Fondazione Cinema per Roma (“Fondazione”) protects the privacy of personal data and guarantees the necessary protection against any event that might place it at risk of violation.
Pursuant to the Regulations of the European Union n. 679/2016 (“GDPR”), and in particular art. 13, below the user (“Person Involved “) will find all the information required by law that concerns the processing of his/her personal data.
Who we are and what data we process (art.13, 1° comma lett. a, art. 15, lett. b GDPR)
Fondazione, in the person of its legal representative p.t., headquartered in Rome (RM, Viale Pietro De Coubertin n.10), is designated as the Controller and may be contacted at the e-mail address firstname.lastname@example.org, and collects and/or receives the information regarding the Person Involved, such as:
|Category of data||Examples of the typology of data|
|Biographical and contact data||name, surname, physical address, nationality, province and city of residence, landline and/or mobile phone, fax, tax number, e-mail addresses|
|Banking data||IBAN and banking/postal data (with the exception of the credit card number)|
|Telecommunications traffic data||Log, IP address of origin.|
The Controller has named a Data Protection Officer (DPO) who may be contacted for any information and request:
For any information or request the Person Involved may contact us at the following email address:
The purposes for which we need the data of the Person Involved
The Controller needs the data to act on the request for registration, to provide Services and/or for participation in the cultural events promoted by Fondazione, to manage and implement the requests for contact submitted by the Person Involved, to provide assistance, to fulfil legal and regulatory obligations to which the Controller is subject in light of its activities.
In no case does Fondazione resell the personal data of the Person Involved to third parties, nor does it use it for unstated purposes.
In particular, the data of the Person Involved will be processed for:
- a) biographical registration and requests for contact and/or information
The personal data of the Person Involved is processed to initiate the preliminary activities consequent to the request for registration, to manage the requests for information and contacts and/or for information material, and to fulfil any obligation deriving from it.
The legal basis for this processing is to provide the services inherent to the request for registration, for information and for contact and/or to send information material, and the fulfilment of legal obligations.
- b) managing the contract
The personal data of the Person Involved is processed to initiate the preliminary activities consequent to the contractual obligations, the use of services and/or participation in the cultural events produced by Fondazione, the purchase of tickets and accreditations, the relative invoicing and handling of payment, the processing of claims and/or notifications to the assistance service and the provision of the assistance itself, the prevention of fraud and fulfilment of every other obligation deriving from the contract. The legal basis for this processing is the provision of the services inherent to the contract and the respect of legal obligations.
- c) advertising for events promoted by the Fondazione inherent to the services underwritten by the Person Involved
The Controller may, even without explicit consent, use all the contact data provided by the Person Involved for promotion, but only in the case of activities similar to those that were underwritten, unless the Person Involved explicitly denies consent.
- d) advertising for services different from those already underwritten by the Person Involved
The personal data of the Person Involved may be processed for purposes of commercial promotion, for surveys and market research, with regard to Services that the Controller offers only if the Person Involved has authorized processing and has not denied consent.
This processing may take place automatically using the following means:
– text message;
– telephone contact which may take place:
- if the Person Involved has not revoked his consent for use of the data;
2. if, in the case that the processing is taking place by contact with a telephone operator, the Person Involved is not registered in the Registro delle Opposizioni as per D.P.R. n. 178/2010;
- e) cybersecurity
The Controller, as stated in art. 49 of the GDPR, may process the personal data of the Person Involved relative to traffic, even through his own suppliers (third parties and/or recipients), in the measure strictly necessary and proportioned to guarantee the security of networks and information, i.e. the capacity of a network or information system to resist, at a given level of security, unexpected events or illegal or malicious acts that compromise the availability, authenticity, integrity and privacy of stored or transmitted personal data.
The Controller will promptly inform the Persons Involved, should there be a particular risk of breach of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relative to the notification of personal data breach
The legal basis of such processing is the respect of legal obligations and the legitimate interest of the Controller to process data for purposes inherent to the protection of company assets and the security of Fondazione’s venues and systems.
- f) profiling
The personal data of the Person Involved may also be processed for the purposes of profiling (such as the analysis of the transmitted data and of the chosen Services and/or events, to propose advertising messages and/or market offers corresponding to the choices expressed by the users themselves) exclusively in the case that the Person Involved has provided explicit informed consent. The legal basis for this processing is the consent expressed by the Person Involved in advance of the processing itself, which may be freely revoked by the Person Involved at any time (see Section III).
