Privacy Disclaimer

Disclaimer on the use of personal data

In line with the European Regulation n. 2016/679 and with the current norms regarding the use of personal data, Fondazione MAXXI treats such data in a correct, legal and transparent way, while respecting the interested party’s interests, rights and fundamental freedoms. Moreover, the Fondazione treats in an appropriate way only the relevant data that are needed in terms of the reasons for their treatment.
This disclaimer is written according to art. 13 of the UE Regulation n 2016/679.

DATA CONTROLLER
The data controller is:
Fondazione MAXXI, with headquarters in via Guido Reni, 4/A – 00196 Roma (e-mail: privacy@fondazionemaxxi.it – t: 063201954, c.f. 10587971002)

PERSONAL DATA CATEGORIES
Fondazione MAXXI only uses such data that are necessary in order to realise the purpose mentioned below. In particular, Fondazione collects and treats the following personal details:
Biographical data:
• Addresses
• Phone numbers and email addresses
• Occupation
• State of health
• Image

PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF DATA
The personal data provided by the interested party on a voluntary, free and spontaneous basis are collected and processed for the following purpose and on the following legal basis:
Preventing COVID-19 infections, in application of the safety anti-infection protocols, pursuant to art. 1, n. 7, lett. d) of the “DPCM” (extraordinary law decree) of March 11th 2020 and further amendments or integrations
Using the images acquired during the didactic activities for advertisement and communication campaigns from the Fondazione, after receiving the written consent of the interested party or of someone acting on his/her behalf
Using the biographical data to perform the didactic/educational activities, after receiving the written consent of the interested party or of someone acting on his/her behalf
Verify, exercise or defend a right in a court of law or an extrajudicial setting, regarding the use of the images acquired during the didactic activities
Treating the functional data in order to fulfil those obligations is necessary for managing the relationship and the data must be provided in order to realise the above-mentioned goals. If one or more compulsory data are not communicated, or are wrong, the Data Controller won’t be able to ensure the consistency of the treatment itself. The Data Controller can acquire personal data on the state of health pursuant to art. 9 of the EU Regulation n. 2016/679.

AUTHORISED PERSONS TO PROCESS THE DATA AND HOW THE DATA ARE PROCESSED
The data will be exclusively processed by the authorised personnel of Fondazione MAXXI, on paper and/or electronically (paper or electronic files).

SCOPE OF DATA TRANSFERS
The personal data acquired by Fondazione MAXXI can be communicated to third parties that can be designated as persons responsible for the data treatment in accordance with the law. In particular, data can be communicated to:
Health Authorities
Law enforcement agencies/police
Social networks
Social media
Communication agencies
Consultants and professionals, even as associates
Fondazione doesn’t transfer data abroad. The precise list of personal data recipients is available upon request from the interested party. Fondazione communicates to the recipients of the interested party’s personal data any adjustments, cancellations, treatment restrictions, apart from anything that would be impossible or that would imply a disproportionate effort.

DURATION OF DATA STORAGE
In line with the principles of legality, restriction of purpose and minimising the data, personal data are processed as follows:
For a period no longer than the duration of a state of emergency
For a period no longer than what is needed to realise the purpose for which the data was collected and treated and in line with the compulsory period of time by law
After realising the purpose for which the data were collected and treated, the data can be kept through techniques which do not directly link the images to the interested parties
At any time, the interested party can request that his/her own data are cancelled, at the conditions provided for in art. 17 of the European Regulation.

RIGHTS OF THE INTERESTED PARTIES
Regarding the data provided, the interested party can request to Fondazione MAXXI:
• to access his/her own data
• to rectify, update or add to his/her own data
• to cancel, anonymously modify or freeze his/her own data treated in breach of the law
• to certify that the above-mentioned transactions have been communicated to those to whom the data have been transferred or disseminated, except in the cases provided for by the law
• to limit the treatment of his/her own data
• to oppose the treatment of his/her own data
• to not being subject to automated processes, including profiling
• to be able to transfer his/her own data
• to revoke any consent granted in the past, at any time
• to make a claim to the “Autorità Garante per la Protezione dei dati personali” (the authority for personal data protection)
Revoking the consent which was given in the past can be done at any time and without prejudice to the legality of the treatment, in writing to: privacy@fondazionemaxxi.it.
The person responsible for the protection of personal data at the Fondazione MAXXI can be reached by email at dpo@fondazionemaxxi.it or via ordinary post to the address Via G. Reni n. 4/A – 00196 Rome.

UPDATES
Fondazione MAXXI reserves the right to modify or add to the above-mentioned information, including as a consequence of regulatory amendments.