Preamble
On April 6, 2016, the European Union approved a major reform of the regulatory framework concerning the protection of personal data by adopting the “General Data Protection Regulation” (GDPR or Regulation), directly applicable in the Member States. The Regulation replaces Directive 95/46/EC (“Data Protection Directive”) and its application becomes mandatory from May 25, 2018, two years after its entry into force.
The new Regulation strengthens the protection of the right to personal data protection (Data Protection), in line with the recognition of the protection of personal data as a fundamental right of the EU. The Regulation also represents a necessary and urgent response to the challenges posed by technological developments that allow the collection and processing of large amounts of personal data in real-time, enabling the development of automated decisions that go beyond human intervention. The Regulation meets the need for protection of privacy increasingly felt by European citizens.
Why this information
Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of processing Personal Data of users who consult the website of the Jewish Community of Rome (hereinafter also the “Community”) accessible electronically at the address romaebraica.it (hereinafter the “Website”).
This information does not concern other sites, pages, or online services that can be reached via hyperlinks possibly published within the Website but referring to resources external to the domain romaebraica.it.
Data Controller
The Data Controller is the Jewish Community of Rome located at Largo Stefano Gaj Taché – Synagogue, IT-00186, Rome (RM), contactable by email at privacy@romaebraica.it.
Data Protection Officer
The Data Controller, in accordance with Article 37 of the Regulation, has appointed Dr. Eng. Rinaldo Piccolomini as the Data Protection Officer (DPO) contactable at the following email address: rpiccolomini@tiscali.it
Purposes and Legal Basis of Processing
The Personal Data of users visiting the Website are processed by the Community for the following purposes:
- verify the user’s identity for the purposes of a donation or payment (Legal basis: necessary for the pursuit of the legitimate interest of the Controller to verify the user’s identity before proceeding with the user’s request [art. 6.1 (f) GDPR].
- verify the user’s identity to access tefillah for tourists (Legal basis: necessary for the pursuit of the legitimate interest of the Controller to verify the user’s identity before proceeding with the user’s request [art. 6.1 (f) GDPR].
- derive anonymous information about the use of the Website and to check its correct functioning, to identify anomalies and/or abuses (Legal basis: necessary for the pursuit of the legitimate interest of the Controller to monitor the correct functioning of the Website, to identify anomalies and/or abuses [art. 6.1(f) GDPR];
- obtain feedback on the use of the Website in order to display customized information and advertisements related to the user’s interests, or to collect personally identifiable information (Legal basis: constituted by the user’s expressed consent through the cookie management mask present on the Website pursuant to art. 6.1 (a) of the Regulation. With reference to art. 7 of the Regulation, the data subject can revoke their consent at any time by entering the cookie settings. Any revocation does not affect the lawfulness of the processing carried out before the revocation);
- fulfill any legal, accounting, and tax obligations (Legal basis: the processing is necessary to comply with a legal obligation to which the Community is subject pursuant to art. 6.1 (c) of the Regulation).
Personal data processed
When a user visits the Website, it is possible that, for one or more of the aforementioned purposes, the following information may be collected:
• identification data such as name, surname, tax code, date of birth, passport;
• contact data such as email address and telephone number;
• browsing data on the type of device used, the type of browser and its settings, the IP address, the traffic data related to the user’s internet connection, technical and analytical cookies as better specified in the specific information at the bottom of the Website.
Regarding the processing of personal data through the social media platforms used by the Community, please refer to the information provided by them through their respective privacy policies.
Processing methods and storage
The User’s Personal Data will be processed with the support of computer and telematic means and will be protected through adequate technical and organizational security measures suitable to guarantee their confidentiality, integrity, and availability. The User’s Personal Data will be stored only for the time necessary to achieve the purposes for which they were collected or for any other legitimate related purpose. Therefore, if Personal Data is processed for two different purposes, we will keep such data until the purpose with the longer term ceases. However, we will no longer process Personal Data for that purpose whose retention period has expired. Personal Data that is no longer necessary, or for which there is no longer a legal basis for its storage, will be irreversibly anonymized (and thus can be stored) or deleted.
Personal Data processed to manage and respond to information requests or other communications will be retained for the time necessary to manage and respond to the user’s request and subsequently deleted.
The information collected by the Community will be stored on its systems and in any region where the providers it uses operate.
