Privacy Policy

according to the EU Reg. 2016/679 and current regulations

Introduction: the GDPR and the privacy

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) with which the European Commission intends to strengthen and standardize the protection of personal data of citizens and residents of the European Union, inside or outside its borders. This regulation replaces the laws of the individual States in terms of privacy and is in force since 25th of May 2018.
For more information you can see the GDPR official text, the site of the data protection Authority and the dedicated page on Wikipedia.
According to the GDPR, this statement intends to explain clearly and simply which personal data are collected through this site, where they are stored, for how long, with what purpose and how you can update them or request their cancellation.

Who is the Data Controller: https://vatican.museum

https://vatican.museum (later “Company”) protects the confidentiality of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation.
As required by the European Union Regulation n. 679/2016 ( “GDPR”), and in particular in the art. 13, here below we provide the user (”interested party”) with the information required by law concerning the processing of their personal data.
vatican.museum (to which we refer as “Website”) are sites owned by Company.
Company manages the sites listed above and controls the management of personal data as described in this statement, in accordance with the current privacy laws (General Data Protection Regulation (GDPR) - EU Regulation 2016/679).
You can contact us by email clicking here​​​​​​​

On which legal basis does Company collect and manage personal data?

Company uses as a legal basis the need to process personal data for the execution of its services, which include the sale of products and tourist services, the transactional communication of orders in its website catalog. Without collecting the requested data it would not be possible to provide the aforementioned services.
Company then relies on its legitimate commercial interest to provide its services, promote them, prevent fraud and spam and improve its services.
Where required by applicable law, we will ask for your consent before processing your personal data for direct marketing purposes.

What kind of data does Company collect on Website?

Company collects the information that you provide us through the contact and / or purchase forms on this site. For users who request information or purchase products or services, such data includes your name, email, phone number and any other indication that you choose to write in your request.
For users who wish to join our affiliate program we collect data relating to the company name, official website, phone number and email, business interests, city and province, in addition to the date of the request and the site from which the request was sent.
For each submission of a form on our sites we collect data related to the browser and operating system used and IP address, to combat spam and to identify any usability problems of our sites with particular configurations and devices.
When you visit our sites we automatically collect some information. For example, your IP address, date and time of access to our site, the hardware, software or browser you use and information about your computer operating system and language settings. We also collect information about your clicks and the pages you've viewed, as well as information about which sites or marketing campaigns you've used to reach our sites.
Company does not require to the interested party to provide “particular” c.d. data, that is, according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, biometric data intended to uniquely identify a physical person, data relating to a person's health or sexual life or sexual orientation. In the event that the service requested by Company imposes the processing of such data, the interested party will receive prior notice and will be required to give appropriate consent.

Why does Company collect this data on Website?

The data sent to us through the form of these sites are first used to provide information, including any offers, explicitly requested through the form itself.
For data relating to users wishing to join our affiliate program we collect the information that the user enters in the form in order to send, via email or phone, information and the contract to join the affiliate program as well as the related transactional communications of orders and anything else relevant to the service offered in case the user joins our affiliate program.
Only in case of explicit consent we can also send any offers relating to services related to visibility on our sites or in any case directed at products and services that we consider of your interest.
Company keeps the requests in its archives for statistical purposes and as a backup, in order to be able to send it again if necessary.
For those who make a request or a purchase, Company also sends an email confirming that the request or purchase has been correctly made and that email may contain information, including links to articles and offers on the sites of Company.
Only in case of explicit consent, Company may send further commercial communications by email or SMS containing information and offers on its Products and Services.
Further explicit consent may be required to send further commercial communications by e-mail or SMS containing information and offers from third parties or partners of Company.
Finally the data entered in the forms can be used to show you customized online advertising campaigns (remarketing) instead of generic advertisements,  through specialized platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo. In this case the users of the sites are grouped into virtual lists, in aggregate form not attributable to individual users, based on the information entered and the choices made on this site and on others owned by Company, based on the site and pages visited and actions performed on the site such as sending a request or subscribing to the newsletter. In this way we try to show you advertisements targeted to your interests, through advertising platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo, rather than generic ads.

