Privacy Policy and Processing of Personal Data

This communication is made available to you – pursuant to Articles 13 and 14 of the European Regulation 2016/679 on the protection of personal data (“Regulation” or “GDPR”) – and is addressed to those who interact with the web services accessible electronically from this website (“website or site”). The purpose of this Notice is to inform you about how we process personal data about you.

INFORMATION PURSUANT TO ART. 13 OF REG. EU NO. 679/2016 (“GDPR“)

This policy describes which of your personal information is collected by the City of Alexandria and the Borsalino Foundation (referred to in this policy as“we“), for what purposes, and how it is processed. Below you will also find the information you need to exercise your rights under the GDPR.

In general, we collect your information when you make a visit to the “Borsalino Museum” in Alexandria (hereinafter the “Museum“) using this application (hereinafter the “App“) or register on it. Please note that the personal data collected on these occasions will be processed for the purpose of enabling you to enjoy the Museum and the App (e.g., to enjoy the immersive experience of the Museum itself), as outlined below.

1. Who processes your data: the data controllers

The Municipality of Alessandria (hereinafter the “Municipality“), with registered office in 15121 – Alessandria, Piazza della Libertà 1, email: dpo@comune.alessandria.it and the Borsalino Foundation, with registered office in Corso Garibaldi 122 -15048- Valenza (AL) (hereafter the “Foundation“) email: privacy.fondazioneborsalino@gmail.com are co-owners of the processing of your data.

Pursuant to Art. 26 GDPR, we inform you that the Municipality is the owner of the processing of your personal data necessary in connection with the monitoring, updating and development of the App, through Saas access to the relevant dashboard.

Pursuant to Art. 26 GDPR, we inform you that the Foundation is the data controller of your personal data necessary for: the management of your experience at the Museum (reservation, visit) and for your use of the App always for the purpose of the museum offer towards you.

2. What data we process – Type of data processed

Your contact and account information. We will process and retain the contact information you provide to us (username, password, first name, last name, email) when you use the App.

Beacon detection. We will process, only if you were using the App in the corresponding feature and only during your visit to the Museum, the possible detection by bluetooth of your proximity at one of the Museum’s beacons, through which you will enjoy the multimedia content provided by the beacon itself. The detection will not communicate your geolocated location (thus with the use of coordinates) and will be done in case of activation of the bluetooth functionality on your mobile device where the App is installed.

3. Where we get your data – Mode of data collection.:

Directly from you. For example, if you register with the App and/or use it, even at the Museum. If you do not provide us with your information, you will not be able to register on the App and enjoy the services and experience associated with it at the Museum.

4. Why and for how long we process your data. – Purposes and legal basis for data processing; retention period – nature of conferment

To provide you with services related to the Museum and the App (including the ability to create and manage your account on the App). For example, we will use your information to manage your requests to use the Museum’s multimedia experience and, in general, regarding your ability to take advantage of everything made available by the Museum itself and the App.

The legal basis for this processing is the performance of a contract to which you are a party.

The period of retention of your data will be equal to the period of activity of your account on the App, which, in any case, will be deactivated after 6 months from the last access or activity.

Providing your information to register your account on the App is necessary; without it, you will not be able to enjoy the Museum content made available through the App. In any case, failure to use the App, i.e., failure to activate the Bluetooth feature on the relevant device, will in no case constitute a limitation for you to access the Museum.

5. Transfer of data

Your data will not be transferred to third countries outside the European Union.

6. With whom we share your data – recipients of personal data

Provided that, where required by law, we will obtain your prior consent and carry out any formalities required by law, we may share your data with the following third parties (including as external data controllers):

Our service providers. We may share your data with third parties so that they can provide services to us but in that case we will enter into an agreement that complies with Art. 28 GDPR aimed at protecting your data. These individuals come into possession only of the data necessary for the performance of their functions and may use it only for the purpose of performing such services on our behalf or to comply with legal requirements. You can learn the details of these data controllers under Art. 28 GDPR by contacting us by email at dpo@comune.alessandria.it and privacy.fondazioneborsalino@gmail.com.

Where we believe we must do so to comply with legal obligations or in order to judicially protect us, or third parties. Where permitted or required by law, we may also share data requested by a government agency or other authorized entity or organization in order to protect or exercise our or third parties’ rights, or in order to limit or prevent fraud and other wrongdoing.

7. Security Measures.

We take the security measures required by law.

We take security measures to protect your data. The standard security measures we use depend on the type of data we process and meet the requirements of the law and the standards of European government agencies.

8. Your rights

You can contact the City and the Foundation to request access to your personal data, rectification, deletion of your personal data or restriction of processing, to object to processing, and to request portabilitỳ of your data; you can also revoke consent at any time (this will not affect the lawfulness of processing based on consent given before revocation).

When you exercise your right of access, you have the right to know whether your data is being processed, what the purpose of the processing is, what categories of data are being processed, who are the recipients or categories of recipients to whom your data are disclosed (and, if they reside in a third country on the basis of what safeguards), the retention period of your data (or the criteria for determining the retention period), whether any automated processing (e.g., by profiling) is taking place and what the rationale for such processing is, the origin of the data (if not initially collected by us).

You have the right to lodge a complaint with the Data Protection Authority and to request from joint data controllers, at any time, information about the data controllers and the persons authorized by the data controllers to process your data and about the content of the joint data controller agreement provided for in Art. 26 GDPR.

You can exercise your rights by contacting either the City Council (at the contact information above or by sending an e-mail to dpo@comune.alessandria.it) or the Foundation (at the contact information above or by sending an e-mail to privacy.fondazioneborsalino@gmail.com).

10. What we do if we change this policy

We may make changes to our privacy policy. We will also post an updated version on our website. It will have a different date from the one shown below. Please check the site periodically for updates.

V 4.2_20230118