Privacy

28/02/2024

Preamble
On 6 April 2016, the European Union adopted a significant reform of the legal framework governing the protection of personal data, enacting the “General Data Protection Regulation” (GDPR or Regulation), directly applicable in all member states. The Regulation replaces Directive 95/46/EC (“Data Protection Directive”) and its application became mandatory on 25 May 2018, two years after its entry into force.
The new Regulation strengthens the protection of the right to the protection of personal data (Data Protection), in line with the recognition of personal data protection as a fundamental EU right. The Regulation is also a necessary and urgent response to the challenges posed by technological developments that allow the collection and processing of large amounts of personal data in real time, enabling the development of automated decision-making processes that bypass human intervention. The Regulation addresses the increasing need for privacy felt by European citizens.

Why this Information
Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods used to process the Personal Data of users who consult the website of the Jewish Community of Rome (hereinafter also “the Community”), accessible via the internet at museoebraico.roma.it (hereinafter “Website”).
This information does not apply to other websites, pages or online services accessible via hyperlinks possibly published on the Website but referring to resources external to the museoebraico.roma.it domain.

Data Controller
The Data Controller is the Jewish Community of Rome, with its registered office at Largo Stefano Gaj Taché – Synagogue, IT-00186, Rome (RM), reachable by email at privacy@romaebraica.it.

Data Protection Officer
The Data Controller, in accordance with Article 37 of the Regulation, has appointed Dr. Ing. Rinaldo Piccolomini as the Data Protection Officer (DPO), reachable at the following email address: rpiccolomini@tiscali.it

Purpose and Legal Basis of Processing
The Personal Data of users visiting the Website is processed by the Community for the following purposes:

Verify user identity: to answer questions or for donation purposes. (Legal basis: necessary for the legitimate interest of the Controller to verify the user’s identity before proceeding with the user’s request [Article 6(1)(f) GDPR]).
Manage product or service requests: to manage requests for the purchase of a product or service of the Jewish Community of Rome. (Legal basis: necessary for the performance of a contract to which the user is a party [Article 6(1)(b) GDPR]). Providing data for this purpose is optional, but failure to provide it will prevent the request from being processed.
Send newsletters: to send newsletters to keep users informed about news and initiatives promoted by the Community. (Legal basis: expressed consent from the user through the insertion of their email address, pursuant to Article 6(1)(a) of the Regulation. In accordance with Article 7 of the Regulation, the data subject may revoke their consent at any time. Revocation, accessible via a specific link in the newsletter footer, suspends the newsletter’s delivery. Revocation does not affect the lawfulness of processing performed prior to revocation).
Website usage analysis: to gather anonymous information on Website usage and to monitor its proper functioning, identifying anomalies and/or abuse. (Legal basis: necessary for the legitimate interest of the Controller to monitor the proper functioning of the Website, to identify anomalies and/or abuse [Article 6(1)(f) GDPR]).
Personalized information and advertising: to obtain feedback on Website usage in order to display tailored information and advertising related to the user’s interests, or to collect personally identifiable information. (Legal basis: expressed consent from the user through the cookie management mask on the Website, pursuant to Article 6(1)(a) of the Regulation. In accordance with Article 7 of the Regulation, the data subject may revoke their consent at any time by adjusting cookie settings. Revocation does not affect the lawfulness of processing performed prior to revocation).
Legal, accounting, and tax obligations: to fulfil any legal, accounting, and tax obligations. (Legal basis: processing is necessary to comply with a legal obligation to which the Community is subject, pursuant to Article 6(1)(c) of the Regulation).

Personal Data Processed
When a user visits the Website, the following information may be collected for one or more of the purposes listed above:

Contact details: such as name, surname, email address, and telephone number.
Browsing data: details of the device used, browser type and settings, IP address, internet connection traffic data, technical, statistical, and marketing cookies, as further specified in the specific information presented at the Website’s footer.
Social media platforms: With regard to the processing of personal data through the social media platforms used by the Community, please refer to the information provided by these platforms through their respective privacy policies.

Processing Methods and Retention
User Personal Data will be processed using computer and telematic systems and protected through appropriate technical and organizational security measures to ensure confidentiality, integrity, and availability. User Personal Data will be retained only for the time necessary to achieve the purposes for which it was collected or for any other legitimate related purpose. Thus, if Personal Data is processed for two different purposes, we will retain it until the later of those purposes’ retention periods end. However, we will no longer process Personal Data for a purpose whose retention period has expired. Personal Data that is no longer necessary, or for which there is no longer a legal basis for retention, will be irreversibly anonymized (and may thus be retained) or deleted.
Personal Data processed to manage and respond to information requests or other communications will be kept for the time needed to manage and respond to the user’s request and subsequently deleted.
The information collected by the Community will be stored on its own systems and in any region where its service providers operate.

