Privacy Policy

Privacy Policy

Privacy Policy

PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679
Pursuant to and for the purposes of Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation), the implementing provisions of Legislative Decree no. 196 of 30 June 2003, as amended and supplemented by Legislative Decree no. 101 of 10 August 2018, and of Regional Council Resolution no. 466 of 17/07/2018,
We inform you about the methods of processing the personal data of users who interact with the website of the Digital Ecosystem for Culture of the Campania Region starting from the address https://cultura.regione.campania.it , on their rights and how they can exercise them.

This information does not apply to other sites, pages, or online services, even if they are attributable to the Regional Administration, which can be reached via hyperlinks published on the portal but refer to resources outside the regional domain.

1. DATA CONTROLLER
Art.13, par.1, letter. a and art. 14, par. 1, letter. a of Regulation (EU) 2016/679 and DRG no. 466 of 17/07/2018.

Following consultation of the portal, data relating to identified or identifiable natural persons may be processed. The Data Controller of the personal data referred to in this Policy is the Campania Region, represented by its President, with registered office at Via Santa Lucia 81 - 80132 - Naples - Toll-free number 800.550.506.
In accordance with Regional Council Resolution No. 466 of July 17, 2018, all Managers serving in the Regional Administration are authorized, each for their own area of ​​responsibility, to process personal data in carrying out their assigned duties, as provided for in their respective individual employment contracts.
Your data will be processed in accordance with the principles of lawfulness, fairness, transparency, security, and confidentiality. Processing will be carried out primarily in a non-automated manner, in compliance with Article 32 of Regulation (EU) 2016/679, by specifically appointed persons and in compliance with Article 29 of Regulation (EU) 2016/679.

2. DATA PROTECTION OFFICER
Art.13, par.1, letter. b and art. 14, par. 1, letter. b of Regulation (EU) 2016/679.

We also provide the contact details of the Data Protection Officer: Dr. Eduardo Ascione, tel. 0817962413, email dpo@regione.campania.it.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
Art.13, par.1, letter. c and art.14, par.1, letter. c of Regulation (EU) 2016/679

Personal data is processed by the Region in the performance of its public interest tasks or in any case connected to the exercise of its public powers, including the management and protection of cultural heritage and related communication activities.
The personal data you provide will be processed solely for purposes strictly related and necessary to the use of the portal and any services requested, or for purposes related to conducting research, analysis, and statistics, sending informational materials, and updates on regional government initiatives and programs.
If the Data Controller intends to further process personal data for a purpose other than that for which they were collected, prior to such further processing, the Data Controller shall provide the data subject with information regarding such other purpose and any other relevant information.

4. TYPES OF DATA PROCESSED AND PURPOSE OF THE PROCESSING

Browsing data
The computer systems and software procedures used to operate the regional portal acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user's operating system and IT environment. This data is used solely to obtain anonymous statistical information on the use of the portal and to verify its proper functioning, and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cybercrimes against the portal.

Data communicated by the user
The optional, explicit, and voluntary sending of messages to the Campania Region contact addresses on the portal, private messages sent by users to institutional profiles/pages on social media (where this option is available), as well as the completion and submission of forms on the regional portal, entail the acquisition of the sender's contact information, necessary for a response, as well as all personal data included in the communications.
Specific information will be published on the dedicated pages of the regional portal for the provision of certain services..

Cookie
This site uses technical cookies, for which, pursuant to Article 122 of the Personal Data Protection Code and the Provision of the Italian Data Protection Authority of May 8, 2014, no consent is required from the interested party. Cookies are not used to profile users, nor are other tracking methods employed. Technical cookies are used strictly to the extent necessary for safe and efficient navigation of the sites. Further information on the Cookie Policy can be found on the dedicated page..

 

5. PLACE, METHODS AND RECIPIENTS OF THE TREATMENT
Personal data is processed at the Data Controller's or Data Processors' offices using automated tools for the time strictly necessary to achieve the purposes for which it was collected, in compliance with the confidentiality and security rules established by current legislation.
Specific technical and organizational security measures are adopted to protect information from alteration, destruction, loss, theft, or improper or unlawful use. Processing related to the web portal services is handled only by authorized and trained technical personnel, or by the Data Processors designated by the Data Controller pursuant to Art. 28 of the Regulation.
No data derived from the portal's web services is disclosed. Personal data provided by users who submit requests for information and suggestions is used solely to perform the requested service and may be disclosed to other personnel authorized to process data within the Campania Region or to other public or private entities only when required by law or strictly necessary to provide the information you request.

 

6. DATA RETENTION PERIOD
Art.13, par.2, letter. a) and art.14, par.1, letter. a) of Regulation (EU) 2016/679

In compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to art. 5 of Regulation (EU) 2016/679, personal data will be retained for the entire duration of the activities aimed at fulfilling the institutional tasks of the Campania Region's Digital Ecosystem for Culture.
Personal data may be retained for longer periods to be processed exclusively for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89, paragraph 1, of Regulation (EU) 2016/679.
This does not apply to cases where issues relating to the Office's activities need to be asserted in court. In this case, the Data Subject's personal data, exclusively those necessary for such purposes, will be processed for the time strictly necessary to pursue them.

7. RIGHTS OF INTERESTED PARTIES
Art.13, par.2, letter b and art.14, par.2, letter c of Regulation (EU) 2016/679 and of DGR no. 466 of 17/07/2018
We inform you that you may exercise the rights set forth in Regulation (EU) 2016/679, which are described in detail below.

  • Right of access ex art. 15
    You have the right to obtain from the Data Controller confirmation as to whether or not your personal data is being processed, to know its content and origin, to verify its accuracy, and, if so, to obtain access to the data. In any case, you have the right to receive a copy of the personal data being processed..
  • Right of rectification ex art. 16
    You have the right to obtain from the Data Controller the integration, updating, and rectification of your personal data without undue delay.
  • Right to erasure ex art. 17
    You have the right to obtain from the Data Controller the erasure of your personal data without undue delay, in cases where one of the circumstances set out in Article 17 applies (personal data no longer necessary for the purposes for which they were collected or processed, withdrawal of consent and lack of other legal basis for processing, personal data processed unlawfully, exercise of the right to object, etc.).
  • Right to restriction of processing ex art. 18
    You have the right to obtain from the Data Controller restriction of the processing of your personal data in the cases expressly provided for by the Regulation, namely when: you contest the accuracy of the data, the processing is unlawful and you request that its use be merely limited, the data is necessary for the establishment, exercise, or defense of legal claims, or you have objected to the processing for legitimate reasons. If processing is restricted, your personal data will only be processed with your explicit consent. The Data Controller is required to inform you before the restriction is lifted.
  • Right to data portability ex art. 20
    Where processing is carried out by automated means, the data subject has the right to the portability of his or her personal data, where the processing is based on consent or a contract, as well as the direct transmission of such data to another data controller, where technically feasible.
  • Right of opposition ex art. 21
    You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data. In any case, the Data Controller will balance your interests with the compelling legitimate grounds for processing (including, for example, the establishment, exercise, and defense of legal claims, etc.).
  • Right to complain ex art. 77
    Data subjects who believe that the processing of their personal data through this site violates the provisions of the Regulation have the right to lodge a complaint with the Data Protection Authority (Garante per la protezione dei dati personali), or to take appropriate legal action (Article 79 of the Regulation). Further information regarding your rights regarding the protection of personal data is available on the Authority's website at https://www.garanteprivacy.it.