Privacy notice and cookie policy

Version 1.0

The Fondazione Accademia Carrara, with registered office in Piazza G. Carrara 82, 24121 Bergamo, Italy, is committed to protecting the online privacy of its users. This document has been drafted in accordance with Art. 13 of EU Regulation 2016/679 (hereinafter, the “Regulation”) in order to inform you about our privacy policy, so that you can understand how your personal information is managed when you use our website (hereinafter, the “Site”) and, where necessary, so that you can give your explicit, informed consent to the processing of your personal data (valid only if given by persons aged 16 or over). The information and data you provide or that are otherwise acquired during your use of our services on the site (hereinafter “Services”) will be processed in compliance with the provisions of the Regulation and with the confidentiality obligations that underpin the activities of the data controller.

According to the rules of the Regulation, processing of data by the Fondazione Accademia Carrara is based on the principles of lawfulness, fairness, transparency, limitation of purpose and the data minimisation and conservation, accuracy, integrity, and confidentiality.

 

TABLE OF CONTENTS

  1. Data controller
  2. Personal Data subject to processing
    a. Browsing data
    b. Special categories of Personal Data
    c. Data voluntarily provided by the data subject
    d. Cookie
  3. Purposes of data processing
  4. Legal basis and mandatory or optional nature of data processing
  5. Recipients of Personal Data
  6. Transfer of Personal Data
  7. Retention of Personal Data
  8. Rights of the data subject
  9. Modifications

1. Data controller

The controller of data processing carried out on the Site is the Fondazione Accademia Carrara as defined above. For further information concerning the processing of Personal Data by the data controller, including the list of data processors who process data, please write to: info@lacarrara.it

2. Personal data subject to processing

After you browse the Site, please note that the data controller will process your personal data, which may consist of an identifier such as your name, identification number, online identification, postal address, e-mail address, telephone number (landline and/or mobile) and/or one or more characteristic features of your physical, physiological, psychic, economic, cultural or social identity (data hereinafter referred to as “Personal Data”) that may be suitable for identifying you or making you identifiable as the data subject.

Personal Data processed through the Site are as follows:

a. Browsing data

During their normal operation, the computer systems and software procedures used to operate the Site acquire some Personal Data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature it could, by means of processing and association with data held by third parties, make it possible for users to be identified. This category of data includes the IP addresses or domain names of the computers used by those who connect to the Site, the addresses in Uniform Resource Identifiers (URI) of the resources requested, the time of the request, the method used for submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to ensure that it is functioning correctly, to identify anomalies and/or abuses, and they are deleted immediately after processing. The data may be used to ascertain responsibility in the case of hypothetical computer crimes committed against the Site or third parties: without prejudice to this possibility, the data collected by the Site are currently removed within a short period of time.

b. Special categories of personal data

If you use the Site to send an application (or if you send it by e-mail), your Personal Data may fall within one of the special categories of personal data referred to in Art. 9 of the Regulation, which states that personal data are data that reveal “[…] racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and […] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”. We invite you not to publish such data unless strictly necessary. Indeed, we remind you that in the event of special categories of Personal Data being transmitted, but in the absence of a specific manifestation of consent to process such data (which, however, naturally allows you to submit your curriculum vitae), the data controller cannot be held responsible under any circumstances, nor will it be subject to any claims whatsoever, since in this case the processing will be allowed as it concerns data manifestly made public by the data subject, in accordance with Art. 9(2)(e) of the Regulation. We nevertheless specify the importance, as already indicated above, of expressing your explicit consent to the processing of special categories of Personal Data, if you decide to share such information.

We also inform you that, for the purposes of selection, the data controller may analyse the professional social profiles made freely available on the Internet (e.g. LinkedIn).

c. Data voluntarily provided by the data subject

When using some Services on the Site (for example, request / contact / booking forms), the Personal Data you submit to the data controller may be processed by third parties. In these cases, you act as an independent data controller, assuming all legal obligations and responsibilities. As such, you grant absolute indemnity with respect to any dispute, claim, request for compensation for damage caused by the processing, etc. that may reach the data controller from third parties whose Personal Data have been processed by the Site in violation of applicable rules concerning the protection of Personal Data. In any case, should you provide or in any way process the personal data of third parties in your use of the Site, you henceforth guarantee – assuming any related responsibility – that such particular processing has a legitimate legal basis pursuant to Art. 6 of the Regulation, which legitimises the processing of the information in question.

