Privacy Policy

  • Privacy summary
  • Privacy Extended

PROCURATORIA DI SAN MARCO DI VENEZIA
Privacy Policy
Privacy Policy pursuant to Articles 13 and 14 of EU Regulation 679/2016 and the Privacy Code as recently amended by Legislative Decree 101/2018.

Foreword
Your privacy and the security of your personal data are particularly important to Procuratoria di San Marco (hereinafter also referred to as PSM) which is why we collect and process your personal data with the utmost care and attention, while taking specific technical and structural measures to ensure the full security of the processing.
We inform you, therefore, that, as per Articles 13 and 14 of European Regulation 2016/679 and the Privacy Code as recently amended by Legislative Decree 101/2018 ("Regulations") the processing of your personal data is carried out in a manner that is appropriate to ensuring security and confidentiality, and is carried out, using paper, computer and/or telematic media, as detailed in this Privacy Policy.

Definitions
Personal data: shall mean any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing: shall mean any operation or set of operations performed on personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

Special categories of personal data: this includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person's health, intimate sphere or sexual orientation.

Data Controller: shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. 

Data Processor: means the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller.

Data Controller
The processing of your personal data is carried out by Procuratoria di San Marco - onlus (hereinafter, also only PSM), with registered office in Sestiere San Marco 328, Venice, Italy, in the person of its pro-tempore legal representative, as Data Controller pursuant to and for the purposes of the applicable legislation.
If you have any questions about the processing of your personal data, you can contact PSM at any time by writing to the following addresses:

Name: Procuratoria di San Marco - Onlus

Head office address: Sestiere San Marco 328, Venezia (30124), Italy
Telephone: +39 041 2708311
Email: info@procuratoriasanmarco.it

External Data Processor pursuant to Art. 28 Eu. Reg. 679/2016

  1. The company SKIDATA S.r.l. with registered office in Via J. Ressel, 2F, 39100 Bolzano tax code and VAT No. 01220250219, in the person of its pro-tempore legal representative, is appointed by PSM as external Data Processor pursuant to art. 28 of the Regulation, and is obliged to perform the tasks entrusted to it according to the specific instructions given by PSM and in any case in compliance with current privacy/data protection regulations.
  2. SKIDATA has in turn appointed as external Sub-Data Processor the company Skiperformance AS, with registered office at Lommedalsveien 230 N-1354 Bærums Verk, Norway Org: 814 054 462 mva, in the person of its pro-tempore legal representative. SKIDATA and Skiperformance, which were previously authorised and appropriately selected in order to provide appropriate guarantees of compliance with the rules on the data processing, will process your data solely for the purpose of allowing you to use our electronic ticket sales service, which will take place under the provisions of "remote contracts". Skiperformance shall also bear all liability (billing, shipping, etc.) pursuant to Art. 51 et seq. of the Consumer Code (Legislative Decree 206/2015). Please note that every transaction resulting from the conclusion of the aforementioned " remote contracts ", will take place - in compliance with Art. 124 of Legislative Decree 101/2018 - on servers equipped with SSL encryption system for a secure transmission, and that credit-card verification will take place only through the bank payment (which will validate the payment and file the card code, without the latter reaching Skiperformance's server).

Type of data, processing methods and purposes
The personal data processed by PSM are only those provided by users of the electronic ticket sales services. These are transmitted solely to SKIDATA (which in turn transmits them to Skiperformance) in connection with the service it provides and its capacity as External Data Processor.
PSM may, therefore, collect personal identification data, such as personal details such as name and surname, e-mail, address, telephone number, social security number, photo ID, etc., when booking on the dedicated portal. For tourist guides and tour operators, billing data and data relating to their qualification as a tourist guide/tour operator may also be collected on the dedicated portal during accreditation and registration.

The processing is carried out through operations carried out with, or without, the aid of electronic instruments, and consists of the collection, recording, organisation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Data processing is carried out by the Data Controller, the external manager, the sub-manager and the expressly authorised persons.

The personal data used to register on the Site are provided directly by the user (data subject).

Once collected, the personal data are processed for the following purposes:


PurposeLegal Basis
A.

