PRIVACY POLICY

In compliance with the provisions of EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), this privacy policy has the purpose of informing users (hereinafter also referred to as data subjects) of this website of how it collects, shares and uses personal information and how data subjects can exercise their rights to protect their privacy.

DATA CONTROLLER

Teatro Stabile del Veneto Carlo Goldoni with registered office in Venezia, San Marco 4650/b, Tel. 0412402011, E-mail info@teatrostabileveneto.it, PEC teatrostabileveneto@pec.it, in the person of the legal representative.

DATA PROTECTION OFFICER (DPO)

tel. 0490998416, E-mail dpo@robyone.net, PEC dpo.robyone@ronepec.it

TYPES OF PERSONAL DATA

The Personal Data processed may be freely provided by the user or, in the case of usage data, collected automatically while browsing the website. The user assumes responsibility for the Personal Data of Third Parties obtained, published or shared through this website and guarantees that he/she has the right to communicate or disseminate them, realising the Data Controller from any third-party liability. The types of data processed are:


Browsing data
During their normal operation, the software procedures and IT technological systems, used to operate this website, collect some Personal Data. The transmission of such data is implicit in the use of Internet communication protocols. Examples of the types of personal data we collect include: IP addresses, domain names of the computers used to connect to the website, the addresses in the notation URI of the requested resources (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server and other parameters related to the users' operative system and the users’ IT environment.


Data voluntarily provided by the user
The Personal Data that the user voluntarily provides in the registration forms (newsletter, ticket portal, etc.) are collected in order to perform the requested service. Furthermore, the explicit and voluntary submission of Personal Data through sending emails to the addresses indicated on the website implies the subsequent acquisition of the email address together with any other personal information included in the communication.


External links
The Data Controller is not responsible for the content of any other site that can be reached from this website. The existence of a hypertext link (link) to an external site does not imply that the Data Controller endorses or accepts the responsibility of the content or the use made of this site, which remains bound by European and national regulations on the matter of protection of Personal Data.

Cookies
Please refer to the relevant section.

PROCESSING PURPOSE AND LEGAL BASIS

The browsing data are acquired in order to allow the correct operation of the site. In any case, these data, although not associated with identified subjects, could allow users to be identified. Such data are used only to obtain statistics and to guarantee the correct operation of the website and they are deleted immediately after their processing.
The legal basis of the aforementioned processing is the consent of the user, pursuant to art. 6, paragraph 1, letter. a), of EU Regulation 2016/679, expressed by browsing on the site.

The data voluntarily provided by the user are collected to allow the data subject to use the services offered by the site. In particular the processing purposes are:
1. allowing the registration procedure and the purchase procedure through which are collected the Personal Data, the payment information and other similar data. In this case, the Data are processed to execute the stipulated Contract, to contact the User in relation to the Contract and process any requests connected to it. The legal basis of the aforementioned processing is represented by the Contract pursuant to art. 6, paragraph 1, letter. b), of EU Regulation 2016/679;
2. fulfilling any type of legal obligation, including tax matters. This processing is necessary for compliance with legal obligation to which the Data Controller is subject pursuant to art. 6, paragraph 1, letter. c), of EU Regulation 2016/679;
3. Sending requests to the Data Controller by contact forms, e-mail or telephone. The legal basis of the aforementioned processing is the consent of the user, pursuant to art. 6, paragraph 1, letter. a), of EU Regulation 2016/679;
4. identifying tastes, preferences, needs and consumption choices of the user and suggest the most appropriate projects, initiatives and services through the newsletter. The legal basis of the aforementioned processing is represented by the express consent of the user, pursuant to art. 6, paragraph 1, letter. a), of EU Regulation 2016/679. The consent is given by filling out the form (ticking the consent mask).