d. Cookie

Definitions, characteristics, and application of the law

Cookies are small text files that the websites you visit send to and store on your computer or mobile device, so that they can then retransmitted to the same sites the next time you visit them. It is thanks to cookies that a website remembers your actions and preferences (such as, for example, your login data, your chosen language, font sizes, other display settings, etc.) so that you do not have to choose them again when you return to the site or navigate from one page to another. This means that cookies are used to execute computer authentication, session monitoring and storage of information regarding the activities of users who access a site. They may also contain a unique identification code that makes it possible to keep track of the user’s navigation within the site itself for statistical or advertising purposes. While browsing a site, you may also receive cookies from websites or web servers other than the one you are visiting on your computer (so-called “third-party” cookies). Some operations may therefore not be performed without the use of cookies, which in certain cases are technically essential for the site to function.

There are various types of cookies, depending on their characteristics and functions, which may remain on your computer for different periods of time: so-called session cookies are automatically deleted when the browser is closed, whereas so-called persistent cookies remain on your device until a pre-established expiration time.

According to current legislation in Italy, your express consent is not always required for the use of cookies. In particular, consent is not required for “technical cookies”, which are those used for the sole purpose of carrying out the transmission of data over an electronic communications network, a communication over an electronic communications network, or as strictly necessary in order to provide a service explicitly requested by the user. In other words, said cookies are indispensable for the proper operation of the site or necessary in order to carry out activities requested by the user.

Technical cookies, which do not require express consent for their use, include those indicated by the Italian Data Protection Authority (see the Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies of 8 May 2014 and subsequent clarifications, hereinafter the “Provision”) as follows:

  • “Analytics cookies”, when used directly by the Site manager to collect aggregate information on the number of visitors and the pattern of visits to the Site,
  • Browsing or session cookies (for authentication).
  • Functional cookies, which allow you to navigate as a function of certain pre-determined criteria such as language or products to be purchased so as to improve the quality of service.

“Profiling cookies” are those aimed at creating user profiles. They are “used to send ads messages in line with the preferences shown by the user during navigation” and “require the user to give their valid consent”.

Types of cookies used by the Site and options for (de-)selection

The Site uses the following cookies, which may be de-selected, except for third-party cookies for which direct reference must be made to the selection and de-selection methods, indicated by means of links:

  • Technical browsing or session cookies that are strictly necessary for the operation of the Site or to enable you to access the content and Services requested.
  • Functional cookies, i.e. those used to activate specific Site functions and a series of selected criteria (for example, the language to be used) in order to improve the service provided.

CAUTION: disabling technical and/or functional cookies may render the Site inaccessible or some Services or functions of the Site may not be available or may not function properly and you may be obliged to modify or manually enter some information or preferences each time you visit the Site.

  • Third-party cookies, i.e. cookies from websites or web servers other than the Site itself, used for the purposes of said third parties. It should be noted that these third parties, which are listed below with links to their individual privacy policies, are typically autonomous controllers of the data collected through the cookies they provide; you will therefore need to see their personal data processing policies, privacy statements, and consent forms (selection and de-selection of the cookies concerned), as specified in the aforementioned Provision. For the sake of completeness, please also note that the Fondazione Accademia Carrara does its utmost to track the cookies on its Site. These are regularly updated in the table below, which gives a transparent overview of the cookies sent directly by the Fondazione Accademia Carrara, and the purposes for which they are sent. As regards third parties that send cookies through the Site, links to their respective privacy statements are provided below: as specified, we entrust these third parties with the responsibility of publishing the privacy statement and of obtaining your consent, as required by the Provision. This responsibility applies not only to the cookies that third parties send directly, but also to any additional cookies that may be sent through our Site by any services that said third parties use themselves. The Fondazione Accademia Carrara has no control over cookies sent by service providers of said third parties, and does not know their characteristics or purposes.

Links to information about third-party cookies can be found here:

  • Google: https://www.google.com/policies/privacy/partners/

In detail, the cookies sent by the Fondazione Accademia Carrara through the Site are indicated below:

Cookies on the Site

  • Technical browsing cookies and functional cookies
PHP SESSION PHPSESSID technical first party session
The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. On the Site it is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. As the PHPSESSID cookie has no timed expiry, it disappears when the client is closed.
It expires at the end of the browsing session
Current language _icl_current_language technical first party session
Used to memorise the language chosen by the user.

