Dear Data Subject, as you are providing the Fondazione Palazzo Strozzi (hereinafter, “Fondazione”) with your personal data, we wish to inform you that the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data” (hereinafter GDPR) governs the protection of persons and other subjects in relation to the processing of personal data.

The Fondazione, in its capacity as “Data Controller” pursuant to article 13 of the GDPR, is therefore providing you with the following information:

Purposes of the Processing

The Data Controller will process your personal data for the pursuit of instrumental and/or complementary goals related to the request for registration in the activities organised by the Fondazione (e.g. exhibitions, events, guided tours, workshops, educational activities).

Additional purposes of the Processing

With your freely given and discretionary consent, the personal data provided may be used for the forwarding of informative messages concerning the events organised by the Fondazione, using the email address indicated on this form.

Legal basis of the processing

The legal basis of the processing is the performance of the activities necessary for allowing participation of the Data Subject in the activities organised by the Fondazione. With reference to the processing of data for sending informative material, the legal basis is the consent given by the Data Subject.


Methods of processing the data

Your data will be the subject of processing operations in compliance with the legislation indicated above and the confidentiality obligations on which the Foundation’s activity is based. These data will be processed both with IT tools and in paper form, in full compliance with the security measures laid down by the GDPR.


Nature of the conferment

The conferring of data useful for sending informative material is optional. Although failure to provide data will not allow the sending of informative material, there will be no restrictions to the possibility of participating in the event.


Pursuant to art. 13 of the GDPR, it is necessary to give your consent to the processing of your personal data for the purpose of sending informative information concerning the activities organised by the Fondazione.


Communication and dissemination of the data

Your personal data will not be communicated to third parties nor will they be subject to dissemination.

Data controller and data processors

The Data Controller is the Fondazione Palazzo Strozzi, with office in Piazza Strozzi – 50123 Florence (FI).

The Data Processors are promptly identified and formally appointed. The complete and updated list of all Data Processors is available at the request of the Data Subject by writing to

Rights of the Data Subject

At any time you can exercise the following rights with the Data Controller, as referred to in articles 7 and subsequent of the Privacy Policy and articles 15-22 of the GDPR: right of access, right to rectification, right to erasure, right to restricting of processing, right to object, right to data portability, as well as the right to submit a complaint to the Supervisory Authority.

This authorisation can be revoked at all times with written communication to be sent by ordinary mail or to the Fondazione’s email address


Storage period

Your data will be stored for the time necessary for complying with the management purposes of the event, as per the terms established for the rights and obligations underlying the processing. With reference to the processing for sending informative material relating to the activities organised by the Foundation, the data will be kept for no longer than 24 months after registration in the event, without prejudice to withdrawal of consent by the Data Subject.