- g) fraud prevention
- The personal data of the Person Involved, except for special categories of data (Art 9 GDPR) or data pertaining to criminal records (Art. 10 GDPR) will be processed to allow oversight with the purpose of monitoring and preventing fraudulent payments, using software systems that perform automatic controls in advance of the sale of Services/Products;
- Should these controls produce a negative result, the transaction will not be made; the Person Involved may in that case express his/her opinion, receive an explanation i.e. protest the decision motivating his reasons at the email address email@example.com;
- The personal data collected solely for the purposes of anti-fraud control, unlike the data necessary for the proper delivery of the service requested, will be cancelled immediately at the end of the control phase.
- h) protection of minors
The services offered by the Controller are reserved for subjects legally allowed, on the basis of national law, to enter into contractual obligations.
With the aim of preventing illegal access to his services, the Controller will enact prevention measures to protect his legitimate interest, such as verifying tax numbers and/or other measures of oversight, when necessary for specific Services and/or Events, to verify that the data on the identity documents issued by competent authorities is correct.
Communication to third parties and categories of recipients
The personal data of the Person Involved is communicated primarily to third parties and/or recipients whose work is necessary to conduct the activities inherent to the relationship established with the Person Involved and to respond to certain legal obligations such as:
|Categories of recipients||Purposes|
|Employees and collaborators||Promotion of the activity, performance of services, customer accounting, Archives, selection of employees and collaborators and for all legal obligations.|
|In-house consultants||Administrative, accounting functions linked to the performance of services.|
|Third party suppliers||Provision of services (assistance, maintenance, delivery/sending of products, provision of additional services, suppliers of networks and services of electronic communication) linked to the service requested.|
|Credit and digital payment institutions, Banks and Post offices||Management of proceeds, payments, refunds connected to the contractual service|
|Professionals/outside consultants and Consulting companies||Fulfilment of legal obligations, exercise of rights, protection of contractual rights, credit collection.|
|Tax Authorities, Public Entities, Legal Authorities, Supervisory and Control Authorities||Fulfilment of legal obligations, protection of rights; lists and registers held by public Authorities or similar entities on the basis of specific laws, in relation to the contractual service|
|Formally-delegated subjects or having legally recognised eligibility||Legal representatives, curators, tutors, etc.|
* The Controller enforces the respect of his Third-party suppliers and Data Protection Officers of security measures equal to those adopted towards the Person Involved, restricting the Data Protection Officer’s range of action to the processing connected to the requested service.
The Controller does not transfer your personal data to countries that do not apply the GDPR (non-European countries) except on the basis of specific indications to the contrary of which you will be informed in advance and if necessary your consent will be requested.
The legal basis for this processing is to fulfil the services inherent to the relationship established with the Person Involved, the respect of legal obligations and the legitimate interest of Fondazione to process the data as needed for these purposes.
What happens if the Person Involved does not supply his identification data as required for the purposes of providing the requested service?
The collection and processing of personal data is necessary to respond to the request for services and to provide the Services and/or Product requested. Should the Person Involved not provide the personal data expressly indicated as necessary in the order form or registration form, the Collector will be unable to pursue the processes for the management of the requested services and/or contract and the Services/Products involved, nor the obligations that depend on it.
What happens if the Person Involved does not express his consent to the processing of personal data for the commercial promotion of Services/Products different from those he purchased?
In the case that the Person Involved does not give his consent to the processing of personal data for these purposes, the processing will not take place for these same purposes, and will not affect the provision of the services requested, nor those for which He has already given his consent, if asked.
If the Person Involved has given his consent and later revokes it or denies consent to process his data for the purposes of promotional activities, his data will no longer be processed for these activities, without any consequences or negative effects on the Person Involved or the services requested.
How we process the data of the Person Involved
The Controller arranges for the adoption of adequate security measures to protect the privacy, integrity and availability of the data of the Person Involved and enforces similar security measures on his third-party suppliers and Data Protection Officers.
Where we process the data of the Person Involved
The personal data of the Person Involved is stored on paper, computer or electronic files located in countries that apply the GDPR (EU countries).
How long is the personal data of the Person Involved stored?