Categories of Recipients
Within the limits relevant to the processing purposes indicated above, the collected Personal Data may be communicated to employees, collaborators, partners, consultants, or consulting firms, private companies providing assistance and consulting services in tax and legal matters to the Controller, appointed Authorized or Responsible Parties by the Data Controller.
Personal Data will not be disseminated in any way.
The current Responsible and Authorized Parties for processing are listed in the Processing Register kept at the Community’s headquarters and updated periodically.

Data Transfer to Countries Outside the EU
Due to potential needs related to the location of service providers, the Community may share some collected data with services located outside the European Union in countries for which the European Commission has not issued an adequacy decision. In these cases, the Community undertakes to ensure adequate levels of protection and safeguards, including the use of standard contractual clauses pursuant to Article 46(2)(c) of the GDPR, possibly supplemented by additional technical, legal, and organizational measures to ensure that the level of Personal Data protection is equivalent to that of the European Union.

Data Subject Rights
Pursuant to Articles 15–21 of the GDPR, with respect to the communicated Data, the Data Subject has the right to:

Access and obtain a copy.
Request deletion/rectification.
Obtain processing restrictions.
Object to processing based on the legitimate interest of the Controller.
Receive data in a structured, commonly used, and machine-readable format and transmit it without hindrance to another controller, where technically feasible.
File a complaint with a supervisory authority: without prejudice to any other administrative or judicial recourse, the data subject who believes that the processing concerning them violates the Privacy Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which they reside or habitually work, or of the State where the alleged violation occurred.
The foregoing does not apply to information made available to third parties outside the scope of the Community.
Where processing is based on consent, pursuant to Article 7 of the GDPR, the data subject may revoke their consent at any time, without prejudice to the lawfulness of processing performed prior to revocation.
If the data subject wishes to obtain further information about the processing of their data or to exercise the aforementioned rights, they can send an email to privacy@romaebraica.it

Modifications to this Information
The Community may update this information, considering any changes to the applicable regulations or decisions of the Data Protection Authority. Interested parties are requested to regularly consult this Information to be aware of the latest updated version, and thus remain informed about the methods for collecting and using their Personal Data.

COOKIE POLICY
Preamble
The information contained in this cookie policy (the “Cookie Policy”) is provided by the Data Controller (as defined below), as a supplement to the personal data processing information, always available on the website museoebraico.roma.it (the “Website”).

Definitions
Cookies are small text files that websites send to the user’s terminal (computer, tablet, smartphone, notebook), where they are stored and then retransmitted to the same websites on subsequent visits. Depending on their duration, they are distinguished into session cookies (temporary cookies automatically deleted from the terminal at the end of the browsing session when the browser is closed), and persistent cookies (cookies that remain stored on the terminal until their expiry date or deletion by the user).
Typically, the usefulness of cookies lies in the ability to extract visitor preferences to improve website functionality and security, to simplify navigation by automating procedures (e.g., login, site language), and to analyze website usage.

Cookies Used
The following are the types of cookies used by the museoebraico.roma.it Website:

Functional cookies: Used for:
- Authentication and session management.
- Enhanced Website usability.
- Storing user-selected preferences.
Statistical cookies: Used to gain insights into Website usage, with user consent.
Marketing cookies: Used to display tailored information and advertising related to user interests, or to collect personally identifiable information.

Third-Party Cookies
The Website also allows the transmission of third-party cookies to the user’s terminal. The Community acts solely as a technical intermediary, sending these cookies, but does not manage their operation (therefore has no control or access to the information provided/acquired) as their functionality is the responsibility of the third parties. For these cookies, you can access the information and consent forms from the third parties by clicking on the links below. The third parties are:

Facebook – https://www.facebook.com/privacy/policy/
YouTube – https://policies.google.com/technologies/cookies?hl=it
Instagram – https://help.instagram.com/1896641480634370

Cookie Choices
The types of cookies used by the Website do not require user consent; however, users can disable cookies at any time using their internet browser settings. Below are links to guidelines for the most common browsers:

Mozilla Firefox
Microsoft Internet Explorer
Microsoft Edge
Google Chrome
Opera
Apple Safari

Please note that disabling technical cookies may cause navigation and service usage problems.

Privacy

Newsletter - Jewish Museum of Rome