Skip to content
Store La Biennale di Venezia

PRIVACY POLICY

Data Controller

La Biennale di Venezia – Ca’ Giustinian, San Marco 1364/A – 30124 Venice

 

Controller’s email address: xxxx@xxxxx

Controller’s certified email (PEC) address: xxxx@xxxx

Type of Data collected

The Personal Data collected by store.labiennale.org, autonomously or through third parties, includes: cookies, usage data, email, name, surname, birthdate, various types of Data, telephone numbers, nation, province, website, occupation sector, city and password.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or in specific informative texts viewed before the data itself is collected.

Personal Data may be freely provided by the User or, in case of Usage Data, collected automatically during the use of store.labiennale.org.

If not specified otherwise, all Data requested by store.labiennale.org is required. If the User refuses to provide this data, it may be impossible for store.labiennale.org to operate the Service. In the case that store.labiennale.org indicates certain types of Data as optional, Users are free to abstain from communicating this Data, without any prejudice to the availability of the Service or its operation.

Users who have any questions about which Data is required, are encouraged to contact the Data Controller.

The use of cookies – or other tracking tools – by store.labiennale.org or by the Controllers of the third-party services used by store.labiennale.org, where not specified otherwise, serves the purpose of providing the Service requested by the User, in addition to further purposes described in this document and in the Cookie Policy, if one is available.

The User is responsible for the Personal Data of third parties obtained, published or shared by means of store.labiennale.org and guarantees that he/she is entitled to communicate or disseminate them, releasing the Data Controller of all liability towards third parties.

Methods and location for processing the collected Data

Processing methods

The Controller takes the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data.

The data is processed through computers and/or IT-enabled tools, with organizational methods and logics strictly correlated to the specified purposes. 

In addition to the Controller, in some cases, other subjects involved in the organisation of store.labiennale.org may have access to the Data (administrative, sales, marketing or legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) who, if necessary, could be designated as Data Processors by the Controller. 

The updated list of Data Processors may be requested at any time from the Data Controller.

Legal basis for processing

The Data Controller processes the User’s Personal Data when one of the following conditions applies:

  • The User has given consent for one or more specific purposes;
    Note: Under some legislations, the Controller may be authorised to process Personal Data without the need for User consent or any other of the legal bases specified below, until the User objects to such processing (“opt-out”). This however does not apply if the processing of Personal Data is regulated by European legislation in the matter of Personal Data protection;
  • processing of Data is necessary for the performance of a contract with the User and/or for any pre-contractual obligations;
  • processing of Data is necessary for compliance with a legal obligation to which the Controller is subject;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; 
  • processing is necessary for the purposes of the legitimate interest pursued by the Controller or third parties.

In any case, it is always possible to ask the Controller to clarify the specific legal basis that applies to the processing and in particular to specify if the processing has a legal basis, is required by a contract, or is necessary to conclude a contract.

Location

The Data is processed in the operating offices of the Data Controller and in any other places where the parties involved in the processing are located. For further information, contact the Controller.

 

The User’s Personal Data could be transferred to a different country than that in which the User is located. For further information on the processing location, the User can refer to the section detailing the processing of Personal Data.

 

The User is entitled to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organisation governed by public international law or constituted by two or more countries, such as the United Nations, or about the security measures implemented by the Controller to protect the Data.

 

Should any such transfer take place, the User may consult the relevant sections of this document or request information from the Controller, using the contact details shown in the opening paragraph of this document.

Data retention period

Data shall be processed and stored for the time required by the purposes for which it was collected.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Controller and the User shall be stored until the performance of this contract is completed. 
  • Personal Data collected for purposes pursuant to the legitimate interest of the Controller will be stored until this interest is satisfied. The User may find further information regarding the legitimate interest pursued by the Controller in the relative sections of this document or by contacting the Controller. 
  • When the User has given his/her consent to the processing, the Controller may store the Personal Data longer until said consent is withdrawn. Furthermore, the Controller may be obligated to store the Personal Data for a longer period of time to comply with a legal obligation or upon order of an authority. 
  • At the end of the retention period, the Personal Data shall be deleted. Therefore, when this term expires, the right to access, delete, rectify and the right to Data portability may no longer be exercised.

Purposes of Data collection and processing

User Data is collected to enable the Controller to provide his own Services, and for the following purposes: Analytics, Registration and user authentication, Remarketing and behavioural targeting, Management of requests for support and contact, Performance testing for content and functionality (A/B testing), contacting the User, social functionality, contacting the User, Social features, Management of User databases, Management of payments, Tag management, Heat mapping and session logging, Hosting and backend infrastructure, Interaction with online survey platforms, Interaction with data collection platforms and other third parties, Infrastructure monitoring and Contact management and messaging.

