On May 25, 2018 the new European General Data Protection Regulation (GDPR) came into force.
The Parco Archeologico del Colosseo is updating its policies on the management and storage of personal data acquired and held for various reasons following application of the GDPR.

Below information is provided on how the Parco Archeologico manages such data and how users, as interested parties, can exercise their rights as required by law.

DATA CONTROLLER
The controller of personal data is the Ministero dei Beni e delle Attività Culturali, Via del Collegio Romano 27 – Rome.

DATA PROTECTION MANAGER
The Data Protection Officer (DPO) is Prof. Alessandro Benzia, tel. 0667232216, e-mail rpd@beniculturali.it.

DATA PROCESSING MANAGER
For the Archaeological Park of the Colosseum, the personal data processing manager on behalf of MIBAC is Dr. Alfonsina Russo, while the contact persons for the DPO are Stefano Borghini (architect) and Dr. Michele Santomasi.

DATA PROCESSING LOCATION
The data processing connected with the Web services of this site take place at the above premises of the Parco Archeologico del Colosseo and are performed by the technical staff in charge of processing or by persons in charge of occasional maintenance operations.
No data deriving from the web service is communicated or disclosed to third parties.
The personal data supplied by users who request dispatch of informative material (newsletters, requests, brochures and documents, references concerning services or the site itself…) are used and stored for the sole purpose of providing the service or measure requested and may be communicated to other areas within the Park or to other public or private entities only when this is necessary to provide the information requested.

DATA PROCESSING METHODS
Personal data are processed with automated instruments for the time strictly necessary to the purposes for which they were collected.
Specific security measures are taken to prevent data loss, illicit or incorrect use and unauthorized access.

If you wish to know what information about you has been stored in our database or to request an update of the data or if you wish your data to be deleted from our database.

TYPES OF DATA PROCESSED

Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data of users who connect to the site: their transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but due to its very nature could, through processing and association with data held by third parties, enable identification of users.
This category of data includes the IP addresses or domain names of the computers used by people connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the case of computer crimes to the detriment of the site or to ascertain criminal offenses by the judicial authorities.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail messages and communications in general to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be shown or displayed on the pages of the website which may be prepared for particular services on request.

Personal data collected through cookies

No personal user data is collected by the site.

In particular, we do not use cookies to transmit information of a personal nature. We only use persistent third-party cookies to collectively track the pages visited by users.
The use of session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site.
Furthermore, session cookies used on this site avoid the use of other technologies that could compromise the privacy of users’ browsing and do not allow the collection of personal identification data.

OPTIONALITY OF DATA SUPPLY
Apart from what is stated of navigation data, the user is free to provide personal data contained in the various registration or access forms, those for requesting information or sending suggestions and recommendations or for requesting the sending of informative material or for other communications or for using the services provided on the site. Failure to provide such data may make it impossible to provide the services requested.

RIGHTS OF USERS
As one of the subjects concerned with the personal data indicated above, you have the faculty to exercise your rights in accordance with the methods and within the limits set by the current privacy legislation.

In relation to the processing of personal data, you have the right to request:

• access: you can request confirmation whether data is being processed concerning you, as well as further clarification about the information referred to in this statement, as well as a right to receive the data themselves, within reasonable limits;
• correction: you may request us to rectify or supplement the data that you have supplied or that is otherwise in our possession, if inaccurate;
• cancellation: you may request that your data acquired or processed be erased, if they are no longer needed for our purpose or where there are no disputes or litigation in place, in case of withdrawal of consent, or your opposition to the treatment, in the case of unlawful processing of data, or if there is a legal obligation to cancel;
• limitation: you may request the limitation of the processing of your personal data, when one of the conditions arises set out in Art. 18 of the GDPR; in this case, the data will not be processed, except for storage, without the user’s consent, with the exception of what is stated in paragraph 2 of the same article.
• opposition: you can oppose at any time the processing of your data which have as a legal basis the legitimate interest of the data controller and/or the processing of your data for marketing purposes including profiling; your opposition will always and in every case prevail over our legitimate interest in processing your data for marketing purposes;
• portability: you can ask to receive your data, or ask us to transmit them to another data controller indicated by you, in a structured format, of common use and readable by an automatic device.

Furthermore, pursuant to Art. 7, par. 3, GDPR, you can exercise your right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on consent previously granted.
The user has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Guarantor for the Protection of Personal Data.

It should be noted that this document is an expression of the “personal data protection policy” applied by the Parco Archeologico del Colosseo to this site, which is constantly checked and updated.