Unless he expresses his explicit wish to cancel it, the personal data of the Person Involved will be stored as long as necessary to pursue the legitimate purposes for which it has been collected.
In the case of data supplied to the Controller for the purposes of advertising and promotion for services different from those purchased by the Person Involved, for which he initially gave consent, it will be stored for a period of time limited to the provision of the services and the pursuit of the finalities for which it has been collected, unless consent is revoked.
In the case of data supplied to the Controller for the purposes of profiling, it will be stored for a limited period of time, again unless consent is revoked.
It should also be added that, in the case a user submits personal data to the Fondazione that has not been requested or is not necessary to perform the service requested or to provide a service and/or participation in a strictly-connected Event, Fondazione may not be considered to be the Controller of this data, and will cancel it as quickly as possible.
Independently of the determination of the Person Involved to have it removed, the personal data will in any case be stored according to law and national regulations, with the exclusive purpose of guaranteeing specific fulfilment of certain Services (Use of Internet services such as WIFI, etc.)
Similarly, the personal data will be stored in any case for the fulfilment of obligations (such as fiscal and accounting obligations) that persist even after the contract has ended (art. 2220 civil code); for these purposes the Controller will store only the data necessary to fulfil them specifically.
Exception is made for cases in which the rights deriving from the contract and/or registration must be defended in court, in which case the personal data of the Person Involved, but only the data necessary for these purposes, will be processed for the time necessary to this end.
What are the rights of the Person Involved?
The Person Involved has the right to obtain the following from the Controller of the processing:
- a) confirmation whether his personal data is being processed and in that case, to obtain access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data has been or will be communicated; in particular if the recipients are from third-party countries or international organizations;
- when possible, the length of time that the personal data will be stored, or if this is not possible, the criteria used to determine this length of time;
- the existence of the right of the Person Involved to ask the Controller of the processing to correct or cancel the personal data or limit the processing of the personal data that concerns him or to deny consent to process it;
- the right to make a claim to a supervisory authority;
- if the data was not collected from the Person Involved, acquire all available information as to its origin;
- the existence of an automatic decision-making process, including profiling and, at least in these cases, significant information on the logic that was used, as well as the importance and consequences of this processing for the Person Involved.
- adequate guarantees provided by the third-party Country (non-EU) or an international organization to protect any data transferred
- b) the right to obtain a copy of the personal data being processed, as long as this right does not undermine the rights and freedom of others; in the case of a request by the Person Involved for additional copies, the Controller of the processing may charge a reasonable fee for expenses based on administrative costs.
- c) the right to obtain the correction of inaccurate personal data that regards him from the Controller of the processing without unjustified delay
- d) the right to obtain the cancellation of personal data that regards him from the Controller of the processing without unjustified delay, if the conditions laid out in art.17 of the GDPR exist, such as for example in the case in which it is no longer necessary for the purposes of the processing or if this is assumed to be illegal, and if the conditions set out by law exist; and in any case if the processing is not justified by an equally legitimate motive;
- e) the right to obtain the limitation of processing from the Controller of the processing, in the cases envisioned by art.18 of the GDPR, for example in cases in which you claim they are inaccurate, for the time necessary for the Controller to verify their accuracy. The Person Involved must be informed, within an appropriate frame of time, even of when the period of suspension is over or the cause for the limitation of the processing has expired, or when the limitation itself is revoked;
- f) the right to obtain communication from the Controller of the recipients to whom the requests for any corrections or cancellations or limitations of the processing have been transmitted, except in the case that this is impossible or it implies a disproportionate effort.
- g) the right to receive the personal data that regards him in a structured format, commonly used and legible on an automatic device and the right to transmit this data to another Controller of the processing without any impediment on the part of the Controller of the processing to whom he provided it, in the cases envisioned by art. 20 of the GDPR, and the right to obtain the direct transmission of the personal data from one Controller of the processing to another, if technically feasible.
For any further information and in any case to send your request, you must write to the Controller at the e-mail address firstname.lastname@example.org. In order to guarantee that the above-mentioned rights are exercised by the Person Involved and not by unauthorized third parties, the Controller may ask him to provide any further information necessary for this purpose.
How and when may the Person Involved deny consent to the processing of his personal data?
For reasons relative to the particular situation of the Person Involved, he himself may at any time deny consent for the processing of his personal data if it is founded on legitimate interest or it is done for activities of commercial promotion, sending his request to the Controller at the e-mail address email@example.com.