To fulfil obligations provided for by laws, regulations, national or European legislation, or provisions issued by Authorities and Supervisory and Control Bodies.

The processing operations carried out for these purposes are necessary for the fulfilment of legal obligations and to make the use of the telesales service usable by the person concerned.

B.

To provide computerised ticket sales services.

The provision of data is necessary to allow users to access the online sales services provided by PSM, and does not require a
specific consent from the person concerned other than acceptance of the privacy conditions, as well as verification of the user'sidentity.


Categories of recipients of personal data - Data Disclosure
Personal data are processed by the systems and personnel of the Data Controller, the Data Processor and the Sub-Processor, who are specifically authorised to process data under precise instructions from the Data Controller, the Data Processor and the Sub-Processor, each to the extent of their competence. 

The following categories of recipients may also become aware of your data:

  • external subjects (such as legal consultants, suppliers of technical services who carry out technical or organisational tasks that are instrumental to the provision of the services requested, as well as any third parties involved in various ways with the
    activities).

The personal data will be transmitted to the aforementioned companies SKIDATA and Skiperformance, appointed respectively as External Data Processor pursuant to art. 28 of the Regulations, and Sub-Processor pursuant to art. 28 c. 4, which are required to perform the activities entrusted to them in accordance with the contractual agreements in place between the companies that guarantee compliance with the regulations on the protection of personal data.
Lastly, the data may be transmitted to the police forces and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and safeguarding of threats to public safety, as well as to allow PSM to exercise or protect its own right or that of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others, in accordance with what is also established by Article 2-sexies of Legislative Decree 101/2018.
N.B.: The data will not be used or disclosed to third parties for marketing purposes.

Data Retention, and Data Retention Period
In particular, the data will be stored for a limited period, and solely for the purpose of fulfilling the obligations imposed by the telematic ticket sales contract and for Help-Desk tasks which, in any case, may not exceed the legal limits from the end of the service.

In any case, the user's account will be deleted 24 months after the last access.

At the end of this period, your data will be permanently deleted by PSM, SKIDATA and Skiperformance.

The data will be saved and/or processed in whole or in part, also using IT tools, and will be stored within the EU.

Providing data (whether mandatory or not)
It is compulsory to the extent that it is necessary to comply with explicit requests by the interested party or to comply with specific contractual and/or legal obligations, while in other cases it is optional and does not affect the continuation of the relationship.

The provision of data is necessary to carry out the online sale of tickets; refusal to provide personal data will make it impossible to provide the service.

Profiling
We do not carry out any automated user profiling to analyze or predict aspects of the Data Subject's professional performance, personal skills, preferences or interests, trustworthiness or behavior, or location, insofar as this enables us to draw up a profile of the Data Subject and consequently take mainly promotional and targeted action towards him/her.

Transferring your data abroad
The transfer of personal data to countries outside the European Economic Area may involve greater risks and as such must be appropriately controlled. In this specific case, the data may be transferred to Norway, where Skiperformance's registered office is located, with the clarification that in that country the privacy legislation set out in European Regulation 679/2016 on 6 July 2018 has been incorporated into the protocols and annexes referred to in the EEA Agreement and has therefore been in force in that country since 20 July 2018. 

If the Data Controller avails itself of the possibility of further transfers abroad, it undertakes to collect in advance and make available to the Data Subjects, all the supporting documentation in the same manner in which the rights may be exercised. 

Your rights
We inform you that you are entitled to exercise the following rights in relation to the personal data covered by this Privacy Policy, as provided for and guaranteed by the Regulation: 