 

Third-party cookies

Google Analytics 

OPT-OUT:

The Site uses first-party and persistent session cookies to give you safe and efficient browsing and use of the site as well as to improve the Services offered by the Site.

The Site uses Google Analytics. This is a web analysis service provided by Google Inc. (“Google”), which uses cookies that are stored on the user’s computer to allow statistical analysis in aggregate form based on use of the site being visited.

The lacarrara.it Site uses the Anonymize IP = true mode (as per Directive 2009/136/EC, when this mode is activated, Google Analytics cookies are to be considered as technical cookies).

The characteristics of the cookies used on the Site are shown in the table below.

Cookie NAME PURPOSE TYPE EXPIRATION FURTHER INFORMATION
Google Analytics _ga technical third-party Session or persistent Google policies
(https://policies.google.com/?hl=en)
Google Analytics _gat technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)

The European Interactive Digital Advertising Alliance website (www.youronlinechoices.eu) provides further information about cookies, a list of cookies stored on your computer and how to disable them. Please note that only the cookies of participating companies are listed (mainly in the advertising sector). Therefore, only these cookies can be disabled.

 

Facebook Pixel

OPT-OUT: [fb_optout]

Cookie settings

You can block or delete (entirely or in part) technical and functional cookies using the settings on your browser. Please note, however, that if you do not authorise technical cookies, you may not be able to use the Site, view its contents, or take advantage of the Services it offers. Disabling functional cookies may mean that some Services or functions of the Site will not be available or will not work properly and you may need to modify, or manually enter, some information or preferences every time you visit the Site.

The choices you make with regard to the cookies of the Site will themselves be stored in a special cookie. However, in some circumstances this cookie may not function correctly: if this should be the case, we advise you to delete the unwanted cookies and to prevent their use by changing the settings on your browser.

Your preferences with regard to cookies will need to be reset if you use different devices or browsers to access the Site.

How to view and manage cookies through your browser

You can block or delete cookies (entirely or in part) using the settings on your browser. For further information on how to set your preferences regarding the use of cookies on your browser, you can find instructions as follows:

3. Purposes of data processing

The data processing we intend to carry out, with your explicit consent where necessary, is designed to
a. enable us to provide the Services you request;
b. respond to requests for assistance, information or bookings;
c. examine CVs and contact candidates who have submitted their application;
d. fulfil any legal, accounting, and tax obligations.
e. provide marketing Services: the data provided may be processed, subject to your explicit and specific consent, for sending promotional and marketing communications, including newsletters and market surveys, by means of instruments that may be automated (sms, mms, e-mail, push notifications) or otherwise (printed mail, telephone with an operator). The legal basis for processing your data for these purposes is Art. 6, paragraph 1, letter a) of the Regulation. You are free to choose whether or not to receive direct marketing, so if you do not provide your consent for this purpose, your use of the Services will not be affected.

4. Legal basis and the obligatory or voluntary nature of data processing

The legal basis for processing Personal Data for the purposes referred to in section 3 (a-b-c) is Art. 6 (1)(b) of the Regulation (implementation of a contract) since the processing is required in order to provide the Services or to respond to requests from the data subject. Providing Personal Data for these purposes is optional but failure to provide them would make it impossible for the Site to provide its Services, respond to requests or evaluate CVs. With specific reference to the purposes outlined in 3.c and the related analysis of professional social profiles made freely available on the Internet, as referred to in section 2.b, the legal basis for data processing is Art. 6 (1)(f) of the Regulation, i.e. the legitimate interest of the data controller to assess any risks concerning the candidate’s suitability to fill the particular position.

The purpose referred to in section 3.d constitutes a legitimate use of Personal Data processing in accordance with Art. 6 (1)(c) of the Regulation (compliance with a legal obligation). Once Personal Data have been provided, processing is necessary in order to fulfil the data controller’s legal obligations.

The legal basis for data processing for the purposes referred to in section 3.e is Art. 6 (1)(a) of the Regulation (user consent). In the case of data processing carried out for the same purposes that involve the direct delivery of its own advertising material or its own direct sales or for carrying out its market research or commercial communications with regard to the data controller’s own products or Services similar to those purchased by you, the data controller can, without your consent, use the e-mail and printed mail addresses provided, pursuant to and within the limits permitted by Art. 130, paragraph 4 of the Code and by the provision of the Italian Data Protection Authority for the protection of Personal Data, dated 19 June 2008. The legal basis for processing your data for this purpose is Art. 6 (1)(f) of the Regulation (legitimate interest).

