Experience data. Make culture count.

Privacy policy

PRIVACY POLICY

memind.eu

memind.eu is the official website of the EU-funded ME-MIND project (funding from the Creative Europe Programme of the European Union, Grant Agreement number: 101008704) managed by Fondazione Sistema Toscana (hereafter aslo “FST”), a private and legally-recognized entity overseen by the Region of Tuscany, and serves as a tool for carrying out the following institutional aims at:

  1. extracting – by using two specific use cases, analysing their needs and implementing analytical techniques – a methodological solution to measure and evaluate the social and economic impact generated by cultural institutions; 
  2. turning the socio-economic impact analysis of the cultural sector into a tool to drive cultural organisations’ data-driven decisions and, at the same time, into a promotional “manifesto” to be used towards potential sponsors;  
  3. transforming quantitative and qualitative data (resulting from the impact analysis) into an artistic product that will be directly experienced by museum visitors or event attendees; 
  4. make the analysis results intelligible and comprehensible even towards stakeholders, who can have a direct weight on events and cultural venues: such as public administrations, private and public sponsors, providers, promoters, collaborators etc. 

Privacy information

In accordance with national legislation (Legislative decree 196/June 30, 2003 regarding the protection of personal data) and community legislation (EU regulation for the protection of personal data, n. 679/2016, GDPR) and later modifications, this website respects and safeguards the privacy of visitors and users, ensuring that every possible and proportional attempt will be made to not impinge on the rights of its users.

This privacy policy is valid only for visitors/users for the online activities of this website and it does not apply to data collected via other channels. The purpose of this privacy policy is to provide maximum transparency regarding the information that the website collects and uses.

Data controller

The Data Controller pursuant to the laws in force is:
Fondazione Sistema Toscana
Via Duca d’Aosta, 9
50129 Firenze

Data protection officer

The Data Protection Officer (DPO) of the Data Controller can be reached at the following e-mail address: dpo(at)fst.it

Legal basis for data processing

This website processes data only upon consent.

The provision of data and therefore consent to collect and process data is optional: the User can refuse to consent and revoke at any time previously-given consent. Doing so, however, could result in blocked access to some services and navigation of the website could be compromised. Beginning on May 25, 2018 (when the GDPR went into effect), this website can process data for the legitimate interests of the Data Controller.

Content

memind.eu brings together textual and multimedia content (texts, images, sounds, video, graphics, trademarks, logos, audio-visuals, etc, hereinafter “content”) for the purposes described above.

The content is produced by:

  1. staff from Fondazione Sistema Toscana (Italy, hereinafter “FST”), coordinator and responsible for managing the website;
  2. staff from ME-MIND consortium partners: By Facility SL (also known as Domestic Data Streamers, Spain) University of Pisa (Italy) and Eesti Rahva Muuseum (Estonia);
  3. staff from the European network on cultural management and policy – ENCATC (Belgium), associated partner and subcontractor for the service of web design e branding;
  4. third parties who grant the project consortium rights to their textual and multimedia content (for example, through the dissemination of best practices) using credits;
  5. third parties whose property vaunts a creative commons license, allowing for the use of their textual and multimedia content.

All the content is protected by current laws regarding authors’ rights and intellectual property, and, therefore, unauthorized reproductions and/or making the content available to the public (even through file-sharing) is not allowed. It is forbidden to upload, reproduce or exchange copies of the protected content without proper authorization from the authors and/or owners of the rights. Anyone who violates this ban is subject to civil and criminal penalties in accordance with the law.

Content providers declare and guarantee to hold the rights to the content (whether it is because they are either the author themselves or because they purchased the rights for use and reproduction from the legitimate owners); therefore, they guarantee the legality, veracity, accuracy and legitimate provenance of the rights of industrial and/or intellectual property or the laws regarding privacy of the content provided to FST.

Viewing content from external platforms

This type of service allows you to view and interact with content hosted on external platforms directly from the pages of this site.
In the event that a service of this type is installed, it is possible that, even if users do not use the service, it collects traffic data relating to the pages in which it is installed.

Google Fonts (Google, Inc.)
Google Fonts is a font style visualization service managed by Google, Inc. that allows this site to integrate such content within its pages.
Personal Data collected: Usage data and various types of data as specified in the privacy policy of the service.
Place of date processing: United States – Privacy Policy.