 

For further detailed information on the purposes of the processing and on the Personal Data that is concretely relevant for each purpose, the User may refer to the pertinent sections of this document. 

Details on the processing of Personal Data.

User Data is collected to enable the Controller to provide his own Services, and for the following purposes: Analytics, Registration and user authentication, Remarketing and behavioural targeting, Managing requests for support and contact, Performance testing for content and functionality (A/B testing), Contacting the User, social functionality, contacting the User, Social functions, Managing User databases, Managing payments, Tag management, Heat mapping and session logging, Hosting and backend infrastructure, Interaction with online survey platforms, Interaction with data collection platforms and other third parties, Infrastructure monitoring and Contact management and messaging.

For further detailed information on the purposes of the processing and on the Personal Data that is concretely relevant for each purpose, the User may refer to the pertinent sections of this document. 

Contacting the User

Mailing list or newsletter (store.labiennale.org)

By registering for the mailing list or the newsletter, the User’s email address is automatically added to a list of contacts to whom email messages containing information, including commercial or promotional information, relating to store.labiennale.org may be sent. The User’s email address may also be added to this list as a consequence of registering on store.labiennale.org or after making a purchase.

Personal Data collected: Surname, email and name.

Social functions

 Mailing list or newsletter (store.labiennale.org)

By registering for the mailing list or the newsletter, the User’s email address is automatically added to a list of contacts to whom email messages containing information, including commercial or promotional information, relating to store.labiennale.org may be sent. The User’s email address may also be added to this list as a consequence of registering on store.labiennale.org or after making a purchase.

Personal Data collected: Surname, email and name.

Managing contacts and sending messages

This type of service enables management of a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.

These services may also make it possible to collect data on the date and time the messages were viewed by the User, as well as the User’s interaction with them, and information regarding clicks on the links included in the messages.

Managing payments

This type of service enables management of a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.

These services may also make it possible to collect data on the date and time the messages were viewed by the User, as well as the User’s interaction with them, and information regarding clicks on the links included in the messages.

Stripe (Stripe Inc):

Stripe is a payment service provided by Stripe Inc.

Personal Data collected: various types of Data as specified in the service’s privacy policy

Processing location: USA – Privacy Policy

Managing requests for support and contact

This type of service allows store.biennale.org to manage requests for customer support and contact that arrive by email or other tools, such as contact forms.

The Personal Data that is processed depends on the information provided by the User in the messages and by the tool used for the communication (for example an email address).

XXX Courier

To ship orders of merchandise, store.labiennale.org relies on the courier DHL

Personal Data collected: the data is processed by XXX for the time necessary to provide the required services and to do the job connected and instrumental to them, and are deleted after the purposes for which they are collected and processed have expired, including any statutes of limitations established by the Civil Code. 

Processing location: xxxxxxxxxxx

Hosting and backend infrastructure

This type of service provides hosting for the Data and files that allow store.labiennale.org to operate, enable distribution and provide a ready-to-use infrastructure to deliver specific store.labiennale.org functions.

Some of these services operate through servers distributed geographically in different locations, making it difficult to determine the exact location in which the Personal Data is stored.

Registration and user authentication

Through registration and user authentication, the User allows the Application to identify him/her and grant access to the dedicated services.

Depending on the indications that follow, registration and user authentication services could be provided with the help of third parties. If this is the case, this Application may access Data stored by the third-party service used for registration or identification.

Direct registration (store.labiennale.org)

The user registers by filling in the registration form and directly providing his/her Personal Data to La Biennale di Venezia.

Personal Data collected: surname, name, tax identification number (codice fiscale), email, password.

Further information on Personal Data

Further information on Personal Data

The Personal Data we collect is used to provide services to the User or to sell products, including payment and delivery. The Personal Data collected to conclude the payment process may include information on the credit card or bank account used for bank transfers or other accepted payment methods. The payment Data collected by store.labiennale.org depends on the system of payment chosen by the User.

Unique identification of the device

Store.labiennale.org can track Users by saving a unique identification code for their devices, for statistical purposes or to save User preferences.

User Data analytics and profiling

The Controller may process usage data collected through store.labiennale.org to create or update user profiles. This type of processing allows the Controller to assess User choices, preferences and behaviour for the purposes specified in the relevant sections of this document.

The User profiles may also be created with automated tools such as algorithms, which may also be offered by third parties. To obtain further information on profiling, the User may consult the relevant sections of this document.