5. Recipients of Personal Data

Your Personal Data may be shared, for the purposes referred to in section 3 above, with:

a. subjects that typically act as data processors, namely: i) persons, professional firms or companies that provide assistance and advice to the data controller in accounting, administrative, legal, tax, financial, debt collection, marketing and communication matters relating to the provision of the Services; ii) subjects with whom it is necessary to interact for the provision of the Services (such as hosting providers) iii) or subjects delegated to carry out technical maintenance activities (including the maintenance of network equipment and electronic communication networks); (collectively, the “Recipients”);

b. subjects, entities, or authorities to whom it is mandatory to communicate your Personal Data in accordance with the legal provisions or orders of the authorities;

c. persons authorised by the data controller to process Personal Data in order to carry out activities strictly related to the provision of the Services or for the other purposes referred to in section 3 above, who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees of the data controller).

6. Transfer of Personal Data

Some of your Personal Data are shared with Recipients that may be located outside the European Economic Area. The data controller ensures that your Personal Data is processed by these Recipients in compliance with the Regulations. The transfer of data may be based on an adequacy decision, on the Standard Contractual Clauses approved by the European Commission, or on another relevant legal basis. For further information, please write to the data controller at the following address: info@lacarrara.it

7. Retention of personal data

Personal Data processed for the purposes referred to in section 3 (a-b) will be retained for the time strictly necessary to achieve said purposes. In any case, since such data processing is carried out for the provision of Services, the data controller will process the Personal Data up to the deadline permitted by Italian legislation in order to protect its interests (Italian Civil Code, Art. 2946 and ff.). As regards CVs submitted via the Site or by e-mail, as referred to in section 3.c, Personal Data will be retained for a period deemed appropriate for the purpose for which the data are collected. The data controller may nevertheless contact the candidate again shortly before the expiry time to request an extension of the retention period.

Personal Data processed for the purposes referred to in section 3.d will be retained until the time indicated by the specific obligation or applicable law.

Personal Data processed for the purposes referred to in section 3.e will, on the other hand, be retained until withdrawal of consent by the data subject, or, in the absence of such withdrawal, for a maximum period that is deemed to be appropriate.

Further information concerning the data retention period and the criteria used to establish this period can be requested by writing to the data controller at the following address: info@lacarrara.it

8. Rights of data subjects

Pursuant to Article 15 and following articles of the Regulation, you have the right to ask the data controller, at any time, for access to your Personal Data, to correct or delete them, or to oppose their processing, and you have the right to request that processing be limited in the cases referred to in Art. 18 of the Regulation, as well as to obtain the data concerning you in a structured, commonly used and machine-readable format, in the cases referred to in Art. 20 of the Regulation.

Requests should be sent in writing to the data controller at the following address: info@lacarrara.it

In any case, you always have the right to lodge a complaint with the Italian Data Protection Authority, in accordance with Art. 77 of the Regulation, if you believe that the processing of your Personal Data is contrary to current legislation.

9. Modifications

This privacy policy is effective from 23 May 2018. The data controller reserves the right to modify or simply to update its content, in part or in its entirety, also to comply with modifications to the applicable legislation. The content of the Site and of this privacy notice may be subject to variations, so the data controller invites you to visit this section regularly so as to be informed of the most recent updated version of the privacy notice so that you can be constantly informed of the data collected and of the use that is made of it.

This statement also extends to the use of cookies

This Site uses technical cookies to ensure the proper functioning of the procedures and to improve the user experience of online applications. This text provides information about the use of cookies and similar technologies, how they are used by the site, and how to manage them.

Definitions
Cookies are small text files that the websites you visit send to your terminals, where they are stored and then retransmitted to the same sites the next time you visit them. Cookies of so-called “third parties”, on the other hand, are provided by a website other than the one the user is visiting. This is because each site may contain elements (images, maps, sounds, specific links to web pages of other domains, etc.) that are on servers other than the one used by the site being visited.

Types of cookies
“Technical cookies are those used exclusively with a view to “carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service.” (see Section 122(1) of the Code).