Where the collected data are stored and for how long?

The data collected by both our forms and browsing our sites are collected through the following platforms:

  • Google Analytics - for data relating to navigation and purchase on the site.
  • Google Tag Manager - for data relating to navigation and purchase on the site.
  • Criteo - for data relating to purchase, navigation and choices made on the site.
  • InspectLet - for data relating to navigation and purchase on the site.
  • Bing Ads - for data relating to navigation and purchase on the site.
  • Google AdWords - for data relating to navigation and purchase on the site.
  • Google Gmail -  Each form generates an email addressed to Company that keeps them in Gmail accounts (Google Suite)
  • Pages Documenti Google - Data can be exported to documents stored in the Google service, Google Suite
  • Mailchimp - for requests sent through the forms and inscriptions to our newsletter
  • Amazon SES AWS - for requests sent through the forms and inscriptions to our newsletter
  • On databases stored on our servers at the OVH.com provider
  • On documents and databases kept at the headquarters of Company in Florence, Italy.
  • On documents and databases stored at the Amazon AWS service

Transmission of personal data

The transmission of personal data as described in this Privacy Notice may include the transfer overseas to countries that do not provide comprehensive and complete data protection laws such as those of European Union countries. Where required by Community law, we will only transfer personal data to recipients that offer a level of adequate protection of personal data. Google, Bing, Amazon, Facebook, Criteo and Mailchimp are international leading companies and their servers are distributed all over the world, including outside EU countries. OVH.com has its own servers in Beauharnois, Canada. In some cases, data may also be stored in other data centers of the OVH.com network. For more information, please consult the OVH.com data centers network or contact us. Company is based in Florence, Italy.
Company relies on specific procedures to prevent unauthorized access to data, in addition to their improper use. Only authorized personnel can access personal data while carrying out their work. We keep your personal data for as long as we deem necessary to enable you to use our services, perform our services, advertise our services, carry out our business activities, to comply with legal obligations and resolve any disputes. All personal data stored by us are governed by this Privacy Policy. If you have questions about a specific data retention period for certain types of personal data we process, please contact us as indicated here below.
The data collected through the request and / or purchase forms arrive, in the form of an email, both at Company, which manages Website, and at the sender. Apart from the use stated in this statement, the data are not shared with any other third party.
The data collected through the forms with which the user wishes to join the affiliation program are not shared by Company with any third party.
Data relating to the browsing and use of sites collected through tools such as Google Analytics are only shared in aggregate form (not attributable to individual users) with collaborators and partners of Company.
Third parties to whom Company entrusts the performance of certain activities such as tax compliance, IT or commercial consulting, fraud prevention, credit recovery. In these cases, the recipients of the communication are appointed as Data Processors.

How does Company manage children's personal data?

The services offered by Company are only intended for persons aged over 16 years. For people under the age of 16, use of our services is permitted only with the consent of the parents or legal guardian. If we become aware of the processing of data of persons under 16 years of age without the valid consent of a relative or legal guardian, we reserve the right to delete such data.

How can you check, update and possibly delete the personal data you have shared with Company?

Upon request of the owner and in accordance with the current privacy laws (General Data Protection Regulation (GDPR) - EU Reg. 2016/679), Company undertakes to check, modify or delete personal data in its possession.
To do this, the easiest way is to send an email clicking here where you can ask us to check, update or permanently delete the data concerning you stored in our archives.
All our communication sent through the Mailchimp platform, the server of this website, through SMTP of the provider OVH.com or through Amazon SES AWS also provides a link from which you can update the data and consent and eventually choose not to be contacted again in future.
We do our best to respond promptly and comprehensively to every request as is our duty. In any case it is always the user's right to submit a complaint with the supervisory authority.
This Policy may be amended in the future, so visit this page regularly to learn about all updates.