Categories of recipients
Within the limits relevant to the purposes of processing indicated above, the Personal Data collected may be communicated to employees, collaborators, partners, consultants or consulting companies, private companies that provide the Controller with tax and legal advice and assistance services, appointed as Authorized or Responsible by the Data Controller.
Personal Data will not be subject to dissemination in any way.
The Responsible and Authorized processors are promptly listed in the Register of processing activities kept at the Community’s headquarters and updated periodically.
Transfer of data to non-EU countries
Due to possible needs related to the location of service providers, the Community may share some of the collected data with services located outside the European Union in countries for which the European Commission has not issued an Adequacy Decision. In such cases, the Community commits to ensuring adequate levels of protection and safeguards, also of a contractual nature, according to applicable regulations, including the stipulation of standard contractual clauses as per art. 46, par. 2, lett. c) of the GDPR, possibly integrated by additional technical, legal, and organizational measures necessary to ensure that the level of protection of Personal Data is equivalent to that of the European Union.
Rights of the data subject
Pursuant to arts. 15–21 of the GDPR, in relation to the Data communicated, the Data Subject has the right to:
- access and request a copy;
- request deletion/rectification;
- obtain restriction of processing;
- oppose the processing based on the legitimate interest of the Controller;
- receive in a structured, commonly used and machine-readable format and to transmit those Data to another data controller without hindrance, where technically feasible;
- lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, the Data Subject who considers that the processing concerning him or her violates the Privacy Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which he or she resides or works habitually, or of the State where the alleged violation occurred.
The above is not applicable to information made available to third parties that are outside the scope of the Community.
If the processing is based on consent, pursuant to art. 7 of the GDPR, the Data Subject may revoke the consent given at any time, without affecting the lawfulness of the processing carried out before the revocation.
If the Data Subject wishes to have more information on the processing of his Data, or to exercise the rights mentioned above, he can send an e-mail to: privacy@romaebraica.it
Changes to this information
The Community may update this information, also in consideration of possible changes to applicable legislation or provisions of the Data Protection Authority. Interested parties are invited to regularly consult this Information to know its latest updated version so as to be always informed about the way their Personal Data are collected and used.
COOKIE POLICY
Introduction
The information in this cookie policy (the “Cookie Policy”) is provided by the Controller (as defined below) in addition to the information on the processing of personal data, always available on the website romaebraica.it (the “Website”).
Definitions
Cookies are small text files that visited websites send to the user’s terminal (computer, tablet, smartphone, notebook), where they are stored before being transmitted back to the same websites on the next visit. Depending on their duration, there are session cookies, which are temporary and automatically deleted from the terminal at the end of the browsing session by closing the browser, and persistent cookies, which remain stored on the terminal until their expiration or deletion by the user.
Typically, the usefulness of cookies lies in the ability to obtain information through them about the visitors’ preferences, to improve the functionality and security of a website, to simplify the navigation by automating procedures (e.g., login, site language), and for the analysis of the use of the site itself.
Data Controller
The Data Controller is the Jewish Community of Rome located at Largo Stefano Gaj Taché – Synagogue, IT-00186, Rome (RM), contactable by email at privacy@romaebraica.it.
Cookies Used
Below are the types of cookies used by the Website museoebraico.roma.it:
Functional cookies used for:
a) Authentication and management of a browsing session;
b) Improved usability of the Website;
c) Storing the user’s selected preferences;
d) Access to the PayPal payment system.
Analytical cookies used to understand how the user interacts with the Website through information on the number of visitors, bounce rate, source of traffic, etc.
Third-party Cookies
The Website also allows the transmission to the user’s terminal of third-party cookies, with which the Community, acting as a technical intermediary, merely sends these cookies but does not manage their operation (therefore it does not have control over or access to the information provided/acquired) as their functioning is the responsibility of the third parties. For these cookies, it is possible to access the information and consent forms of the third parties by clicking on the links provided below. The third parties are:
Facebook – https://www.facebook.com/privacy/policy/
Twitter – https://help.twitter.com/it/rules-and-policies/twitter-cookies
Instagram – https://help.instagram.com/1896641480634370
Management of cookie preferences
The type of cookies used by the Website does not require the user’s consent; however, the user has the option to disable cookies at any time by using the settings of the Internet browser used. Below are the links to the guidelines of the most common browsers:
Please note that disabling technical cookies may cause navigation problems and affect the proper use of services.