  • Right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to ask for them to be corrected, amended or supplemented. If you wish, we will provide you with a copy of the data we hold
    concerning you;
  • Right to the deletion of data (Art. 17 of the Regulation): in the cases provided for by current legislation, you can request that your personal data be deleted. Once we have received and analyzed your request, if found to be legitimate, we will stop
    processing and delete your personal data;
  • Right to restriction of processing (Art. 18 of the Regulation): you have the right to request the restriction of the processing of your personal data in the event of unlawful processing or contestation by you, the Data Subject, of the accuracy of your
    personal data;
  • Right to data portability (Art. 20 of the Regulation): you have the right to request the Data Controller to send you your personal data in order to transmit them to another Data Controller in the cases provided for in the aforementioned article;
  • Right of opposition (Art. 21 of the Regulation): you have the right at any time to oppose the processing of your personal data carried out on the basis of our legitimate interest, by explaining to us the reasons justifying your request; before granting it, PSM will have to assess the reasons for your request;
  • Right to lodge a complaint (Art. 77 of the Regulations and Art. 141 of Legislative Decree 101/2018): you have the right to lodge a complaint before the competent Data Protection Authority if you believe your rights have been, or are being, violated with regard to the processing of your personal data;
  • Right to withdraw consent (Art. 13 of the Regulation): for personal-data processing based exclusively on your consent, you have the right to withdraw your consent at any time by contacting the Data Controller. 

You may exercise your rights at any time with regard to the specific processing of your personal data by PSM by sending a letter by e-mail or registered letter to the addresses of the Data Controller. Complaints should be addressed to the Data Protection Authority. Further information on your rights as Data Subject may be obtained by asking the Data Controller for the full extract from the above-mentioned articles.
Without prejudice to all of the above, please note that the above rights may also be exercised by anyone who has an interest of their own, or acts on your behalf, as your agent, or for family reasons deserving of protection, pursuant to Article 2-terdecies of Legislative Decree 101/2018. 

Security measures
PSM adopts appropriate security measures to safeguard the confidentiality, integrity, completeness and availability of the personal data of the Data Subject. Technical, logistical and organisational measures are implemented with the aim of preventing damage, loss (including accidental loss), alteration, improper and unauthorised use of the processed data.
We regularly test, verify and evaluate the effectiveness of security measures in order to ensure continuous improvement in the security of processing. 

Amendments to the current regulations
The constant evolution of our services may lead to changes in the characteristics of the processing of your personal data as described above. This privacy policy may therefore be amended and supplemented over time, as necessary due to new legislation on the protection of personal data, or to changes being made to our services.
We therefore invite you to periodically check the contents of our policy. Wherever possible, we will endeavour to inform you of any changes and their consequences.


PROCURATORIA DI SAN MARCO DI VENEZIA
Privacy Policy
Privacy Policy pursuant to Articles 13 and 14 of EU Regulation 679/2016 and the Privacy Code as recently amended by Legislative Decree 101/2018.

Foreword
Your privacy and the security of your personal data are particularly important to Procuratoria di San Marco (hereinafter also referred to as PSM) which is why we collect and process your personal data with the utmost care and attention, while taking specific technical and structural measures to ensure the full security of the processing.
We inform you, therefore, that, as per Articles 13 and 14 of European Regulation 2016/679 and the Privacy Code as recently amended by Legislative Decree 101/2018 ("Regulations") the processing of your personal data is carried out in a manner that is appropriate to ensuring security and confidentiality, and is carried out, using paper, computer and/or telematic media, as detailed in this Privacy Policy.

Definitions
Personal data: shall mean any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing: shall mean any operation or set of operations performed on personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

Special categories of personal data: this includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person's health, intimate sphere or sexual orientation.

Data Controller: shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. 

Data Processor: means the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller.

Data Controller
The processing of your personal data is carried out by Procuratoria di San Marco - onlus (hereinafter, also only PSM), with registered office in Sestiere San Marco 328, Venice, Italy, in the person of its pro-tempore legal representative, as Data Controller pursuant to and for the purposes of the applicable legislation.
If you have any questions about the processing of your personal data, you can contact PSM at any time by writing to the following addresses:

Name: Procuratoria di San Marco - Onlus

Head office address: Sestiere San Marco 328, Venezia (30124), Italy
Telephone: +39 041 2708311
Email: info@procuratoriasanmarco.it