The Person Involved has the right to cancellation of his personal data if there is no legitimate motive of the Controller that prevails over the one that originated the request, or in any case if the Person Involved has denied consent for the processing for activities of commercial promotion.
To whom may the Person Involved present a claim?
If the Person Involved believes that his requests to exercise his rights have not been answered, the Person Involved may present a claim to the supervisory authority competent in the nation of Italy (Autorità Garante per la protezione dei dati personali), or to the authority that is designated to this task and exercises its powers in the Member State in which the breach of the GDPR has occurred.
Analysing them in detail, our cookies allow us to:
memorise the user’s preferences;
avoid re-inserting the same information over and over during the visit, for example user name and password;
analyse the use of services and contents provided by www.romacinemafest.it to optimise the browsing experience and the services offered.
Typologies of Cookies
This type of cookie helps certain sections of the Website function correctly. There are two different categories: persistent and session.
persistent: when the browser is shut down, they are not destroyed but remain through a pre-set expiration date.
session: these are destroyed every time the browser is shut down.
These cookies, which are always sent from our domain, are necessary to view our website correctly and with respect to the technical services it offers, will always be used and sent, unless the user modifies the settings in his browser (thereby impairing the visualisation of the website pages).
The cookies in this category are used to collect information on the use of the website. www.romacinemafest.it will use this information for anonymous statistical analyses with the aim of improving the use of the Website and making the contents more interesting and relevant to the desires of the users. This typology of cookie collects data on the user’s activity and how he landed on the Website, in anonymous form. The tracking cookies are sent by the Website itself or by third-party domains.
These cookies are used to collect information in anonymous form on the use of the Website by its users, such as: pages visited, how long they stayed on those pages, the origins of the traffic, geographical provenance, age, gender and interests for purposes of marketing campaigns. These cookies are sent by third-party domains outside the Website.
Cookies to integrate third-party software products and functions
This typology of cookie integrates functions developed by third parties inside the pages of the Website such as the icons and preferences expressed on social networks with the aim of sharing the website contents or the use of third-party software services (such as software to generate maps and other software offering additional services). These cookies are sent by third-party domains and by partner websites that offer their functions on the pages of the Website.
These are the cookies necessary to create user profiles in order to send advertising messages that align with the preferences expressed by the user on the pages of the Website.
www.romacinemafest.it, according to current law, is not required to ask for consent for technical and tracking cookies, to the extent that they are necessary to provide the services required.
For all other cookie typologies, consent may be expressed by the User in one or more of the following ways:
- Through specific configurations of the browser or the computer programmes used to browse the pages that make up the Website.
- By changing the settings for the use of third-party services
- Both these solutions may prevent the user from using or visualising parts of the Website.
Websites and third-party services
The website may contain connections to other Websites that have their own privacy policies that may differ from those adopted by www.romacinemafest.it, and is therefore is not responsible for these websites.
List of cookies
|Cookie||Domain||Expiration date||Third-party Cookies||Permanent
|qtrans_front_language||www.romacinemafest.it||15 September 2017 at 10:43||364 days||Permanent Cookies|
|metrics_token||.syndication.twitter.com||28 October 2016 at 10:43||42 days||Third-party
|PHPSESSID||www.romacinemafest.it||28 October 2016 at 10:43||42 days||Permanent Cookies|
Last update Thursday, September 15th 2016
Information on cookies
The PHPSESSID is widespread in projects developed in Linux environments. This is a technical cookie and it stores an alpha-numerical value that identifies the user’s session. This cookie is eliminated after the browser is shut down and it memorizes no personal information.
How to disable cookies with the browser settings
If you wish to find out more about the ways your browser memorizes cookies as you browse the web, we invite you to look up the following links on the websites of their respective suppliers.
Mozilla Firefox https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Google Chrome https://support.google.com/chrome/answer/95647?hl=it
Internet Explorer http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies
Safari 6/7 Mavericks https://support.apple.com/kb/PH17191?viewlocale=it_IT&locale=it_IT
Safari 8 Yosemite https://support.apple.com/kb/PH19214?viewlocale=it_IT&locale=it_IT
Safari su iPhone, iPad, o iPod touch https://support.apple.com/it-it/HT201265