Method of treatment

The processing is carried out through IT and telematic tools and/or manually (for example on paper) for the time strictly necessary to achieve the purposes for which the data have been collected and anway, in compliance with current regulations.

Optional supply of data

Apart from that specified for navigation data, users/visitors are free to provide their personal data. Their absence can only involve the impossibility to obtain what is required.

Rights of the interested parties

Users/visitors have the right to access data concerning them at any time and to exercise their other rights (ask for the origin of data, correction, updating or integration of inaccurate or incomplete data, cancellation or blocking those treated in violation of the law, or even oppose their use for legitimate reasons) provided for in Article 7 of the Privacy Code, by contacting the data controller directly through the website or through the data below.

Since the installation of Cookies and other tracking systems operated by third parties through the services used within this Application can not be technically controlled by the Controller, any specific reference to Cookies and tracking systems installed by third parties is to be considered indicative. To obtain complete information, consult the privacy policy of any third party services listed in this document. Given the objective complexity linked to the identification of technologies based on cookies and their very close integration with the web functioning, the User is invited to contact the Data Controller if he/she wishes to receive any further information regarding the use of the Cookies themselves and any use of them – for example by third parties - made through this site.

Copyright

All the contents of the site, including text, photography and graphics are the property of Company, except for those photographic contents owned by third parties and used with permission. All contents of the site are protected by Italian and European copyright laws, no content may be copied or  even partially imitated without the prior written consent of Company.

Cookie Policy

This website uses cookies. In this policy we explain in detail which cookies we use and how they allow us to offer our users the best possible experience.
By continuing to browse this site, you agree to our use of cookies.

What is a cookie?

A cookie is a small text sent to your browser by a website you visited. It allows the website to memorize informations about your visit, like your favorite language and other settings. That can facilitate your next visit and increase the usefulness of the site in your favor. The cookies play an important role. Without them, using the Web would be an experience much more frustrating. 
There are various types of cookies and different ways to use them. Cookies are distinguished by their function, their duration and those who have entered them on a website.

How do we use cookies?

Our site uses the following types of cookies:

Technical cookies

Some cookies are essential to the proper functioning of our website, as they allow the loading of the web page and the correct functioning of all the essential features. Other technical cookies instead add features and improve or personalize the overall browsing experience.

Third party statistical cookies

These are cookies that allow us to monitor and analyze the behavior of users of our website. Through these cookies we are able to monitor the navigation on our website and we can create profiles of our users, in order to make improvements based on the analysis of these data. These cookies (third-party web services) provide anonymous/aggregated information on how visitors navigate on the website.
In particular, Google Analytics, a system provided by Google Inc., uses cookies that are stored on the user's computer in order to allow the website manager to analyze how users use the site. The information generated by cookies on the use of the site by the user will be transmitted to and stored on Google servers in the United States. Google will use this information for the purpose of tracking and reviewing the use of the website by the user, compiling reports on website activity and providing other services relating to the activities of the website. Users who do not want these cookies can prevent the storage on their computer using the special “Browser Add-on for the Google Analytics deactivation” provided by Google at the address https://tools.google.com/dlpage/gaoptout. To activate the component, which inhibits the system of sending information about the user's visit, it will be sufficient to install it following the instructions on the screen, to close and re-open the browser.
Visit the following link to learn how to refuse or delete cookies from Google: http://www.google.com/intl/en/privacypolicy.html
Visit the following link to view the Google privacy policy: http://www.google.co.uk/intl/en/policies/privacy/