Font Awesome (Fonticons, Inc.)
Font Awesome is a font style visualization service managed by Fonticons, Inc. that allows this site to integrate such content within its pages.
Personal Data collected: Usage data and various types of data as specified in the privacy policy of the service.
Place of date processing: United States – Privacy Policy.

Widget Google Maps (Google, Inc.)
Google Maps is a map display service managed by Google, Inc. that allows this site to integrate such content within its pages.
Personal Data collected: Cookies and Usage Data.
Place of data processing: United States – Privacy Policy.

Link  

memind.eu may contain links to other websites and social media that are not necessarily under the control of FST. The user is encouraged to read the conditions and terms of operation and use of the non-FST websites. FST assumes no responsibility for unauthorized use of the user’s data nor any further monitoring or profiling carried out by the websites.

Collected data and purposes

memind.eu uses log files which conserve data collected automatically during a visit to the website. The data collected could be the following:

  • internet protocol address (IP);
  • browser type and parameters of the device used for connecting to the website;
  • name of the internet service provider (ISP);
  • date and time of visit;
  • webpage the visitor connected from (referral), as well as the subsequent page upon exiting;
  • the number of clicks.

To ensure security (antispam filters, firewall, survey of viruses), the data registered automatically could be used, in accordance with the relevant current laws, to block attempts to damage the website or other users, as well as damaging or criminal activities. Such data are never used for identifying and profiling the user, but are only intended to safeguard the website and its users (since May 25, 2018, data may be processed on the basis of the legitimate interests of the Data Controller pursuant to current regulations).

The data collected from the website during its operation are used exclusively for the aims indicated and are conserved for the time necessary for carrying out precise activities or, if applicable, until there is a cancellation request for accounts registered to the website. The data
collected from the website will never be passed to third parties for any reason, unless there is a legitimate request from judicial authorities and only in cases allowed by law. By accessing and navigating the website, users accept that the aforementioned data are processed for the previously-mentioned purposes of IT security and preventing illegal activities. The user can request that their data be cancelled and/or exercise their rights as protected by current laws.

Place of data processing

The data can be processed at the Data Center ex TIX (Tuscany Internet Exchange), Via San Piero a Quaracchi n. 250 – Florence, now part of the Sistema Cloud della Toscana (SCT – Tuscany Cloud System) and at Hetzner Online GmbH, Industriestr. 25 – 91710, Gunzenhausen, Germany. In compliance with community law (European Regulation for the protection of personal data 2016/679, Art. 28, par. 3), organizations who process personal data on behalf of Data Controller or Data Processor have been appointed as Data (Sub-)Processors, to ensure compliance with the requirements of the Regulation.

Cookies

As with all websites, this site also uses cookies, which are small strings of texts that allow for the website to conserve data and is based on the visitor’s preferences in order to improve the site’s operation, simplify navigation by automating processes (ex.: login, language) and analyze site use.

Session cookies are essential for distinguishing connected users, and are useful for ensuring that a requested function not be provided to the wrong user, as well as for security purposes so as to avoid damaging attacks on the website. Session cookies do not contain personal data and last only as long as the session does, that is, until the browser is closed. Consent is not needed for them.

Functionality cookies used by the website are strictly necessary for operating the site; they are those connected to a user’s request for a specific function (like Login), for which consent is not needed). Using the website, the visitor expressly agrees to the use of cookies.

Management of cookies: consent to their use

Deleting cookies does not preclude use of the site.

Users / visitors can set the computer browser to accept / reject all cookies or display a warning every time a cookie is proposed, in order to evaluate whether to accept it or not.

By default, almost all web browsers are set to automatically accept cookies. Users / visitors can still change the default setting, or disable cookies (i.e. block them permanently), by setting the highest level of protection in the browser, however, disabling them
can compromise the use of site functions.

In any case, it remains possible to delete or remove cookies from your device, using the appropriate functions present in the browser. Deleting the cookies does not preclude the use of the site, but involves the repetition of the authentication procedure, or the re-submission of the access credentials.

