Information on the processing of personal data of users visiting the personeper.it website pursuant to Article 13 of EU Regulation No. 2016/679

The Scuola nazionale del patrimonio e delle attività culturali (hereinafter referred to as the “School”), in its capacity as Data Controller (hereinafter referred to as the “Data Controller”) pursuant to Articles 4, n. 7), and 24 of EU Regulation 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, “EU Regulation”) informs you, pursuant to Article 13 of the Code and the EU Regulation, that it is the controller of your personal data and that it will process it for the purposes and in the manner indicated below.

1. Data controller

The data controller is the Scuola nazionale del patrimonio e delle attività culturali (hereinafter referred to as the “School”) with headquarters in Rome, Via del Collegio Romano no. 27 - 00186 Rome.

2. Data Protection Officer

Pursuant to Article 37 of the Regulation, the Data Protection Officer (DPO) is Dr. Maria Chiara Avallone, who can be contacted at the following addresses: email: rpd@fondazionescuolapatrimonio.it, certified email: rpd.scuolapatrimonio@pec.it; Via del Collegio Romano n. 27 - 00186 Rome.

3. Type of data processed

The personal data collected when you browse the personeper.it website belong to the following categories:

a) BROWSING AND USE DATA: visitor's IP address, date and time of access, pages viewed, user behavior on the website, any referring web page, browser and operating system used, device used.

4. Purposes of processing

The personal data you provide may be processed by the Data Controller for the purposes specified below:

a) PURPOSES RELATED TO THE FUNCTIONING OF THE WEBSITE AND ITS NAVIGATION: your data will be processed to enable the proper functioning of the personeper.it website and to make it possible for the User to navigate the site. Your data will also be processed for the display of content from external platforms – necessary for navigation – such as, for example: Google Fonts, YouTube Video Widgets, etc. Operations are also carried out for this purpose to resolve navigation issues detected by the Data Controller or its delegate or reported by the User. The processing may also involve the use of third-party tools (such as, for example, Google Analytics 4, Cloudflare, Netlify), which involve the communication of personal data. Browsing and usage data are collected through the use of cookies, as specified in point 7 below.

Data processed for this purpose: browsing and usage data.

Legal basis for processing: Art. 6, letter b): “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”; Art. 6, letter f): “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.”

b) WEBSITE OPTIMIZATION PURPOSES: Your data will be processed, in aggregate form, for the optimization of the website and navigation, with the aim of simplifying and improving the User's experience and interaction with the website content. Browsing and usage data are collected through the use of Cookies, as specified in point 7 below.

Data processed for this purpose: navigation and usage data.

Legal basis for processing: Art. 6, letter b): “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”; Art. 6, letter f): “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.”

c) PURPOSES RELATED TO THE AGGREGATE ANALYSIS OF WEBSITE TRAFFIC: your data will be processed for statistical purposes, in order to analyze the traffic generated on the website and user interactions on it. In this case, the data will be processed in aggregate form, including through tools provided by third parties, necessary to track user behavior. Browsing and usage data are collected through the use of cookies, as specified in point 7 below.

Data processed for this purpose: browsing and usage data;

Legal basis for processing: Article 6, letter f): “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.”

5. Mandatory or optional nature of data provision for the purposes of personal data processing

The provision of personal data processed for the purposes referred to in point a) above is necessary for browsing the personeper.it website and directly linked pages. Therefore, the consent of the data subject is not required.

In any case, it should be noted that, with regard to the data collected by the Data Controller through the use of cookies for the purposes referred to in letters b) and c) of the previous point, the data may not be provided by blocking or deleting cookies using specific functions integrated into the browser or by deselecting them in the banner displayed when the site is opened, as detailed in point 7 below.

6. Communication and dissemination of personal data for the purposes of processing

Personal data may be disclosed to operators authorized by the School who carry out their activities as data processors; it may also be disclosed to external collaborators to whom disclosure is necessary for the purposes described above. Personal data may also be communicated to other recipients, appointed pursuant to Article 28 of Regulation (EU) 2016/679, Data Processors, for the pursuit of specific purposes (e.g., entities that provide services necessary for the management of the website).

The list of any Data Processors appointed by the Data Controller is constantly updated by the Foundation.

We inform you that the data collected will not be disclosed and, except in the cases indicated above, will not be communicated without your explicit consent.

7. Use of cookies and tracking systems

Data is collected through the use of tracking systems and cookies, which are necessary for the purposes related to the proper functioning of the website and navigation (necessary cookies), or for purposes related to website optimization (“experience” cookies), or for purposes related to website traffic analysis (measurement cookies).

To learn more, Users can consult the Cookie Policy.

8. Data retention periods and other information

The data provided will be stored in our archives for the time necessary to achieve the purposes for which the data is collected and processed and, in any case, for no longer than ten years from the end of processing (coinciding with navigation on the website).

Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

9. Transfer of data abroad

We inform you that for the processing of your data, features, tools, or applications made available by third parties located in countries outside the European Union may be used, such as, for example: Google (United States), Netlify (United States), Cloudflare (United States). Please note that these providers, as well as any others that may be identified by the Data Controller, are selected from among those who provide adequate guarantees, as required by Article 46 of Regulation (EU) 2016/679.

10. Exercise of the rights of the data subject

Pursuant to Articles 13, paragraph 2, letters b) and d), 15, 18, 19, and 21 of the EU Regulation, the data subject is informed that:

a) he/she has the right to ask the Data Controller for access to personal data, rectification or, if no longer necessary for the purposes for which they were collected, erasure of the same or to object to their processing, in addition to the right to data portability. To exercise the above rights, simply send an email to privacy@fondazionescuolapatrimonio.it;

b) they have the right to lodge a complaint with the Data Protection Authority, following the procedures and instructions published on the Authority's official website at www.garanteprivacy.it;

c) any corrections, deletions, or limitations of processing carried out at the request of the data subject – unless this proves impossible or involves a disproportionate effort – will be communicated by the School to each of the recipients to whom the personal data have been transmitted. The Data Controller may communicate these recipients to the data subject if the data subject so requests.

The exercise of rights is not subject to any formal constraints and is free of charge.

11. Updates to this policy

This policy is subject to updates due to legislative changes and internal organizational changes within the School. The updated version is available on the School's institutional website. Interested parties are therefore invited to check its content periodically.

Last updated on August 29, 2025