects who process the data in execution of specific legal obligations;
2. external consultants and professionals who provide functional services, deriving from or connected to the purposes indicated above (e.g. marketing activities), identified in writing and to whom specific written instructions have been given with reference to the processing of Personal Data;
3. subjects with whom it is necessary to interact in order to carry out the requested services (e.g. hosting provider, credit institutions);
4. persons authorized by the Data Controller to process Personal Data as necessary to carry out activities strictly related to the provision of Services, who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees of the Data Controller);
5. in general, to all those public and private entities for whom the communication is necessary for the correct and complete fulfillment of the indicated purposes;
6. subjects or entities to whom it is mandatory to communicate the data for Compliance purposes, prevention of abuse and fraud, or by order of the authority.
10. DATA DISCLOSURE
Except for your specific written request, or a precise order from the Judicial Authority/legal obligation, the personal data you provide will not be disclosed.
11. DATA TRANSFER
To provide certain services, personal data may be transferred to organizations or third countries where the servers of hosting providers or suppliers are located.
In the event that this occurs, the Data Controller ensures that the processing of your Personal Data by these recipients is carried out in compliance with the applicable regulations, including European and Italian regulations to which we are subject. Where required by European data protection law, the transfer of your Personal Data outside the European Union will take place on the basis of adequate safeguards (such as the European Union standard contractual clauses for the transfer of data between EU and non-EU countries) and/or other legal bases according to EU regulations.
More information is available at museodeitarocchi@gmail.com .
The Website also processes your Personal Data through cookies. For more information on this topic, we invite you to read our Cookie Policy which forms an integral part of this Privacy Policy available in the cookie banner.
USER RIGHTS ACCORDING TO REG. EU 2016/679
Chapter III of REG.UE 2016/679 lists the rights of the user.
The Data Controller therefore intends to inform you of the existence of specific rights, including the right to obtain from the Data Controller confirmation as to whether or not your Personal Data exists (i.e., access), to have it made available in an intelligible form, as well as its rectification or deletion, or to limit its processing in whole or in part, or to object to such processing for legitimate reasons and/or to withdraw consent to processing at any time (without prejudice to the consequences referred to in the previous point 5), or to request the portability of your Personal Data with regard to data subject to specific consent, or even to request its update. As a "data subject," you also have the right to request the transformation into anonymous form, the limitation, or the blocking of data processed in violation of the law; you may also lodge a complaint regarding the unauthorized processing of your data with the Data Protection Authority using the procedures published on the website of said authority (see http://www.garanteprivacy.it/). You have the right to know the origin of the Personal Data, the purposes and methods of processing, the logic applied to the processing, the identification details of the Data Controller, and the subjects to whom the data may be communicated.
Requests relating to the exercise of the aforementioned rights may be addressed to the Data Controller, at the contacts indicated above, without formalities or, alternatively, by using the form provided by the Data Protection Authority available at the website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
Similarly, in case of violation of the regulations, you have the right to lodge a complaint with the Data Protection Authority, which is the authority responsible for monitoring processing in the Italian State. The form to submit a complaint to the Privacy Authority can be found at the following address:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
To exercise one or more of the aforementioned rights, you can contact us at the following email address: museodeitarocchi@gmail.com
For any information about cookies, you can directly access the following link, that is, the consent management platform/cookie banner, where you can find all the necessary information.
International Tarot Museum©
Tarot Museum is part of Mutus Liber, a non-profit cultural association
Via Arturo Palmieri, 5 Riola
40038 Vergato (Bologna) Italy
Tel. 3349975005
Tax Code 91368630371 - VAT No. 03386331205
REA BO-554574
Pec: mutusliber@pec.mutusliber.it
International Tarot Museum/Mutus Liber
Via Palmieri 5
Riola Vergato (Bologna)
40038 -Tax Code 91368630371 - VAT Number 03386331205
Italy
International Tarot Museum©