 

LOCATION OF DATA PROCESSING
The data processing is carried out at the operating premises of the Data Controller and in any other place where the parties involved in the processing are located. For further information, the user can contact the Data coller at its address details. The Data may be processed by subjects based in countries in the European Economic Area or in third countries, operating on behalf of the Data Controller and pursuant to specific contractual constraints. In the event of transfer of Data outside the EEA, the Data Controller will adopt all appropriate measures to guarantee adequate protection.


OBLIGATORY OR OPTIONAL NATURE OF DISCLOSURE OF THE DATA AND CONSEQUENCES OF REFUSAL
Except for what it has detailed about browsing data, the user can freely decide to provide personal data in order to access the services. However, the refusal to provide the data marked as mandatory would make it impossible for the user to access the services.


RECIPIENTS
The Data Controller may communicate the Personal Data to defined parties who are authorized by the Data Controller or who are involved in the management of the Site and of the related information collected (administrative staff, commercial staff, marketing staff, system administrator). Furthermore, third parties, appointed as Data Processors by the Data Controller pursuant to art. 28 GDPR, may also have access to the Personal Data. For example, Data can be communicated to Site Maintenance Manager, IT companies, technical service providers, communication agencies. Finally, your information may be shared with the competent public authorities in compliance with legal obligations.


PROCESSING METHODS
The Data Controller implements the necessary security measures to ensure that third parties do not access, distribute, disclose or modify the Personal Data. The processing is carried out with or without electronic tools, with organizational and logical measures strictly related to the processing purposes.
The Data is kept for the time necessary for the purposes for which the Personal Data are processed.

The Data collected for contractual obligations or legal obligations will be kept for the time necessary to fulfil the aforementioned obligations. The Data collected on the basis of the User's Consent may be kept until its revocation, except for a further period of conservation to comply with legal obligations or orders of an authority. At the end of the retention period, the Personal Data will be deleted and therefore, the rights of access, cancellation, rectification and portability of the Data can no longer be exercised. Please note that the data subjects can withdraw the consent given at any time. In particular the user can click on the "Manage Preferences" button at the end of each newsletter to stop receiving them.

RIGHTS OF DATA SUBJECTS
The GDPR provides several rights to data subjects. To exercise these rights the users can contact the Data Controller directly. The users can also exercise their rights at a later time and withdraw the consent previously given. In particular, in relation to the processing of the aforementioned Data, pursuant to article15 et seq GDPR, the data subjects have the following right.
Right to be informed: Data subjects have to receive correct information about the data processing, the purposes and the legal basis of the processing as well as the existence of specific rights and the way to exercise them.
Right of access: Data Subjects may request details of their Personal Information that the Data Controller holds.
Right to rectification: Data subjects may obtain the rectification of inaccurate data and the integration of incomplete personal data.
Right to restriction of processing: Data subjects may obtain restriction if the conditions described by art. 18 GDPR are met.
Right to erasure: Data subjects may obtain the erasure of personal data if the conditions described by art. 18 GDPR are met (for example when the data subject withdraws the consent).
Right to data portability: Data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. This provision applies in the event that the processing is carried out by automated means and is based on the user's consent, on a contract of which he is a party or on contractual measures connected to the same.
Right to object: the users may object to the processing of their Data if the conditions described by art. 18 GDPR are met (art. 21 GDPR). The data subjects may object to processing, on grounds relating to their particular situation, when the processing is based on public interest, on legitimate interests of the data controller or third parties, as well as when the processing has commercial purposes.


EXERCISE OF THE RIGHT
To exercise all rights as identified above, the user can contact the Data Controller or its Data Protection Officer. Requests are free of charge and processed by the Data Controller as quickly as possible, in any case within one month (except for extensions granted by law). The data subjects also have the right to lodge a complaint with the competent supervisory authority if they believe that the rights indicated here have not been recognized.


CHANGES TO THESE PRIVACY POLICIES
The Data Controller reserves the right to make changes to this information by adapting it to any regulatory, organizational and technological changes. In case of modification, the new version of this privacy policy will be published on this page and, therefore, the user is invited to review this page periodically.