Privacy Policy

Information on the processing of personal data of users visiting the Ecomuseo website, pursuant to Article 13 of Regulation (EU) 2016/679
Pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the “Regulation”), this page describes the methods for processing the personal data of users visiting the website of the Ecomuseo delle Terrazze Retiche di Bianzone, whose home page can be reached through the address .

This information is provided exclusively for the website of Ecomuseo delle Terrazze Retiche di Bianzone and not for other sites, pages or online services that can be reached through hypertext links that may be published on the Ecomuseo website but refer to resources outside the Ecomuseo domain.

Data controller
The data controller is the Municipality of Bianzone (hereinafter, the “Data Controller”), with registered office in Via Teglio 1 23030 Bianzone (SO)
 E-mail: protocollo@comune.bianzone.so.it PEC: protocollo.bianzone@cert.provincia.so.it Telephone: 0342720107

Data Protection Officer (DPO)
The Data Protection Officer (DPO) is Trust Data Solution S.r.l. with registered office in Viale Cesare Cattaneo 10B - 22063 - Cantù (CO).

Tel: 031707879 E-mail: dpotrustds@legalmail.it PEC: dpotrustds@legalmail.it

Legal basis for processing
The processing, by the Data Controller, of the personal data indicated in this Notice is necessary to fulfil a legal obligation to which the Data Controller is subject pursuant to Article 6(1)(c) of the Regulation, in accordance with the provisions of Legislative Decree no. 82/2005 (“Digital Administration Code”) and the Design Guidelines for PA websites and digital services issued by AgID on 27 July 2022 and subsequent amendments or additions.
The processing of personal data in connection with the use of a website by the Data Controller is also necessary for the performance of a task carried out in the public interest or in connection with the exercise of public authority vested in the Data Controller, pursuant to Article 6(1)(e) of the Regulation and Article 2-ter of Legislative Decree No. 196/2003 (“Personal Data Protection Code”).

Purpose of processing, categories of personal data processed and data retention period
The processing of the personal data of users visiting the Controller's website is in any case aimed at ensuring the technical operation of the site and/or enabling the performance of tasks of public interest or connected with the exercise of public powers vested in the Controller pursuant to Article 6(1)(e) of the Regulations and Article 2-ter of Legislative Decree no. 196/2003.
Personal data“ within the meaning of Article 4(1) of the Regulation means ”any information relating to an identified or identifiable natural person (data subject). A visit to the Controller's website entails the processing of personal data belonging to one or more of the categories indicated in the following points.

  • Navigation data 

The computer systems and software procedures used to operate this site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. System logs, i.e. files (electronic documents) that record interactions and which may also contain personal data, such as the user's IP address, may be collected for purposes related to the operation and maintenance of the site.

  • Data provided intentionally by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, which is necessary in order to reply to requests, as well as any other personal data included in the message.

  • Contact form: Email, Name and Surname
  • Newsletter subscription form: Email
  • Reserved area access: Username, Password, Email

Personal data voluntarily provided by users consulting the site will be processed for the following purposes:

  • Contacting the user
  • Site visit statistics
  • Traffic optimisation and distribution
  • Allow registration and access to the reserved area of the site and all its functions
  • Interactions with social networks and external platforms
  • Cookies and other tracking tools

Cookies are strings of text that the sites visited by a user deposit and store on his terminal device, and which are transmitted back to the same sites on his next visit, with associated information on the user's Internet browsing carried out up to that moment. Cookies can be divided into two macro-categories: “technical cookies” and “profiling cookies”. Technical or profiling cookies can be “first-party” or “third-party” cookies. Profiling cookies are used for the purpose of creating profiles relating to each user, so as to show the online user advertisements relevant to the preferences expressed when surfing the Internet. Users' prior consent is required for the installation of such cookies. This site does not use profiling cookies.
Technical cookies allow users to navigate efficiently on websites and use their functionalities. Their use does not require the user's consent. This site uses technical session cookies to transmit session identifiers (consisting of random numbers generated by the server) necessary for the user to navigate the site effectively. Technical session cookies are not stored persistently on the user's computer and disappear when the browser is closed.