There are also components (plugins) for the most popular browsers that allow:
• the management (display, cancellation, block) of cookies
• disabling third party JavaScript pages
• visualization of the technologies used by the site
• the visualization and (selective) blocking of the different tracking mechanisms

Disabling cookies

Cookies can be disabled directly from the browser used, thus denying / revoking consent for the use of cookies. It should be noted that disabling cookies can impede upon the correct use of some functions on the wesbite.

Google Analytics / Tag Manager

memind.eu may include the tools Google Analytics and Tag Manager for monitoring access to the website (number of accesses, new users, number of sessions, visualizations of a page, type of device and browser, etc.) and receiving information regarding user behaviour on the website (referral, duration of sessions, bounce rate, etc.) for statistical and market study purposes. FST does not collect users’ personal data because the information related to accessing the website and user behaviour are provided by Google Analytics and Tag Manager in an aggregated and non-personalized/anonymous form. However, FST does not respond to the processing of data collected by Google Inc. through Analytics and Tag Manager. Google could use, unbeknownst to FST, personal data for contextualizing and personalizing advertisements on their marketing network.

Information about the two Google tools used are as follows:

  • Google Analytics (Google, Inc.)- Google Analytics is a web analysis service provided by Google, Inc. (“Google”). Google uses the personal data collected for the purposes of tracing and examining site use, compiling reports and sharing them with other services developed by Google.
    Personal data collected: Cookies and usage data
    Processing location: USA – Privacy PolicyOpt Out
  • Google Tag Manager (Google, Inc.) – Google Tag Manager is a statistics service provided by Google, Inc.
    Personal data collected: Cookies and usage data
    Processing location: USA – Privacy Policy

Cookies from Social Networks

memind.eu may use cookies from social networks, which are used to allow for sharing content on social networks. These plugins are programmed so as to not register cookies when accessing the page, safeguarding the user’s privacy. The cookies are registered, if allowed by the social networks, only when the user effectively and voluntarily uses the plugin. It should be kept in mind that if the user navigates when logged into the social network, they already consented to the use of cookies transmitted through this website when registering with the social network.

The collection and use of data obtained via the plugin are regulated according to the related privacy policies of the social networks, which users are advised to refer to.

  • Like button and Facebook and Instagram photo social media widgets (Facebook Inc.) – The “Like” button and Facebook social media widgets are services for interacting with Facebook, provided by Facebook Inc.
    Personal Data collected: Cookies and Usage Data.
    Processing location: USA – Privacy Policy.
  • Tweet button and Twitter social media widgets (Twitter Inc.) – The “Tweet” button and Twitter social media widgets are services for interacting with Twitter, provided by Twitter Inc.
    Personal Data collected: Cookies and Usage Data.
    Processing location: United States – Privacy Policy.
  • Youtube videos (Google, Inc.) – YouTube is a video viewing service managed by Google, Inc. that allows this application to integrate its content into its pages.
    Personal data collected: Cookies and Usage Data
    Processing location: USA – Privacy Policy
  • Pinterest button and social widgets (Pinterest, Inc.) – The Pinterest button and social widgets are services of interaction with the Pinterest social network, provided by Pinterest Inc.
    Personal data collected: Cookies and Usage data.
    Place of processing: USA – Privacy Policy
  • LinkedIn is an online service for professional networking, owned by LinkedIn Corporation, allowing this Application to incorporate such content into its pages. Personal Data collected: Cookies and Usage Data. Processing location: United States – Privacy Policy

Facebook Pixel

memind.eu’s code may contain Facebook Pixel, a tool for collecting statistical data that allows website managers to measure the effectiveness of their advertising by understanding the actions people take on their websites.
Facebook installs cookies for analyzing and improving advertising through remarketing activities in order to send users messages in line with their interests. Remarketing helps reach users who have visited the websites.