 

They are not used for further purposes and are usually installed directly by the data controller or the website manager. They can be grouped into browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or authenticate themselves to access certain sections); analytics cookies, which can be equated to technical cookies insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website; functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased  so as to improve the quality of service

 

Users´ prior consent is not necessary to install these cookies, whilst information under Section 13 of the code has to be provided in the manner considered to be most appropriate by the website manager – if only such cookies are relied upon.”
Profiling cookies. “Profiling cookies are aimed at creating user profiles. They are used to send ads messages in line with the preferences shown by the user during navigation. In the light of the highly invasive nature of these cookies vis-à-vis users´ private sphere, Italian and European legislation requires users to be informed appropriately on their use so as to give their valid consent.

 

These cookies are referred to in Article 122(1) of the Code where it is provided that “Storing information, or accessing information that is already stored, in the terminal equipment of a contracting party or user shall only be permitted on condition that the contracting party or user has given his consent after being informed in accordance with the simplified arrangements mentioned in section 13(3).” (Art. 122, paragraph 1, of the Code). This Site does not use profiling cookies.

 

First-party cookies

  • Technical browsing cookies and functional cookies
PHP SESSION PHPSESSID technical first party Session The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. This Site establishes a user session and communicate status data by means of a temporary cookie, commonly referred to as a session cookie. As the PHPSESSID cookie has no timed expiry, it disappears when the client is closed.
It expires at the end of the browsing session
Lingua attuale _icl_current_language technical first party 24 h Used to memorise the language selected by the user.
Mobile view grid_view technical first party Session Used to memorise the way products are displayed
Cookie test wordpress_test_cookie technical first party Session Used to check whether cookies are accepted
Cookie configurazione wp-settings- technical first party 1 year Used to save configurations
Cookie configurazione wp-settings-time- technical first party 1 year Used to save configurations

 

Third-party cookies

Google Analytics 

The Site uses first-party and persistent session cookies to give you safe and efficient browsing and use of the site as well as to improve the Services offered by the site.

The Site uses Google Analytics. This is a web analysis service provided by Google Inc. (“Google”), which uses cookies that are stored on the user’s computer to allow statistical analysis in aggregate form based on use of the site being visited.

The lacarrara.it website uses the Anonymize IP = true mode (per the Directive 2009/136/EC, when this mode is activated, Google Analytics cookies are to be considered as technical cookies).

The characteristics of the cookies used on the Site are shown in the table below.

 

Cookie Nome Finalità Tipologia Durata Ulteriori informazioni
Google Analytics _ga technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)
Google Analytics _gat technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)
Google Analytics _utma technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)
Google Analytics _utmb technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)
Google Analytics _utmc technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)
Google Analytics _utmv technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)
Google Analytics _utmz technical third-party Session or persistent Google policies (https://policies.google.com/?hl=en)

 

Google Analytics. The Site also includes components transmitted by Google Analytics, a web-traffic analysis service provided by Google, Inc. (“Google”). These cookies are used for the sole purpose of monitoring and improving the performance of the Site. For further information, please refer to the link below:

https://policies.google.com/technologies/partner-sites?hl=en
You can selectively disable the actions of Google Analytics by installing the opt-out component provided by Google on your browser. To disable the action of Google Analytics, please refer to the link below:
https://tools.google.com/dlpage/gaoptout?hl=en

Expiration of cookies
Some cookies (session cookies) remain active only until the browser is closed or a logout command is executed. Other cookies are retained when the browser is closed and are available for subsequent visits by the user. These cookies are referred to as persistent and their duration is set by the server when they are created. In some cases, an expiration date is set, while in others the duration is unlimited.

Managing cookies
You can decide whether or not to accept cookies, by using the settings on your browser.
Caution: total or partial disabling of technical cookies may compromise optimal use of the Site.
Disabling “third-party” cookies will not affect browsing in any way.
The setting can be made separately for each different website and web application. Browsers also allow you to make different settings for “proprietary” cookies and “third-party” cookies.
For example, in Firefox, you can use the Tools-> Options-> Privacy menu to access a control panel where you can decide whether or not to accept the various types of cookies, and remove them if you wish. On the internet you can easily find information on how to set the rules for managing cookies on your browser. As an example, here are the addresses of some of the main browsers:

Chrome: https://support.google.com/chrome/answer/95647?hl=en
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Safari: https://support.apple.com/en-us/HT201265