Starting from May 25, 2018, the new European Data Protection Regulation (GDPR) came into effect.
The Archaeological Parks of Paestum and Velia are updating their policies on the management and conservation of personal data acquired and held for various purposes following the implementation of the GDPR.
The following provides information on how the Archaeological Parks manage such data and how users, as data subjects, can exercise their rights under the law.
The Data Controller of personal data is the Ministry of Culture.
The data processing related to the web services of this site takes place at the aforementioned headquarters of the Archaeological Parks and is carried out by designated technical personnel or by individuals responsible for occasional maintenance operations. No data derived from the web service is communicated or disclosed to third parties.
The personal data provided by users who submit requests for informational materials (newsletters, inquiries, brochures, documents, reports regarding services or the website, etc.) are used and stored solely for the purpose of executing the requested service or provision. They may be shared with other departments within the Parks or with other public or private entities only when necessary to provide the requested information.
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected.
Specific security measures are implemented to prevent data loss, unlawful or incorrect use, and unauthorized access.
If you wish to know what information about you has been collected in our database, request an update of your data, or ask to be removed from our database, please contact us.
Browsing data
The information systems and software procedures used for the operation of this website acquire, during their normal functioning, some personal data of users who connect to the site, the transmission of which is implicit in the use of Internet communication protocols.
These are information that is not collected to be associated with identified data subjects, but which, by their very nature, could, through processing and associations with data held by third parties, allow the identification of the aforementioned users.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
These data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and for monitoring the proper functioning of the site. The data may be used to ascertain responsibility in the event of cybercrimes affecting the site or in the investigation of crimes by the judicial authorities.
Data provided voluntarily by the user
The optional, explicit, and voluntary sending of emails and communications in general to the addresses provided on this site results in the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be provided or displayed on the pages of the site that may be set up for particular services upon request.
Personal data collected through cookies
No personal data of users is collected by the website.
In particular, no cookies are used for the transmission of personal information; only third-party persistent cookies are used for the collective tracking of the pages visited by users.
The use of session cookies (which are not persistently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow secure and efficient browsing of the site.
Additionally, session cookies used on this site prevent the use of other computer techniques that could potentially compromise the privacy of users’ browsing and do not allow for the collection of personally identifiable user data.
Except for the data specified for navigation purposes, the user is free to provide personal data in the various registration or access forms, information request forms, and in sending suggestions and reports, or to request the sending of informational materials or other communications, or to subscribe to the services offered on the site. Failure to provide such data may result in the inability to fulfill the request.
The individuals to whom the aforementioned personal data refers have the right to exercise their rights in accordance with the methods and within the limits established by the applicable privacy legislation.
In relation to the processing of personal data, the user has the right to request:
access: they can request confirmation of whether or not a data processing activity concerning them is in place, as well as further clarification regarding the information provided in this Privacy Policy, and to receive the data themselves, within reasonable limits;
rectification: they can request the correction or integration of the data they have provided or that we hold, in case it is inaccurate;
deletion: they can request the deletion of their data acquired or processed, if no longer necessary for our purposes, or in case there are no ongoing disputes, in case of withdrawal of consent or opposition to the processing, in case of unlawful processing, or if there is a legal obligation for deletion;
restriction: they can request the restriction of the processing of their personal data when one of the conditions of Article 18 of the GDPR applies; in this case, the data will not be processed, except for storage, without the user’s consent, except as explicitly stated in paragraph 2 of the same article.
objection: they can object at any time to the processing of their data based on the legitimate interest of the data controller and/or to processing for marketing purposes, including profiling; the objection will always prevail over our legitimate interest in processing their data for marketing purposes.
data portability: they can request to receive their data, or have it transmitted to another controller indicated by the user, in a structured, commonly used, and machine-readable format.
Moreover, pursuant to Article 7, paragraph 3, GDPR, the user can exercise their right to withdraw consent at any time, without affecting the lawfulness of the processing based on the consent provided previously.
The user has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Data Protection Authority (Garante per la Protezione dei Dati Personali).
It is specified that this document is an expression of the “personal data protection policy” applied by the Archaeological Parks of Paestum and Velia on this website, subject to constant review and updating.
I Parchi archeologici di Paestum e Velia sono un istituto del Ministero della Cultura dotato di autonomia speciale, iscritto dal 1998 nella lista del patrimonio mondiale UNESCO.
The Archaeological Parks of Paestum and Velia; an institute of the Ministry of Culture, with special autonomy and listed as a UNESCO World Heritage Site since 1998.
