Video surveillance policy


1. Foreword

Your privacy and the security of your personal data are particularly important to the Fondazione Palazzo Strozzi. This is why we collect and process your personal data with the utmost care and attention, while adopting specific technical and structural measures to guarantee the full security in their processing.

In compliance with Article 13 of Regulation (EU) 2016/679 (Regulation) and Article 3.1 of the Provision of the Italian Data Protection Authority dated 8 April 2010 (Provision), Fondazione Palazzo Strozzi in its capacity as Personal Data Controller:


that at the Fondazione’s premises in Piazza Strozzi, 50123, Florence (FI) a closed- circuit video surveillance system is in operation in compliance with the Provision of the Data Protection Authority dated 8 April 2010.

Your personal data is processed in a suitable way for guaranteeing security and confidentiality, and is carried out, using paper, computer and/or telematic media, as indicated in detail this information notice.

2. Data Controller

The processing of your personal data is carried out by Fondazione Palazzo Strozzi (“Fondazione”), with registered office in Florence, Piazza Strozzi, in its capacity as Data Controller, pursuant to the EU Regulation.

For any questions or requests relating to the processing of your personal data you may contact at any time by sending a request to the following contacts:

Data Controller
Registered name: Fondazione Palazzo Strozzi
Registered office: Piazza Strozzi, 50123, Firenze
Contact details:

3. Type of Data and Purpose of Processing

The personal data that the Fondazione processes are your images acquired through registration.

Your personal data, once collected, are processed for the following purposes:

PurposesLegal basis
ASafety: protection of the safety of the company’s workers and/or collaborators, as well as third parties.Processing for these purposes is necessary for the legitimate interest of the Controller and for the fulfilment of legal obligations.
BProtection of company assets: prevention of theft, robbery, damage, assault, and vandalism.Processing for these purposes is necessary for the legitimate interest of the Controller and for the fulfilment of legal obligations.

The processing of your data is lawfully carried out even in the absence of explicit consent, pursuant to Art. of the Regulation.

Your data in question will not be disseminated or otherwise disclosed except to the police and judicial and administrative authorities, in accordance with the law, for the detection and prosecution of criminal offences, the prevention of and protection against threats to public safety, and to enable the Fondazione to exercise or protect its own rights or the rights of third parties before the competent authorities, as well as for other reasons connected to the protection of the rights and freedoms of others.

4. Data Retention

We inform you that your data will be kept for a limited period, which varies according to the type of processing activity and its specific purposes.

The images taken are recorded and stored in accordance with the provisions of the authorisation measure issued by the competent ITL (Territorial Labour Inspectorate).

In particular, the data acquired will be retained for a maximum period of seven days; once this time limit has elapsed, the data will be deleted by means of over-recording, except as provided for in the ITL authorisation measure in the event of a request by the Authorities or the Judicial Police, or in any case following criminal events, damage to company assets, unauthorised access to the building by staff and/or third parties, and theft of company materials and products.

5. Your rights

Please note that you are entitled to exercise the following rights in relation to the personal data covered by this notice, as provided for and guaranteed by the Regulation:

  • Right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be rectified, amended or supplemented. If you wish, we will provide you with a copy of the data in our possession.
  • Right of data deletion (Art. 17 of the Regulation): in the cases provided for by current legislation, you can request the deletion of your personal data. Once we have received and analysed your request, we will stop processing and delete your personal data, where we consider it legitimate.
  • Right to restriction of processing (Art. 18 of the Regulation): you have the right to request the restriction of the processing of your personal data in the event of unlawful processing or contestation of the accuracy of personal data by the data subject.
  • Right to data portability (Art. 20 of the Regulation): you have the right to request and obtain your personal data from the Data Controller, in order to transmit them to another Data Controller, in the cases provided for in the aforementioned Article.
  • Right of objection (Art. 21 of the Regulation): you have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interest, by explaining the reasons justifying your request; before granting it, the Fondazione shall assess the reasons for your request.
  • Right to lodge a complaint (Art. 77 of the Regulation): you have the right to lodge a complaint with the competent Data Protection Authority if you consider that a breach of your rights in relation to the processing of your personal data has been carried out or is taking place.

You may exercise your rights at any time with reference to the specific processing of your personal data by the Fondazione.

Further information on the rights of the data subject can be obtained by asking the Data Controller for a full extract of the above-mentioned articles.

6. Security measures

The Fondazione adopts adequate and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of the data subject’s personal data. Technical, logistical and organisational measures are put in place to prevent damage, loss (including accidental loss), alteration, and improper and unauthorised use of the data processed.

7. Changes to this notice

The constant evolution of our services may lead to changes in the characteristics of the processing of your personal data described herein. This policy may be modified and supplemented over time, as required by new legislation on the protection of personal data, or by the evolution/modification of our services.

8. Date of last update