Logo

Privacy Policy

Privacy Policy

1. IDENTIFICATION AND CONTACT DETAILS OF THE DATA CONTROLLER

Ticket Management System SL, with Tax Identification Number B67624437, registered at Calle Balmes nº 32, Principal 2ª, C.P. 08007, Barcelona (Spain) and registered with the Companies Registry of Barcelona under Volume 47314, Page 29 (hereinafter, the Owner), is responsible for the processing of data that is collected or generated as a result of access, use and navigation by users of uffizigallery.tickets-florence.org (hereinafter, the User or Users and the Website or the Web respectively).

The Owner informs Users of the Website through this privacy policy (hereinafter, the Privacy Policy) about the processing and protection of their personal data that may be collected through their browsing or contracting of services on the Website. The use of this Website by the User implies their acceptance of this Privacy Policy.

2. DATA COLLECTED

By visiting and browsing this Website, no data that identifies Users by name is automatically recorded. However, certain information is collected and recorded in the Owner's systems (e.g., type of internet browser, operating system, IP address from which the Website is accessed) in order to improve the User's browsing experience and the management of the Website itself. Likewise, the Website may use cookies and similar technologies whose use is subject to the consent of the Users in accordance with the Cookies Policy.

Notwithstanding the foregoing, for the use of certain content or services offered on the Website, the Owner may require certain personal data from the User (e.g., first name and surname, national identity card number or foreign national identity number, address, telephone number, mobile phone number, email address, or other data provided by the Users themselves in the open fields of the forms provided on the Website), in which case the Owner will provide the User with the necessary information before proceeding to process their data.

If the User provides third-party data, the User declares that they have obtained the consent of those third parties or otherwise have sufficient authority, and undertakes to transfer to the data subjects the information contained in this Privacy Policy, thereby exempting the Owner from any liability in this regard. However, the Owner may carry out the necessary verifications to confirm this fact, adopting the corresponding due diligence measures in accordance with applicable data protection regulations.

Likewise, the User warrants that they are over eighteen (18) years of age and that the data provided is true, accurate, complete and up to date. The User is responsible for the accuracy of all data provided and must keep the information suitably updated so that it corresponds to reality.

Finally, the User shall be liable for any false or inaccurate information provided through the Website and for any direct or indirect damages that this may cause to the Owner or third parties.

3. OBLIGATION TO PROVIDE DATA

The data requested in the forms provided on the Website are generally mandatory (unless otherwise indicated in the required field) in order to fulfil the purposes set out in section 4 below. Therefore, if such data is not provided or is incorrect or untruthful, the Owner will be unable to process it.

4. PURPOSE OF THE PROCESSING

In addition to managing requests for information and content, or providing the services expressly requested by Users or with their consent, the Owner has a legitimate interest in using the information collected or generated for all of the following:

  • To manage the User's contact request to the Owner through the channels provided for this purpose on the Website.
  • To manage the contracting of services through the Website, including payment processing and order fulfilment.
  • To improve the Website, its management and security.
  • To manage the sending of commercial communications about the Owner's services, unless the User indicates otherwise by ticking the relevant box or objects to such processing.
  • To send commercial communications (offers, promotions, etc.) to the User by electronic and/or conventional means concerning products and services of third-party companies with which the Owner collaborates, provided the User consents by ticking the relevant box.
  • To carry out studies to analyse the relevance and use of the Website, including anonymised information.
  • To handle requests, complaints and incidents received via the contact channels on the Website.
  • To understand the User's behaviour on the Website in order to detect possible cyber attacks.
  • To comply with legal obligations applicable to the Owner's activities.

5. COMMERCIAL COMMUNICATIONS AND ADVERTISING

One purpose for which the Owner processes personal data provided by Users is to send electronic communications containing information about services, promotions, offers, events or news that may be relevant to them. Whenever any communication of this type is made, it will be addressed solely and exclusively to those Users who have not previously expressed their refusal to receive it or who have expressly authorised it.

To carry out the aforementioned task, the Owner may analyse the data obtained to create User profiles that allow a more detailed definition of the services that may be of interest to the User.

If the User wishes to stop receiving commercial or promotional communications from the Owner, they may unsubscribe by clicking the link provided in such communications, by sending an email to support@tickets-florence.org stating their refusal, by using the checkbox provided on the data collection form, or via the unsubscribe option included in each commercial communication.

6. LEGAL BASIS AND STORAGE

The processing of personal data provided by the User is based on the following legal grounds that legitimise it:

  • Users' voluntary access to and browsing of the Website.
  • The processing of data for the contracting of the services offered on the Website is necessary for the fulfilment of the contractual relationship between the User and the Owner.
  • The request for information or certain content or services by Users.
  • Compliance by the Owner with legal obligations.
  • The legitimate interest in improving the Website and its security, and in carrying out studies and analyses of the Website's operation and use.
  • Where the User has given consent, or where the Owner's legitimate interest applies, the sending of information related to the service provided on the Website.

Data will be retained for as long as there are legal obligations arising from the services or content requested by Users and, thereafter, until any legal or contractual liabilities requiring their retention expire (for example, liabilities arising under data protection or cybersecurity laws). However, the Owner may retain the data, duly blocked, to comply with potential administrative or judicial obligations.

7. USER RIGHTS

Users of the Website may exercise the following rights at any time, under the terms established by current legislation:

  • The right of access to their personal data in order to know what is being processed and the processing operations carried out with it.
  • The right to rectify any inaccurate personal data.
  • The right to delete their personal data, where possible.
  • The right to request the restriction of the processing of their personal data where the accuracy, lawfulness or necessity of the processing is in doubt, in which case data may be retained for the exercise or defence of claims.
  • The right to data portability, insofar as the legal basis for processing personal data is consent or a contractual relationship.
  • The right to object to the processing of their personal data where the legal basis for processing is legitimate interest. For these purposes, we will stop processing the data unless we have a compelling legitimate interest or for the formulation, exercise or defence of claims.
  • The right to withdraw consent at any time.

To exercise these rights, the User must write to support@tickets-florence.org and prove their identity by providing their full name, a copy of their national identity card or equivalent identity document, a clear statement of the request, an address for notifications, and the date and signature of the applicant.

The User may also file a complaint with the Spanish Data Protection Agency (the competent supervisory authority in Spain), particularly if they have not obtained a satisfactory response in the exercise of their rights, by writing to C/ Jorge Juan, nº 6, 28001 – Madrid, or via the website www.agpd.es.

8. COOKIES

The Owner will only use data storage and retrieval devices (Cookies) when the User has given prior consent to do so in accordance with what is indicated in the User's browser pop-up window when first accessing the Website and the other terms and conditions indicated in the Owner's Cookies Policy.

9. COMMUNICATIONS

Data will not be disclosed to third parties except, where appropriate, to competent authorities in the exercise of their functions. As an exception, the Website may use cookies from third-party providers in accordance with the Cookies Policy and the User's consent.

10. SECURITY MEASURES

The Owner adopts the necessary measures to guarantee the security, integrity and confidentiality of the data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and, where not provided for therein, by Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights, Royal Decree 1720/2007, of 21 December, approving the Regulation implementing the Organic Law on Data Protection, and Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce.

Consequently, the Owner will treat the User's data as strictly confidential and will keep it secret in accordance with applicable law, adopting the necessary technical and organisational measures to ensure the security of the data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of the art, the nature of the data stored and the risks to which they are exposed.

11. CHANGES TO THE PRIVACY POLICY

To ensure that the Owner's data protection guidelines remain compliant with applicable legal requirements, the Owner reserves the right to amend this Privacy Policy as necessary.