Privacy Policy

The present Privacy Policy is consistent with Regulation UE 2016/679 on the protection of natural persons in the processing of personal data (hereafter Regulation) and with the relevant Italian Legislation following principles of correctness, lawfulness and transparency.

The present statement describes how the personal data of users’/visitors’ accessing the site and using its services are processed.


Data controller

The Museo Nazionale del Cinema – Fondazione Maria Adriana Prolo (hereafter Controller) is the data Controller responsible for the processing and implementation of the personal data protection Regulation. The Controller appoints one or more people as Data Processing Manager(s) who will act under the Controller’s authority according to the information received. Such person(s) will be within the European Union and will be appointed considering the required precautions listed in the Regulation.

Users/visitors can contact the Controller at any time, at


Storing processed data

Data gathered and processed include: name, surname, email address, cookies and navigation data.

Specific information will be supplied progressively and/or visualised on the relevant website pages for specific services on demand.

The optional, explicit and voluntary messages to the emails listed on the website will require the subsequent acquisition and processing of the sender’s address, needed to answer any queries, as well as any other personal data included in the exchange.


Cookie policy

During the session, the present Website makes use of cookies and lasting cookies. Users may request the elimination or for cookies to be blocked by modifying browser settings.

The cookies used in the session avoid resorting to other ITC techniques that could prejudice the users’ confidentiality and do not identify users’ personal data. For more detailed information please refer to the “Cookie Policy” Section of the present document.


Data processing use

Personal data will be treated for uses connected or necessary for the purpose of carrying out and/or managing the services of this website, and specifically for:

  • Carrying out the obligations ensuing from the need to fulfil specific requests: data are required for the correct implementation of contractual and/or pre-contractual needs and their lack means the Controller cannot fulfil their contractual obligations;
  • Sending the Newsletter: data release is optional. By not supplying the data the newsletter will not be supplied; and
  • Fulfilling tax, accounting and administration obligations: data must be supplied to fulfil legal obligations and is not supplied, the Controller cannot fulfil such obligations.


Legal framework

The Controller processes personal data in the following cases:

  • If the user has agreed to one or more of services- for instance the Newsletter;
  • If data processing is required to implement a contract and/or for pre-contractual reasons, for instance booking guided tours;
  • If it is legal obligations that befalls to the Controller- such as invoicing; and
  • If it is necessary for the Controller to perform a legitimate interest and with the consent of the interested party – such as video-camera surveillance.

It is always possible to ask the Controller to specify the legal basis for each case.


Processing methods

Data processing is carried out through IT or telematically, with organisational and logical modalities depending on the relevant aims. Specific security measures are followed to avoid loss of data, unlawful or incorrect use and unauthorised access.


Sites and services to third parties

On the Website pages users may find hyper-textual links to other websites often referring to specific events or sponsors of the Museo Nazionale del Cinema.

Museo Nazionale del Cinema is not responsible for any of the contents that users might encounter accessing them through the official website.


Where data are processed

Data are processed in the Controller’s operational headquarters and in any other place where such parties are located. Data may be in a country other than the one users are connected to, although data are not transferred to countries outside the EU.


Users’ rights

Users can exercise their rights with reference to data treated by the Controller, and specifically the ones listed below: to

  • Withdraw their consent at any time;
  • Object to the processing of their data;
  • Access their data;
  • Verify their data and ask for them to be amended or modified;
  • Limit the processing of their data given certain conditions;
  • Have their data removed or cancelled;
  • Retrieve their data and transfer them to another Controller given certain conditions; and
  • Lodge a complaint to the relevant Authorities overseeing data protection and seek redress in the court.


Users can contact in the exercise of the above.

Requests are answered with no charge, in the shortest time possible and in any case no later than 30 days.


Changes to the present Privacy Policy

The Controller retains the right to bring changes to the present Privacy Policy at any time, promptly informing users both on this page and on the museum Website, as well as informing users through the contact supplied to the website, where contact is technically and legally possibly.