Privacy Policy

Introduction

Welcome to the website of Santa Maria della Giustizia. Your privacy and the security of your personal data are of utmost importance to us. This Privacy Policy describes how we collect, use, protect, and share your personal information when you visit or use the services on our website.

The personal information we collect pertains to data that can be used to identify you as an individual. This Privacy Policy applies to all information collected through our website and any related services.

This website strictly adheres to the provisions imposed by the European Regulation No. 679/2016 for the Protection of Personal Data (GDPR) and national legislation (Personal Data Protection Code), committing to protect the confidentiality of its visitors and users. We actively and with appropriate measures ensure that we do not compromise the rights of our users and minimize the collection of personal data. Please note that we do not display advertisements on this site and do not use the collected data to send advertising messages.

 

Data Controller

The data controller for personal data is the National Superintendence for Underwater Cultural Heritage, located at via Duomo, 33 – 74123 Taranto (TA) – Tel. 099/4713511; Fax 099/4713126 – 132.

Legal Basis and Purpose of Processing

The personal data indicated on this page are processed by the National Superintendence for Underwater Cultural Heritage in the performance of its tasks of public interest or otherwise connected to the exercise of its public powers, including the management and protection of cultural heritage and related communication activities.

The provided personal data are processed solely for purposes strictly related to and necessary for the use of the website and the requested services.

In accordance with Article 13 of the Regulation, if the Controller intends to further process personal data for a purpose other than the one for which they were collected, they shall provide the data subject with information regarding such different purpose and any other relevant information.

Processing Purposes and Types of Data

Browsing Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information about the use of the site and to ensure its proper functioning. It is deleted immediately after processing. The data may be used to ascertain liability in the event of hypothetical computer crimes against the site.

Data Provided by the User

The optional, explicit, and voluntary sending of messages to the contact addresses of the Superintendence, private messages sent by users to institutional profiles/pages on social media (where this possibility exists), as well as the completion and submission of forms on the site, involve the acquisition of the sender’s contact data necessary for responding, as well as all personal data included in the communications.

Specific information will be published on the site pages prepared for the provision of certain services.

In summary, the processing of data collected from the site, in addition to the purposes connected, instrumental, and necessary for the provision of the service, is aimed at the following purposes:

– Statistics (analysis)

Data and information collection in exclusively aggregated and anonymous form in order to verify the correct functioning of the website. None of this information is related to the individual User of the site and does not allow their identification in any way. Consent is not required.

– Security

Data and information collection aimed at protecting the security of the website (anti-spam filters, firewalls, virus detection) and Users, and to prevent or uncover fraud or abuse against the website. The data is automatically recorded and may also include personal data (IP address), which may be used, in accordance with applicable laws, to block attempts to harm the website itself or other users, or any harmful or criminal activities. Such data is never used for the identification or profiling of the User and is periodically deleted. Consent is not required.

– Ancillary activities

Sharing data with third parties who perform necessary or instrumental functions for the operation of the service, and to allow third parties to perform technical, logistical, and other activities on our behalf. Providers only have access to the personal data necessary to carry out their tasks, and they commit not to use the data for other purposes and to treat personal data in accordance with applicable regulations.

Cookies

Cookies are short pieces of text (letters and/or numbers) that allow the web server to store information on the client (the browser) to be reused during the same visit to the site (session cookies) or later, even after several days (persistent cookies). Cookies are stored, based on user preferences, by the individual browser on the specific device used (computer, tablet, smartphone).

In general, the user can decide whether to accept cookies or not by using the settings of their own browser. The setting can be defined specifically for different websites and web applications.

This site uses technical cookies that are necessary for the proper functioning of the site and are always active. Other cookies (profiling cookies) may be used to personalize content, integrate third-party content, and for statistical analysis of site visits and are activated only following explicit consent.

By clicking “I Agree” on the banner displayed upon first access to the site, the visitor expressly consents to the use of cookies and similar technologies, and in particular to the registration of such cookies on their device for the purposes indicated in this document, or access through cookies to information on their device.

Below is the detailed list of all technical cookies necessary for the functioning of the site:

wp-settings-time-{user} (Time at which wp-settings-{user} was set)

WordPress_sec_* (to provide protection against hackers, store account details.)

WordPress_logged_in_* (to Store logged in users)

wordpress_test_cookie (Tests that the browser accepts cookies)

 

Location and recipients of the processing

Personal data is processed at the headquarters of the Data Controller or the Data Processors using automated tools for the time strictly necessary to achieve the purposes for which they were collected, in compliance with the confidentiality and security rules provided by current regulations. No data is disclosed. The personal data provided by users is used solely for the purpose of providing the service and may be communicated to other authorized personnel within the Department or to other public or private entities only if required by legal obligations.

Data retention period

In order to ensure proper and transparent treatment, data is stored for a period of time not exceeding what is necessary for the purposes for which it was collected or subsequently processed, in accordance with legal obligations.

Transfer of data to third countries or international organizations

If the transfer of data outside the EU or to international organizations is foreseen, the Data Controller undertakes to clarify to the data subject:

  • whether there is an adequacy decision by the EU Commission or if the Commission has decided that the third country, a territory, or one or more specific sectors within the third country, or the international organization in question, ensures an adequate level of protection. In such cases, the transfer does not require specific authorizations;
  • in the absence of the above, the appropriate guarantees and the indication of the means to obtain a copy of such data or the place where they have been made available.

User rights

In accordance with the European Regulation 679/2016 (GDPR), the data subject has the right, in the manner and within the limits provided by current legislation, to exercise the following rights:

  • Right of access: to request confirmation of the existence of data processing concerning them and to receive information on the methods and purposes of the processing, as well as the right to receive a copy of the data provided, within reasonable limits;
  • Right to withdraw consent given at any time without the need for justification, without prejudice to the processing carried out up to that moment;
  • Right to request updating, rectification, or integration of incomplete or inaccurate data;
  • Right to object in whole or in part to the processing based on the legitimate interests of the data controller unless there is a legitimate reason to continue the processing, such as exercising rights in court;
  • Right to object to the processing of personal data for marketing purposes or commercial communication;
  • Right to erasure of data (even after revoking consent), if no longer necessary for the purposes of the data controller, in case of revocation of consent, objection to the processing, processing in violation of the law, or if there is a legal obligation to delete;
  • Right to restriction, i.e., to obtain the blocking of processing in case of violation of the conditions of lawfulness, but also if the data subject requests rectification of the data (pending rectification) or opposes their processing (pending the decision of the data controller), in which case the data will not be processed except for their storage;
  • Right to data portability, i.e., in cases of processing based on consent, the right to receive or transmit their data provided to the Data Controller, at the sole cost of any support, in a structured, commonly used, and machine-readable format;
  • Right to lodge a complaint with the Supervisory Authority (Data Protection Authority – link to the Authority’s page: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524);
  • as well as, more generally, to exercise all the rights recognized to them by current legislation.

 

Requests should be addressed to the Data Controller.

Updates

This information is up to date as of June 9, 2023.

Start typing and press Enter to search