  • Facebook Remarketing (Facebook, Inc.) – Facebook Remarketing is a remarketing and behavioural targeting service provided by Facebook, Inc. which connects actions on this website with Facebook’s advertising network.
    Personal data collected: Cookies and Usage Data
    Processing location: United States – Privacy Policy
  • Facebook Custom Audience (Facebook, Inc.) – Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook, Inc. which connects actions on this website with Facebook’s advertising network.
    Personal data collected: Cookies and email address
    Processing location: United States – Privacy PolicyOpt Out.
  • Facebook Analytics for Apps (Facebook, Inc.) – Facebook Analytics for Apps is a statistics tool provided by Facebook, Inc.
    Personal data collected: Usage data and various types of data according to what is
    specified in the service’s privacy policy. Processing location: Unites States – Privacy Policy.
  • Conversion tracking of Facebook Ads (Facebook, Inc.) – Conversion tracking of Facebook Ads is a statistics service provided by Facebook, Inc. that connects the data coming from the social media site’s advertising network with the actions carried out on this website.
    Personal data collected: Cookies and Usage Data
    Processing location: United States – Privacy Policy.

Data sent by external forms

This website may refer to content hosted on external platforms for the management of forms to be filled in for requesting services.

Google Forms (Google, Inc.)
Google Forms is a Google (Google, Inc.) App that allows this site to manage within its pages questionnaires, quizzes and surveys directly on the Google platform.
Personal Data collected: Usage data and various types of data as specified in the privacy policy of the service.
Place of date processing: United States – Privacy Policy.

E-mail communications

Visitors / users filling out the dedicated forms and authorizing FST to process own personal data accept to periodically receive updates about the news promoted by the website as specified in the form itself.
Personal data collected: common data and e-mail addresses Communications are sent via e-mail to those who specifically fill out the dedicated form and authorize FST to process users’ personal data. Providing this data is optional, but by refusing to provide personal data, the user will be unable to send content via form.

Newsletter  

Website users can choose to subscribe to the memind.eu newsletter in order to periodically receive updates about the newest changes to the website. The tool used to send and manage the newsletter is Mailchimp.com, a service provided by The Rocket Science Group, LLC that manages email addresses and sending emails.

Personal data collected: common data and email addresses
Processing location: United States – Privacy Policy.
The newsletter is sent via email to those who specifically request to receive it by filling out the dedicated form and authorizing FST to process users’ personal data. Providing this data is optional, but by refusing to provide data, the user will be unable to subscribe to the newsletter.

Consenting data processing

First access: when accessing the website for the first time, users will see a message that gives them the option of accepting or refusing the use of technical and profiling cookies of third parties on the part of memind.eu. By providing their consent, users authorize FST to use all the tools listed in this policy for the purposes described and for the type of personal data indicated.

Contact form: by filling in their personal data on contact forms accessible on memind.eu, users authorize their use for the purposes of responding to requests for information or anything else indicated in the form’s header. In all cases, the user fully accepts the policy of memind.eu and all the websites/subdomains attributable to memind.eu.

Security measures

This website processes users’ data legitimately and correctly, adopting appropriate security measures aimed at impeding unauthorized access to and disclosure, modification or destruction of data. Processing is carried out using computer and/or online tools, with organizational procedures and reasons strictly related to the intended aims.

In addition to the Data Controller, in some categories of employees (administrative, commercial, marketing, legal and system administrators), as well as external individuals subjects (such as third party technical service providers, hosting providers, IT companies, communication agencies), appropriately appointed in compliance with current regulation, may have access to data.

User rights

In accordance with EU Regulation 679/2016 (GDPR) and national legislation, users can, within the procedures and limits provided in current law, exercise the following rights:

  • request the confirmation of the existence of personal data regarding him/herself (right to access);
  • be informed of their origin;
  • receive comprehensible communication about them;
  • receive information about the reason, procedures and aims of their processing;
  • request an update, modification, integration, cancellation, transformation into anonymity and blocking of data processes that are in violation of the law, including those no longer necessary for carrying out the aims for which they were collected;
  • in cases of consent-based processing, receive the data provided to the owner, in a structured and legible manner, from a data processor and in a format commonly used by an electronic device; the cost for doing so only regards possible support;
  • the right to present a complaint to the Supervisory Authority (Warranty Policy);
  • more generally, all rights that are recognized by current laws.

Requests can be addressed to the Data Controller.

In cases in which data are processed based on legitimate interests, the rights of interested parties are nonetheless guaranteed (except the right of portability, which is not required by current regulations), especially the right to oppose processing, which can be applied by sending a request to the Data Controller.

Updates

This privacy policy is updated as of October 27, 2021