External Data Processor pursuant to Art. 28 Eu. Reg. 679/2016

  1. The company SKIDATA S.r.l. with registered office in Via J. Ressel, 2F, 39100 Bolzano tax code and VAT No. 01220250219, in the person of its pro-tempore legal representative, is appointed by PSM as external Data Processor pursuant to art. 28 of the Regulation, and is obliged to perform the tasks entrusted to it according to the specific instructions given by PSM and in any case in compliance with current privacy/data protection regulations.
  2. SKIDATA has in turn appointed as external Sub-Data Processor the company Skiperformance AS, with registered office at Lommedalsveien 230 N-1354 Bærums Verk, Norway Org: 814 054 462 mva, in the person of its pro-tempore legal representative. SKIDATA and Skiperformance, which were previously authorised and appropriately selected in order to provide appropriate guarantees of compliance with the rules on the data processing, will process your data solely for the purpose of allowing you to use our electronic ticket sales service, which will take place under the provisions of "remote contracts". Skiperformance shall also bear all liability (billing, shipping, etc.) pursuant to Art. 51 et seq. of the Consumer Code (Legislative Decree 206/2015). Please note that every transaction resulting from the conclusion of the aforementioned " remote contracts ", will take place - in compliance with Art. 124 of Legislative Decree 101/2018 - on servers equipped with SSL encryption system for a secure transmission, and that credit-card verification will take place only through the bank payment (which will validate the payment and file the card code, without the latter reaching Skiperformance's server).

Type of data, processing methods and purposes
The personal data processed by PSM are only those provided by users of the electronic ticket sales services. These are transmitted solely to SKIDATA (which in turn transmits them to Skiperformance) in connection with the service it provides and its capacity as External Data Processor.
PSM may, therefore, collect personal identification data, such as personal details such as name and surname, e-mail, address, telephone number, social security number, photo id, etc., when booking on the dedicated portal. For tourist guides and tour operators, billing data and data relating to their qualification as a tourist guide/tour operator may also be collected on the dedicated portal during accreditation and registration.

The processing is carried out through operations carried out with, or without, the aid of electronic instruments, and consists of the collection, recording, organisation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Data processing is carried out by the Data Controller, the external manager, the sub-manager and the expressly authorised persons.

The personal data used to register on the Site are provided directly by the user (data subject).

Once collected, the personal data are processed for the following purposes:


PurposeLegal Basis
A.

To fulfil obligations provided for by laws, regulations, national or European legislation, or provisions issued by Authorities and Supervisory and Control Bodies.

The processing operations carried out for these purposes are necessary for the fulfilment of legal obligations and to make the use of the telesales service usable by the person concerned.

B.

To provide computerised ticket sales services.

The provision of data is necessary to allow users to access the online sales services provided by PSM, and does not require a
specific consent from the person concerned other than acceptance of the privacy conditions, as well as verification of the user'sidentity.


Categories of recipients of personal data - Data Disclosure
Personal data are processed by the systems and personnel of the Data Controller, the Data Processor and the Sub-Processor, who are specifically authorised to process data under precise instructions from the Data Controller, the Data Processor and the Sub-Processor, each to the extent of their competence. 

The following categories of recipients may also become aware of your data:

  • external subjects (such as legal consultants, suppliers of technical services who carry out technical or organisational tasks that are instrumental to the provision of the services requested, as well as any third parties involved in various ways with the
    activities).

The personal data will be transmitted to the aforementioned companies SKIDATA and Skiperformance, appointed respectively as External Data Processor pursuant to art. 28 of the Regulations, and Sub-Processor pursuant to art. 28 c. 4, which are required to perform the activities entrusted to them in accordance with the contractual agreements in place between the companies that guarantee compliance with the regulations on the protection of personal data.
Lastly, the data may be transmitted to the police forces and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and safeguarding of threats to public safety, as well as to allow PSM to exercise or protect its own right or that of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others, in accordance with what is also established by Article 2-sexies of Legislative Decree 101/2018.
N.B.: The data will not be used or disclosed to third parties for marketing purposes.

Data Retention, and Data Retention Period
In particular, the data will be stored for a limited period, and solely for the purpose of fulfilling the obligations imposed by the telematic ticket sales contract and for Help-Desk tasks which, in any case, may not exceed the legal limits from the end of the service.

In any case, the user's account will be deleted 24 months after the last access.

At the end of this period, your data will be permanently deleted by PSM, SKIDATA and Skiperformance.

The data will be saved and/or processed in whole or in part, also using IT tools, and will be stored within the EU.