Third party profiling cookies

We use various suppliers who can install cookies for the proper functioning of the services they are providing. If you would like information on these third-party cookies and how to disable them, please access the links in the lists below.
In addition, by accessing the page http://www.youronlinechoices.com/uk/your-ad-choices it is possible to inquire about behavioral advertising as well as deactivate or activate the listed companies that work with the managers of the websites to collect and use information useful for advertising.
These cookies store information on users behavior obtained through the observation of browsing habits, with the purpose of developing a specific profile to display ads based on it.
We also use Google AdWords features and remarketing lists for Google Analytics Display Network ads. We use Google cookies (for example, those of Google Analytics and Google Adwords) and other third-party cookies (such as DoubleClick cookies) combined together to inform, optimize and publish announcements based on previous visits to our website. This implies that suppliers (such as Google) display our promotional material on other websites that the user visits on the Internet.
Some of our cookies may be used to identify the user and others only provide anonymous statistical information on navigation on our website, however this function can be disabled by setting the browser directly.
These cookies (third-party advertising services) are used to send advertising and personalized content based on the browsing history on the site itself. Below are the links to the respective privacy policy pages and to the consent form where it is possible to disable the use of third party service profiling cookies.

Google

  • Adwords: Remarketing and campaign conversion service.
  • Remarketing and conversion cookies.
  • Doubleclick.
  • Privacy policy: https://www.google.com/intl/it/policies/technologies/ads/.
  • Consent form: https://www.google.com/settings/ads?hl=it.

Addthis

  • Privacy policy: http://www.addthis.com/privacy.
  • Consent form: http://www.addthis.com/privacy/opt-out.

Social media cookies

These third-party cookies are used to integrate some widespread functionality of the main social media and provide them within the site. In particular, they allow registration and authentication on the site via Facebook.

Facebook

Privacy policy: https://www.facebook.com/about/privacy/.
Facebook offers targeted advertisements based on the behavior and interests of online users. For more information: https://www.facebook.com/help/cookies?ref_type=sitefooter.

Like button and Facebook social widgets (Facebook, Inc.)

The "Like" button and Facebook social widgets are services of interaction with the Facebook social network, provided by Facebook, Inc. Personal data collected: Cookies and usage data. Place of processing: USA - Privacy Policy

Tweet button and Twitter social widgets (Twitter, Inc.)

The Tweet button and Twitter social widgets are services of interaction with the Twitter social network, provided by Twitter, Inc. Personal data collected: Cookies and usage data. Place of processing: USA - Privacy Policy

"Pin it" button and Pinterest social widgets (Pinterest)

The "Pin it" button and Pinterest social widgets are services of interaction with the Pinterest platform, provided by Pinterest Inc. Personal data collected: Cookies and usage data. Place of processing: USA - Privacy Policy

Web beacons

We use Web beacons, these elements are images that are on a web page or in an e-mail and are used to monitor the online behavior of users who visit our website or receive one of our newsletters.
The purpose of using this technology is to monitor users activity, such as the area of the site visited and the time spent browsing.

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google. Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.
Personal data collected: Cookies and Usage data. Place of treatment: USA – Privacy Policy – Opt Out

Google Tag Manager (Google Inc.)

Google Tag Manager is a statistics service provided by Google Inc. Personal data collected: Cookies and usage data. Place of processing: USA - Privacy Policy

How to disable cookies

Most internet browsers are initially set up to accept cookies automatically. The user can change these settings to block cookies or to warn that cookies are sent to the user's device. There are various ways to manage cookies. The user can refer to the instruction manual or to the help screen of his browser to find out how to adjust or change the settings of his browser.

  • Chrome https://support.google.com/accounts/answer/61416?hl=it
  • Firefox https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
  • Internet Explorer http://windows.microsoft.com/it-it/windows7/block-enable-or-allow-cookiess
  • Opera http://help.opera.com/Windows/10.00/it/cookiess.html
  • Safari https://www.apple.com/legal/privacy/it/cookiess/

If you use any other browser, look in the browser settings for how cookies are managed.
In the case of different devices (for example, computers, smartphones, tablets, etc.), the user must ensure that each browser on each device is adjusted to reflect its preferences regarding cookies.
However, please note that the explicit rejection of profiling cookies will not prevent you from receiving advertisements, but will simply result in the fact that such ads will no longer be personalized.
If you are interested in learning more about cookies visit the page  http://www.allaboutcookies.org.

How to contact us

For any clarification or further information regarding this privacy policy, the management of your personal data and the use of cookies on this site, you can contact us by email clicking here.

Last update: 10th of July 2018