On 6 April 2016, the European Union approved an important reform of the regulatory framework for the protection of personal data by adopting the “General Data Protection Regulation” (GDPR or Regulation), directly applicable in the Member States. The Regulation replaces Directive 95/46 / EC (“Data Protection Directive”) and its application becomes mandatory starting from 25 May 2018, two years after its entry into force.
The new Regulation strengthens the protection of the right to the protection of personal data (Data Protection), in line with the recognition of the protection of personal data as a fundamental right of the EU. The Regulation also represents a necessary and urgent response to the challenges posed by technological developments that allow the collection and processing of large amounts of personal data in real time, allowing the development of automated decisions that go beyond human intervention. The Regulation meets the need to protect the private sphere, which is increasingly felt by European citizens.
This information is intended to make the personal data (from here on, “Data”) known with the maximum transparency and confidentiality to the Jewish Community of Rome (hereinafter also the “Community”), based in Largo Stefano Gaj Taché – Synagogue – 00186 Roma (RM), as Data Controller, collects through his Website museoebraico.roma.it (hereinafter the “Website”) and how these Data are used in compliance of current legislation on the protection of personal data.
The Community, in order to provide the services offered through the Website, may make use of third parties, who will act on its behalf as Data Processors by virtue of a specific appointment. The Data may also be brought to the attention of subjects who will operate as “persons authorized to process”.
No Data will be disseminated.
Place of data processing
The processing operations connected to the Website and to the services provided by the Community take place at the headquarters of the Community and are only handled by the personnel in charge of the processing, or by any persons in charge of maintenance operations.
The data deriving from the services offered within the Website can be communicated to the technological and instrumental partners used by the Community for the provision of the services requested by the users.
The personal data provided by users, visitors who forward requests for information or other communications are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose.
Type of data acquired
When a user visits the Community Website, certain information may be collected or requested in order to improve the browsing experience or to facilitate the Community in managing the relationship with the user. This information may include:
contact details such as name, surname, e-mail address and telephone number;
data provided by the user in order to receive information or to make a donation;
data deriving from technical cookies described below.
Purpose in the use of user data
The information is reserved for the processing of personal data of users who consult the Website for the purposes specifically identified below:
verify the identity of the user to answer questions or for the purpose of a donation;
manage the subscription request to the newsletter service that the user has made on the Website by subscribing to the mailing list;
allow the provision of services by guaranteeing the Community compliance with legal requirements;
to fulfill a legal obligation, regulations or provisions of the judicial authority, as well as to defend a right in court.
Processing and storage methods
Data processing is carried out using automated tools (for example using electronic procedures and supports) and / or manually (for example on paper) for the time strictly necessary to achieve the purposes for which the Data was collected by offer users the browsing experience and allow them to use the services requested by them and in any case in compliance with the regulations in force on the subject.
The Owner has adopted technical and organizational measures aimed at ensuring an adequate level of security to the risk according to the provisions of art. 32 of the GDPR, so as to prevent the loss of the Data, unlawful or incorrect use and unauthorized access.
The information collected by the Community is stored on its own systems and in any region the suppliers used by the Community operate. The retention period of the data acquired is