The User is entitled at any time to object to being profiled. To read more about Users’ rights and how to exercise them, the User may consult the section of this document regarding Users’ rights. 

Users’ rights

Users are entitled to exercise certain right in reference to the Data processed by the Data Controller.

In particular, Users are entitled to:

  • Withdraw consent at any time. Users have the right to withdraw any previously-granted consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details on the right to object are provided in the section below.
  • Access Personal Data. Users have the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data being processed.
  • Verify and seek rectification. Users have the right to verify whether their Data is correct and request that it be updated or rectified.
  • Restrict the processing of their Data. When certain conditions apply, Users have the right to restrict the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than storage.
  • Have their Personal Data deleted or otherwise removed. When certain conditions apply, Users have the right to request that their Data be deleted by the Data Controller.
  • Receive their Data or have it transferred to another Controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format, and where technically feasible, to have it transferred without obstacles to a different Data Controller. This provision is applicable when the Data is processed by automated tools and the processing is based on the User’s consent, on a contract to which the User is a party, or on contractual provisions thereof.
  • File a complaint. Users have the right to file a complaint with the competent data protection authority or take legal action. 
Details on the right to object

When Personal Data is processed in the public interest, in the exercise of an official authority veted in the Controller or for the purposes of legitimate interest pursued by the Controller, Users have the right to object to the processing on grounds related to their particular situation.

Users are advised that, if their Data is processed for the purposes of direct marketing, they can object to that processing without providing any justification. To discover if the Data Controller is processing data for the purposes of direct marketing, Users may consult the relevant sections of this document.

How to exercise Users’ rights

Requests to exercise Users’ rights may be addressed to the Data Controller’s contact details listed in this document. The requests may be filed free of charge and will be addressed by the Controller as quickly as possible time, and in any case within a month.

Cookie Policy

Store.labiennale.org uses cookies. For further information and to read detailed information, Users may consult our Cookie Policy.

Further information on data processing

Defence in court

The User’s Personal Data may be used by the Data Controller in court or in the stages leading to possible legal action for defence against improper use by the User of store.labiennale.org or related Services.

The User acknowledges that he is aware that the Controller may be required to reveal Personal Data by order of the public authorities.

Specific information

Upon request by the User, in addition to the information contained in this Privacy Policy, store.labiennale.org may provide the User with additional and contextual information about specific Services, or the collection and processing of Personal Data.

System log and maintenance

For the purposes of operation and maintenance, store.labiennale.org and any third-party services it uses may collect system logs, the files that record interactions and could also contain Personal Data, such as the User’s IP address.

Information not included in this policy

Further information about the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Modifications to this Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy at any time, giving notice to Users on this page and, if possible, on store.labiennale.org and, if technically and legally feasible, sending notice to Users via one of the contact details in the possession of the Data Controller. We therefore invite Users to check this page regularly, referring to the date of the last modification listed at the bottom.

If the modifications regard the processing of data the legal basis of which is consent, the Controller will collect new consent from the User, if necessary.

Definitions and legal references

Personal Data (or Data)

Personal data shall mean any information which, directly or indirectly, and in connection with any other information, including a personal identification number, makes a physical personal identified or identifiable.

User Data

This is the information collected automatically through store.labiennale.org (including by third party applications integrated into store.labiennale.org), including: IP addresses or domain names of the computers used by the User who connects to store.labiennale.org, addresses identified by URI (Uniform Resource Identifier), the time of request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various time connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages visited, to the parameters of the operating system and the User’s IT environment.

User

The individual who uses store.labiennale.org and who, unless otherwise specified, is the same as the data subject.

Data subject

The natural person that is the subject of the Personal Data.

Data Processor (or Processor)

The natural or legal person, public administration or any other body that processes personal data on the Data Controller’s behalf, as detailed in the present privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, service or other organism that, individually or jointly with others, determines the purposes and methods for processing personal data and the relevant means, including security matters relative to the functioning and use of store.labiennale.org. The Data Controller, unless otherwise specified, is the owner of store.labiennale.org.

Store.labiennale.org (or this Application)

The hardware or software tool by means of which the Personal Data of the Users are collected and processed.

Service

The Service provided by store.labiennale.org as defined in the relative terms (if present) on this website/application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document is understood to be extended to all the current member states of the European Union and the European Economic Space.

Cookie

Small piece of data placed inside a User’s device.

Legal references

The current privacy policy is drafted on the basis of multiple legislative provisions, including Articles 13 and 14 of (EU) Regulation 2016/679.

Unless otherwise specified, this privacy policy applies exclusively to store.labiennale.org

Last modified: xx/xx/xxxx