Providing data (whether mandatory or not)
It is compulsory to the extent that it is necessary to comply with explicit requests by the interested party or to comply with specific contractual and/or legal obligations, while in other cases it is optional and does not affect the continuation of the relationship.

The provision of data is necessary to carry out the online sale of tickets; refusal to provide personal data will make it impossible to provide the service.

Profiling
We do not carry out any automated user profiling to analyze or predict aspects of the Data Subject's professional performance, personal skills, preferences or interests, trustworthiness or behavior, or location, insofar as this enables us to draw up a profile of the Data Subject and consequently take mainly promotional and targeted action towards him/her.

Transferring your data abroad
The transfer of personal data to countries outside the European Economic Area may involve greater risks and as such must be appropriately controlled. In this specific case, the data may be transferred to Norway, where Skiperformance's registered office is located, with the clarification that in that country the privacy legislation set out in European Regulation 679/2016 on 6 July 2018 has been incorporated into the protocols and annexes referred to in the EEA Agreement and has therefore been in force in that country since 20 July 2018. 

If the Data Controller avails itself of the possibility of further transfers abroad, it undertakes to collect in advance and make available to the Data Subjects, all the supporting documentation in the same manner in which the rights may be exercised. 

Your rights
We inform you that you are entitled to exercise the following rights in relation to the personal data covered by this Privacy Policy, as provided for and guaranteed by the Regulation: 

  • Right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to ask for them to be corrected, amended or supplemented. If you wish, we will provide you with a copy of the data we hold
    concerning you;
  • Right to the deletion of data (Art. 17 of the Regulation): in the cases provided for by current legislation, you can request that your personal data be deleted. Once we have received and analyzed your request, if found to be legitimate, we will stop
    processing and delete your personal data;
  • Right to restriction of processing (Art. 18 of the Regulation): you have the right to request the restriction of the processing of your personal data in the event of unlawful processing or contestation by you, the Data Subject, of the accuracy of your
    personal data;
  • Right to data portability (Art. 20 of the Regulation): you have the right to request the Data Controller to send you your personal data in order to transmit them to another Data Controller in the cases provided for in the aforementioned article;
  • Right of opposition (Art. 21 of the Regulation): you have the right at any time to oppose the processing of your personal data carried out on the basis of our legitimate interest, by explaining to us the reasons justifying your request; before granting it, PSM will have to assess the reasons for your request;
  • Right to lodge a complaint (Art. 77 of the Regulations and Art. 141 of Legislative Decree 101/2018): you have the right to lodge a complaint before the competent Data Protection Authority if you believe your rights have been, or are being, violated with regard to the processing of your personal data;
  • Right to withdraw consent (Art. 13 of the Regulation): for personal-data processing based exclusively on your consent, you have the right to withdraw your consent at any time by contacting the Data Controller. 

You may exercise your rights at any time with regard to the specific processing of your personal data by PSM by sending a letter by e-mail or registered letter to the addresses of the Data Controller. Complaints should be addressed to the Data Protection Authority. Further information on your rights as Data Subject may be obtained by asking the Data Controller for the full extract from the above-mentioned articles.
Without prejudice to all of the above, please note that the above rights may also be exercised by anyone who has an interest of their own, or acts on your behalf, as your agent, or for family reasons deserving of protection, pursuant to Article 2-terdecies of Legislative Decree 101/2018. 

Security measures
PSM adopts appropriate security measures to safeguard the confidentiality, integrity, completeness and availability of the personal data of the Data Subject. Technical, logistical and organisational measures are implemented with the aim of preventing damage, loss (including accidental loss), alteration, improper and unauthorised use of the processed data.
We regularly test, verify and evaluate the effectiveness of security measures in order to ensure continuous improvement in the security of processing. 

Amendments to the current regulations
The constant evolution of our services may lead to changes in the characteristics of the processing of your personal data as described above. This privacy policy may therefore be amended and supplemented over time, as necessary due to new legislation on the protection of personal data, or to changes being made to our services.
We therefore invite you to periodically check the contents of our policy. Wherever possible, we will endeavour to inform you of any changes and their consequences.