Information on the processing of personal data carried out through the social media platforms used by the Controller
With regard to the processing of personal data carried out by the managers of the social media platforms that may be used by the Controller, please refer to the information provided by them in their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the social media platforms dedicated to this entity, within the scope of its institutional purposes, exclusively to manage interactions with users (comments, public posts, etc.) and in compliance with the regulations in force.

Treatment modalities
Processing is carried out by natural persons authorised by the Controller, for the pursuit of the purposes indicated. Persons authorised to process data are bound to professional secrecy. The processing of personal data may possibly take place with the cooperation of other persons appointed as Data Processors, who process the data in accordance with the purposes and means determined by the Data Controller pursuant to Art. 28 of the Regulation.

The list of Data Processors can be consulted at the request of the data subject. Processing is carried out with respect for fundamental rights and freedoms and complies with the principles set out in Article 5 of the Regulation, and first and foremost with the principle of fairness, lawfulness and transparency of processing. The Data Controller ensures the relevance and proportionality of the information processed with respect to the purposes pursued.

Categories of data recipients
Processing is carried out by persons authorised and committed to confidentiality and assigned to the relevant activities within the competence of the Controller, in compliance with the purposes indicated above. The Controller, in carrying out its activities and in order to provide its services, may transmit data to the following categories of recipients:

  • Public administrations;
  • Technical service providers (such as hosting providers);
  • Public entities in application of legal obligations.

Recipients, if they are not autonomous Data Controllers, are appointed as Data Processors by the Controller, pursuant to Article 28 of the Regulation. The complete and updated list of Data Processors can be requested from the Controller.
The service providers - in their capacity as Data Processors and on the basis of the service contract concluded - are obliged to process personal data exclusively for the purposes indicated by the Data Controller, not to store them for longer than the duration indicated and not to pass them on to third parties without the explicit authorisation of the Data Controller, in compliance with Article 28 of the Regulation.

Data transfer abroad
Personal data processed for the aforementioned purposes are not transferred to third countries outside the European Union or the European Economic Area (EEA), nor to international organisations. The Controller undertakes to transfer data to countries outside the EEA only in compliance with the provisions of Chapter V of the Regulation.

Rights of the data subject
The privacy legislation (Articles 12-22 of EU Regulation 679/2016) guarantees that data subjects can exercise the following rights at any time:

  • access to personal data;
  • to obtain the updating, rectification, integration of incomplete data
  • to obtain the deletion of data, their transformation into anonymous form or the blocking of data processed in violation of the law;
  • to obtain certification that any amendments or deletions have been brought to the attention, also as regards their content, of those to whom the data have been communicated, except as required by law;
  • to obtain restriction of processing;
  • to object to processing; not to be subjected to decisions based solely on automated processing.
  • to data portability;
  • to revoke consent, where applicable: revocation of consent does not affect the lawfulness of processing based on consent given before revocation.

In order to exercise your rights, as well as for more detailed information on the subjects or categories of subjects to whom the data are communicated or who become aware of them in their capacity as managers or appointees, the interested party may contact the Data Controller: Municipality of Bianzone, via Teglio 1 - 23030 - Bianzone (SO). Tel. 0342720107 Email protocollo@comune.bianzone.so.it PEC protocollo.bianzone@cert.provincia.so.it

You may also contact the Data Protection Officer (DPO) at the dedicated e-mail address

Should they consider that the processing of personal data relating to them carried out through this website is in breach of the Regulation or of other applicable legal provisions, the data subjects have the right to lodge a complaint with the Garante for the protection of personal data, pursuant to art. 77 of the Regulation, or alternatively they have the right to take legal action, pursuant to art. 79 of the Regulation.
The contact details of the Garante per la protezione dei dati personali can be found on the Authority's website at www.garanteprivacy.it.

Amendments to this Policy
The Owner reserves the right to make changes to this Policy at any time by publicising them to users on this page. Therefore, please consult this page often, taking as reference the date of last update indicated at the bottom.
Unless otherwise stated, the previous Policy shall continue to apply to personal data collected up to that point.