Privacy policy

Dear Data Subject,

Please be informed that the Fondazione Palazzo Strozzi, in its capacity as Data Controller – with registered office in Piazza Strozzi – 50123 Florence (FI) – will process the personal data provided by you for the purposes and methods set out below.

Purposes of the processing

The Data Controller will process your personal data for the following purposes:

  1. Contractual purposes: for visiting the web pages and availing of the services offered on the website https://palazzostrozzi.org/.
  2. Marketing purposes: for sending promotional and commercial communications relating to services/products offered by the Fondazione.
  3. Profiling purposes: for analysing your preferences, habits, behaviour, and interests in order to send you personalised commercial communications.
  4. Sending of newsletters: for informing you about events, activities and seminars organised by Palazzo Strozzi (newsletters and mailing list).
  5. Legal obligations: for complying with the obligations provided for by regulations and applicable national and supranational laws.

Legal basis of the processing

The legal basis of the processing for the purposes referred to in point 1 of the section “Purposes of the processing” is the performance of a contract to which the Data Subject is a party (Article 6, subsection 1, letter b) of the GDPR).

The legal basis of the processing for the purposes referred to in points 2, 3, 4 is the Data Subject’s consent to the processing of his/her personal data (Art. 6, subsection 1, letter a) of the GDPR).

The legal basis for the processing for the purposes referred to in point 5 is the necessity to fulfil the legal obligations to which the Data Controller is subject (Art. 6, subsection 1, letter c) of the GDPR).

Type of data processed

The personal data processed for the purposes described above are the following: personal details, contact data, other data collected by the cookies installed.

Data processing methods

The processing is carried out by means of computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated, so as to guarantee the security and confidentiality of the data and, in any case, only for the duration necessary to fulfil the aforementioned purposes.

Obligation to provide data

The provision of personal data for the purposes referred to in point 1 is mandatory. Refusal to provide the above-mentioned personal data will not, therefore, make it possible to avail of the services/contents offered by the website.

The provision of personal data for the purposes set out in points 2, 3, 4 is free, optional, and revocable at all times.

Period of storage

The data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (art. 5 of the GDPR – “principle of restriction of storage”). Once the above-mentioned storage terms have expired, your personal data will be destroyed, deleted, or made anonymous, in compliance with the technical cancellation and backup procedures.

Communication and dissemination of data 

The personal data provided by you will be processed by the staff of the Fondazione, insofar as “authorized to process”.

Within the limits relevant to the processing purposes indicated above, the data may be communicated to any third parties involved who are appointed as Data Processors, as they are required to participate in the performance of the activities.

The Data Processors are promptly identified and duly appointed. The complete and updated list of all Data Processors is available upon request by sending an email to the following address privacy@palazzostrozzi.org.

Personal data will not be disseminated but may possibly be transmitted to any Public Authorities if expressly requested for administrative or institutional purposes, in accordance with the provisions of current national and European legislation.

Rights of the Data Subject

At any time you may exercise your right of access before the Data Controller, pursuant to Article 15 of Regulation (EU) 2016/679, i.e. you may obtain confirmation of the existence of your personal data and request their communication in an intelligible form. You also have the right, pursuant to Articles 16 et seq. of the aforementioned Regulation, to obtain rectification, cancellation of data or restriction of processing. Finally, you have the right to object, in whole or in part, for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of collection.

These rights may be exercised through a specific request to be sent by registered mail to the Data Controller or by email to the following address privacy@palazzostrozzi.org.

You may also lodge a complaint with the competent supervisory authority pursuant to Art. 77 of the GDPR (Personal Data Protection Supervisory Authority), if you believe that the processing of your data is contrary to the regulations in force.

Sharing of contents on social networks

If you decide to share any contents through one or more social networks (such as Facebook, Twitter, Pinterest, Instagram, Linkedin, TikTok), the websites may access some of your account information if you have enabled sharing of your account data with third-party applications. You can disable sharing of your account information with third-party applications by accessing your account settings. For more information, please consult the website(s) of the social network(s) to which you are registered (such as www.facebook.com,www.pinterest.com, www.instagram.com, www.linkedin.com,  www.tiktok.com/).